last executing test programs: 5m0.990502328s ago: executing program 0 (id=1141): timer_create(0x0, 0x0, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) 5m0.944913661s ago: executing program 0 (id=1143): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x34}}, 0x880) r0 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x40, 0x3, 0x117}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000640)=[{0x0}], 0x178) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="6a0ac4ff02"], 0x0}, 0x94) io_uring_register$IORING_REGISTER_FILES(r0, 0x1e, &(0x7f0000000000)=[r0], 0x1) 5m0.839836277s ago: executing program 0 (id=1147): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, r1, 0x25, 0x0, @val=@iter={0x0}}, 0x20) syz_emit_ethernet(0x6a, &(0x7f0000000040)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x30, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private2}}}}}}}, 0x0) 5m0.608204901s ago: executing program 0 (id=1151): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) close(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000004180)={0x0, 0x0, &(0x7f0000004140)={&(0x7f0000004100)=ANY=[@ANYBLOB="180000002500050326bd7008fedbdf2501"], 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x14) recvmsg(r0, &(0x7f0000000dc0)={0x0, 0x0, 0x0}, 0x102) 5m0.538646921s ago: executing program 0 (id=1153): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) r1 = socket(0x1, 0x3, 0x0) bind$unix(r1, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e) 5m0.266110344s ago: executing program 0 (id=1161): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r1 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) tkill(r1, 0xb) 4m45.244757475s ago: executing program 32 (id=1161): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r1 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) tkill(r1, 0xb) 1m56.881160423s ago: executing program 2 (id=3844): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}}], 0x700, 0x2, 0x0) sendmmsg(r1, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000002bc0)=[{&(0x7f0000001840)="da", 0x1}], 0x1}}], 0x1, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x60, 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0) 1m56.55238728s ago: executing program 2 (id=3850): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x54, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @empty}}}]}, @CTA_TUPLE_ORIG={0x4}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x400}, @CTA_TUPLE_MASTER={0x4}]}, 0x54}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) write$P9_RLERRORu(r0, &(0x7f0000000240)=ANY=[], 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1, 0x1}}, 0x40) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x20, 0x10012, r0, 0x0) 1m56.283191167s ago: executing program 2 (id=3853): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r2, 0x0) memfd_create(&(0x7f00000000c0)='\xe9`\x10\x98[\x82?O3#\xfa\x02\xdc\x96\xa1\xbc\x80\x00+\xb6O', 0x0) sendfile(r2, r2, 0x0, 0x40008) 1m55.612949844s ago: executing program 2 (id=3862): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xab101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) umount2(&(0x7f0000000340)='./file0/file0\x00', 0x1) 1m55.508224668s ago: executing program 2 (id=3867): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x6c, 0x2c, 0x605, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {}, {0x5, 0x2}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x34, 0x2, [@TCA_CGROUP_ACT={0x30, 0x1, [@m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xffffffffffffff5c, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0xff, 0x1}}]}, 0x6c}}, 0x20004084) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1m55.217760139s ago: executing program 2 (id=3873): getpid() r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000300)={0xc, 0x5, 0xffb}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) 1m55.016814939s ago: executing program 33 (id=3873): getpid() r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000300)={0xc, 0x5, 0xffb}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) 3.547109618s ago: executing program 1 (id=6034): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8) sendto$inet6(r2, &(0x7f0000000580)="81", 0x1, 0xc001, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback, 0x81}, 0x1c) 2.038039645s ago: executing program 1 (id=6058): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) 1.834646718s ago: executing program 5 (id=6064): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) syz_clone3(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) setfsuid(0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) fcntl$notify(r1, 0x402, 0x1a) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000600)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={r2, 0x1, r0, 0x4}) 1.619563036s ago: executing program 6 (id=6069): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x4]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="000084c17d0c0000180012800e0001007769726567756172640000000400028008000a00b8"], 0x40}}, 0x0) 1.61754432s ago: executing program 1 (id=6070): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x11, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev}, 0x71) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f00000003c0)=0x6121, 0x4) sendmsg$netlink(r1, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141430e0000003808a8972bd0b72e41082b1a3d206"], 0xdd12}], 0x1}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 1.468113785s ago: executing program 1 (id=6075): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345}) r0 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0xfe15, 0x10, 0x0, 0x30f}, &(0x7f00000000c0)=0x0, &(0x7f0000000540)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47bc, 0x218, 0x21, 0x0, 0x0) 1.396708971s ago: executing program 6 (id=6077): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000240001"], 0x1c}}, 0x8004) 1.177927154s ago: executing program 3 (id=6081): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) 1.169061851s ago: executing program 6 (id=6091): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r2, 0x0, 0x0}, 0x20) 1.074594359s ago: executing program 6 (id=6083): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000040)={'lo\x00'}) 971.796763ms ago: executing program 1 (id=6085): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x4]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff03000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"], 0x13c}}, 0x20040880) 802.758533ms ago: executing program 5 (id=6086): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0) 801.241186ms ago: executing program 4 (id=6087): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$sock_buf(r2, 0x1, 0x1a, 0x0, &(0x7f0000000040)=0x2) 789.414263ms ago: executing program 6 (id=6088): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'rose0\x00', 0x112}) 715.570017ms ago: executing program 1 (id=6089): prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = epoll_create(0x5) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000100)={0x10000011}) epoll_wait(r3, &(0x7f0000000500)=[{}], 0x1, 0x20400000) write$P9_RVERSION(r2, 0x0, 0x13) 712.139853ms ago: executing program 3 (id=6090): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket(0x10, 0x80003, 0x0) write(r2, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85) 668.842331ms ago: executing program 5 (id=6092): madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x272) 661.253815ms ago: executing program 4 (id=6093): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="4800000010001fff2bbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="2300000002a500002800128009000100766574680000000018000280140001000000000088db0874e3"], 0x48}}, 0x0) 464.74611ms ago: executing program 6 (id=6094): socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x1d, 0x2, 0x6) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 464.495696ms ago: executing program 3 (id=6095): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x4]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = inotify_init() inotify_add_watch(r2, 0x0, 0x1000000) 426.715305ms ago: executing program 4 (id=6096): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="6c00000066001f03"], 0x6c}], 0x1}, 0x0) 377.85889ms ago: executing program 5 (id=6097): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, 0x0, 0x0) 354.496088ms ago: executing program 4 (id=6098): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x6d5) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="2800000014001901000000000000000228"], 0x28}}, 0x4080) 340.056669ms ago: executing program 3 (id=6099): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x84000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f00000004c0)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') 273.061112ms ago: executing program 4 (id=6100): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x10000002]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mlock(&(0x7f0000b1d000/0x2000)=nil, 0x2000) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) 272.154677ms ago: executing program 5 (id=6101): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x1, 0x4, 0x70be, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50) 214.228929ms ago: executing program 3 (id=6102): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = fsopen(&(0x7f0000000100)='exfat\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f0000000040)='utf8', &(0x7f0000000080)="a6", 0x1) 186.791534ms ago: executing program 5 (id=6103): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x4, 0x0) 29.131656ms ago: executing program 3 (id=6104): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0xb, 0x84) syslog(0x4, &(0x7f0000000100)=""/36, 0x24) 0s ago: executing program 4 (id=6105): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x100080, 0x0) ioctl$TIOCSSOFTCAR(r2, 0x5453, 0x0) kernel console output (not intermixed with test programs): udit(1763517319.496:1398): avc: denied { mounton } for pid=14208 comm="syz.1.3421" path="/691/file1/file0" dev="autofs" ino=47162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 283.448539][ T30] audit: type=1400 audit(1763517319.546:1399): avc: denied { cmd } for pid=14213 comm="syz.4.3422" path="socket:[46867]" dev="sockfs" ino=46867 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 283.471499][ C0] vkms_vblank_simulate: vblank timer overrun [ 283.480179][T14212] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3419'. [ 283.489477][T14212] nbd: nbd64 already in use [ 283.634650][ T1540] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 283.930492][ T1540] usb 3-1: USB disconnect, device number 31 [ 284.214738][ C0] net_ratelimit: 4 callbacks suppressed [ 284.214755][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 284.383900][ T5866] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 284.412805][ T30] audit: type=1400 audit(1763517320.506:1400): avc: denied { remount } for pid=14254 comm="syz.4.3436" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 284.597527][ T30] audit: type=1326 audit(1763517320.686:1401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f352218f6c9 code=0x7ffc0000 [ 284.664856][ T30] audit: type=1326 audit(1763517320.686:1402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f352218f6c9 code=0x7ffc0000 [ 284.714662][ T30] audit: type=1326 audit(1763517320.686:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f352218f6c9 code=0x7ffc0000 [ 284.744352][ T30] audit: type=1326 audit(1763517320.686:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f352218f6c9 code=0x7ffc0000 [ 284.778090][ T30] audit: type=1326 audit(1763517320.686:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14262 comm="syz.2.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f352218f6c9 code=0x7ffc0000 [ 284.854833][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 285.080516][T14286] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3443'. [ 285.089947][T14286] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3443'. [ 285.166726][T14286] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3443'. [ 285.178115][T14286] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3443'. [ 285.233969][T14296] bridge0: entered allmulticast mode [ 285.252115][T14296] pim6reg: entered allmulticast mode [ 285.264760][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 285.265393][T14296] pim6reg: left allmulticast mode [ 285.278350][T14296] bridge0: left allmulticast mode [ 285.415329][ T5866] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 285.644325][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 285.644339][ T30] audit: type=1400 audit(1763517321.736:1414): avc: denied { write } for pid=14316 comm="syz.4.3454" lport=59322 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 285.833652][T14330] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3460'. [ 285.980450][T14336] input: syz1 as /devices/virtual/input/input52 [ 286.294768][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 286.456661][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 286.464912][ T5866] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 286.889301][ T30] audit: type=1400 audit(1763517322.986:1415): avc: denied { name_bind 0x1000000 } for pid=14368 comm="syz.1.3473" path="socket:[47049]" dev="sockfs" ino=47049 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 287.065216][T14375] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14375 comm=syz.4.3479 [ 287.120743][T14379] netlink: 'syz.4.3479': attribute type 1 has an invalid length. [ 287.249425][T14375] bond3: (slave gretap1): making interface the new active one [ 287.291316][T14375] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 287.336752][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.402531][T14389] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.410131][T14389] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.525842][T14395] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3486'. [ 287.631100][T14396] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.648222][T14389] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.677806][T14389] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 287.809546][ T6533] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 2816 - 0 [ 287.859022][ T6533] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.893612][ T6533] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 287.942328][ T6533] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 2816 - 0 [ 287.969103][ T6533] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.995442][ T6533] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 288.025182][ T6533] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 2816 - 0 [ 288.060514][ T6533] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.122777][ T6533] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 288.140176][T14420] gtp1: entered promiscuous mode [ 288.221696][T14430] veth5: entered promiscuous mode [ 288.279207][T14436] netlink: 7 bytes leftover after parsing attributes in process `syz.2.3497'. [ 288.295506][ T6533] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 2816 - 0 [ 288.304513][ T6533] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.332655][ T6533] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 289.345480][T14498] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3524'. [ 289.495165][ T10] net_ratelimit: 2 callbacks suppressed [ 289.495180][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 289.735081][ T5866] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 289.774750][T14396] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 289.936243][T14396] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 289.946428][T14396] usb 4-1: config 0 interface 0 has no altsetting 0 [ 289.962188][T14396] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 289.977185][T14396] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 289.998700][T14396] usb 4-1: Product: syz [ 290.002882][T14396] usb 4-1: Manufacturer: syz [ 290.020136][T14396] usb 4-1: SerialNumber: syz [ 290.036106][T14396] usb 4-1: config 0 descriptor?? [ 290.068737][T14396] usb 4-1: selecting invalid altsetting 0 [ 290.134042][T14540] netlink: 'syz.5.3538': attribute type 4 has an invalid length. [ 290.399852][T14396] usb 4-1: USB disconnect, device number 26 [ 290.468040][ T5817] udevd[5817]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 290.775939][ T5866] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.825592][T14559] bridge0: entered allmulticast mode [ 290.836154][T14559] pim6reg: entered allmulticast mode [ 290.850458][T14559] bridge0: left allmulticast mode [ 290.856012][T14558] pim6reg: left allmulticast mode [ 291.322282][ T30] audit: type=1400 audit(1763517327.416:1416): avc: denied { append } for pid=14586 comm="syz.3.3553" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 291.654697][ T10] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 291.814782][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 291.820463][T14396] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.826839][ T10] usb 6-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 291.854131][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.883361][ T10] usb 6-1: Product: syz [ 291.901749][ T10] usb 6-1: Manufacturer: syz [ 291.916368][ T10] usb 6-1: SerialNumber: syz [ 291.940499][ T10] usb 6-1: config 0 descriptor?? [ 291.972491][ T10] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 292.168742][T14603] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3559'. [ 292.284450][T14603] team1: entered promiscuous mode [ 292.306682][T14603] team1: entered allmulticast mode [ 292.536540][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 292.606823][T14619] futex_wake_op: syz.4.3566 tries to shift op by 32; fix this program [ 292.855529][ T5866] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 293.197116][T14637] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3573'. [ 293.293233][ T6533] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 293.315717][ T6533] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.339153][ T6533] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 293.408217][ T10] gspca_stk1135: reg_w 0xf err -71 [ 293.422883][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 293.448960][ T10] gspca_stk1135: Sensor write failed [ 293.521755][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 293.584631][ T6533] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 293.599333][ T10] gspca_stk1135: Sensor write failed [ 293.632457][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 293.657721][ T6533] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.670459][ T10] gspca_stk1135: Sensor read failed [ 293.675982][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 293.682458][ T6533] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 293.693579][ T10] gspca_stk1135: Sensor read failed [ 293.703240][ T10] gspca_stk1135: Detected sensor type unknown (0x0) [ 293.724135][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 293.737478][ T10] gspca_stk1135: Sensor read failed [ 293.753598][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 293.796263][ T10] gspca_stk1135: Sensor read failed [ 293.801563][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 293.808258][ T10] gspca_stk1135: Sensor write failed [ 293.813677][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 293.820734][ T10] gspca_stk1135: Sensor write failed [ 293.827345][ T10] stk1135 6-1:0.0: probe with driver stk1135 failed with error -71 [ 293.852184][ T10] usb 6-1: USB disconnect, device number 10 [ 293.869704][ T6533] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 293.887939][ T6533] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.898803][ T6533] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 293.899186][ T5866] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 294.110901][ T6533] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 294.135446][ T6533] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.155993][ T6533] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 294.164640][T14396] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 294.256139][ T5133] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 294.272725][ T5133] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 294.281041][ T5133] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 294.288959][ T5133] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 294.297144][ T5133] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 294.346760][T14396] usb 5-1: Using ep0 maxpacket: 8 [ 294.357531][T14396] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 294.369293][T14396] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 294.379241][T14396] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 294.389349][T14396] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 294.399476][T14396] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 294.409674][T14396] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 294.418794][T14396] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.438726][T14396] usb 5-1: config 0 descriptor?? [ 294.453473][ T5808] Bluetooth: hci5: urb ffff88807f4c9b00 submission failed (90) [ 294.464054][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 294.696804][T14663] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3582'. [ 294.723148][T14396] usb 5-1: USB disconnect, device number 26 [ 294.725591][T14663] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3582'. [ 294.763990][T14665] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 294.885106][ T6533] bond2 (unregistering): (slave xfrm1): Releasing backup interface [ 295.016740][T14410] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 295.187306][ T6533] bond3 (unregistering): (slave geneve2): Releasing active interface [ 295.504070][ T6533] bond0 (unregistering): Released all slaves [ 295.533331][ T6533] bond1 (unregistering): Released all slaves [ 295.579756][ T6533] bond2 (unregistering): Released all slaves [ 295.586906][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 295.639240][ T6533] bond3 (unregistering): Released all slaves [ 295.737001][ T30] audit: type=1400 audit(1763517331.826:1417): avc: denied { bind } for pid=14688 comm="syz.5.3589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 295.756717][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 295.796740][ T6533] tipc: Disabling bearer [ 295.806727][ T6533] tipc: Left network mode [ 295.823052][ T30] audit: type=1400 audit(1763517331.826:1418): avc: denied { listen } for pid=14688 comm="syz.5.3589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 295.872761][ T30] audit: type=1400 audit(1763517331.836:1419): avc: denied { accept } for pid=14688 comm="syz.5.3589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 296.054904][T14396] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.374926][ T5808] Bluetooth: hci1: command tx timeout [ 296.762338][T14738] evm: overlay not supported [ 296.935031][T14396] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 296.958093][ T6533] veth1_macvtap: left promiscuous mode [ 296.963719][ T6533] veth0_macvtap: left promiscuous mode [ 297.096379][T14410] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 297.128974][T14396] usb 4-1: Using ep0 maxpacket: 8 [ 297.140108][T14396] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 297.161607][T14396] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 297.182909][T14396] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.222628][T14728] hub 6-0:1.0: USB hub found [ 297.231933][T14728] hub 6-0:1.0: 1 port detected [ 297.233292][T14396] usb 4-1: config 0 descriptor?? [ 297.476034][T14396] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 297.703677][T14396] usb 4-1: USB disconnect, device number 27 [ 297.709772][ C1] iowarrior 4-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19 [ 298.140469][T14396] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 298.307002][T14645] chnl_net:caif_netlink_parms(): no params data found [ 298.456039][ T5808] Bluetooth: hci1: command tx timeout [ 298.618251][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 298.887750][T14645] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.904385][T14645] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.920447][T14645] bridge_slave_0: entered allmulticast mode [ 298.938743][T14645] bridge_slave_0: entered promiscuous mode [ 298.957995][T14645] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.965165][T14645] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.973098][T14645] bridge_slave_1: entered allmulticast mode [ 298.980709][T14645] bridge_slave_1: entered promiscuous mode [ 299.094798][ T30] audit: type=1326 audit(1763517335.186:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14811 comm="syz.1.3625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7a1d8f6c9 code=0x7ffc0000 [ 299.151142][T14645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 299.164966][ T30] audit: type=1326 audit(1763517335.186:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14811 comm="syz.1.3625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7a1d8f6c9 code=0x7ffc0000 [ 299.193401][T14396] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 299.196843][T14645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 299.228900][ T30] audit: type=1326 audit(1763517335.186:1422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14811 comm="syz.1.3625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd7a1d8f6c9 code=0x7ffc0000 [ 299.262098][T14818] geneve2: entered promiscuous mode [ 299.339134][ T30] audit: type=1326 audit(1763517335.186:1423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14811 comm="syz.1.3625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7a1d8f6c9 code=0x7ffc0000 [ 299.397246][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.397259][ T30] audit: type=1326 audit(1763517335.186:1424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14811 comm="syz.1.3625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7a1d8f6c9 code=0x7ffc0000 [ 299.397294][ T30] audit: type=1326 audit(1763517335.186:1425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14811 comm="syz.1.3625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd7a1d8f6c9 code=0x7ffc0000 [ 299.415286][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.462438][ T30] audit: type=1326 audit(1763517335.186:1426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14811 comm="syz.1.3625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7a1d8f6c9 code=0x7ffc0000 [ 299.494544][ T30] audit: type=1326 audit(1763517335.186:1427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14811 comm="syz.1.3625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7a1d8f6c9 code=0x7ffc0000 [ 299.499752][ T6533] IPVS: stop unused estimator thread 0... [ 299.519110][ T30] audit: type=1326 audit(1763517335.186:1428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14811 comm="syz.1.3625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd7a1d8f6c9 code=0x7ffc0000 [ 299.564923][T14828] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3630'. [ 299.574815][T14828] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3630'. [ 299.585349][T14828] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3630'. [ 299.609664][ T30] audit: type=1326 audit(1763517335.186:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14811 comm="syz.1.3625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7a1d8f6c9 code=0x7ffc0000 [ 299.635462][T14396] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 299.637375][T14828] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3630'. [ 299.660671][T14645] team0: Port device team_slave_0 added [ 299.679870][T14645] team0: Port device team_slave_1 added [ 299.694374][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.792439][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.814733][T14396] usb 6-1: Using ep0 maxpacket: 32 [ 299.824390][T14396] usb 6-1: config 0 has an invalid interface number: 85 but max is 0 [ 299.843904][T14396] usb 6-1: config 0 has no interface number 0 [ 299.863150][T14645] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 299.877313][T14396] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 299.899567][T14645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 299.925997][T14396] usb 6-1: config 0 interface 85 has no altsetting 0 [ 299.926998][T14645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 299.935555][T14396] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 299.954092][T14645] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.957127][T14396] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.963287][T14645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 299.970014][T14396] usb 6-1: Product: syz [ 299.999919][T14645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 300.000894][T14396] usb 6-1: Manufacturer: syz [ 300.045387][T14396] usb 6-1: SerialNumber: syz [ 300.072411][T14396] usb 6-1: config 0 descriptor?? [ 300.169040][T14645] hsr_slave_0: entered promiscuous mode [ 300.186656][T14645] hsr_slave_1: entered promiscuous mode [ 300.196225][T14645] debugfs: 'hsr0' already exists in 'hsr' [ 300.202011][T14645] Cannot create hsr debugfs directory [ 300.355086][T14410] usb 4-1: new full-speed USB device number 28 using dummy_hcd [ 300.516238][T14410] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.534821][ T5808] Bluetooth: hci1: command tx timeout [ 300.553565][T14410] usb 4-1: config 0 has no interfaces? [ 300.562583][T14410] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 300.595564][T14410] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.629252][T14410] usb 4-1: config 0 descriptor?? [ 300.821955][T14396] appletouch 6-1:0.85: Geyser mode initialized. [ 300.853750][T14396] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input53 [ 301.167284][T14396] usb 6-1: USB disconnect, device number 11 [ 301.202906][T14396] appletouch 6-1:0.85: input: appletouch disconnected [ 301.379483][T14645] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 301.464829][T14645] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 301.475905][T14645] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 301.503221][T14645] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 301.639735][T14645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.666761][T14645] 8021q: adding VLAN 0 to HW filter on device team0 [ 301.690050][ T6566] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.697215][ T6566] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.770538][ T6533] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.777705][ T6533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 302.241610][T14645] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 302.344521][T14645] veth0_vlan: entered promiscuous mode [ 302.372671][T14645] veth1_vlan: entered promiscuous mode [ 302.461344][T14645] veth0_macvtap: entered promiscuous mode [ 302.487684][T14645] veth1_macvtap: entered promiscuous mode [ 302.539344][T14947] bond3: ARP target 5.0.0.0 is already present [ 302.552054][T14947] bond3: option arp_ip_target: invalid value (5) [ 302.562175][T14947] bond3 (unregistering): Released all slaves [ 302.614913][ T5808] Bluetooth: hci1: command tx timeout [ 302.648959][T14645] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 302.666459][T14645] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 302.703542][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.737157][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.757377][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.790608][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.836039][T14964] xt_hashlimit: size too large, truncated to 1048576 [ 303.151595][ T9] usb 4-1: USB disconnect, device number 28 [ 303.278387][T14977] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14977 comm=syz.1.3662 [ 303.292409][T14978] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 303.302022][ T6533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.344310][T14978] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 303.357060][T14977] netlink: 'syz.1.3662': attribute type 1 has an invalid length. [ 303.364814][ T6533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.540743][T14985] bond6: (slave bridge1): making interface the new active one [ 303.562730][T14985] bond6: (slave bridge1): Enslaving as an active interface with an up link [ 303.628662][ T6566] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.672327][ T6566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 304.230393][T15020] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.3678'. [ 305.389830][T15050] bond1: entered allmulticast mode [ 305.395544][T15050] 8021q: adding VLAN 0 to HW filter on device bond1 [ 305.402803][T15050] bridge0: port 4(bond1) entered blocking state [ 305.410150][T15050] bridge0: port 4(bond1) entered disabled state [ 305.419674][T15050] bond1: entered promiscuous mode [ 305.446890][T15058] netlink: 'syz.4.3693': attribute type 13 has an invalid length. [ 305.718358][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 305.718372][ T30] audit: type=1400 audit(1763517341.816:1439): avc: denied { mounton } for pid=15067 comm="syz.3.3701" path="/file0" dev="ramfs" ino=50870 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 305.750572][T15069] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 305.770155][T15069] overlayfs: failed to set xattr on upper [ 305.794648][T15069] overlayfs: ...falling back to redirect_dir=nofollow. [ 305.801571][T15069] overlayfs: ...falling back to index=off. [ 306.245557][ T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 306.426832][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 306.434316][ T10] usb 5-1: config 0 interface 0 altsetting 252 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 306.455155][T15105] tipc: Started in network mode [ 306.462335][ T10] usb 5-1: config 0 interface 0 altsetting 252 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 306.475574][T15105] tipc: Node identity 3e5a8436c87f, cluster identity 4711 [ 306.495358][T15105] tipc: Enabled bearer , priority 0 [ 306.502139][ T10] usb 5-1: config 0 interface 0 has no altsetting 0 [ 306.522377][ T10] usb 5-1: New USB device found, idVendor=0738, idProduct=1705, bcdDevice= 0.00 [ 306.540088][T15105] tipc: Disabling bearer [ 306.550611][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.577786][ T10] usb 5-1: config 0 descriptor?? [ 306.643229][ T30] audit: type=1326 audit(1763517342.736:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.2.3717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dee78f6c9 code=0x7ffc0000 [ 306.671301][ T30] audit: type=1326 audit(1763517342.766:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.2.3717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f2dee78f6c9 code=0x7ffc0000 [ 306.724487][ T30] audit: type=1326 audit(1763517342.766:1442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.2.3717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dee78f6c9 code=0x7ffc0000 [ 306.818452][ T30] audit: type=1326 audit(1763517342.766:1443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.2.3717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dee78f6c9 code=0x7ffc0000 [ 306.839770][T15124] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3722'. [ 306.842483][ T30] audit: type=1326 audit(1763517342.766:1444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.2.3717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f2dee78f6c9 code=0x7ffc0000 [ 306.876436][ T30] audit: type=1326 audit(1763517343.777:1445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.2.3717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dee78f6c9 code=0x7ffc0000 [ 306.920684][ T30] audit: type=1326 audit(1763517343.777:1446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.2.3717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dee78f6c9 code=0x7ffc0000 [ 306.973341][ T30] audit: type=1326 audit(1763517343.777:1447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.2.3717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f2dee78f6c9 code=0x7ffc0000 [ 306.978823][T15129] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3725'. [ 307.028197][ T10] saitek 0003:0738:1705.0028: hidraw0: USB HID v0.00 Device [HID 0738:1705] on usb-dummy_hcd.4-1/input0 [ 307.093453][ T30] audit: type=1326 audit(1763517343.777:1448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.2.3717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dee78f6c9 code=0x7ffc0000 [ 307.228713][ T5884] usb 5-1: USB disconnect, device number 27 [ 307.281546][T15142] netlink: 'syz.2.3730': attribute type 29 has an invalid length. [ 307.312019][T15142] netlink: 'syz.2.3730': attribute type 29 has an invalid length. [ 307.350987][T15142] netlink: 500 bytes leftover after parsing attributes in process `syz.2.3730'. [ 307.715890][T15153] hub 6-0:1.0: USB hub found [ 307.720852][T15153] hub 6-0:1.0: 1 port detected [ 308.187188][T14396] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0 [ 308.206760][T15169] geneve3: entered promiscuous mode [ 308.248949][T14396] hid-generic 0000:0000:0000.0029: hidraw0: HID v0.00 Device [syz1] on syz0 [ 309.424891][T15211] fuse: root generation should be zero [ 310.338699][ T10] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 310.519559][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 310.526808][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 310.540242][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 310.550582][ T10] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 310.561776][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.572567][ T10] usb 4-1: config 0 descriptor?? [ 310.580687][ T10] hub 4-1:0.0: USB hub found [ 310.780163][ T10] hub 4-1:0.0: 1 port detected [ 310.874655][T14396] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 311.037884][T14396] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 311.056491][T14396] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 311.071169][T14396] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.081018][T14396] usb 6-1: Product: syz [ 311.087477][T14396] usb 6-1: Manufacturer: syz [ 311.092652][T14396] usb 6-1: SerialNumber: syz [ 311.291183][T14410] libceph: connect (1)[c::]:6789 error -101 [ 311.304799][T14410] libceph: mon0 (1)[c::]:6789 connect error [ 311.332050][T15290] ceph: No mds server is up or the cluster is laggy [ 311.388412][ T10] hub 4-1:0.0: activate --> -90 [ 311.583360][T15302] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3788'. [ 311.715029][ T5884] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 311.800994][ T10] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 311.808958][ T10] hub_port_connect: 1 callbacks suppressed [ 311.808973][ T10] usb 4-1-port1: connect-debounce failed [ 311.821472][ T5925] usb 4-1: USB disconnect, device number 29 [ 311.822496][T15310] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3793'. [ 311.896075][ T5884] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 311.907268][ T5884] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 311.917641][ T5884] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 311.926923][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.944768][T15295] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 311.958291][ T5884] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 312.140384][T15315] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3794'. [ 312.157303][T14396] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 312.167131][T14396] cdc_ncm 6-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 312.176758][T14396] cdc_ncm 6-1:1.0: setting rx_max = 2048 [ 312.203396][T14397] usb 3-1: USB disconnect, device number 32 [ 312.208298][T15317] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3795'. [ 312.569502][T14396] cdc_ncm 6-1:1.0: setting tx_max = 88 [ 312.593964][T14396] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 312.624446][T14396] usb 6-1: USB disconnect, device number 12 [ 312.643893][T14396] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP) [ 313.249650][T15364] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3814'. [ 313.590543][T15378] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3820'. [ 313.600340][T15378] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3820'. [ 313.609393][T15378] netlink: 'syz.3.3820': attribute type 6 has an invalid length. [ 313.617435][T15378] netlink: 'syz.3.3820': attribute type 5 has an invalid length. [ 313.625191][T15378] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3820'. [ 314.329798][T15417] kvm_intel: kvm [15415]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xfd [ 314.384617][ T30] audit: type=1400 audit(1763517351.360:1450): avc: denied { name_connect } for pid=15418 comm="syz.4.3839" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 314.555802][T15425] netlink: 'syz.5.3840': attribute type 1 has an invalid length. [ 314.733632][T15431] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 315.544635][ T5884] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 315.545460][T15472] netlink: 172 bytes leftover after parsing attributes in process `syz.4.3855'. [ 315.579327][ T5884] hid-generic 0000:0000:0000.002A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 315.964668][T15480] ipip0: entered promiscuous mode [ 316.109888][ T6540] tipc: Subscription rejected, illegal request [ 316.477365][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.541543][ T6533] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.689280][ T6533] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.525778][T15521] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3878'. [ 317.619507][ T6533] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.672299][ T5133] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 317.682659][ T5133] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 317.699923][ T5133] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 317.716720][ T5133] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 317.724814][ T5133] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 317.845537][ T6533] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.133833][ T6533] bridge_slave_1: left allmulticast mode [ 318.144672][ T6533] bridge_slave_1: left promiscuous mode [ 318.170897][ T6533] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.201338][ T6533] bridge_slave_0: left allmulticast mode [ 318.210578][ T6533] bridge_slave_0: left promiscuous mode [ 318.228084][ T6533] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.266909][T14410] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 318.439713][T14410] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 318.480404][T14410] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 318.515473][T14410] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 318.568582][T14410] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 318.615134][T14410] usb 5-1: SerialNumber: syz [ 318.761374][T15547] netlink: 'syz.5.3888': attribute type 13 has an invalid length. [ 318.794913][ T6533] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 318.807638][ T6533] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 318.826535][ T6533] bond0 (unregistering): Released all slaves [ 318.871728][T14410] usb 5-1: 0:2 : does not exist [ 318.886671][T14410] usb 5-1: unit 4 not found! [ 318.921534][T14410] usb 5-1: USB disconnect, device number 28 [ 318.996651][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 319.303189][T15566] lo: Caught tx_queue_len zero misconfig [ 319.663660][ T6533] hsr_slave_0: left promiscuous mode [ 319.672676][ T6533] hsr_slave_1: left promiscuous mode [ 319.679398][ T6533] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 319.686863][ T6533] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 319.696560][ T6533] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 319.706307][ T6533] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 319.757773][ T6533] veth1_macvtap: left promiscuous mode [ 319.765116][ T6533] veth0_macvtap: left promiscuous mode [ 319.771088][ T6533] veth1_vlan: left promiscuous mode [ 319.787411][ T6533] veth0_vlan: left promiscuous mode [ 319.892697][ T5808] Bluetooth: hci1: command tx timeout [ 319.919334][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 319.930960][ T6520] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 319.944293][T15596] Bluetooth: ERR: HCILL_GO_TO_SLEEP_IND in state 0 [ 319.952161][ T6560] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 320.308774][ T6533] team0 (unregistering): Port device team_slave_1 removed [ 320.343622][ T6533] team0 (unregistering): Port device team_slave_0 removed [ 320.631869][T15609] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3911'. [ 320.645702][T15609] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3911'. [ 320.657274][T15609] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3911'. [ 320.666771][T15609] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3911'. [ 320.778815][T15525] chnl_net:caif_netlink_parms(): no params data found [ 320.950692][T15525] bridge0: port 1(bridge_slave_0) entered blocking state [ 320.958046][T15525] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.965959][T15525] bridge_slave_0: entered allmulticast mode [ 320.973765][T15525] bridge_slave_0: entered promiscuous mode [ 320.982723][T15525] bridge0: port 2(bridge_slave_1) entered blocking state [ 320.989795][T15525] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.997541][T15525] bridge_slave_1: entered allmulticast mode [ 321.006387][T15525] bridge_slave_1: entered promiscuous mode [ 321.102766][T15525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 321.125425][T15525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 321.188108][T15525] team0: Port device team_slave_0 added [ 321.216579][T15525] team0: Port device team_slave_1 added [ 321.261951][T15525] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 321.276723][T15639] netlink: 'syz.1.3921': attribute type 1 has an invalid length. [ 321.278491][T15525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 321.310829][T15525] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 321.350697][T15525] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 321.357786][T15525] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 321.384247][T15525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 321.403781][T15641] bond7: (slave gretap1): making interface the new active one [ 321.412439][T15641] bond7: (slave gretap1): Enslaving as an active interface with an up link [ 321.503005][T15525] hsr_slave_0: entered promiscuous mode [ 321.519525][T15525] hsr_slave_1: entered promiscuous mode [ 321.540412][T15525] debugfs: 'hsr0' already exists in 'hsr' [ 321.569387][T15525] Cannot create hsr debugfs directory [ 321.626774][T15645] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3923'. [ 321.671594][T15645] 8021q: adding VLAN 0 to HW filter on device bond8 [ 321.894305][T15525] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 321.920527][T15525] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 321.940485][T15525] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 321.961797][T15525] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 322.014728][T15659] bond0: (slave dummy0): Releasing backup interface [ 322.032403][T15659] batman_adv: batadv0: Adding interface: dummy0 [ 322.038792][T15659] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 322.075283][T15659] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 322.081479][ T30] audit: type=1400 audit(1763517358.563:1451): avc: denied { ioctl } for pid=15658 comm="syz.1.3929" path="socket:[55448]" dev="sockfs" ino=55448 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 322.120018][ T5133] Bluetooth: hci5: command 0x1003 tx timeout [ 322.126147][ T5812] Bluetooth: hci1: command tx timeout [ 322.132678][ T5808] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 322.455321][T15525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 322.531491][T15525] 8021q: adding VLAN 0 to HW filter on device team0 [ 322.592832][ T6533] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.599975][ T6533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.706283][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.713412][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 323.108626][T15525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 323.429329][T15525] veth0_vlan: entered promiscuous mode [ 323.446267][T15525] veth1_vlan: entered promiscuous mode [ 323.489625][T15525] veth0_macvtap: entered promiscuous mode [ 323.504832][T15525] veth1_macvtap: entered promiscuous mode [ 323.545894][T15525] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 323.564967][T15525] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 323.592021][ T6560] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.608699][ T6560] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.627512][ T6560] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.667396][ T6560] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.752102][ T6560] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 323.777357][ T6560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 323.799275][T15731] gtp0: entered promiscuous mode [ 323.844841][ T6533] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 323.866580][ T6533] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.178720][ T24] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 324.339171][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 324.339283][ T5808] Bluetooth: hci1: command tx timeout [ 324.355694][ T24] usb 6-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 324.388502][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.445738][ T24] usb 6-1: Product: syz [ 324.460339][ T24] usb 6-1: Manufacturer: syz [ 324.482813][ T24] usb 6-1: SerialNumber: syz [ 324.515762][ T24] usb 6-1: config 0 descriptor?? [ 324.794443][ T24] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 325.001812][ T10] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 325.163523][ T10] usb 2-1: config index 0 descriptor too short (expected 60690, got 18) [ 325.172139][ T10] usb 2-1: config 15 has too many interfaces: 102, using maximum allowed: 32 [ 325.181752][ T10] usb 2-1: config 15 has an invalid descriptor of length 224, skipping remainder of the config [ 325.197179][ T10] usb 2-1: config 15 has 0 interfaces, different from the descriptor's value: 102 [ 325.206989][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 325.217255][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.579919][ T10] usb 2-1: string descriptor 0 read error: -71 [ 325.596618][ T10] usb 2-1: USB disconnect, device number 19 [ 325.716280][T15783] netlink: 'syz.6.3972': attribute type 3 has an invalid length. [ 326.083576][ T24] gspca_sunplus: reg_w_riv err -71 [ 326.092565][ T24] sunplus 6-1:0.0: probe with driver sunplus failed with error -71 [ 326.107522][ T24] usb 6-1: USB disconnect, device number 13 [ 326.314700][ T10] hid-generic 0000:0000:0000.002B: unknown main item tag 0x0 [ 326.344206][ T10] hid-generic 0000:0000:0000.002B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 326.562813][ T5812] Bluetooth: hci1: command tx timeout [ 326.736106][T15815] netlink: 'syz.1.3985': attribute type 1 has an invalid length. [ 326.824589][T15820] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3988'. [ 326.854824][T15815] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3985'. [ 326.878752][T15820] lo: Caught tx_queue_len zero misconfig [ 326.915261][T15815] bond9: (slave bridge3): making interface the new active one [ 326.923686][T15815] bond9: (slave bridge3): Enslaving as an active interface with an up link [ 326.993439][ T5812] Bluetooth: hci5: command 0x1003 tx timeout [ 327.000774][ T5808] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 327.086552][ T30] audit: type=1400 audit(1763517363.240:1452): avc: denied { append } for pid=15826 comm="syz.4.3992" name="file0" dev="tmpfs" ino=4413 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 327.753630][T15860] Invalid source name [ 327.761579][T15860] UBIFS error (pid: 15860): cannot open "ubifs", error -22 [ 327.963798][T15863] batman_adv: batadv0: Adding interface: dummy0 [ 327.977942][T15863] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 328.007986][T15863] batman_adv: batadv0: Interface activated: dummy0 [ 328.021974][T15865] batadv0: mtu less than device minimum [ 328.028718][T15865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 328.039690][T15865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 328.050509][T15865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 328.061341][T15865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 328.072154][T15865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 328.082957][T15865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 328.094087][T15865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 328.104967][T15865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 328.115902][T15865] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 328.660923][ T30] audit: type=1400 audit(1763517364.718:1453): avc: denied { mount } for pid=15875 comm="syz.5.4011" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 328.739168][ T30] audit: type=1400 audit(1763517364.793:1454): avc: denied { unmount } for pid=9073 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 328.811962][T15878] netlink: 'syz.6.4012': attribute type 1 has an invalid length. [ 328.829081][T14410] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 328.839839][T15878] netlink: 'syz.6.4012': attribute type 4 has an invalid length. [ 328.847565][T15878] netlink: 9462 bytes leftover after parsing attributes in process `syz.6.4012'. [ 328.968931][T15886] netlink: 'syz.6.4016': attribute type 1 has an invalid length. [ 328.997476][T14410] usb 5-1: unable to get BOS descriptor or descriptor too short [ 329.017565][T14410] usb 5-1: config 1 has an invalid interface number: 2 but max is 1 [ 329.029170][T14410] usb 5-1: config 1 has no interface number 1 [ 329.036319][T14410] usb 5-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 329.051774][T14410] usb 5-1: too many endpoints for config 1 interface 2 altsetting 115: 216, using maximum allowed: 30 [ 329.063332][T14410] usb 5-1: config 1 interface 2 altsetting 115 has 0 endpoint descriptors, different from the interface descriptor's value: 216 [ 329.124575][T14410] usb 5-1: config 1 interface 0 has no altsetting 0 [ 329.138922][T14410] usb 5-1: config 1 interface 2 has no altsetting 0 [ 329.166555][T15889] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4018'. [ 329.184117][T14410] usb 5-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75 [ 329.200336][T14410] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.248354][T14410] usb 5-1: Product: syz [ 329.279098][T14410] usb 5-1: Manufacturer: syz [ 329.283725][T14410] usb 5-1: SerialNumber: syz [ 329.597216][T14410] smsusb:smsusb_probe: board id=8, interface number 0 [ 329.766661][T14410] smsusb:smsusb_probe: board id=8, interface number 2 [ 329.791441][ T30] audit: type=1400 audit(1763517365.765:1455): avc: denied { write } for pid=15898 comm="syz.6.4022" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 329.839296][T14410] usb 5-1: USB disconnect, device number 29 [ 330.031320][T15905] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4025'. [ 330.229709][T15905] bond1: option ad_select: invalid value (20) [ 330.277392][T15905] bond1 (unregistering): Released all slaves [ 330.340170][T15914] sctp: [Deprecated]: syz.1.4029 (pid 15914) Use of struct sctp_assoc_value in delayed_ack socket option. [ 330.340170][T15914] Use struct sctp_sack_info instead [ 330.387188][T15916] netlink: 'syz.4.4030': attribute type 1 has an invalid length. [ 330.518432][T15924] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4030'. [ 330.597535][T15923] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 330.659062][T15923] bond4: (slave batadv1): making interface the new active one [ 330.667546][T15923] bond4: (slave batadv1): Enslaving as an active interface with an up link [ 330.775833][T15924] bond4 (unregistering): (slave batadv1): Releasing active interface [ 330.797009][T15924] bond4 (unregistering): Released all slaves [ 331.391115][T15976] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 331.445525][T15976] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 331.473990][T15976] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 331.523135][T15976] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 331.539622][T15976] batman_adv: batadv0: Interface deactivated: dummy0 [ 331.546654][T15976] batman_adv: batadv0: Removing interface: dummy0 [ 331.950795][T14396] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 332.041105][T16013] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4074'. [ 332.145362][T14396] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 332.165191][T14396] usb 5-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 332.185249][T14396] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.224383][T14396] usb 5-1: config 0 descriptor?? [ 332.262044][T16025] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 332.278673][T16025] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 332.297907][T16025] batman_adv: batadv0: Removing interface: dummy0 [ 332.410624][ T10] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 332.415611][T16029] syz_tun: entered allmulticast mode [ 332.429083][T16028] syz_tun: left allmulticast mode [ 332.465462][T14396] usbhid 5-1:0.0: can't add hid device: -71 [ 332.478179][T14396] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 332.512707][T14396] usb 5-1: USB disconnect, device number 30 [ 332.531258][T16019] futex_wake_op: syz.3.4077 tries to shift op by -1; fix this program [ 332.626393][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 332.647676][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 332.658996][T16034] SELinux: security_context_str_to_sid (syste_uÝGĐą ‰:˙) failed with errno=-22 [ 332.668070][ T30] audit: type=1400 audit(1763550142.463:1456): avc: denied { remount } for pid=16031 comm="syz.6.4084" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 332.698523][ T10] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 332.718873][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.734483][ T10] usb 6-1: config 0 descriptor?? [ 333.204918][ T10] cp2112 0003:10C4:EA90.002C: unknown main item tag 0x0 [ 333.211918][ T10] cp2112 0003:10C4:EA90.002C: unknown main item tag 0x0 [ 333.249084][ T10] cp2112 0003:10C4:EA90.002C: unknown main item tag 0x0 [ 333.256291][ T10] cp2112 0003:10C4:EA90.002C: unknown main item tag 0x0 [ 333.263262][ T10] cp2112 0003:10C4:EA90.002C: unknown main item tag 0x0 [ 333.273087][ T10] cp2112 0003:10C4:EA90.002C: unknown main item tag 0x0 [ 333.283141][ T10] cp2112 0003:10C4:EA90.002C: unknown main item tag 0x0 [ 333.456232][ T10] cp2112 0003:10C4:EA90.002C: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0 [ 333.624349][ T10] cp2112 0003:10C4:EA90.002C: Part Number: 0x00 Device Version: 0x00 [ 333.936986][ T30] audit: type=1400 audit(1763550143.651:1457): avc: denied { listen } for pid=16083 comm="syz.6.4108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 334.283302][ T10] cp2112 0003:10C4:EA90.002C: error reading lock byte: -71 [ 334.386309][ T10] usb 6-1: USB disconnect, device number 14 [ 335.104506][ T30] audit: type=1326 audit(1763550144.736:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16108 comm="syz.4.4121" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fecb2b8f6c9 code=0x0 [ 335.568859][T16140] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4135'. [ 336.735252][T16205] SELinux: Context system_u:object_r:pam_console_exec_t:s0 is not valid (left unmapped). [ 336.748986][ T30] audit: type=1400 audit(1763550146.270:1459): avc: denied { relabelfrom } for pid=16203 comm="syz.1.4168" name="TCPv6" dev="sockfs" ino=57556 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 336.797273][ T30] audit: type=1400 audit(1763550146.289:1460): avc: denied { relabelto } for pid=16203 comm="syz.1.4168" name="TCPv6" dev="sockfs" ino=57556 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=tcp_socket permissive=1 trawcon="system_u:object_r:pam_console_exec_t:s0" [ 337.090650][ T30] audit: type=1400 audit(1763550146.598:1461): avc: denied { mounton } for pid=16230 comm="syz.6.4179" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 337.864854][T16248] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4187'. [ 337.905550][T16248] sch_tbf: burst 88 is lower than device veth3 mtu (1514) ! [ 338.695391][T16273] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4200'. [ 338.746994][ T30] audit: type=1400 audit(1763550148.150:1462): avc: denied { module_load } for pid=16274 comm="syz.1.4199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 338.747089][T16275] Invalid ELF header type: 2 != 1 [ 339.475347][ T30] audit: type=1326 audit(1763550148.824:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16311 comm="syz.1.4217" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7a1d8f6c9 code=0x0 [ 339.517352][T16222] kexec: Could not allocate control_code_buffer [ 339.622153][ T30] audit: type=1400 audit(1763550148.964:1464): avc: denied { listen } for pid=16319 comm="syz.3.4221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 339.691560][ T5925] Process accounting resumed [ 339.817567][ T30] audit: type=1400 audit(1763550149.151:1465): avc: denied { append } for pid=16330 comm="syz.4.4226" name="usbmon1" dev="devtmpfs" ino=717 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 340.562886][T16357] smc: net device ip6tnl0 applied user defined pnetid SYZ1 [ 340.851509][T16375] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4245'. [ 340.877458][T16375] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4245'. [ 341.228333][ T30] audit: type=1400 audit(1763550150.470:1466): avc: denied { create } for pid=16390 comm="syz.6.4253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 341.251901][ T30] audit: type=1400 audit(1763550150.470:1467): avc: denied { ioctl } for pid=16390 comm="syz.6.4253" path="socket:[58430]" dev="sockfs" ino=58430 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 341.311261][ T30] audit: type=1400 audit(1763550150.470:1468): avc: denied { bind } for pid=16390 comm="syz.6.4253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 343.454108][T16467] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4290'. [ 343.971417][T16492] trusted_key: encrypted_key: insufficient parameters specified [ 344.553507][T16536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4318'. [ 345.988889][T16571] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4335'. [ 346.306857][T16591] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4345'. [ 346.411025][T16594] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4347'. [ 347.441826][T16647] futex_wake_op: syz.5.4373 tries to shift op by 32; fix this program [ 348.219296][T16693] net_ratelimit: 51 callbacks suppressed [ 348.219313][T16693] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 348.324406][ T30] audit: type=1400 audit(1763550157.112:1469): avc: denied { read } for pid=16696 comm="syz.5.4398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 349.029023][ T30] audit: type=1400 audit(1763550157.766:1470): avc: denied { create } for pid=16728 comm="syz.6.4411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 349.058643][ T30] audit: type=1400 audit(1763550157.766:1471): avc: denied { bind } for pid=16728 comm="syz.6.4411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 349.098135][T16732] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 349.109237][ T30] audit: type=1400 audit(1763550157.850:1472): avc: denied { relabelto } for pid=16731 comm="syz.6.4412" name="94" dev="tmpfs" ino=549 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 349.136071][T16697] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 349.186864][ T30] audit: type=1400 audit(1763550157.850:1473): avc: denied { associate } for pid=16731 comm="syz.6.4412" name="94" dev="tmpfs" ino=549 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0" [ 349.246209][ T30] audit: type=1400 audit(1763550157.888:1474): avc: denied { remove_name } for pid=15525 comm="syz-executor" name="blkio.bfq.group_wait_time" dev="tmpfs" ino=554 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 349.325951][ T30] audit: type=1400 audit(1763550157.888:1475): avc: denied { rmdir } for pid=15525 comm="syz-executor" name="94" dev="tmpfs" ino=549 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 349.470152][T16750] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4419'. [ 349.617666][T16763] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4424'. [ 350.798350][T16806] netlink: 148 bytes leftover after parsing attributes in process `syz.5.4443'. [ 350.845369][T16806] netlink: 56 bytes leftover after parsing attributes in process `syz.5.4443'. [ 350.885824][T16806] netlink: 'syz.5.4443': attribute type 1 has an invalid length. [ 351.112714][ T5808] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 351.122421][ T5808] Bluetooth: hci3: Injecting HCI hardware error event [ 351.132428][ T5808] Bluetooth: hci3: hardware error 0x00 [ 351.203431][T16828] uprobe: syz.5.4455:16828 failed to unregister, leaking uprobe [ 351.599116][T16848] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 352.334509][T16876] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4476'. [ 353.442867][ T5808] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 353.496140][T16914] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 353.954288][T16934] netlink: 'syz.4.4500': attribute type 1 has an invalid length. [ 353.967185][T16934] netlink: 'syz.4.4500': attribute type 4 has an invalid length. [ 353.975561][T16934] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.4500'. [ 353.986643][T16934] netlink: 'syz.4.4500': attribute type 1 has an invalid length. [ 353.994375][T16934] netlink: 'syz.4.4500': attribute type 4 has an invalid length. [ 354.027264][T16934] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.4500'. [ 354.106964][T16940] smc: net device applied user defined pnetid SYZ1 [ 354.522503][T16967] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4515'. [ 354.551645][T16967] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4515'. [ 354.605132][ T10] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 354.775595][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 354.782689][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 354.813076][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 354.829032][ T10] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 354.838584][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.849821][ T10] usb 5-1: config 0 descriptor?? [ 355.035379][T17005] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17005 comm=syz.1.4531 [ 355.316718][ T10] ft260 0003:0403:6030.002D: unknown main item tag 0x7 [ 355.534309][ T10] ft260 0003:0403:6030.002D: chip code: 6424 8183 [ 355.748783][ T10] ft260 0003:0403:6030.002D: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.4-1/input0 [ 355.963740][ T10] ft260 0003:0403:6030.002D: failed to retrieve status: -32, no wakeup [ 355.978445][ T10] ft260 0003:0403:6030.002D: i2c bus error: 0xe [ 356.438571][T14410] usb 5-1: USB disconnect, device number 31 [ 356.682687][ T30] audit: type=1326 audit(1763550164.931:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17074 comm="syz.6.4565" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x0 [ 357.562883][T17132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4588'. [ 358.817971][ T30] audit: type=1326 audit(1763550166.905:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17163 comm="syz.3.4602" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd6b2f8f6c9 code=0x0 [ 358.987089][T17170] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4605'. [ 360.390957][T17249] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4644'. [ 360.640181][ T30] audit: type=1326 audit(1763550168.626:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17263 comm="syz.1.4651" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7a1d8f6c9 code=0x0 [ 361.382441][T14396] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 361.483735][ T30] audit: type=1400 audit(1763550169.421:1479): avc: denied { view } for pid=17317 comm="syz.3.4675" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 361.544480][T14396] usb 6-1: Using ep0 maxpacket: 32 [ 361.558750][T14396] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 361.577423][T14396] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 361.598922][T14396] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 361.619501][T14396] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 361.640571][ T30] audit: type=1400 audit(1763550169.571:1480): avc: denied { getopt } for pid=17327 comm="syz.6.4680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 361.649213][T14396] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 361.680586][T14396] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 361.713410][T14396] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 361.749283][T14396] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.778276][T14396] usb 6-1: config 0 descriptor?? [ 362.042314][T14396] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 362.120034][T14396] usb 6-1: USB disconnect, device number 15 [ 362.136219][T14396] usblp0: removed [ 362.328956][T17363] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 362.446485][T17371] overlayfs: empty lowerdir [ 362.769492][ T30] audit: type=1400 audit(1763550170.619:1481): avc: denied { nosuid_transition } for pid=17380 comm="syz.3.4705" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1 [ 362.843400][ T30] audit: type=1400 audit(1763550170.619:1482): avc: denied { transition } for pid=17380 comm="syz.3.4705" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 362.943272][ T30] audit: type=1400 audit(1763550170.619:1483): avc: denied { entrypoint } for pid=17380 comm="syz.3.4705" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1119 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 363.006791][ T30] audit: type=1400 audit(1763550170.619:1484): avc: denied { share } for pid=17380 comm="syz.3.4705" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 363.042727][ T30] audit: type=1400 audit(1763550170.628:1485): avc: denied { noatsecure } for pid=17380 comm="syz.3.4705" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 364.012972][ T30] audit: type=1326 audit(1780327616.784:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17461 comm="syz.5.4743" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f811ef8f6c9 code=0x0 [ 364.778899][T17495] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4754'. [ 364.803073][T17495] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4754'. [ 365.370356][ T30] audit: type=1326 audit(1780327618.056:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17504 comm="syz.6.4758" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x0 [ 367.626247][T17552] random: crng reseeded on system resumption [ 367.633683][ T30] audit: type=1400 audit(1780327620.161:1488): avc: denied { write } for pid=17551 comm="syz.6.4789" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 367.723812][ T30] audit: type=1400 audit(1780327620.170:1489): avc: denied { open } for pid=17551 comm="syz.6.4789" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 368.685285][ T30] audit: type=1326 audit(1780327621.161:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17582 comm="syz.6.4793" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x0 [ 368.802219][T17589] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4796'. [ 368.822906][ T30] audit: type=1400 audit(1780327621.274:1491): avc: denied { setattr } for pid=17586 comm="syz.3.4795" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 368.849532][T17589] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4796'. [ 369.168595][T17603] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4803'. [ 369.528490][ T5925] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 369.636835][T17623] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4812'. [ 369.689988][T14396] libceph: connect (1)[c::]:6789 error -97 [ 369.696148][T14396] libceph: mon0 (1)[c::]:6789 connect error [ 369.713796][ T5925] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 369.793279][ T5925] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 369.814744][T17625] ceph: No mds server is up or the cluster is laggy [ 369.842612][ T5925] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 369.880126][ T5925] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 369.943463][ T5925] usb 7-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 369.963575][ T5925] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.983734][ T5925] usb 7-1: Product: syz [ 369.988428][ T5925] usb 7-1: Manufacturer: syz [ 369.993077][ T5925] usb 7-1: SerialNumber: syz [ 370.020787][ T5925] usb 7-1: config 0 descriptor?? [ 370.323228][ T5925] adutux 7-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 370.345364][T17640] netlink: 'syz.5.4819': attribute type 4 has an invalid length. [ 370.385683][T17640] netlink: 'syz.5.4819': attribute type 4 has an invalid length. [ 370.564077][T14396] usb 7-1: USB disconnect, device number 2 [ 370.784431][T17606] adutux: No device or device unplugged -19 [ 371.126172][T17686] netlink: 'syz.5.4836': attribute type 1 has an invalid length. [ 371.134687][T17686] netlink: 'syz.5.4836': attribute type 4 has an invalid length. [ 371.142741][T17686] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.4836'. [ 371.157223][T17686] netlink: 'syz.5.4836': attribute type 1 has an invalid length. [ 371.165850][T17686] netlink: 'syz.5.4836': attribute type 4 has an invalid length. [ 371.173904][T17686] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.4836'. [ 371.359454][T17693] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4840'. [ 371.780842][ T30] audit: type=1400 audit(1780327624.052:1492): avc: denied { node_bind } for pid=17706 comm="syz.5.4847" saddr=127.0.0.1 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 371.941999][T17716] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4849'. [ 371.983744][T17716] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4849'. [ 372.733897][ T30] audit: type=1400 audit(1780327624.941:1493): avc: denied { read } for pid=17738 comm="syz.5.4860" path="socket:[62338]" dev="sockfs" ino=62338 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 373.291145][T14410] delete_channel: no stack [ 373.942898][T17776] SELinux: Context ϧ is not valid (left unmapped). [ 374.140309][T17786] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4882'. [ 374.365150][T17796] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4885'. [ 374.619466][T17807] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4890'. [ 375.504091][T17846] netlink: 2028 bytes leftover after parsing attributes in process `syz.5.4905'. [ 375.538795][T17846] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4905'. [ 376.863068][ T30] audit: type=1400 audit(1780327628.795:1494): avc: denied { setopt } for pid=17926 comm="syz.1.4942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 377.533651][ T30] audit: type=1400 audit(1780327629.431:1495): avc: denied { cmd } for pid=17954 comm="syz.5.4955" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=io_uring permissive=1 [ 378.695464][T17979] input: syz1 as /devices/virtual/input/input54 [ 380.440318][T14410] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 380.649472][T14410] usb 4-1: Using ep0 maxpacket: 16 [ 380.667294][T14410] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 380.687004][T14410] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 380.710145][T14410] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 380.743322][T14410] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 380.782173][T14410] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 380.811187][T14410] usb 4-1: Product: syz [ 380.819376][T14410] usb 4-1: Manufacturer: syz [ 380.825067][T14410] usb 4-1: SerialNumber: syz [ 381.042262][T18051] __nla_validate_parse: 4 callbacks suppressed [ 381.042278][T18051] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4997'. [ 381.083148][T18051] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4997'. [ 381.306564][T14410] usb 4-1: 0:2 : does not exist [ 381.684512][ T5808] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 381.694352][ T5808] CPU: 0 UID: 0 PID: 5808 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) [ 381.694384][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 381.694398][ T5808] Workqueue: hci4 hci_rx_work [ 381.694420][ T5808] Call Trace: [ 381.694426][ T5808] [ 381.694433][ T5808] dump_stack_lvl+0x16c/0x1f0 [ 381.694455][ T5808] sysfs_warn_dup+0x7f/0xa0 [ 381.694480][ T5808] sysfs_create_dir_ns+0x24b/0x2b0 [ 381.694505][ T5808] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 381.694525][ T5808] ? find_held_lock+0x2b/0x80 [ 381.694552][ T5808] ? do_raw_spin_unlock+0x172/0x230 [ 381.694574][ T5808] kobject_add_internal+0x2c4/0x9b0 [ 381.694600][ T5808] kobject_add+0x16e/0x240 [ 381.694619][ T5808] ? __pfx_kobject_add+0x10/0x10 [ 381.694640][ T5808] ? do_raw_spin_unlock+0x172/0x230 [ 381.694659][ T5808] ? kobject_put+0xab/0x5a0 [ 381.694684][ T5808] device_add+0x288/0x1aa0 [ 381.694708][ T5808] ? __pfx_dev_set_name+0x10/0x10 [ 381.694733][ T5808] ? __pfx_device_add+0x10/0x10 [ 381.694755][ T5808] ? mgmt_send_event_skb+0x2fb/0x460 [ 381.694789][ T5808] hci_conn_add_sysfs+0x17e/0x230 [ 381.694807][ T5808] le_conn_complete_evt+0x1260/0x2150 [ 381.694839][ T5808] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 381.694865][ T5808] ? hci_event_packet+0x459/0x11c0 [ 381.694899][ T5808] hci_le_conn_complete_evt+0x23c/0x370 [ 381.694930][ T5808] hci_le_meta_evt+0x357/0x5e0 [ 381.694944][ T5808] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 381.694971][ T5808] hci_event_packet+0x685/0x11c0 [ 381.694997][ T5808] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 381.695015][ T5808] ? __pfx_hci_event_packet+0x10/0x10 [ 381.695044][ T5808] ? kcov_remote_start+0x3c9/0x6d0 [ 381.695067][ T5808] ? lockdep_hardirqs_on+0x7c/0x110 [ 381.695089][ T5808] hci_rx_work+0x2c5/0x16b0 [ 381.695106][ T5808] ? rcu_is_watching+0x12/0xc0 [ 381.695134][ T5808] process_one_work+0x9cf/0x1b70 [ 381.695165][ T5808] ? __pfx_process_one_work+0x10/0x10 [ 381.695193][ T5808] ? assign_work+0x1a0/0x250 [ 381.695214][ T5808] worker_thread+0x6c8/0xf10 [ 381.695243][ T5808] ? __pfx_worker_thread+0x10/0x10 [ 381.695262][ T5808] kthread+0x3c5/0x780 [ 381.695281][ T5808] ? __pfx_kthread+0x10/0x10 [ 381.695300][ T5808] ? rcu_is_watching+0x12/0xc0 [ 381.695323][ T5808] ? __pfx_kthread+0x10/0x10 [ 381.695342][ T5808] ret_from_fork+0x675/0x7d0 [ 381.695357][ T5808] ? __pfx_kthread+0x10/0x10 [ 381.695375][ T5808] ret_from_fork_asm+0x1a/0x30 [ 381.695421][ T5808] [ 381.695446][ T5808] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 381.950119][ T5808] Bluetooth: hci4: failed to register connection device [ 382.033143][T18082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 382.154826][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 382.577316][T18099] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5016'. [ 382.642937][T14410] usb 4-1: 1:0: failed to get current value for ch 0 (-22) [ 382.689614][T14410] usb 4-1: USB disconnect, device number 30 [ 383.639205][ T5925] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 383.720821][ T30] audit: type=1326 audit(1780327635.221:1496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18153 comm="syz.3.5043" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7fd6b2f86567 code=0x0 [ 383.832864][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 383.860857][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 383.893699][ T5925] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 383.917294][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.937645][ T5925] usb 6-1: config 0 descriptor?? [ 384.347745][T18165] netlink: 'syz.4.5048': attribute type 4 has an invalid length. [ 384.421696][ T5925] cp2112 0003:10C4:EA90.002E: unknown main item tag 0x0 [ 384.445076][ T5925] cp2112 0003:10C4:EA90.002E: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0 [ 384.623759][ T5925] cp2112 0003:10C4:EA90.002E: Part Number: 0x82 Device Version: 0xFE [ 385.041128][T18201] overlayfs: failed to clone upperpath [ 385.269047][ T5925] cp2112 0003:10C4:EA90.002E: error reading lock byte: -71 [ 385.291815][ T5925] usb 6-1: USB disconnect, device number 16 [ 386.109219][T18224] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.5076'. [ 386.662829][T18264] xt_hashlimit: size too large, truncated to 1048576 [ 386.821764][T18272] netlink: 'syz.5.5096': attribute type 4 has an invalid length. [ 387.346998][T18301] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5106'. [ 387.359707][ T30] audit: type=1400 audit(1780327638.617:1497): avc: denied { mounton } for pid=18299 comm="syz.4.5108" path="/syzcgroup/unified/syz4" dev="cgroup2" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 387.369407][T18300] qnx4: no qnx4 filesystem (no root dir). [ 387.947170][ T5884] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 388.152678][ T5884] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.183133][ T5884] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.257276][ T5884] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 388.299833][ T5884] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 388.341646][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.375415][ T5884] usb 4-1: config 0 descriptor?? [ 388.781331][T18351] syzkaller1: entered promiscuous mode [ 388.808469][T18351] syzkaller1: entered allmulticast mode [ 388.851511][ T5884] plantronics 0003:047F:FFFF.002F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 388.931674][T18359] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5135'. [ 388.990243][T18362] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5135'. [ 389.999559][ T5925] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 390.160119][ T5925] usb 7-1: device descriptor read/64, error -71 [ 390.216929][ C1] plantronics 0003:047F:FFFF.002F: usb_submit_urb(ctrl) failed: -1 [ 391.091206][ T5884] usb 4-1: USB disconnect, device number 31 [ 391.141596][T18374] kexec: Could not allocate control_code_buffer [ 391.407684][T18428] can: request_module (can-proto-0) failed. [ 392.736346][ T9] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 392.780029][T18478] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5183'. [ 392.918218][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 392.926900][ T9] usb 4-1: config 0 has an invalid interface number: 219 but max is 0 [ 392.937451][ T9] usb 4-1: config 0 has no interface number 0 [ 392.980489][ T9] usb 4-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9 [ 392.990045][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.998166][ T9] usb 4-1: Product: syz [ 393.003664][ T9] usb 4-1: Manufacturer: syz [ 393.008589][ T9] usb 4-1: SerialNumber: syz [ 393.029553][ T9] usb 4-1: config 0 descriptor?? [ 393.132725][ T30] audit: type=1326 audit(1780327644.015:1498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18496 comm="syz.6.5192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 393.156665][ T30] audit: type=1326 audit(1780327644.015:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18496 comm="syz.6.5192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 393.180662][ T30] audit: type=1326 audit(1780327644.052:1500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18496 comm="syz.6.5192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=120 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 393.206745][T14410] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 393.246768][ T30] audit: type=1326 audit(1780327644.052:1501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18496 comm="syz.6.5192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 393.302777][ T30] audit: type=1326 audit(1780327644.052:1502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18496 comm="syz.6.5192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 393.414000][T14410] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 393.429139][T14410] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 393.447680][ T9] etas_es58x 4-1:0.219: Starting syz syz (Serial Number syz) [ 393.464272][T14410] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 393.465995][ T9] usb 4-1: USB disconnect, device number 32 [ 393.499037][T14410] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 393.519092][T14410] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.557164][T14410] usb 6-1: config 0 descriptor?? [ 393.762619][ T30] audit: type=1800 audit(1780327644.623:1503): pid=18517 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.5201" name="bus" dev="tmpfs" ino=2 res=0 errno=0 [ 394.008087][T14410] plantronics 0003:047F:FFFF.0030: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 394.275171][ T30] audit: type=1400 audit(1780327645.090:1504): avc: denied { ioctl } for pid=18527 comm="syz.6.5207" path="socket:[65759]" dev="sockfs" ino=65759 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 394.359939][T14410] usb 6-1: USB disconnect, device number 17 [ 394.409472][T18536] netlink: 88 bytes leftover after parsing attributes in process `syz.6.5209'. [ 394.501921][T18538] syz.6.5211 (18538): attempted to duplicate a private mapping with mremap. This is not supported. [ 395.059940][T18554] netlink: 'syz.6.5218': attribute type 63 has an invalid length. [ 395.096468][T18554] netlink: 5 bytes leftover after parsing attributes in process `syz.6.5218'. [ 395.137836][ T6539] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 395.173701][ T6539] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.221521][ T6539] netdevsim netdevsim3 eth0: unset [1, 1] type 2 family 0 port 57744 - 0 [ 395.232621][ T6539] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 395.242632][ T6539] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.252369][ T6539] netdevsim netdevsim3 eth1: unset [1, 1] type 2 family 0 port 57744 - 0 [ 395.261828][T18563] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5220'. [ 395.314625][T18554] gretap0: entered allmulticast mode [ 395.320191][T18554] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 395.408993][ T6539] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 395.433687][ T6539] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.483594][ T6539] netdevsim netdevsim3 eth2: unset [1, 1] type 2 family 0 port 57744 - 0 [ 395.566827][ T6539] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 395.602634][ T6539] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.624173][ T6539] netdevsim netdevsim3 eth3: unset [1, 1] type 2 family 0 port 57744 - 0 [ 395.729780][T18563] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5220'. [ 395.967919][T18587] tipc: Started in network mode [ 395.973028][T18587] tipc: Node identity 4a4adf380f, cluster identity 4711 [ 395.988534][T18587] tipc: Enabled bearer , priority 0 [ 396.008315][T18587] syzkaller0: MTU too low for tipc bearer [ 396.014057][T18587] tipc: Disabling bearer [ 396.277957][T18601] trusted_key: encrypted_key: master key parameter '' is invalid [ 396.541391][T18616] xt_l2tp: v2 sid > 0xffff: 117440512 [ 396.901992][T18627] overlayfs: missing 'lowerdir' [ 397.454318][T18645] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5259'. [ 397.632244][ T5925] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 397.826881][ T5925] usb 7-1: unable to get BOS descriptor or descriptor too short [ 397.837549][ T5925] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 397.871054][ T5925] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 397.933050][ T5925] usb 7-1: New USB device found, idVendor=056a, idProduct=0101, bcdDevice= 0.40 [ 397.942109][ T5925] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.973931][ T5925] usb 7-1: Product: syz [ 397.984946][ T5925] usb 7-1: Manufacturer: syz [ 397.989556][ T5925] usb 7-1: SerialNumber: syz [ 398.008866][T18641] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 398.213507][T18681] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5276'. [ 398.282417][ T30] audit: type=1326 audit(1780327648.842:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18685 comm="syz.3.5278" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd6b2f8f6c9 code=0x0 [ 398.295413][ T5925] usbhid 7-1:1.0: can't add hid device: -71 [ 398.333735][ T5925] usbhid 7-1:1.0: probe with driver usbhid failed with error -71 [ 398.355176][T18687] macvlan2: entered promiscuous mode [ 398.356043][ T5925] usb 7-1: USB disconnect, device number 5 [ 398.423396][T18687] macvlan2: entered allmulticast mode [ 398.442965][T18687] bond10: entered promiscuous mode [ 398.449486][T18687] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 398.464138][T18687] bond10: left promiscuous mode [ 398.489477][T18691] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5277'. [ 398.685916][T18691] hsr_slave_1 (unregistering): left promiscuous mode [ 398.798037][T18705] netlink: 136 bytes leftover after parsing attributes in process `syz.5.5285'. [ 398.809585][T18705] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 399.154079][T18721] netlink: 'syz.6.5292': attribute type 1 has an invalid length. [ 399.820533][T18755] x_tables: unsorted entry at hook 2 [ 400.149896][T18779] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5318'. [ 400.234740][ T6529] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.243350][T18781] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5320'. [ 400.260302][ T6529] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.377566][T18789] xt_CT: You must specify a L4 protocol and not use inversions on it [ 400.533392][T18807] netlink: 68 bytes leftover after parsing attributes in process `syz.5.5332'. [ 400.776011][T18815] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 401.946999][T18845] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.954544][T18845] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.217473][T18884] netlink: 148 bytes leftover after parsing attributes in process `syz.3.5370'. [ 402.407232][ T30] audit: type=1326 audit(1780327652.696:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18892 comm="syz.3.5372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6b2f8f6c9 code=0x7ffc0000 [ 402.473870][ T30] audit: type=1326 audit(1780327652.696:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18892 comm="syz.3.5372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6b2f8f6c9 code=0x7ffc0000 [ 402.524346][ T30] audit: type=1326 audit(1780327652.696:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18892 comm="syz.3.5372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fd6b2f8f6c9 code=0x7ffc0000 [ 402.613927][ T30] audit: type=1326 audit(1780327652.696:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18892 comm="syz.3.5372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6b2f8f6c9 code=0x7ffc0000 [ 402.699617][ T30] audit: type=1326 audit(1780327652.696:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18892 comm="syz.3.5372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6b2f8f6c9 code=0x7ffc0000 [ 402.726674][T18902] IPv6: NLM_F_CREATE should be specified when creating new route [ 402.762164][ T30] audit: type=1326 audit(1780327652.696:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18892 comm="syz.3.5372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fd6b2f8f6c9 code=0x7ffc0000 [ 402.795891][ T30] audit: type=1326 audit(1780327652.696:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18892 comm="syz.3.5372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6b2f8f6c9 code=0x7ffc0000 [ 402.848268][T18845] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 402.867355][T18905] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 402.888205][ T30] audit: type=1326 audit(1780327652.696:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18892 comm="syz.3.5372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6b2f8f6c9 code=0x7ffc0000 [ 402.938007][T18845] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 402.955804][ T30] audit: type=1326 audit(1780327652.696:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18892 comm="syz.3.5372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd6b2f8f6c9 code=0x7ffc0000 [ 403.007131][ T30] audit: type=1326 audit(1780327652.696:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18892 comm="syz.3.5372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6b2f8f6c9 code=0x7ffc0000 [ 403.086259][T18911] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 403.100507][T18911] overlayfs: overlapping lowerdir path [ 403.598639][ T6560] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.621140][ T6560] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.665965][ T12] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.683647][ T12] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.701848][T18939] netlink: 68 bytes leftover after parsing attributes in process `syz.5.5402'. [ 404.059301][ T5925] usb 6-1: new full-speed USB device number 18 using dummy_hcd [ 404.261916][ T5925] usb 6-1: unable to get BOS descriptor or descriptor too short [ 404.271979][ T5925] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 404.286352][ T5925] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 404.316184][ T5925] usb 6-1: New USB device found, idVendor=056a, idProduct=0101, bcdDevice= 0.40 [ 404.326124][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.334133][ T5925] usb 6-1: Product: syz [ 404.360045][ T5925] usb 6-1: Manufacturer: syz [ 404.364673][ T5925] usb 6-1: SerialNumber: syz [ 404.376399][T18947] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 404.433215][T18994] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5419'. [ 404.632808][ T5925] usbhid 6-1:1.0: can't add hid device: -71 [ 404.647908][T19006] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5424'. [ 404.648352][ T5925] usbhid 6-1:1.0: probe with driver usbhid failed with error -71 [ 404.673170][T19006] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5424'. [ 404.681856][ T5925] usb 6-1: USB disconnect, device number 18 [ 404.953642][T19030] netlink: 'syz.3.5435': attribute type 63 has an invalid length. [ 404.962495][T19030] netlink: 5 bytes leftover after parsing attributes in process `syz.3.5435'. [ 404.971938][T19030] gretap0: entered allmulticast mode [ 404.978669][T19030] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 405.157485][T19044] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5441'. [ 405.282224][T19050] netlink: 76 bytes leftover after parsing attributes in process `syz.3.5444'. [ 405.329451][ T5925] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 405.511397][ T5925] usb 5-1: Using ep0 maxpacket: 16 [ 405.517323][T19065] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5451'. [ 405.518679][ T5925] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 405.540957][ T5925] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 405.551065][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.559598][ T5925] usb 5-1: Product: syz [ 405.563917][ T5925] usb 5-1: Manufacturer: syz [ 405.569605][ T5925] usb 5-1: SerialNumber: syz [ 405.577308][ T5925] usb 5-1: config 0 descriptor?? [ 405.597611][ T5925] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 405.607802][ T5925] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 405.906369][T19088] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 406.156503][T19106] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5471'. [ 406.256756][ T5925] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 406.477263][T19124] netlink: 5 bytes leftover after parsing attributes in process `syz.5.5480'. [ 406.492608][T19124] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 406.727502][T19142] 8021q: VLANs not supported on gre0 [ 406.919246][ T5925] em28xx 5-1:0.0: board has no eeprom [ 407.200147][ T5925] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 407.226638][ T5925] em28xx 5-1:0.0: dvb set to bulk mode. [ 407.232311][ T9] em28xx 5-1:0.0: Binding DVB extension [ 407.250462][ T5925] usb 5-1: USB disconnect, device number 32 [ 407.266418][ T5925] em28xx 5-1:0.0: Disconnecting em28xx [ 407.292232][ T9] em28xx 5-1:0.0: Registering input extension [ 407.324564][ T5925] em28xx 5-1:0.0: Closing input extension [ 407.412611][ T5925] em28xx 5-1:0.0: Freeing device [ 407.775192][T19200] x_tables: duplicate underflow at hook 2 [ 408.108379][ T5925] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 408.279939][ T5925] usb 7-1: Using ep0 maxpacket: 32 [ 408.329270][ T5925] usb 7-1: config 0 has an invalid interface number: 89 but max is 0 [ 408.450365][ T5925] usb 7-1: config 0 has no interface number 0 [ 408.456584][ T5925] usb 7-1: config 0 interface 89 has no altsetting 0 [ 408.494751][ T5925] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 408.531765][ T5925] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.600481][ T5925] usb 7-1: Product: syz [ 408.610984][ T5925] usb 7-1: Manufacturer: syz [ 408.671714][ T5925] usb 7-1: SerialNumber: syz [ 408.756566][ T5925] usb 7-1: config 0 descriptor?? [ 408.776532][ T5925] em28xx 7-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 408.801129][ T5925] em28xx 7-1:0.89: Video interface 89 found: bulk [ 408.881464][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 408.881474][ T30] audit: type=1804 audit(1780327658.757:1531): pid=19254 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.5541" name="file0" dev="tmpfs" ino=6532 res=1 errno=0 [ 408.925637][T19254] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1 [ 408.946934][T19254] ref_ctr increment failed for inode: 0x1984 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88805645a040 [ 409.206491][T19258] __nla_validate_parse: 2 callbacks suppressed [ 409.206509][T19258] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5543'. [ 409.333978][T19262] xt_CT: You must specify a L4 protocol and not use inversions on it [ 409.342203][T19264] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 409.495454][ T5925] em28xx 7-1:0.89: unknown em28xx chip ID (0) [ 409.553876][T19276] binder: Unknown parameter 'contextĚ' [ 409.756384][T19289] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5557'. [ 409.772884][T19289] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5557'. [ 410.702385][ T5925] em28xx 7-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 410.718998][ T5925] em28xx 7-1:0.89: board has no eeprom [ 410.812935][ T5925] em28xx 7-1:0.89: Identified as Terratec Grabby (card=67) [ 410.864801][ T5925] em28xx 7-1:0.89: analog set to bulk mode. [ 410.896923][ T9] em28xx 7-1:0.89: Registering V4L2 extension [ 410.916679][ T5925] usb 7-1: USB disconnect, device number 6 [ 410.933607][ T5925] em28xx 7-1:0.89: Disconnecting em28xx [ 411.054091][ T9] em28xx 7-1:0.89: Config register raw data: 0xffffffed [ 411.084035][ T9] em28xx 7-1:0.89: AC97 chip type couldn't be determined [ 411.094906][ T9] em28xx 7-1:0.89: No AC97 audio processor [ 411.123382][ T9] usb 7-1: Decoder not found [ 411.128047][ T9] em28xx 7-1:0.89: failed to create media graph [ 411.144434][ T9] em28xx 7-1:0.89: V4L2 device video103 deregistered [ 411.185145][ T9] em28xx 7-1:0.89: Registering snapshot button... [ 411.215908][ T9] input: em28xx snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.89/input/input57 [ 411.307140][ T9] em28xx 7-1:0.89: Remote control support is not available for this card. [ 411.318959][T19332] netlink: 140 bytes leftover after parsing attributes in process `syz.6.5578'. [ 411.356694][ T5925] em28xx 7-1:0.89: Closing input extension [ 411.391435][ T5925] em28xx 7-1:0.89: Deregistering snapshot button [ 411.521929][ T5925] em28xx 7-1:0.89: Freeing device [ 411.635177][T19351] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5585'. [ 411.681885][T19356] netlink: 'syz.4.5588': attribute type 1 has an invalid length. [ 411.689991][T19356] netlink: 72 bytes leftover after parsing attributes in process `syz.4.5588'. [ 411.821638][T19364] netlink: 'syz.1.5592': attribute type 8 has an invalid length. [ 412.016751][T19382] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 412.088896][T19387] netlink: 17 bytes leftover after parsing attributes in process `syz.6.5601'. [ 413.009907][T19456] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5632'. [ 413.241042][T19473] trusted_key: encrypted_key: keylen parameter is missing [ 413.702870][ T30] audit: type=1400 audit(1780327663.266:1532): avc: denied { write } for pid=19507 comm="syz.3.5659" lport=44611 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 413.786628][ T30] audit: type=1400 audit(1780327663.294:1533): avc: denied { setopt } for pid=19507 comm="syz.3.5659" lport=44611 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 413.883285][T19524] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5663'. [ 414.011101][T19532] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5671'. [ 414.035654][T19535] SELinux: security_context_str_to_sid () failed with errno=-22 [ 414.093748][T19541] syz.4.5674: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 414.138464][T19541] CPU: 0 UID: 0 PID: 19541 Comm: syz.4.5674 Not tainted syzkaller #0 PREEMPT(full) [ 414.138491][T19541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 414.138502][T19541] Call Trace: [ 414.138510][T19541] [ 414.138517][T19541] dump_stack_lvl+0x16c/0x1f0 [ 414.138542][T19541] warn_alloc+0x248/0x3a0 [ 414.138573][T19541] ? __pfx_warn_alloc+0x10/0x10 [ 414.138599][T19541] ? __pfx_stack_trace_save+0x10/0x10 [ 414.138637][T19541] ? kasan_save_stack+0x42/0x60 [ 414.138655][T19541] ? kasan_save_stack+0x33/0x60 [ 414.138671][T19541] ? kasan_save_track+0x14/0x30 [ 414.138688][T19541] ? xskq_create+0x52/0x1d0 [ 414.138711][T19541] ? xsk_setsockopt+0x74e/0x9a0 [ 414.138731][T19541] ? do_sock_setsockopt+0xf3/0x1d0 [ 414.138762][T19541] ? xskq_create+0xfb/0x1d0 [ 414.138787][T19541] __vmalloc_node_range_noprof+0xfbc/0x1480 [ 414.138821][T19541] ? xskq_create+0xfb/0x1d0 [ 414.138852][T19541] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 414.138885][T19541] ? xskq_create+0xfb/0x1d0 [ 414.138909][T19541] vmalloc_user_noprof+0x9e/0xe0 [ 414.138931][T19541] ? xskq_create+0xfb/0x1d0 [ 414.138955][T19541] xskq_create+0xfb/0x1d0 [ 414.138981][T19541] xsk_setsockopt+0x74e/0x9a0 [ 414.139007][T19541] ? __pfx_xsk_setsockopt+0x10/0x10 [ 414.139029][T19541] ? find_held_lock+0x2b/0x80 [ 414.139057][T19541] ? selinux_socket_setsockopt+0x6a/0x80 [ 414.139075][T19541] ? __pfx_xsk_setsockopt+0x10/0x10 [ 414.139099][T19541] do_sock_setsockopt+0xf3/0x1d0 [ 414.139130][T19541] __sys_setsockopt+0x1a0/0x230 [ 414.139158][T19541] __x64_sys_setsockopt+0xbd/0x160 [ 414.139179][T19541] ? do_syscall_64+0x91/0xfa0 [ 414.139195][T19541] ? lockdep_hardirqs_on+0x7c/0x110 [ 414.139212][T19541] do_syscall_64+0xcd/0xfa0 [ 414.139231][T19541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.139249][T19541] RIP: 0033:0x7fecb2b8f6c9 [ 414.139264][T19541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.139280][T19541] RSP: 002b:00007fecb3afe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 414.139297][T19541] RAX: ffffffffffffffda RBX: 00007fecb2de5fa0 RCX: 00007fecb2b8f6c9 [ 414.139308][T19541] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005 [ 414.139318][T19541] RBP: 00007fecb2c11f91 R08: 0000000000000004 R09: 0000000000000000 [ 414.139334][T19541] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.139345][T19541] R13: 00007fecb2de6038 R14: 00007fecb2de5fa0 R15: 00007fffcaf58678 [ 414.139373][T19541] [ 414.139380][T19541] Mem-Info: [ 414.392844][T19541] active_anon:77052 inactive_anon:0 isolated_anon:0 [ 414.392844][T19541] active_file:10764 inactive_file:51600 isolated_file:0 [ 414.392844][T19541] unevictable:768 dirty:606 writeback:0 [ 414.392844][T19541] slab_reclaimable:13259 slab_unreclaimable:105600 [ 414.392844][T19541] mapped:30616 shmem:64900 pagetables:1524 [ 414.392844][T19541] sec_pagetables:0 bounce:0 [ 414.392844][T19541] kernel_misc_reclaimable:0 [ 414.392844][T19541] free:1207298 free_pcp:17782 free_cma:0 [ 414.532954][ T30] audit: type=1326 audit(1780327664.024:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19558 comm="syz.5.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811ef8f6c9 code=0x7ffc0000 [ 414.565207][T19541] Node 0 active_anon:304780kB inactive_anon:0kB active_file:43004kB inactive_file:206144kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:122440kB dirty:2472kB writeback:0kB shmem:258060kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14788kB pagetables:5768kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 414.642712][T19566] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5684'. [ 414.646989][ T30] audit: type=1326 audit(1780327664.024:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19558 comm="syz.5.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f811ef8f6c9 code=0x7ffc0000 [ 414.682782][T19541] Node 1 active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:256kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:80kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 414.683042][ T30] audit: type=1326 audit(1780327664.024:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19558 comm="syz.5.5683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811ef8f6c9 code=0x7ffc0000 [ 414.735307][T19541] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 414.778001][T19541] lowmem_reserve[]: 0 2485 2487 2487 2487 [ 414.839083][T19541] Node 0 DMA32 free:931440kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:305080kB inactive_anon:0kB active_file:43004kB inactive_file:206144kB unevictable:1536kB writepending:2472kB zspages:0kB present:3129332kB managed:2544856kB mlocked:0kB bounce:0kB free_pcp:48084kB local_pcp:20700kB free_cma:0kB [ 414.928799][T19541] lowmem_reserve[]: 0 0 1 1 1 [ 414.944489][T19541] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 414.987604][T19541] lowmem_reserve[]: 0 0 0 0 0 [ 415.016027][T19541] Node 1 Normal free:3887968kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:256kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:21376kB local_pcp:7424kB free_cma:0kB [ 415.051128][T19541] lowmem_reserve[]: 0 0 0 0 0 [ 415.055853][T19541] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 415.071486][T19541] Node 0 DMA32: 1291*4kB (UME) 1396*8kB (UME) 1106*16kB (UME) 837*32kB (UME) 664*64kB (UME) 396*128kB (UME) 219*256kB (UM) 135*512kB (UM) 67*1024kB (UM) 15*2048kB (UE) 135*4096kB (UM) = 931468kB [ 415.091758][T19541] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 415.104754][T19541] Node 1 Normal: 184*4kB (UME) 46*8kB (UME) 37*16kB (UE) 170*32kB (UE) 60*64kB (UE) 17*128kB (UME) 4*256kB (UME) 4*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 944*4096kB (M) = 3887968kB [ 415.122091][T19597] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5701'. [ 415.123747][T19541] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 415.142028][T19541] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 415.168013][T19541] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 415.177998][T19541] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 415.187598][T19541] 127260 total pagecache pages [ 415.192441][T19541] 0 pages in swap cache [ 415.196881][T19541] Free swap = 124996kB [ 415.201081][T19541] Total swap = 124996kB [ 415.205283][T19541] 2097051 pages RAM [ 415.211427][T19541] 0 pages HighMem/MovableOnly [ 415.216174][T19541] 428747 pages reserved [ 415.220966][T19541] 0 pages cma reserved [ 415.897877][ T30] audit: type=1400 audit(1780327665.315:1537): avc: denied { write } for pid=19637 comm="syz.3.5721" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 416.092727][T19653] IPv6: NLM_F_CREATE should be specified when creating new route [ 417.841388][T19737] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5766'. [ 417.983711][T19748] netlink: 'syz.1.5772': attribute type 10 has an invalid length. [ 417.998214][T19748] netlink: 5 bytes leftover after parsing attributes in process `syz.1.5772'. [ 418.038492][T19748] veth1: entered allmulticast mode [ 418.288429][T19769] netlink: 'syz.3.5780': attribute type 32 has an invalid length. [ 418.888262][T19808] netlink: 92 bytes leftover after parsing attributes in process `syz.1.5798'. [ 419.067553][T19824] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5805'. [ 419.104037][T19824] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 419.129194][T19828] netlink: 17 bytes leftover after parsing attributes in process `syz.5.5806'. [ 419.297137][T19838] fuse: Bad value for 'fd' [ 419.301918][ T5925] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 419.813901][ T5925] usb 7-1: Using ep0 maxpacket: 32 [ 419.821170][ T5925] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 419.830036][ T5925] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 419.846507][ T5925] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 419.855482][ T5925] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 419.874269][ T5925] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 419.899379][ T5925] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 419.912558][ T5925] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 419.931276][ T5925] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.974659][ T5925] usb 7-1: config 0 descriptor?? [ 420.191390][T19883] xt_connbytes: Forcing CT accounting to be enabled [ 420.201281][ T5925] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 420.237989][ T5925] usb 7-1: USB disconnect, device number 7 [ 420.254993][ T5925] usblp0: removed [ 420.267890][ T30] audit: type=1400 audit(1780327669.412:1538): avc: denied { audit_read } for pid=19887 comm="syz.5.5832" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 420.431181][T19893] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 420.462812][T19893] qnx6: wrong signature (magic) in superblock #1. [ 420.480284][T19893] qnx6: unable to read the first superblock [ 420.875536][T19916] netlink: 'syz.3.5845': attribute type 29 has an invalid length. [ 420.900814][T19916] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5845'. [ 421.046423][T19922] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (aio_iiro_16) [ 421.877443][ T30] audit: type=1400 audit(1780327670.900:1539): avc: denied { nlmsg_read } for pid=19954 comm="syz.3.5862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 421.983117][T19968] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5861'. [ 422.019834][T19967] netlink: 'syz.6.5864': attribute type 21 has an invalid length. [ 422.463492][T19995] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5878'. [ 422.472702][T19997] Device name cannot be null; rc = [-22] [ 422.836807][ T5808] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 422.968581][T20038] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5898'. [ 423.030189][ T30] audit: type=1400 audit(1780327671.985:1540): avc: denied { connect } for pid=20041 comm="syz.1.5901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 423.960383][T20106] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5931'. [ 424.135793][T20119] netlink: 72 bytes leftover after parsing attributes in process `syz.1.5937'. [ 424.812718][ T30] audit: type=1326 audit(1780327673.650:1541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20158 comm="syz.6.5958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 424.931525][ T30] audit: type=1326 audit(1780327673.650:1542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20158 comm="syz.6.5958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 424.987990][ T30] audit: type=1326 audit(1780327673.659:1543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20158 comm="syz.6.5958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 425.048580][ T30] audit: type=1326 audit(1780327673.659:1544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20158 comm="syz.6.5958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 425.088655][ T30] audit: type=1326 audit(1780327673.659:1545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20158 comm="syz.6.5958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 425.137817][ T30] audit: type=1326 audit(1780327673.678:1546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20158 comm="syz.6.5958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 425.202935][ T30] audit: type=1326 audit(1780327673.678:1547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20158 comm="syz.6.5958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdef9b8f6c9 code=0x7ffc0000 [ 425.342013][T20184] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (aio_iiro_16) [ 426.326351][T20214] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5984'. [ 426.436548][T20222] netlink: 288 bytes leftover after parsing attributes in process `syz.5.5987'. [ 426.466370][T20224] overlayfs: unescaped trailing colons in lowerdir mount option. [ 426.942284][T20255] netlink: 580 bytes leftover after parsing attributes in process `syz.1.6003'. [ 427.000988][T20257] gretap0: left allmulticast mode [ 427.083380][T20257] 8021q: adding VLAN 0 to HW filter on device bond0 [ 427.120195][T20257] 8021q: adding VLAN 0 to HW filter on device team0 [ 427.145053][T20257] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 427.250029][T20267] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6008'. [ 427.331125][T20269] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (aio_iiro_16) [ 427.352515][T20269] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (aio_iiro_16) [ 427.905060][T20303] netlink: 6 bytes leftover after parsing attributes in process `syz.1.6026'. [ 428.887008][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 428.887023][ T30] audit: type=1400 audit(2000000000.869:1567): avc: denied { execute } for pid=20346 comm="syz.3.6045" path="/blkio.bfq.io_wait_time" dev="ramfs" ino=72930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 429.100350][ T30] audit: type=1326 audit(2000000001.066:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20354 comm="syz.5.6051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811ef8f6c9 code=0x7ffc0000 [ 429.213596][ T30] audit: type=1326 audit(2000000001.066:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20354 comm="syz.5.6051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811ef8f6c9 code=0x7ffc0000 [ 429.505110][ T30] audit: type=1326 audit(2000000001.113:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20354 comm="syz.5.6051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7f811ef8f6c9 code=0x7ffc0000 [ 429.605489][ T30] audit: type=1326 audit(2000000001.113:1571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20354 comm="syz.5.6051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811ef8f6c9 code=0x7ffc0000 [ 429.713449][ T30] audit: type=1326 audit(2000000001.113:1572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20354 comm="syz.5.6051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811ef8f6c9 code=0x7ffc0000 [ 429.784845][T20372] 8021q: adding VLAN 0 to HW filter on device bond0 [ 429.868880][T20372] 8021q: adding VLAN 0 to HW filter on device team0 [ 429.908457][T20372] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 430.359052][T20412] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6077'. [ 430.632205][T20423] gretap0: left allmulticast mode [ 430.650195][ T30] audit: type=1400 audit(2000000002.516:1573): avc: denied { sys_nice } for pid=20424 comm="syz.4.6082" capability=23 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 430.694824][T20423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 430.733790][T20423] 8021q: adding VLAN 0 to HW filter on device team0 [ 430.781226][T20423] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 430.789325][T20431] netlink: 132 bytes leftover after parsing attributes in process `syz.1.6085'. [ 431.300613][T20452] netlink: 72 bytes leftover after parsing attributes in process `syz.4.6096'. [ 431.747306][T20472] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (aio_iiro_16) [ 431.771334][ C0] Oops: divide error: 0000 [#1] SMP KASAN NOPTI [ 431.771456][T20472] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (aio_iiro_16) [ 431.777568][ C0] CPU: 0 UID: 0 PID: 20468 Comm: syz.5.6103 Not tainted syzkaller #0 PREEMPT(full) [ 431.795545][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 431.805592][ C0] RIP: 0010:comedi_inc_scan_progress+0x1cc/0x340 [ 431.811924][ C0] Code: 00 00 00 03 43 2c 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 14 11 84 d2 74 09 80 fa 03 0f 8e 53 01 00 00 31 d2 b3 80 00 00 00 89 53 2c e8 46 33 fa f8 48 8d 7b 34 48 b8 00 00 [ 431.831525][ C0] RSP: 0018:ffffc90000007d90 EFLAGS: 00010046 [ 431.837594][ C0] RAX: 0000000000000001 RBX: ffff8880320a0600 RCX: 1ffff110064140d0 [ 431.845565][ C0] RDX: 0000000000000000 RSI: ffffffff88c2b418 RDI: ffff8880320a0680 [ 431.853512][ C0] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 431.861454][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000004 [ 431.869397][ C0] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000010000000 [ 431.877341][ C0] FS: 0000000000000000(0000) GS:ffff888124a05000(0000) knlGS:0000000000000000 [ 431.886247][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 431.892803][ C0] CR2: 000055556f177808 CR3: 00000000a7c03000 CR4: 00000000003526f0 [ 431.900757][ C0] DR0: 0000000000000008 DR1: 0000000000000002 DR2: 0000000000000081 [ 431.908710][ C0] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 431.916660][ C0] Call Trace: [ 431.919920][ C0] [ 431.922742][ C0] comedi_buf_write_samples+0x406/0x640 [ 431.928265][ C0] aio_iiro_16_cos+0x132/0x160 [ 431.933004][ C0] ? __pfx_aio_iiro_16_cos+0x10/0x10 [ 431.938269][ C0] ? __pfx_aio_iiro_16_cos+0x10/0x10 [ 431.943529][ C0] __handle_irq_event_percpu+0x236/0x920 [ 431.949136][ C0] handle_irq_event+0xab/0x1e0 [ 431.953889][ C0] handle_edge_irq+0x3ca/0x9e0 [ 431.958624][ C0] __common_interrupt+0xd0/0x2f0 [ 431.963539][ C0] common_interrupt+0xba/0xe0 [ 431.968189][ C0] [ 431.971091][ C0] [ 431.973997][ C0] asm_common_interrupt+0x26/0x40 [ 431.979007][ C0] RIP: 0010:lock_acquire+0x62/0x350 [ 431.984180][ C0] Code: e6 08 12 83 f8 07 0f 87 bc 02 00 00 89 c0 48 0f a3 05 22 4b e9 0e 0f 82 74 02 00 00 8b 35 9a 7b e9 0e 85 f6 0f 85 8d 00 00 00 <48> 8b 44 24 30 65 48 2b 05 39 e6 08 12 0f 85 c7 02 00 00 48 83 c4 [ 432.003774][ C0] RSP: 0018:ffffc9000d40f710 EFLAGS: 00000206 [ 432.009818][ C0] RAX: 0000000000000046 RBX: ffffffff8e3c4760 RCX: 00000000f29d7888 [ 432.017760][ C0] RDX: 0000000000000000 RSI: ffffffff8da065fa RDI: ffffffff8bf073c0 [ 432.025702][ C0] RBP: 0000000000000002 R08: 8cc7a83358655b46 R09: 0000000000000000 [ 432.033642][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 432.041593][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 432.049544][ C0] page_table_check_clear+0x190/0x740 [ 432.054909][ C0] ? page_table_check_clear+0x17b/0x740 [ 432.060429][ C0] __page_table_check_pte_clear+0xf1/0x100 [ 432.066209][ C0] ? __pfx___page_table_check_pte_clear+0x10/0x10 [ 432.072595][ C0] ? __tlb_remove_folio_pages_size.constprop.0+0x162/0x560 [ 432.079772][ C0] unmap_page_range+0x24d9/0x41b0 [ 432.084787][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 432.090132][ C0] ? mas_next_slot+0x12d3/0x1cb0 [ 432.095043][ C0] ? uprobe_munmap+0x93/0x600 [ 432.099705][ C0] unmap_single_vma.constprop.0+0x153/0x240 [ 432.105571][ C0] unmap_vmas+0x218/0x470 [ 432.109875][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 432.114700][ C0] exit_mmap+0x1b2/0xb90 [ 432.118927][ C0] ? trace_contention_end+0xdd/0x130 [ 432.124194][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 432.128940][ C0] ? arch_uprobe_clear_state+0x16/0x150 [ 432.134474][ C0] __mmput+0x12a/0x410 [ 432.138538][ C0] mmput+0x62/0x70 [ 432.142246][ C0] do_exit+0x7c7/0x2bf0 [ 432.146381][ C0] ? common_nsleep+0xa1/0xd0 [ 432.150952][ C0] ? __pfx_do_exit+0x10/0x10 [ 432.155538][ C0] ? xfd_validate_state+0x61/0x180 [ 432.160646][ C0] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 432.166795][ C0] __x64_sys_exit+0x42/0x50 [ 432.171295][ C0] x64_sys_call+0x1506/0x1730 [ 432.175968][ C0] do_syscall_64+0xcd/0xfa0 [ 432.180463][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.186338][ C0] RIP: 0033:0x7f811ef8f6c9 [ 432.190728][ C0] Code: Unable to access opcode bytes at 0x7f811ef8f69f. [ 432.197719][ C0] RSP: 002b:00007f811fe10fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c [ 432.206111][ C0] RAX: ffffffffffffffda RBX: 00007f811f1e5fa0 RCX: 00007f811ef8f6c9 [ 432.214062][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 432.222008][ C0] RBP: 00007f811f011f91 R08: 0000000000000000 R09: 0000000000000000 [ 432.229963][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.237908][ C0] R13: 00007f811f1e6038 R14: 00007f811f1e5fa0 R15: 00007ffc8d27dad8 [ 432.245863][ C0] [ 432.248856][ C0] Modules linked in: [ 432.252727][ C0] ---[ end trace 0000000000000000 ]--- [ 432.258153][ C0] RIP: 0010:comedi_inc_scan_progress+0x1cc/0x340 [ 432.264462][ C0] Code: 00 00 00 03 43 2c 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 14 11 84 d2 74 09 80 fa 03 0f 8e 53 01 00 00 31 d2 b3 80 00 00 00 89 53 2c e8 46 33 fa f8 48 8d 7b 34 48 b8 00 00 [ 432.284043][ C0] RSP: 0018:ffffc90000007d90 EFLAGS: 00010046 [ 432.290087][ C0] RAX: 0000000000000001 RBX: ffff8880320a0600 RCX: 1ffff110064140d0 [ 432.298036][ C0] RDX: 0000000000000000 RSI: ffffffff88c2b418 RDI: ffff8880320a0680 [ 432.305988][ C0] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 432.313938][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000004 [ 432.321888][ C0] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000010000000 [ 432.329837][ C0] FS: 0000000000000000(0000) GS:ffff888124a05000(0000) knlGS:0000000000000000 [ 432.338742][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 432.345301][ C0] CR2: 000055556f177808 CR3: 00000000a7c03000 CR4: 00000000003526f0 [ 432.353249][ C0] DR0: 0000000000000008 DR1: 0000000000000002 DR2: 0000000000000081 [ 432.361207][ C0] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 432.369154][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 432.376569][ C0] Kernel Offset: disabled [ 432.380862][ C0] Rebooting in 86400 seconds..