last executing test programs: 15.683046933s ago: executing program 1 (id=191): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000000)='%pK \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000540)={r1, r0}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000d000000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000200000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000340)="c1dfb080cd21d308098e00000000", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 15.645200928s ago: executing program 1 (id=192): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f000000d040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x30, r0, 0x8de13c6b70ae92c3, 0x41003, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x14, 0x11d, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x12}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x0) 15.601307192s ago: executing program 1 (id=195): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x35, 0x4, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20) recvmsg$unix(r1, &(0x7f0000001900)={0x0, 0x0, &(0x7f0000001880)=[{&(0x7f0000001480)=""/79, 0x4f}], 0x1}, 0x40000000) 15.518807805s ago: executing program 1 (id=197): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x400000f5, 0x0, 0x100000120}]}) 15.433628697s ago: executing program 1 (id=202): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x201, 0x4000003e, r0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8}) 15.359623923s ago: executing program 1 (id=205): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000040)=ANY=[@ANYBLOB="f60000000000000002160bd7020b01cbb595dc75eaf7f260803592a0836476eba86bf3a01f68311a66e0b89000000000000000020ebb015e39d177ccde01318a1713395e8c921235a4a7bd85698135cb8930f64ca8a797463cef4b2eec27ca621a7bd618ae4979efdd59c9ee6e496babb6175cf94414c2a31eb38a861d37c133f69f6675e8d1e3446f5237"], 0x8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) 3.036173886s ago: executing program 0 (id=420): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x40) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x0) sendmsg$key(r0, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)={0x2, 0x9, 0x0, 0x9, 0x2, 0x0, 0x70bd2b, 0x25dfdbfe}, 0x10}}, 0x0) 3.034427239s ago: executing program 0 (id=422): r0 = syz_open_dev$evdev(&(0x7f0000002000), 0x0, 0x20441) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0xf28, &(0x7f0000000640)=ANY=[@ANYBLOB="120101025925ce10"], 0x0) ioctl$EVIOCRMFF(r0, 0x5501, 0x0) 1.828802428s ago: executing program 0 (id=425): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000200), 0x20a00, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x11) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff0000000000010902"], 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000540)=0x7) 1.593398188s ago: executing program 3 (id=427): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000440)=[{0x6}]}, 0x10) sendmmsg$inet6(r0, &(0x7f0000000840)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x4, @private2, 0xffff2d72}, 0x1c, &(0x7f0000000640)=[{&(0x7f0000000100)="0e", 0x1}], 0x1}}], 0x1, 0x44) listen(r0, 0x100101) accept(r0, 0x0, 0x0) 1.50868792s ago: executing program 3 (id=428): writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {&(0x7f0000001480)}], 0x3) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000000800000000000000000000000000000002"]) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_timeval(r0, 0x1, 0x2, 0x0, 0x48) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000005c0)=0x98) 1.508284751s ago: executing program 3 (id=429): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {}, 0xfd}, 0x18) connect$can_j1939(r0, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x2}, 0xfe}, 0x18) sendmsg$netlink(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000003180)={0x6fc, 0x36, 0x800, 0x70bd2c, 0x25dfdbfb, "", [@nested={0x6e9, 0x43, 0x0, 0x1, [@typed={0xc, 0xf7, 0x0, 0x0, @u64=0x7}, @typed={0x8, 0xab, 0x0, 0x0, @ipv4=@remote}, @generic="20a99aecc629ba3bde552cf94819dd412937a378f1768f3d067058d307b88e574022aafc47b7151e816bea06d9c16b416b96cf6243988e71a2cd5bafc291e1f5e688c7c2074338242a60a74d84dcaa0846f83a77154e6355af20fdc084ad7cf9144fd9998c28c0c30a42ba65291b58c497c25ec9fbe5f398f90d1a724e28a3739bb1a1943c2a95e2b2bb573cb78f44f9e24cad6e990438890be624c5a6a122f905517c2fd206ee33ede542571b59ed90544037aa40f08c09c1d0beddf93dbc7da78660237813719387dbeeb81f09c94797a4831870a6dcb3754dc17c8626211e300cab6bbd19509757ffa135c76844680bb5969815c902369a", @nested={0x4, 0x13a}, @nested={0x5d4, 0xf, 0x0, 0x1, [@nested={0x5c4, 0x128, 0x0, 0x1, [@nested={0x5bd, 0xbd, 0x0, 0x1, [@nested={0x144, 0x95, 0x0, 0x1, [@typed={0x13, 0x2a, 0x0, 0x0, @str='/dev/dri/card#\x00'}, @nested={0x121, 0x5d, 0x0, 0x1, [@nested={0x4, 0x1d}, @generic="b9399be61462b66e9a23830d940a1ecf5ac8afea4d2f66d9aaae", @nested={0x4, 0x2c}, @nested={0x4, 0x88}, @generic="f1175802ee5941bfd69cbcbc2cb4a03f85af8bd4965fdd364829e90de815047acca8bed405b467530febc2458c796ae23f7d670f391a51214af59deb574410403327da00cc18a7eaea7cb62df082de8be3a52f6dae0c3308c3628f7a4535720c3144b0c424bea4fcc9457340aa424b5f6e2bfe96daf528723e12d89b695558d273f72f27b37f12cc12f517d58f085da758cb71ad6548fec98c68270845b94b66012e919538fddb47db308e8639dab4f897439206b0d80a5993015f96213c66923e279dee1fd4dc1955fd6f3e4ee016cbf57a4e8e77b35be3a278662345007e6517d1eb32c6b3b6404d34cfe4995dc26112332e0f902dab"]}, @typed={0x8, 0xdc, 0x0, 0x0, @u32=0xea6}]}, @typed={0x8, 0x34, 0x0, 0x0, @u32=0xf8}, @generic="49a1cf88572458e8304df480c0090d587bc091376889e6e076b310b7414b8cb68310a3e80a91dba38e32e1", @generic="8744c9e66e7091881251bad5868a3192de6f19a3df296672d38e3c054cf118dff4b483203ce1ffd3e3a810ed0382f3fb90213a380397c09208d9e6073e1511f68c2c380fb6a284f72336faba3701df7eb28d2da5dd271f5ea7982e744779e06d5647690beb8def29accf3e38daa482422427dab37737211fe8541dee0b0abc5906b78b2884e41f2e95582a6eaaa498cd4b465fea3325d813431b92231861cd1d603fc83ca53cb3ec27457f8ea07e7eb242dc8c49fb6f2f759637e68bfe4de0d05514f8bb6318dd8ccf1380ac027753cc4f9b84dce5f24f789e1fb8d66b450f5ae5c3198fa3d0c963698d03e95b1bca0d9ce0fb7559a9416550528efd65ec3fadf26fdaec9724dbadf6f7eee28918247ae94ef88027bba5616cabaf7d3799be5fa16f9cc5b9e95ef3e55e6d131ca14f36ec434e944715c63ec15e2ea5c09fe0c831d63287641c0f1311177883295a79d2b2de8f8ad1e3ec26c7ac8d1e131f312c72334d36b235a2dfefde01b85b27ef937d0d89b598a111ffcd94d9cf147e32b5231b6a9bd74d83cf514f53ae5075c251313937e58292fa6d134b155fa46a82204588cf771ecf87e4c84e80cc861ea7dc6b1a090c3630fd2ce54fe0f0e908a3d9744e68daef642a9311a7b70da128e6ea4f498f19780133f081cbb2f3001ffe756d96d2e06f85f5c0c876d8ab788a0e742df9f61831b75ca68d9f5b0e70df36f21ad20f57afb86ae9437eaa8312c494ee5daf086561fceba97557936407c4d28801e9ec0fa011d38c3f8d1e5d49fe78d1a127b9da8ebdbdcab967274ab68c4e0f5c8583a1d73d27caeca7f8266a1e02d7efc28ab5eaabefc101763b79d7b81100177cc5fdfa626cfe77818114a844b1109b8cd62d5f19a7756e2ce34eaa7307e448002dc5969875f4a8dd82dd51077ac3d75e546d3397e08ca8375691c3626c4e7e6949ee8707891ea30d064c6083e835ae722eac9e3d2d2e7cf6c2c845668bfe24d526f49a2559aafb2388ba956b4bc7004e01e011108313e72e95c2185d81eda2da7114fd9830c948ab395c9898ec49bbcc800605479839dc5b9af10c46a76fb4f6359b55e4a384ec0d2dfc8dee9278cea61c0ac6de2e01212909a8d1f395e903556a6b7e3e89babdf60395dc5b91222486c6d101f08a71abf8638aa258595e94bbb75dab57202758bd5182668099eaf057fbdc4a19a2781c7ba55d13aaccf547c9af22d9c659e6b8ef59c491fc33fa4e10fdecb99fc3d8a926ffb9ad66a4537f37519017be0c8cd3db3fffeff9aaf328969575db5cd63652d783427c32cfab990ae5b88a42aaf1a321bb7fec3c351f2d0df31bd2732d50ca312c196b92af5b69fca9e0e2401d1d0d7daf1def35f9080bad8abe96ab25263fd5f29c39c7216ee36be9d82e95e0d5633adce638daafb227d9c0f3a6f70544145d0bddc61bb931d28b439fd58c2b61885c28200fb4221389bd026bcb531189d4ccfe160530c706c737800b6ff1713fa8d837abd0b7dee433936ee36db22f0b856fe903b4dad0feb8f7"]}]}, @typed={0x4, 0x33, 0x0, 0x0, @binary}, @typed={0x8, 0x105, 0x0, 0x0, @pid}]}]}]}, 0x6fc}], 0x1, 0x0, 0x0, 0x40}, 0x40000) 625.804564ms ago: executing program 2 (id=430): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) r1 = syz_open_pts(r0, 0x2000) close(0x3) close_range(r0, r1, 0x0) 592.602559ms ago: executing program 2 (id=431): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(streebog512-generic,ecb-twofish-avx)\x00'}, 0x58) r1 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e00000001300100000000000000000007374726565626f673531322d67656e65726963"], 0xe0}}, 0x0) sendmsg$nl_crypto(r1, &(0x7f00000001c0)={0x0, 0x2, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0) 534.191157ms ago: executing program 0 (id=432): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000240)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000000)="b9ff03076804268c989e14f088a8", 0x0, 0x40500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 530.488526ms ago: executing program 2 (id=433): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="15000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xc}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 470.284482ms ago: executing program 2 (id=434): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000780)={0x1, r1}) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f00000001c0)={0x1}) 194.586032ms ago: executing program 32 (id=205): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000040)=ANY=[@ANYBLOB="f60000000000000002160bd7020b01cbb595dc75eaf7f260803592a0836476eba86bf3a01f68311a66e0b89000000000000000020ebb015e39d177ccde01318a1713395e8c921235a4a7bd85698135cb8930f64ca8a797463cef4b2eec27ca621a7bd618ae4979efdd59c9ee6e496babb6175cf94414c2a31eb38a861d37c133f69f6675e8d1e3446f5237"], 0x8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) 149.40428ms ago: executing program 3 (id=436): r0 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', r1, 0x4, 0x0, 0x0, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x18}, @dev={0xfe, 0x80, '\x00', 0x30}, 0x80, 0x0, 0x1, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', r2, 0x0, 0x0, 0x0, 0x4, 0x8, @empty, @empty, 0x0, 0x1, 0xfffffffe, 0x1}}) 95.752444ms ago: executing program 3 (id=437): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50) pwrite64(r0, &(0x7f0000000000)='2', 0x1, 0x7) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 88.718245ms ago: executing program 2 (id=438): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0) readv(r1, &(0x7f0000002940)=[{&(0x7f0000000000)=""/93, 0x5d}, {0x0, 0x3c}], 0x2) 28.673023ms ago: executing program 0 (id=439): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r0, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x11}, 0x60) listen(r0, 0xf5f) r1 = socket(0x10, 0x2, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1.387724ms ago: executing program 2 (id=440): syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000013906c08e90f01db9be9010203010902120001000000000904"], 0x0) r0 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x80000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$I2C_SMBUS(r0, 0x720, &(0x7f00000002c0)={0x1, 0x7, 0x1, &(0x7f0000000180)={0x5, "1d27f0db2e1f25eff995475188afe0ebe9baab9716a5e88a718dca33021b22b650"}}) 250.608µs ago: executing program 3 (id=441): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x68, r2, 0x11, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @key_params=[@NL80211_ATTR_KEY_IDX={0x5}], @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x3}, @key_params=[@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "bac904fc3c65f1a259e8f0dea5"}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}]]}, 0x68}}, 0x0) 0s ago: executing program 0 (id=442): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000500)={0x50, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_FLAGS={0x4}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x6, 0xbe, '|q'}, @NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) kernel console output (not intermixed with test programs): [ 43.988576][ T40] audit: type=1400 audit(1777924542.390:116): avc: denied { write } for pid=5639 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 44.035011][ T40] audit: type=1400 audit(1777924542.440:117): avc: denied { write } for pid=5644 comm="rm" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 44.374603][ T40] audit: type=1400 audit(1777924542.780:118): avc: denied { write } for pid=5649 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 44.422693][ T40] audit: type=1400 audit(1777924542.830:119): avc: denied { write } for pid=5652 comm="rm" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 44.508634][ T40] audit: type=1400 audit(1777924542.910:120): avc: denied { write } for pid=5655 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 Warning: Permanently added '[localhost]:27902' (ED25519) to the list of known hosts. [ 47.957696][ T5714] cgroup: Unknown subsys name 'net' [ 48.121356][ T5714] cgroup: Unknown subsys name 'cpuset' [ 48.126764][ T5714] cgroup: Unknown subsys name 'rlimit' [ 48.362721][ T5722] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 49.161878][ T5714] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.475946][ T40] kauditd_printk_skb: 37 callbacks suppressed [ 52.475959][ T40] audit: type=1400 audit(1777924550.880:158): avc: denied { execmem } for pid=5728 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 52.599075][ T40] audit: type=1400 audit(1777924551.010:159): avc: denied { create } for pid=5732 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.605647][ T40] audit: type=1400 audit(1777924551.010:160): avc: denied { read write } for pid=5732 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.613659][ T40] audit: type=1400 audit(1777924551.010:161): avc: denied { open } for pid=5732 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.621535][ T40] audit: type=1400 audit(1777924551.020:162): avc: denied { ioctl } for pid=5734 comm="syz-executor" path="socket:[5978]" dev="sockfs" ino=5978 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.642619][ T62] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.643229][ T5744] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.645991][ T5745] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.649230][ T5744] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.651215][ T5745] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.652032][ T5749] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.653004][ T5744] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.653397][ T5749] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.654636][ T5749] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.654881][ T5749] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.657037][ T5745] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.657557][ T5749] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.657859][ T5749] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.658528][ T5744] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.660487][ T5744] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.660866][ T5744] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.661360][ T5745] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.665039][ T5750] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.666002][ T40] audit: type=1400 audit(1777924551.070:163): avc: denied { read } for pid=5734 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.666530][ T40] audit: type=1400 audit(1777924551.070:164): avc: denied { open } for pid=5734 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.669128][ T5750] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.671989][ T40] audit: type=1400 audit(1777924551.080:165): avc: denied { mounton } for pid=5734 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 52.674746][ T5750] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.677183][ T40] audit: type=1400 audit(1777924551.080:166): avc: denied { module_request } for pid=5734 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 52.741589][ T40] audit: type=1400 audit(1777924551.090:167): avc: denied { sys_module } for pid=5734 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 53.191750][ T5734] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.194375][ T5734] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.196992][ T5734] bridge_slave_0: entered allmulticast mode [ 53.201070][ T5734] bridge_slave_0: entered promiscuous mode [ 53.229229][ T5734] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.232233][ T5734] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.235225][ T5734] bridge_slave_1: entered allmulticast mode [ 53.239537][ T5734] bridge_slave_1: entered promiscuous mode [ 53.297532][ T5734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.306349][ T5734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.352476][ T5734] team0: Port device team_slave_0 added [ 53.380554][ T5734] team0: Port device team_slave_1 added [ 53.382672][ T5747] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.385157][ T5747] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.387469][ T5747] bridge_slave_0: entered allmulticast mode [ 53.390209][ T5747] bridge_slave_0: entered promiscuous mode [ 53.421476][ T5747] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.424507][ T5747] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.426965][ T5747] bridge_slave_1: entered allmulticast mode [ 53.430314][ T5747] bridge_slave_1: entered promiscuous mode [ 53.496694][ T5732] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.499386][ T5732] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.501788][ T5732] bridge_slave_0: entered allmulticast mode [ 53.505496][ T5732] bridge_slave_0: entered promiscuous mode [ 53.509200][ T5734] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.511518][ T5734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.520069][ T5734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.525680][ T5747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.529537][ T5734] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.531966][ T5734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.542182][ T5734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.548109][ T5733] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.551310][ T5733] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.554439][ T5733] bridge_slave_0: entered allmulticast mode [ 53.558401][ T5733] bridge_slave_0: entered promiscuous mode [ 53.563940][ T5732] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.567522][ T5732] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.571838][ T5732] bridge_slave_1: entered allmulticast mode [ 53.574561][ T5732] bridge_slave_1: entered promiscuous mode [ 53.587459][ T5747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.594980][ T5733] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.597664][ T5733] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.600777][ T5733] bridge_slave_1: entered allmulticast mode [ 53.603448][ T5733] bridge_slave_1: entered promiscuous mode [ 53.631110][ T5747] team0: Port device team_slave_0 added [ 53.635106][ T5747] team0: Port device team_slave_1 added [ 53.645767][ T5732] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.651033][ T5732] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.672872][ T5733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.694588][ T5747] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.696804][ T5747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.705319][ T5747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.711249][ T5733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.726964][ T5732] team0: Port device team_slave_0 added [ 53.730232][ T5747] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.732579][ T5747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.741098][ T5747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.760881][ T5734] hsr_slave_0: entered promiscuous mode [ 53.763638][ T5734] hsr_slave_1: entered promiscuous mode [ 53.767362][ T5732] team0: Port device team_slave_1 added [ 53.783923][ T5733] team0: Port device team_slave_0 added [ 53.787164][ T5733] team0: Port device team_slave_1 added [ 53.829621][ T5732] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.832450][ T5732] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.843541][ T5732] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.854156][ T5733] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.857048][ T5733] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.865991][ T5733] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.873267][ T5747] hsr_slave_0: entered promiscuous mode [ 53.876307][ T5747] hsr_slave_1: entered promiscuous mode [ 53.878595][ T5747] debugfs: 'hsr0' already exists in 'hsr' [ 53.880591][ T5747] Cannot create hsr debugfs directory [ 53.883293][ T5732] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.886131][ T5732] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.896105][ T5732] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.912659][ T5733] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.915466][ T5733] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.923742][ T5733] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.983502][ T5733] hsr_slave_0: entered promiscuous mode [ 53.985832][ T5733] hsr_slave_1: entered promiscuous mode [ 53.988571][ T5733] debugfs: 'hsr0' already exists in 'hsr' [ 53.991765][ T5733] Cannot create hsr debugfs directory [ 54.028008][ T5732] hsr_slave_0: entered promiscuous mode [ 54.030709][ T5732] hsr_slave_1: entered promiscuous mode [ 54.033383][ T5732] debugfs: 'hsr0' already exists in 'hsr' [ 54.035294][ T5732] Cannot create hsr debugfs directory [ 54.341885][ T5734] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.350623][ T5734] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 54.356228][ T5734] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.361230][ T5734] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 54.363909][ T5734] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.368189][ T5734] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 54.371431][ T5734] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.375240][ T5734] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 54.427913][ T5732] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.433495][ T5732] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 54.437383][ T5732] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.443943][ T5732] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 54.447685][ T5732] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.455167][ T5732] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 54.462834][ T5732] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.468310][ T5732] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 54.532892][ T5733] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.540460][ T5733] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 54.543365][ T5733] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.549519][ T5733] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 54.557591][ T5733] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.563574][ T5733] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 54.567622][ T5733] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.574367][ T5733] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 54.640329][ T5734] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.662175][ T5747] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.666527][ T5747] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 54.670820][ T5747] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.675047][ T5747] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 54.677981][ T5747] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.681924][ T5747] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 54.684910][ T5747] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.688921][ T5747] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 54.709072][ T5734] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.709442][ T5750] Bluetooth: hci2: command tx timeout [ 54.712551][ T62] Bluetooth: hci3: command tx timeout [ 54.719331][ T62] Bluetooth: hci1: command tx timeout [ 54.720552][ T5750] Bluetooth: hci0: command tx timeout [ 54.737945][ T1199] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.740675][ T1199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.746745][ T5732] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.762689][ T160] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.765681][ T160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.773732][ T5732] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.783392][ T5733] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.793932][ T1199] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.796387][ T1199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.814981][ T1199] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.817519][ T1199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.825226][ T5733] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.838568][ T106] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.841787][ T106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.854025][ T160] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.856642][ T160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.944738][ T5747] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.964835][ T5747] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.976682][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.979929][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.995947][ T1199] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.999131][ T1199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.194081][ T5734] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.233629][ T5733] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.244651][ T5732] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.249631][ T5734] veth0_vlan: entered promiscuous mode [ 55.269911][ T5734] veth1_vlan: entered promiscuous mode [ 55.286192][ T5747] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.300277][ T5733] veth0_vlan: entered promiscuous mode [ 55.316489][ T5733] veth1_vlan: entered promiscuous mode [ 55.334859][ T5732] veth0_vlan: entered promiscuous mode [ 55.347624][ T5734] veth0_macvtap: entered promiscuous mode [ 55.360571][ T5747] veth0_vlan: entered promiscuous mode [ 55.363438][ T5734] veth1_macvtap: entered promiscuous mode [ 55.369600][ T5732] veth1_vlan: entered promiscuous mode [ 55.385343][ T5747] veth1_vlan: entered promiscuous mode [ 55.387986][ T5733] veth0_macvtap: entered promiscuous mode [ 55.394005][ T5734] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.398594][ T5733] veth1_macvtap: entered promiscuous mode [ 55.412071][ T5734] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.442943][ T160] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.447570][ T160] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.454203][ T5733] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.457334][ T160] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.461319][ T160] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.466548][ T5732] veth0_macvtap: entered promiscuous mode [ 55.471029][ T5732] veth1_macvtap: entered promiscuous mode [ 55.475210][ T5733] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.481701][ T5747] veth0_macvtap: entered promiscuous mode [ 55.496785][ T5747] veth1_macvtap: entered promiscuous mode [ 55.504079][ T1199] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.512914][ T5732] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.516027][ T1199] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.520294][ T1199] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.536029][ T1199] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.555323][ T5732] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.571669][ T5747] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.578129][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.578959][ T160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.585253][ T160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.591332][ T5747] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.597693][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.601862][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.617457][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.639001][ T1199] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.643875][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.647056][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.659893][ T1199] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.663474][ T1199] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.681478][ T1199] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.693321][ T1199] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.698731][ T1199] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.734743][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.738728][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.752249][ T5734] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.769951][ T160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.773244][ T160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.823325][ T106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.827608][ T106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.835463][ T106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.843925][ T106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.880249][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.892279][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.133632][ T5899] Bluetooth: MGMT ver 1.23 [ 56.179716][ T853] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 56.193014][ T5905] SELinux: security_context_str_to_sid () failed with errno=-22 [ 56.210654][ T5907] warning: `syz.2.13' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 56.339028][ T853] usb 5-1: Using ep0 maxpacket: 8 [ 56.343822][ T853] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 56.347100][ T853] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 56.352284][ T853] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 56.356162][ T853] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 56.360192][ T853] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 56.364912][ T853] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 56.368044][ T853] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.536742][ T5934] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25'. [ 56.593551][ T853] usb 5-1: GET_CAPABILITIES returned 0 [ 56.596384][ T853] usbtmc 5-1:16.0: can't read capabilities [ 56.600847][ T5938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27'. [ 56.605511][ T5938] netlink: 200 bytes leftover after parsing attributes in process `syz.1.27'. [ 56.686199][ T5942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.29'. [ 56.691728][ T5942] syz_tun: entered promiscuous mode [ 56.697454][ T5942] syz_tun: refused to change device tx_queue_len [ 56.742319][ T5944] netlink: 36 bytes leftover after parsing attributes in process `syz.1.30'. [ 56.789124][ T5750] Bluetooth: hci1: command tx timeout [ 56.789435][ T62] Bluetooth: hci0: command tx timeout [ 56.789903][ T5093] Bluetooth: hci3: command tx timeout [ 56.789930][ T5093] Bluetooth: hci2: command tx timeout [ 56.808429][ T853] usb 5-1: USB disconnect, device number 2 [ 56.924148][ T5952] netlink: 4 bytes leftover after parsing attributes in process `syz.3.34'. [ 56.996422][ T5956] netlink: 'syz.3.36': attribute type 3 has an invalid length. [ 57.241123][ T5969] ======================================================= [ 57.241123][ T5969] WARNING: The mand mount option has been deprecated and [ 57.241123][ T5969] and is ignored by this kernel. Remove the mand [ 57.241123][ T5969] option from the mount to silence this warning. [ 57.241123][ T5969] ======================================================= [ 57.347648][ T853] IPVS: starting estimator thread 0... [ 57.440849][ T5976] IPVS: using max 30 ests per chain, 72000 per kthread [ 57.468698][ T62] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 57.473812][ T62] CPU: 2 UID: 0 PID: 62 Comm: kworker/u33:0 Not tainted syzkaller #0 PREEMPT(full) [ 57.473852][ T62] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 57.473865][ T62] Workqueue: hci0 hci_rx_work [ 57.473892][ T62] Call Trace: [ 57.473899][ T62] [ 57.473907][ T62] dump_stack_lvl+0x100/0x190 [ 57.473933][ T62] sysfs_warn_dup.cold+0x1c/0x28 [ 57.473960][ T62] sysfs_create_dir_ns+0x24b/0x2b0 [ 57.473984][ T62] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 57.474007][ T62] ? find_held_lock+0x2b/0x80 [ 57.474025][ T62] ? kobject_add_internal+0x25f/0x930 [ 57.474051][ T62] ? kobject_add_internal+0x25f/0x930 [ 57.474079][ T62] ? do_raw_spin_unlock+0x145/0x1e0 [ 57.474109][ T62] kobject_add_internal+0x2c8/0x930 [ 57.474139][ T62] kobject_add+0x16a/0x1e0 [ 57.474165][ T62] ? __pfx_kobject_add+0x10/0x10 [ 57.474189][ T62] ? class_to_subsys+0x10f/0x150 [ 57.474215][ T62] ? kobject_put+0xb9/0x640 [ 57.474237][ T62] ? _raw_spin_unlock+0x28/0x50 [ 57.474262][ T62] device_add+0x294/0x1950 [ 57.474282][ T62] ? __pfx_dev_set_name+0x10/0x10 [ 57.474307][ T62] ? __pfx_device_add+0x10/0x10 [ 57.474328][ T62] ? mgmt_send_event_skb+0x2fb/0x460 [ 57.474356][ T62] hci_conn_add_sysfs+0x1a3/0x260 [ 57.474381][ T62] le_conn_complete_evt+0x11eb/0x1f60 [ 57.474408][ T62] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 57.474436][ T62] hci_le_enh_conn_complete_evt+0x23d/0x3b0 [ 57.474458][ T62] ? skb_pull_data+0x15f/0x1e0 [ 57.474484][ T62] hci_le_meta_evt+0x34a/0x5f0 [ 57.474506][ T62] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 57.474531][ T62] hci_event_packet+0x51c/0xcd0 [ 57.474552][ T62] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 57.474574][ T62] ? __pfx_hci_event_packet+0x10/0x10 [ 57.474596][ T62] ? kcov_remote_start+0x374/0x660 [ 57.474628][ T62] ? lockdep_hardirqs_on+0x78/0x100 [ 57.474657][ T62] hci_rx_work+0x451/0xfc0 [ 57.474683][ T62] process_one_work+0xa0e/0x1980 [ 57.474719][ T62] ? __pfx_process_one_work+0x10/0x10 [ 57.474752][ T62] ? __pfx_hci_rx_work+0x10/0x10 [ 57.474774][ T62] worker_thread+0x5ef/0xe50 [ 57.474809][ T62] ? kthread+0x13a/0x450 [ 57.474829][ T62] ? __pfx_worker_thread+0x10/0x10 [ 57.474850][ T62] kthread+0x370/0x450 [ 57.474870][ T62] ? __pfx_kthread+0x10/0x10 [ 57.474893][ T62] ret_from_fork+0x72b/0xd50 [ 57.474918][ T62] ? __pfx_ret_from_fork+0x10/0x10 [ 57.474944][ T62] ? __switch_to+0x800/0x1100 [ 57.474972][ T62] ? __pfx_kthread+0x10/0x10 [ 57.474997][ T62] ret_from_fork_asm+0x1a/0x30 [ 57.475037][ T62] [ 57.475079][ T62] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 57.600489][ T62] Bluetooth: hci0: failed to register connection device [ 57.843431][ T40] kauditd_printk_skb: 69 callbacks suppressed [ 57.843443][ T40] audit: type=1400 audit(1777924556.250:237): avc: denied { create } for pid=5999 comm="syz.2.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 57.853645][ T40] audit: type=1400 audit(1777924556.250:238): avc: denied { connect } for pid=5999 comm="syz.2.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 57.860673][ T40] audit: type=1400 audit(1777924556.250:239): avc: denied { write } for pid=5999 comm="syz.2.56" path="socket:[11364]" dev="sockfs" ino=11364 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 57.887441][ T62] Bluetooth: hci1: Malformed LE Event: 0x1b [ 57.956111][ T40] audit: type=1400 audit(1777924556.360:240): avc: denied { read write } for pid=6008 comm="syz.2.60" name="rdma_cm" dev="devtmpfs" ino=1293 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 57.964449][ T40] audit: type=1400 audit(1777924556.360:241): avc: denied { open } for pid=6008 comm="syz.2.60" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1293 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 58.030165][ T6015] syz.2.65 uses obsolete (PF_INET,SOCK_PACKET) [ 58.033564][ T6019] netlink: 14 bytes leftover after parsing attributes in process `syz.0.64'. [ 58.047517][ T6019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 58.062731][ T6019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 58.069204][ T6019] bond0 (unregistering): Released all slaves [ 58.243842][ T40] audit: type=1400 audit(1777924556.650:242): avc: denied { read write } for pid=6028 comm="syz.2.68" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 58.254794][ T40] audit: type=1400 audit(1777924556.650:243): avc: denied { open } for pid=6028 comm="syz.2.68" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 58.264137][ T40] audit: type=1400 audit(1777924556.650:244): avc: denied { create } for pid=6024 comm="syz.1.67" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 58.268946][ T853] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 58.273513][ T40] audit: type=1400 audit(1777924556.650:245): avc: denied { write } for pid=6024 comm="syz.1.67" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 58.283547][ T40] audit: type=1400 audit(1777924556.650:246): avc: denied { ioctl } for pid=6028 comm="syz.2.68" path="/dev/ppp" dev="devtmpfs" ino=730 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 58.302953][ T6032] o2cb: This node has not been configured. [ 58.306253][ T6032] o2cb: Cluster check failed. Fix errors before retrying. [ 58.309754][ T6032] (syz.0.69,6032,0):user_dlm_register:674 ERROR: status = -22 [ 58.312980][ T6032] (syz.0.69,6032,0):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 58.402128][ T6039] netlink: 148 bytes leftover after parsing attributes in process `syz.0.72'. [ 58.419639][ T6036] netlink: 8 bytes leftover after parsing attributes in process `syz.2.71'. [ 58.427686][ T6041] netlink: 8 bytes leftover after parsing attributes in process `syz.1.73'. [ 58.431570][ T853] usb 8-1: Using ep0 maxpacket: 8 [ 58.436846][ T853] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 58.443773][ T853] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 58.457208][ T853] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 58.468903][ T853] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 58.478855][ T853] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 58.489026][ T853] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.704167][ T853] usb 8-1: GET_CAPABILITIES returned 0 [ 58.706790][ T853] usbtmc 8-1:16.0: can't read capabilities [ 58.869099][ T62] Bluetooth: hci1: command tx timeout [ 58.869129][ T5750] Bluetooth: hci2: command tx timeout [ 58.870393][ T5093] Bluetooth: hci3: command tx timeout [ 58.870483][ T5736] Bluetooth: hci0: command tx timeout [ 58.910641][ T39] usb 8-1: USB disconnect, device number 2 [ 59.529401][ T6077] netlink: 'syz.3.89': attribute type 30 has an invalid length. [ 59.549463][ T6077] netlink: 'syz.3.89': attribute type 30 has an invalid length. [ 59.561739][ T106] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 59.564734][ T106] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 59.571610][ T6077] Zero length message leads to an empty skb [ 59.574571][ T106] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 59.578858][ T106] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 59.686528][ T6090] TCP: TCP_TX_DELAY enabled [ 59.691072][ T6093] IPv6: Can't replace route, no match found [ 59.919266][ T6109] Invalid logical block size (160) [ 60.057862][ T6128] netlink: 'syz.3.111': attribute type 1 has an invalid length. [ 60.060827][ T6128] netlink: 'syz.3.111': attribute type 2 has an invalid length. [ 60.063951][ T6128] netlink: 'syz.3.111': attribute type 1 has an invalid length. [ 60.242341][ T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.245593][ T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.249033][ T5880] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 60.249333][ T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.255447][ T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 60.409174][ T5880] usb 7-1: Using ep0 maxpacket: 8 [ 60.414632][ T5880] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 60.422591][ T5880] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 60.428315][ T5880] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 60.434765][ T5880] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 60.441262][ T5880] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 60.444457][ T5880] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.660019][ T5880] usb 7-1: GET_CAPABILITIES returned 0 [ 60.664051][ T5880] usbtmc 7-1:16.0: can't read capabilities [ 60.861882][ T29] usb 7-1: USB disconnect, device number 2 [ 60.869903][ T5737] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 60.959446][ T5750] Bluetooth: hci1: command tx timeout [ 60.960225][ T62] Bluetooth: hci2: command tx timeout [ 60.961342][ T5736] Bluetooth: hci0: command tx timeout [ 60.961369][ T5736] Bluetooth: hci3: command tx timeout [ 61.018890][ T5737] usb 6-1: Using ep0 maxpacket: 8 [ 61.023014][ T5737] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.030114][ T5737] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.034353][ T5737] usb 6-1: config 0 interface 0 has no altsetting 0 [ 61.037036][ T5737] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 61.041834][ T5737] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.047813][ T5737] usb 6-1: config 0 descriptor?? [ 61.466136][ T5737] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 61.468997][ T5737] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 61.471903][ T5737] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 61.474380][ T5737] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 61.477068][ T5737] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 61.481053][ T5737] mcp2221 0003:04D8:00DD.0002: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 61.659960][ T853] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 61.668021][ T5737] usb 6-1: USB disconnect, device number 3 [ 61.789828][ T6205] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 61.792729][ T6205] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 61.799603][ T6205] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 61.805555][ T6205] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 61.808375][ T6205] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 61.809392][ T853] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 61.815679][ T6205] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 61.817044][ T853] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 61.822333][ T853] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 61.826397][ T853] usb 7-1: config 0 interface 0 has no altsetting 0 [ 61.827354][ T6205] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 61.832887][ T853] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 61.832947][ T6205] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 61.835982][ T853] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 61.844333][ T853] usb 7-1: config 0 interface 0 has no altsetting 0 [ 61.845912][ T6205] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 61.847357][ T853] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 61.852291][ T853] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 61.855894][ T853] usb 7-1: config 0 interface 0 has no altsetting 0 [ 61.856800][ T6205] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 61.859410][ T853] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 61.863688][ T853] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 61.867140][ T853] usb 7-1: config 0 interface 0 has no altsetting 0 [ 61.867407][ T6205] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 61.870248][ T853] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 61.872266][ T6205] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 61.875242][ T853] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 61.881577][ T853] usb 7-1: config 0 interface 0 has no altsetting 0 [ 61.884430][ T6205] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 61.885045][ T853] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 61.890207][ T853] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 61.893876][ T853] usb 7-1: config 0 interface 0 has no altsetting 0 [ 61.897200][ T853] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 61.900865][ T853] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 61.905035][ T853] usb 7-1: config 0 interface 0 has no altsetting 0 [ 61.908522][ T853] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 61.911832][ T853] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 61.915524][ T853] usb 7-1: config 0 interface 0 has no altsetting 0 [ 61.919848][ T853] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 61.921735][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 61.924041][ T853] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 61.928128][ T853] usb 7-1: Product: syz [ 61.928275][ T12] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 61.929932][ T853] usb 7-1: Manufacturer: syz [ 61.933769][ T853] usb 7-1: SerialNumber: syz [ 61.937113][ T853] usb 7-1: config 0 descriptor?? [ 61.943425][ T853] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 62.149608][ T853] usb 7-1: USB disconnect, device number 3 [ 62.153278][ T853] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 62.281478][ T6224] overlayfs: invalid origin (0000006f7665726c) [ 62.668846][ T6244] ALSA: mixer_oss: invalid OSS volume 'f7вBMbkr[kO\. E' [ 62.671710][ T6244] ALSA: mixer_oss: invalid OSS volume '' [ 63.427621][ T6261] process 'syz.1.170' launched './file2' with NULL argv: empty string added [ 63.431208][ T40] kauditd_printk_skb: 62 callbacks suppressed [ 63.431224][ T40] audit: type=1400 audit(1777924561.840:309): avc: denied { execute_no_trans } for pid=6260 comm="syz.1.170" path="/61/file2" dev="tmpfs" ino=337 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 63.441305][ T40] audit: type=1400 audit(1777924561.840:310): avc: denied { mount } for pid=6260 comm="syz.1.170" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 63.449524][ T40] audit: type=1400 audit(1777924561.850:311): avc: denied { unmount } for pid=5734 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 63.470888][ T40] audit: type=1400 audit(1777924561.880:312): avc: denied { setopt } for pid=6262 comm="syz.1.171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 63.503637][ T6265] __nla_validate_parse: 8 callbacks suppressed [ 63.503653][ T6265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.172'. [ 63.539647][ T40] audit: type=1400 audit(1777924561.950:313): avc: denied { name_bind } for pid=6266 comm="syz.1.173" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 63.594805][ T6271] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.175'. [ 63.612339][ T40] audit: type=1400 audit(1777924562.020:314): avc: denied { read } for pid=6272 comm="syz.1.176" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 63.619816][ T40] audit: type=1400 audit(1777924562.020:315): avc: denied { open } for pid=6272 comm="syz.1.176" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 63.644842][ T40] audit: type=1400 audit(1777924562.050:316): avc: denied { create } for pid=6274 comm="syz.3.177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 63.654689][ T40] audit: type=1400 audit(1777924562.060:317): avc: denied { bind } for pid=6274 comm="syz.3.177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 63.752119][ T40] audit: type=1400 audit(1777924562.160:318): avc: denied { read write } for pid=6284 comm="syz.1.182" name="video1" dev="devtmpfs" ino=956 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 63.767029][ T6285] use of bytesused == 0 is deprecated and will be removed in the future, [ 63.772547][ T6285] use the actual size instead. [ 63.830127][ T5750] Bluetooth: hci1: command 0x0c1a tx timeout [ 63.830596][ T5736] Bluetooth: hci2: command 0x0c1a tx timeout [ 63.835535][ T5093] Bluetooth: hci0: command 0x0c1a tx timeout [ 63.920924][ T5736] Bluetooth: hci3: command 0x0c1a tx timeout [ 63.990590][ T5736] Bluetooth: hci4: command 0x1003 tx timeout [ 63.991228][ T62] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 64.097958][ T6316] netlink: 8 bytes leftover after parsing attributes in process `syz.0.196'. [ 64.194618][ T6326] netlink: 4 bytes leftover after parsing attributes in process `syz.0.200'. [ 64.506845][ T6343] faux_driver vkms: [drm] Unknown color mode 138; guessing buffer size. [ 65.286042][ T6367] netlink: 8 bytes leftover after parsing attributes in process `syz.0.219'. [ 65.337455][ T6373] netlink: 72 bytes leftover after parsing attributes in process `syz.2.222'. [ 65.859050][ T5737] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 65.878904][ T5880] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 65.909074][ T62] Bluetooth: hci2: command 0x0c1a tx timeout [ 65.909417][ T5093] Bluetooth: hci0: command 0x0c1a tx timeout [ 65.913325][ T5736] Bluetooth: hci1: command 0x0c1a tx timeout [ 65.988998][ T5736] Bluetooth: hci3: command 0x0c1a tx timeout [ 66.028874][ T5737] usb 5-1: Using ep0 maxpacket: 8 [ 66.035509][ T5737] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 66.041818][ T5737] usb 5-1: config 0 has no interface number 0 [ 66.046359][ T5737] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 66.053203][ T5737] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 66.058282][ T5737] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 66.058954][ T5880] usb 7-1: Using ep0 maxpacket: 8 [ 66.063109][ T5737] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 66.071756][ T5880] usb 7-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.071776][ T5880] usb 7-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.071788][ T5880] usb 7-1: config 0 interface 0 has no altsetting 0 [ 66.071804][ T5880] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 66.071815][ T5880] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.073252][ T5880] usb 7-1: config 0 descriptor?? [ 66.077820][ T5737] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 66.098700][ T5737] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.107922][ T5737] usb 5-1: config 0 descriptor?? [ 66.117446][ T5737] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 66.501699][ T5880] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 66.504119][ T5880] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 66.506442][ T5880] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 66.508840][ T5880] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 66.511359][ T5880] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 66.514203][ T5880] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 66.694881][ T6402] i2c i2c-2: unsupported multi-msg i2c transaction [ 66.704972][ T5737] usb 7-1: USB disconnect, device number 4 [ 67.286594][ T6421] tap0: tun_chr_ioctl cmd 1074025675 [ 67.288422][ T6421] tap0: persist enabled [ 67.294482][ T6421] tap0: tun_chr_ioctl cmd 1074025675 [ 67.296623][ T6421] tap0: persist disabled [ 67.576908][ T6427] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.247'. [ 67.992245][ T5736] Bluetooth: hci1: command 0x0c1a tx timeout [ 67.999563][ T5736] Bluetooth: hci0: command 0x0c1a tx timeout [ 68.001912][ T5093] Bluetooth: hci2: command 0x0c1a tx timeout [ 68.068895][ T5093] Bluetooth: hci3: command 0x0c1a tx timeout [ 68.409471][ T5737] usb 5-1: USB disconnect, device number 3 [ 68.416816][ T5737] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 68.628835][ T853] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 68.788978][ T853] usb 7-1: Using ep0 maxpacket: 8 [ 68.792653][ T853] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 68.797533][ T853] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 68.801975][ T853] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.808154][ T853] usb 7-1: config 0 descriptor?? [ 68.966533][ T40] kauditd_printk_skb: 22 callbacks suppressed [ 68.966547][ T40] audit: type=1400 audit(1777924567.370:341): avc: denied { unmount } for pid=5732 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 69.021030][ T853] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 69.071287][ T6457] xt_hashlimit: size too large, truncated to 1048576 [ 69.128052][ T40] audit: type=1400 audit(1777924567.530:342): avc: denied { remount } for pid=6461 comm="syz.0.263" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 69.166947][ T40] audit: type=1400 audit(1777924567.570:343): avc: denied { create } for pid=6464 comm="syz.0.264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 69.173544][ T40] audit: type=1400 audit(1777924567.580:344): avc: denied { bind } for pid=6464 comm="syz.0.264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 69.187605][ T40] audit: type=1400 audit(1777924567.580:345): avc: denied { write } for pid=6464 comm="syz.0.264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 69.197746][ T40] audit: type=1400 audit(1777924567.580:346): avc: denied { read } for pid=6464 comm="syz.0.264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 69.225609][ T39] usb 7-1: USB disconnect, device number 5 [ 69.327358][ T6475] netlink: 12 bytes leftover after parsing attributes in process `syz.0.269'. [ 69.874824][ T40] audit: type=1400 audit(1777924568.280:347): avc: denied { map } for pid=6497 comm="syz.2.279" path="socket:[12696]" dev="sockfs" ino=12696 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 69.885440][ T40] audit: type=1400 audit(1777924568.280:348): avc: denied { read accept } for pid=6497 comm="syz.2.279" path="socket:[12696]" dev="sockfs" ino=12696 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 70.052440][ T40] audit: type=1400 audit(1777924568.460:349): avc: denied { ioctl } for pid=6501 comm="syz.0.281" path="socket:[13712]" dev="sockfs" ino=13712 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 70.052520][ T6502] syzkaller1: entered promiscuous mode [ 70.065734][ T6502] syzkaller1: entered allmulticast mode [ 70.078937][ T5093] Bluetooth: hci0: command 0x0c1a tx timeout [ 70.451917][ T40] audit: type=1400 audit(1777924568.860:350): avc: denied { create } for pid=6518 comm="syz.3.289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 70.977484][ T6549] xt_hashlimit: size too large, truncated to 1048576 [ 71.138183][ T6557] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.307'. [ 71.173647][ T6559] netlink: 'syz.0.306': attribute type 21 has an invalid length. [ 71.177156][ T6559] netlink: 128 bytes leftover after parsing attributes in process `syz.0.306'. [ 71.181344][ T6559] netlink: 3 bytes leftover after parsing attributes in process `syz.0.306'. [ 71.186264][ T6559] netlink: 'syz.0.306': attribute type 21 has an invalid length. [ 71.187658][ T6561] netlink: 16 bytes leftover after parsing attributes in process `syz.3.308'. [ 71.191005][ T6559] netlink: 128 bytes leftover after parsing attributes in process `syz.0.306'. [ 71.196983][ T6559] netlink: 3 bytes leftover after parsing attributes in process `syz.0.306'. [ 71.530993][ T6579] netlink: 8 bytes leftover after parsing attributes in process `syz.3.316'. [ 71.558109][ T6579] netlink: 8 bytes leftover after parsing attributes in process `syz.3.316'. [ 71.630965][ T6588] netlink: 8 bytes leftover after parsing attributes in process `syz.3.320'. [ 71.634497][ T6588] netlink: 'syz.3.320': attribute type 26 has an invalid length. [ 71.689951][ T6592] netlink: 'syz.3.322': attribute type 1 has an invalid length. [ 71.708867][ T6592] netlink: 'syz.3.322': attribute type 1 has an invalid length. [ 71.720009][ T6592] netlink: 'syz.3.322': attribute type 8 has an invalid length. [ 71.883360][ T6606] netlink: 'syz.0.328': attribute type 39 has an invalid length. [ 72.249962][ T6618] syzkaller1: entered promiscuous mode [ 72.251935][ T6618] syzkaller1: entered allmulticast mode [ 72.634501][ T6647] (syz.3.346,6647,2):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 72.682840][ T5093] Bluetooth: hci1: unexpected event for opcode 0x2062 [ 73.228936][ T5737] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 73.240512][ T6677] netem: change failed [ 73.392559][ T5737] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 73.396955][ T5737] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 73.401152][ T5737] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 73.405038][ T5737] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.410248][ T5737] usb 7-1: config 0 descriptor?? [ 73.821565][ T5737] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 73.824098][ T5737] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 73.828643][ T5737] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0D8C:0022.0004/input/input6 [ 73.853701][ T5737] cm6533_jd 0003:0D8C:0022.0004: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 74.029039][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 74.029053][ T40] audit: type=1400 audit(1777924572.440:365): avc: denied { read write } for pid=5732 comm="syz-executor" name="loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 74.034355][ T5737] usb 7-1: USB disconnect, device number 6 [ 74.043184][ T40] audit: type=1400 audit(1777924572.450:366): avc: denied { open } for pid=5732 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 74.055058][ T40] audit: type=1400 audit(1777924572.450:367): avc: denied { ioctl } for pid=5732 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 74.072372][ T40] audit: type=1400 audit(1777924572.480:368): avc: denied { create } for pid=6686 comm="syz.3.365" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 74.084365][ T40] audit: type=1400 audit(1777924572.490:369): avc: denied { bind } for pid=6686 comm="syz.3.365" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 74.554285][ T6708] __nla_validate_parse: 3 callbacks suppressed [ 74.554302][ T6708] netlink: 28 bytes leftover after parsing attributes in process `syz.3.375'. [ 74.561228][ T6708] netlink: 28 bytes leftover after parsing attributes in process `syz.3.375'. [ 74.578646][ T6712] netlink: 8 bytes leftover after parsing attributes in process `syz.0.377'. [ 74.659940][ T40] audit: type=1400 audit(1777924573.060:370): avc: denied { create } for pid=6721 comm="syz.2.381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 74.673780][ T40] audit: type=1400 audit(1777924573.080:371): avc: denied { write } for pid=6721 comm="syz.2.381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 74.731167][ T40] audit: type=1400 audit(1777924573.140:372): avc: denied { create } for pid=6732 comm="syz.3.385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 74.740280][ T40] audit: type=1400 audit(1777924573.140:373): avc: denied { write } for pid=6732 comm="syz.3.385" path="socket:[14440]" dev="sockfs" ino=14440 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 74.774396][ T6735] capability: warning: `syz.2.386' uses deprecated v2 capabilities in a way that may be insecure [ 75.098957][ T5737] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 75.101110][ T6760] netlink: 20 bytes leftover after parsing attributes in process `syz.3.398'. [ 75.105170][ T6760] netlink: 28 bytes leftover after parsing attributes in process `syz.3.398'. [ 75.175068][ T40] audit: type=1400 audit(1777924573.580:374): avc: denied { read } for pid=6765 comm="syz.0.400" name="event0" dev="devtmpfs" ino=941 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 75.248873][ T5737] usb 7-1: Using ep0 maxpacket: 16 [ 75.253499][ T5737] usb 7-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 75.256600][ T5737] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.259501][ T5737] usb 7-1: Product: syz [ 75.261036][ T5737] usb 7-1: Manufacturer: syz [ 75.262883][ T5737] usb 7-1: SerialNumber: syz [ 75.481275][ T5737] usb 7-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 75.488405][ T5737] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 75.492173][ T5737] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 75.495551][ T5737] usb 7-1: media controller created [ 75.503777][ T5737] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 75.729604][ T5737] zl10353_read_register: readreg error (reg=127, ret==-110) [ 75.758970][ T5737] dvb_usb_gl861 7-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 75.764987][ T5737] usb 7-1: USB disconnect, device number 7 [ 76.286773][ T6785] sctp: [Deprecated]: syz.3.404 (pid 6785) Use of int in max_burst socket option deprecated. [ 76.286773][ T6785] Use struct sctp_assoc_value instead [ 76.326752][ T1435] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.330440][ T1435] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.710001][ T5093] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 76.714019][ T5093] Bluetooth: hci1: Injecting HCI hardware error event [ 76.718269][ T5736] Bluetooth: hci1: hardware error 0x00 [ 76.818896][ T5880] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 76.970096][ T5880] usb 7-1: config index 0 descriptor too short (expected 39, got 27) [ 76.973277][ T5880] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 76.977189][ T5880] usb 7-1: config 0 interface 0 has no altsetting 0 [ 76.981210][ T5880] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 76.984573][ T5880] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 76.987307][ T5880] usb 7-1: Product: syz [ 76.988938][ T5880] usb 7-1: Manufacturer: syz [ 76.990573][ T5880] usb 7-1: SerialNumber: syz [ 76.997036][ T5880] usb 7-1: config 0 descriptor?? [ 77.000765][ T5880] hub 7-1:0.0: bad descriptor, ignoring hub [ 77.002922][ T5880] hub 7-1:0.0: probe with driver hub failed with error -5 [ 77.007649][ T5880] usb 7-1: selecting invalid altsetting 0 [ 77.098909][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 77.248968][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 77.256850][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 77.262763][ T9] usb 5-1: no configurations [ 77.265591][ T9] usb 5-1: can't read configurations, error -22 [ 77.810151][ T6818] can0: slcan on ttynull. [ 77.914789][ T6808] usb 7-1: reset high-speed USB device number 8 using dummy_hcd [ 78.119023][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 78.294866][ T9] usb 5-1: config 0 has no interfaces? [ 78.299341][ T6808] usb 7-1: failed to restore interface 0 altsetting 251 (error=-71) [ 78.302942][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 78.304684][ T853] usb 7-1: USB disconnect, device number 8 [ 78.305976][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.316285][ T9] usb 5-1: config 0 descriptor?? [ 78.524922][ T34] usb 5-1: USB disconnect, device number 5 [ 78.590702][ T6817] can0 (unregistered): slcan off ttynull. [ 78.790097][ T5736] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 79.080726][ T40] kauditd_printk_skb: 33 callbacks suppressed [ 79.080744][ T40] audit: type=1400 audit(1777924577.490:408): avc: denied { write } for pid=6846 comm="syz.2.431" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 79.080820][ T6847] netlink: 16 bytes leftover after parsing attributes in process `syz.2.431'. [ 79.403215][ C0] vcan0: j1939_tp_rxtimer: 0xffff888036dd4800: rx timeout, send abort [ 79.408344][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888036dd4800: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 79.415036][ T40] audit: type=1400 audit(1777924577.820:409): avc: denied { read } for pid=5124 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 79.424120][ T40] audit: type=1400 audit(1777924577.820:410): avc: denied { search } for pid=5124 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 79.433002][ T40] audit: type=1400 audit(1777924577.820:411): avc: denied { write search } for pid=5124 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 79.455227][ T40] audit: type=1400 audit(1777924577.820:412): avc: denied { add_name } for pid=5124 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 79.478983][ T40] audit: type=1400 audit(1777924577.820:413): avc: denied { create } for pid=5124 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 79.489043][ T40] audit: type=1400 audit(1777924577.820:414): avc: denied { append open } for pid=5124 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 79.499999][ T40] audit: type=1400 audit(1777924577.820:415): avc: denied { getattr } for pid=5124 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 79.510229][ T40] audit: type=1400 audit(1777924577.860:416): avc: denied { execute } for pid=6858 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 79.518105][ T40] audit: type=1400 audit(1777924577.860:417): avc: denied { execute_no_trans } for pid=6858 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 79.569269][ T5093] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.577589][ T5093] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.587932][ T5093] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.601742][ T5093] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.608603][ T5750] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.719060][ T6877] ------------[ cut here ]------------ [ 79.723229][ T6877] !chanctx_conf [ 79.723241][ T6877] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x5c5/0x730, CPU#0: syz.0.442/6877 [ 79.729527][ T6877] Modules linked in: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 79.732666][ T6877] CPU: 0 UID: 0 PID: 6877 Comm: syz.0.442 Tainted: G L syzkaller #0 PREEMPT(full) [ 79.733243][ T6880] syzkaller1: entered promiscuous mode [ 79.737312][ T6877] Tainted: [L]=SOFTLOCKUP [ 79.737344][ T6877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 79.737359][ T6877] RIP: 0010:rate_control_rate_init+0x5c5/0x730 [ 79.737390][ T6877] Code: 48 8d 35 00 00 00 00 e8 39 32 e3 f6 e8 34 8a ec f6 e9 20 fe ff ff e8 9a 46 07 f7 90 0f 0b 90 e9 12 fe ff ff e8 8c 46 07 f7 90 <0f> 0b 90 eb b1 e8 81 46 07 f7 e8 8c 92 eb f6 31 ff 89 c3 89 c6 e8 [ 79.737408][ T6877] RSP: 0000:ffffc900058e7200 EFLAGS: 00010287 [ 79.737428][ T6877] RAX: 00000000000007c0 RBX: ffff88805ac20000 RCX: ffffc900044a3000 [ 79.737441][ T6877] RDX: 0000000000080000 RSI: ffffffff8b014554 RDI: ffff8880312d8000 [ 79.737453][ T6877] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 79.737465][ T6877] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888038643100 [ 79.737476][ T6877] R13: ffff88805a330f20 R14: ffff888036940000 R15: 0000000000000000 [ 79.737490][ T6877] FS: 00007fee6cbc36c0(0000) GS:ffff8880d6376000(0000) knlGS:0000000000000000 [ 79.737530][ T6877] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.737546][ T6877] CR2: 00007f42a6a47a90 CR3: 000000005c584000 CR4: 0000000000352ef0 [ 79.737560][ T6877] Call Trace: [ 79.737567][ T6877] [ 79.737580][ T6877] rate_control_rate_init_all_links+0x76/0x1f0 [ 79.737611][ T6877] sta_apply_auth_flags.isra.0+0x4aa/0x500 [ 79.737639][ T6877] sta_apply_parameters+0x1234/0x2090 [ 79.737666][ T6877] ? __sta_info_alloc+0x1146/0x1cd0 [ 79.737695][ T6877] ieee80211_add_station+0x3ff/0x760 [ 79.737725][ T6877] nl80211_new_station+0x14a9/0x20f0 [ 79.737762][ T6877] ? __pfx_nl80211_new_station+0x10/0x10 [ 79.737818][ T6877] ? nl80211_pre_doit+0x19a/0xae0 [ 79.743440][ T6880] syzkaller1: entered allmulticast mode [ 79.746735][ T6877] genl_family_rcv_msg_doit+0x214/0x300 [ 79.746777][ T6877] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 79.746851][ T6877] ? bpf_lsm_capable+0x9/0x10 [ 79.746876][ T6877] ? security_capable+0x80/0x260 [ 79.746900][ T6877] ? ns_capable+0xd2/0xf0 [ 79.746933][ T6877] genl_rcv_msg+0x560/0x800 [ 79.746966][ T6877] ? __pfx_genl_rcv_msg+0x10/0x10 [ 79.746994][ T6877] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 79.747021][ T6877] ? __pfx_nl80211_new_station+0x10/0x10 [ 79.747051][ T6877] ? __pfx_nl80211_post_doit+0x10/0x10 [ 79.747087][ T6877] netlink_rcv_skb+0x159/0x420 [ 79.747113][ T6877] ? __pfx_genl_rcv_msg+0x10/0x10 [ 79.747142][ T6877] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 79.747178][ T6877] ? netlink_deliver_tap+0x1ae/0xcc0 [ 79.747231][ T6877] genl_rcv+0x28/0x40 [ 79.747257][ T6877] netlink_unicast+0x585/0x850 [ 79.747286][ T6877] ? __pfx_netlink_unicast+0x10/0x10 [ 79.747319][ T6877] netlink_sendmsg+0x8b0/0xda0 [ 79.747349][ T6877] ? __pfx_netlink_sendmsg+0x10/0x10 [ 79.747372][ T6877] ? pti_set_user_pgtbl+0x30/0x50 [ 79.747412][ T6877] ____sys_sendmsg+0x9e1/0xb70 [ 79.747436][ T6877] ? __pfx_netlink_sendmsg+0x10/0x10 [ 79.747463][ T6877] ? __pfx_____sys_sendmsg+0x10/0x10 [ 79.747490][ T6877] ? __pfx_futex_wake_mark+0x10/0x10 [ 79.747522][ T6877] ___sys_sendmsg+0x190/0x1e0 [ 79.747551][ T6877] ? __pfx____sys_sendmsg+0x10/0x10 [ 79.747608][ T6877] __sys_sendmsg+0x170/0x220 [ 79.747638][ T6877] ? __pfx___sys_sendmsg+0x10/0x10 [ 79.747667][ T6877] ? __x64_sys_futex+0x34f/0x4d0 [ 79.747704][ T6877] ? rcu_is_watching+0x12/0xc0 [ 79.747738][ T6877] do_syscall_64+0x10b/0xf80 [ 79.747762][ T6877] ? clear_bhb_loop+0x40/0x90 [ 79.747787][ T6877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.747808][ T6877] RIP: 0033:0x7fee6bd9cdd9 [ 79.747827][ T6877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 79.747846][ T6877] RSP: 002b:00007fee6cbc3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.747867][ T6877] RAX: ffffffffffffffda RBX: 00007fee6c015fa0 RCX: 00007fee6bd9cdd9 [ 79.747881][ T6877] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 79.747893][ T6877] RBP: 00007fee6be32d69 R08: 0000000000000000 R09: 0000000000000000 [ 79.747905][ T6877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 79.747918][ T6877] R13: 00007fee6c016038 R14: 00007fee6c015fa0 R15: 00007fffb00c5a28 [ 79.747945][ T6877] [ 79.747957][ T6877] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 79.747973][ T6877] CPU: 0 UID: 0 PID: 6877 Comm: syz.0.442 Tainted: G L syzkaller #0 PREEMPT(full) [ 79.747999][ T6877] Tainted: [L]=SOFTLOCKUP [ 79.748006][ T6877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 79.748017][ T6877] Call Trace: [ 79.748024][ T6877] [ 79.748032][ T6877] dump_stack_lvl+0x100/0x190 [ 79.748059][ T6877] vpanic+0x552/0x970 [ 79.748081][ T6877] ? __pfx_vpanic+0x10/0x10 [ 79.748107][ T6877] panic+0xd1/0xe0 [ 79.748126][ T6877] ? __pfx_panic+0x10/0x10 [ 79.748156][ T6877] check_panic_on_warn.cold+0x19/0x34 [ 79.748179][ T6877] ? rate_control_rate_init+0x5c5/0x730 [ 79.748202][ T6877] __warn.cold+0x191/0x328 [ 79.748224][ T6877] __report_bug+0x296/0x3d0 [ 79.748245][ T6877] ? rate_control_rate_init+0x5c5/0x730 [ 79.748269][ T6877] ? __pfx___report_bug+0x10/0x10 [ 79.748288][ T6877] ? kasan_save_track+0x14/0x30 [ 79.748319][ T6877] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 79.748349][ T6877] ? ieee80211_add_station+0x5f1/0x760 [ 79.748373][ T6877] ? nl80211_new_station+0x14a9/0x20f0 [ 79.748401][ T6877] ? genl_family_rcv_msg_doit+0x214/0x300 [ 79.748428][ T6877] ? netlink_rcv_skb+0x159/0x420 [ 79.748451][ T6877] ? netlink_unicast+0x585/0x850 [ 79.748473][ T6877] ? netlink_sendmsg+0x8b0/0xda0 [ 79.748495][ T6877] ? ____sys_sendmsg+0x9e1/0xb70 [ 79.748529][ T6877] ? rate_control_rate_init+0x5c5/0x730 [ 79.748553][ T6877] report_bug+0xb2/0x220 [ 79.748575][ T6877] ? rate_control_rate_init+0x5c5/0x730 [ 79.748599][ T6877] handle_bug+0x16a/0x2a0 [ 79.748623][ T6877] exc_invalid_op+0x17/0x50 [ 79.748649][ T6877] asm_exc_invalid_op+0x1a/0x20 [ 79.748668][ T6877] RIP: 0010:rate_control_rate_init+0x5c5/0x730 [ 79.748691][ T6877] Code: 48 8d 35 00 00 00 00 e8 39 32 e3 f6 e8 34 8a ec f6 e9 20 fe ff ff e8 9a 46 07 f7 90 0f 0b 90 e9 12 fe ff ff e8 8c 46 07 f7 90 <0f> 0b 90 eb b1 e8 81 46 07 f7 e8 8c 92 eb f6 31 ff 89 c3 89 c6 e8 [ 79.748708][ T6877] RSP: 0000:ffffc900058e7200 EFLAGS: 00010287 [ 79.748724][ T6877] RAX: 00000000000007c0 RBX: ffff88805ac20000 RCX: ffffc900044a3000 [ 79.748752][ T6877] RDX: 0000000000080000 RSI: ffffffff8b014554 RDI: ffff8880312d8000 [ 79.748767][ T6877] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 79.748779][ T6877] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888038643100 [ 79.748791][ T6877] R13: ffff88805a330f20 R14: ffff888036940000 R15: 0000000000000000 [ 79.748814][ T6877] ? rate_control_rate_init+0x5c4/0x730 [ 79.748846][ T6877] rate_control_rate_init_all_links+0x76/0x1f0 [ 79.748875][ T6877] sta_apply_auth_flags.isra.0+0x4aa/0x500 [ 79.748904][ T6877] sta_apply_parameters+0x1234/0x2090 [ 79.748928][ T6877] ? __sta_info_alloc+0x1146/0x1cd0 [ 79.748955][ T6877] ieee80211_add_station+0x3ff/0x760 [ 79.748984][ T6877] nl80211_new_station+0x14a9/0x20f0 [ 79.749020][ T6877] ? __pfx_nl80211_new_station+0x10/0x10 [ 79.749074][ T6877] ? nl80211_pre_doit+0x19a/0xae0 [ 79.749104][ T6877] genl_family_rcv_msg_doit+0x214/0x300 [ 79.749134][ T6877] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 79.749171][ T6877] ? bpf_lsm_capable+0x9/0x10 [ 79.749191][ T6877] ? security_capable+0x80/0x260 [ 79.749212][ T6877] ? ns_capable+0xd2/0xf0 [ 79.749242][ T6877] genl_rcv_msg+0x560/0x800 [ 79.749271][ T6877] ? __pfx_genl_rcv_msg+0x10/0x10 [ 79.749298][ T6877] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 79.749323][ T6877] ? __pfx_nl80211_new_station+0x10/0x10 [ 79.749351][ T6877] ? __pfx_nl80211_post_doit+0x10/0x10 [ 79.749386][ T6877] netlink_rcv_skb+0x159/0x420 [ 79.749411][ T6877] ? __pfx_genl_rcv_msg+0x10/0x10 [ 79.749439][ T6877] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 79.749475][ T6877] ? netlink_deliver_tap+0x1ae/0xcc0 [ 79.749502][ T6877] genl_rcv+0x28/0x40 [ 79.749531][ T6877] netlink_unicast+0x585/0x850 [ 79.749560][ T6877] ? __pfx_netlink_unicast+0x10/0x10 [ 79.749591][ T6877] netlink_sendmsg+0x8b0/0xda0 [ 79.749622][ T6877] ? __pfx_netlink_sendmsg+0x10/0x10 [ 79.749645][ T6877] ? pti_set_user_pgtbl+0x30/0x50 [ 79.749683][ T6877] ____sys_sendmsg+0x9e1/0xb70 [ 79.749706][ T6877] ? __pfx_netlink_sendmsg+0x10/0x10 [ 79.749731][ T6877] ? __pfx_____sys_sendmsg+0x10/0x10 [ 79.749758][ T6877] ? __pfx_futex_wake_mark+0x10/0x10 [ 79.749781][ T6877] ___sys_sendmsg+0x190/0x1e0 [ 79.749806][ T6877] ? __pfx____sys_sendmsg+0x10/0x10 [ 79.749862][ T6877] __sys_sendmsg+0x170/0x220 [ 79.749894][ T6877] ? __pfx___sys_sendmsg+0x10/0x10 [ 79.749923][ T6877] ? __x64_sys_futex+0x34f/0x4d0 [ 79.749961][ T6877] ? rcu_is_watching+0x12/0xc0 [ 79.749994][ T6877] do_syscall_64+0x10b/0xf80 [ 79.750016][ T6877] ? clear_bhb_loop+0x40/0x90 [ 79.750040][ T6877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.750060][ T6877] RIP: 0033:0x7fee6bd9cdd9 [ 79.750076][ T6877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 79.750094][ T6877] RSP: 002b:00007fee6cbc3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.750111][ T6877] RAX: ffffffffffffffda RBX: 00007fee6c015fa0 RCX: 00007fee6bd9cdd9 [ 79.750124][ T6877] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 79.750135][ T6877] RBP: 00007fee6be32d69 R08: 0000000000000000 R09: 0000000000000000 [ 79.750146][ T6877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 79.750158][ T6877] R13: 00007fee6c016038 R14: 00007fee6c015fa0 R15: 00007fffb00c5a28 [ 79.750185][ T6877] [ 79.751908][ T6877] Kernel Offset: disabled