last executing test programs: 1m52.604891334s ago: executing program 3 (id=1941): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x3) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000080)={0x1, &(0x7f00000016c0)=[{0x6, 0xfc, 0xa, 0x7}]}) write$ppp(r0, &(0x7f00000005c0)="3600f4", 0x3) 1m52.522921083s ago: executing program 3 (id=1946): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) read(r0, 0x0, 0x0) 1m52.39100299s ago: executing program 1 (id=1951): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r0, 0xee01, 0x0) keyctl$setperm(0x5, r0, 0x20925) keyctl$read(0xb, r0, 0x0, 0x0) 1m52.314126952s ago: executing program 1 (id=1952): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4140aecd, &(0x7f0000000100)) 1m52.223516972s ago: executing program 1 (id=1956): pipe2(&(0x7f0000000200)={0x0, 0x0}, 0x0) read$FUSE(r0, &(0x7f0000001000)={0x2020}, 0x2020) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1m52.152662867s ago: executing program 1 (id=1959): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x262) 1m52.103610644s ago: executing program 1 (id=1961): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x600) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000440)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07, 0x0, 0xd}) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000000)={0x80, 0x9, 0x2, 0xe05, 0x20000, 0x28e7}) 1m51.763759299s ago: executing program 1 (id=1966): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r0, &(0x7f0000000140), &(0x7f0000000000)=""/48}, 0x20) 1m51.75457523s ago: executing program 32 (id=1966): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r0, &(0x7f0000000140), &(0x7f0000000000)=""/48}, 0x20) 1m51.50454916s ago: executing program 3 (id=1968): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x80, &(0x7f0000000000)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e79616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000100)='./file0\x00') fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) 1m51.48383974s ago: executing program 3 (id=1971): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x262) 1m51.189297445s ago: executing program 3 (id=1976): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7200000000003900000008000300", @ANYRES32=r1, @ANYBLOB="24005a80200001801400030009027900070006000300040001000700050004"], 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 1m50.883464456s ago: executing program 3 (id=1981): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000000c0)=0x81) readv(r0, &(0x7f00000006c0)=[{&(0x7f0000002480)=""/4110, 0x100e}], 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000140)={{0xbffffffd, 0x1, 0xffffffff, 0xfffffff8, 'syz1\x00', 0x20}, 0x2, 0x2, 0x5, 0x0, 0x0, 0x4ff, 'syz0\x00', 0x0}) 1m50.821539421s ago: executing program 33 (id=1981): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000000c0)=0x81) readv(r0, &(0x7f00000006c0)=[{&(0x7f0000002480)=""/4110, 0x100e}], 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000140)={{0xbffffffd, 0x1, 0xffffffff, 0xfffffff8, 'syz1\x00', 0x20}, 0x2, 0x2, 0x5, 0x0, 0x0, 0x4ff, 'syz0\x00', 0x0}) 1m26.201089459s ago: executing program 2 (id=2466): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) 1m26.002251723s ago: executing program 2 (id=2468): r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'ip6_vti0\x00', 0x0}) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x3c, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_WASH={0x8}]}}]}, 0x3c}}, 0x20000000) 1m26.001901035s ago: executing program 2 (id=2469): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000008, 0x4ca31, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7) r0 = syz_open_procfs(0x0, &(0x7f0000000480)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) 1m25.923398125s ago: executing program 2 (id=2470): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000040)={@dev={0xfe, 0x80, '\x00', 0x2f}}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000001c0)={@remote}, 0x14) 1m25.86853876s ago: executing program 2 (id=2471): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) 1m25.868261367s ago: executing program 2 (id=2472): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)={0x24, r1, 0x1, 0x70bd26, 0x5, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000080}, 0x940) 1m10.816412253s ago: executing program 34 (id=2472): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)={0x24, r1, 0x1, 0x70bd26, 0x5, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000080}, 0x940) 35.811553293s ago: executing program 0 (id=3809): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0xf, 0x4, 0x8, 0x2}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB='\a'], 0x10) close(0x3) close(0x4) 35.754992464s ago: executing program 0 (id=3812): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180005000000ffff000077b90800000095"], &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x84}}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x0, 0x0, 0x0, 0x8, 0xffffffba, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94) 35.750416862s ago: executing program 0 (id=3814): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x1a0) r1 = fanotify_init(0x8, 0x1) fanotify_mark(r1, 0x105, 0x40001032, r0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) read$FUSE(r1, 0x0, 0x0) 35.647173772s ago: executing program 0 (id=3820): bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x10, 0x4, 0x4, 0x8, 0x0, 0x1}, 0x48) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) 35.58250682s ago: executing program 0 (id=3822): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x201, 0x4000003e, r0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8}) 35.482179332s ago: executing program 0 (id=3824): r0 = socket$kcm(0x2a, 0x2, 0x0) r1 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, 0x0}, 0x0) recvmsg(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182) sendmsg$kcm(r0, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 20.474340652s ago: executing program 35 (id=3824): r0 = socket$kcm(0x2a, 0x2, 0x0) r1 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, 0x0}, 0x0) recvmsg(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182) sendmsg$kcm(r0, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 1.952042744s ago: executing program 4 (id=4530): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)={0x84, r1, 0x205, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x53, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x81}, @device_b, @device_b, @initial, {0x6}}, 0x9, @default, 0x1971, @val, @void, @val={0x3, 0x1, 0xb5}, @void, @val={0x6, 0x2, 0xe}, @void, @void, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @val={0x3c, 0x4, {0x1, 0x9, 0x30, 0xb6}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x12, 0xb, 0x8}}, @val={0x76, 0x6, {0x4, 0x2, 0x7, 0x5}}}}, @NL80211_ATTR_IE_ASSOC_RESP={0x4}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x84}}, 0x24000080) quotactl_fd$Q_QUOTAON(r0, 0xffffffff80000202, 0xee00, &(0x7f0000000340)='./file0\x00') 1.902129832s ago: executing program 4 (id=4533): syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r0 = io_uring_setup(0x6001, &(0x7f00000001c0)={0x0, 0x361c, 0x40, 0x3, 0x1fa}) close_range(r0, r0, 0x0) pselect6(0x40, &(0x7f0000000100)={0x2, 0x0, 0xfffffffffffffff8, 0x0, 0x1, 0x10}, 0x0, &(0x7f0000000240)={0x1f, 0xc, 0x715, 0x8000000000000000, 0x0, 0x80000000000000, 0x800, 0x20000}, 0x0, 0x0) 1.839159325s ago: executing program 6 (id=4535): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b03, 0x0) 1.008670274s ago: executing program 4 (id=4557): r0 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1) r1 = dup(r0) r2 = fanotify_init(0x8, 0x80000) fanotify_mark(r2, 0x1, 0x8001021, r1, 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 997.199689ms ago: executing program 4 (id=4559): r0 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x1, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x5, 0x0, 0x81, 0xffffffff}) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 932.155653ms ago: executing program 7 (id=4560): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x82401, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfe000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f0000000f40)=[@rdmsr={0x66, 0x18, {0xda0}}], 0x18}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 931.901508ms ago: executing program 4 (id=4561): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000008c0)="0928ffffff7f", 0x6}, {&(0x7f0000000140)="ebe3a0", 0x3}], 0x2, 0x0, 0x0, 0x800}], 0x1, 0x40800) 870.782675ms ago: executing program 4 (id=4562): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, 0x0) 824.5355ms ago: executing program 7 (id=4563): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r1, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 752.382794ms ago: executing program 7 (id=4564): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0x40000071, 0x0, 0xc0040}]}) 570.123492ms ago: executing program 7 (id=4565): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001300010229bdff00fcdbdf25007e0000", @ANYRES32=r3, @ANYBLOB="0e2a01000904000008000a00", @ANYRES32=r1], 0x28}, 0x1, 0x0, 0x0, 0x34004c01}, 0x8804) 567.266244ms ago: executing program 7 (id=4566): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) fcntl$notify(0xffffffffffffffff, 0x402, 0x80000020) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x6, 0x7}}]}}]}, 0x48}}, 0x4c840) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=@newtfilter={0x44, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xffff, 0xfff3}, {0x0, 0xfff3}, {0x2, 0x300}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x88a8}, @TCA_FLOWER_KEY_CT_MARK={0x8, 0x5f, 0x7}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) 509.762451ms ago: executing program 7 (id=4567): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) socket$inet_udp(0x2, 0x2, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000002780)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000380)=@delqdisc={0x434, 0x25, 0x100, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xd, 0x10}, {0xa, 0x7}, {0x0, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x3, 0xfffffff8, 0x4, 0x40, 0x2, 0x2, 0x5, 0x7fff, 0x4, 0x1, 0x6, 0x1c8, 0x7, 0x0, 0x5, 0x1, 0x8, 0x9, 0x9, 0x9, 0xf9, 0x200, 0x1, 0x5, 0x6, 0xfff, 0x9, 0x1, 0x80, 0x10000, 0x0, 0x6, 0xff, 0x4, 0x6, 0x9, 0xe6c1, 0x2, 0x65, 0x6, 0x5, 0x71, 0x1f146d7e, 0x80000001, 0x89, 0xe9, 0x80000001, 0x2, 0xff, 0x8, 0xffff8dc2, 0x400, 0x0, 0x2, 0xffff, 0x10001, 0x0, 0x2, 0x8, 0xa000000, 0x0, 0x5, 0x8, 0x3, 0x4, 0x401, 0x5, 0x8, 0x4ad1, 0x1, 0x25b1, 0x5, 0xfff, 0x0, 0xe, 0xffffffff, 0x3, 0x5, 0x3ff, 0xfff, 0x8, 0xf, 0x0, 0x4, 0x626cfd3b, 0x0, 0x60df8662, 0x2, 0x5, 0x4, 0xc6, 0x8, 0x7, 0xfffffffa, 0xc, 0x4, 0xffffffff, 0xa80, 0x0, 0x7, 0x2, 0x0, 0xff, 0x8, 0x7, 0xc, 0xfdc1, 0x77f, 0x4, 0xfffffff0, 0x4, 0x7fff, 0x1000, 0x1, 0x1f1f, 0x3, 0x665195e5, 0x5, 0x7, 0x5, 0x6, 0x7, 0x4, 0x800, 0x101, 0x400, 0x2, 0x6, 0xd, 0x9, 0x7, 0xc5, 0x99, 0x4, 0x2e9, 0x4, 0x3, 0x401, 0xfffffffe, 0x7, 0x80000000, 0x8, 0x0, 0x4, 0x37, 0x4, 0x31, 0x2, 0x2, 0x3, 0x6, 0x1, 0x690c, 0x368d, 0x9, 0x2, 0xe, 0x8, 0x7, 0x5597, 0x3, 0x7, 0x7fff, 0x62, 0xf6, 0x5, 0x0, 0x7fffffff, 0xd, 0x9, 0x2, 0x100, 0x6, 0x101, 0x5, 0x2, 0x3, 0x4, 0xfc8d, 0x8, 0x3ff, 0x3, 0x0, 0x3, 0x5, 0x9, 0x5, 0x8000, 0x1, 0x7, 0x20000, 0x4, 0x2, 0x9f85, 0x65, 0x4, 0x0, 0x7ff, 0x4, 0x6, 0x7, 0xd92, 0x40, 0xfff, 0xe1, 0x8, 0x426, 0x5, 0x9, 0x1, 0x1000, 0x9, 0x36ae765f, 0x401, 0x9, 0x200000, 0x3, 0x4, 0x5, 0x0, 0x89, 0x5, 0x80000000, 0x9c4, 0x1, 0x41632842, 0x6, 0x10, 0x2, 0x8001, 0x5, 0x100, 0x8, 0x9, 0xfe64, 0xd, 0x1c2, 0x2, 0x6, 0x2, 0x80000001, 0xa, 0x6, 0xfffffffc, 0x5, 0x3, 0x7f, 0x400000, 0x5, 0x3, 0x6, 0x8001, 0x10001, 0x5, 0x4, 0x7]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0x40000}, 0x8010) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 431.674731ms ago: executing program 5 (id=4569): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000540), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) 429.586589ms ago: executing program 5 (id=4570): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000001800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc) 328.076186ms ago: executing program 5 (id=4571): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fedbdf255200000008000300", @ANYRES32=r3], 0x34}, 0x1, 0x0, 0x0, 0x20000081}, 0x804) 326.307872ms ago: executing program 5 (id=4572): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x1) getdents(r0, 0x0, 0x0) 322.92286ms ago: executing program 6 (id=4573): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@setlink={0x28, 0x13, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, 0x12a0e, 0x409}, [@IFLA_MASTER={0x8, 0xa, r1}]}, 0x28}, 0x1, 0x0, 0x0, 0x34004c01}, 0x8804) 247.697441ms ago: executing program 6 (id=4574): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000380)=0x4) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7e) 162.268138ms ago: executing program 6 (id=4575): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'hsr0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_add_memb(r0, 0x107, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0xc}, {0xfff3, 0x8}}}, 0x24}}, 0x20040000) 83.614962ms ago: executing program 6 (id=4576): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x28f, 0x3cc, 0x1}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000000)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000340)={0x3, r1, 0xfffffffa, 0x5, 0xb, 0x1ed, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000001880)={0x1, r1, 0x8fff, 0x3ff, 0x4, 0x944}) 22.013506ms ago: executing program 5 (id=4577): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x4) 19.339334ms ago: executing program 6 (id=4578): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x5) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) 0s ago: executing program 5 (id=4579): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000100)={0x40, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) kernel console output (not intermixed with test programs): tdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.699769][T11624] overlayfs: missing 'workdir' [ 159.746883][T11610] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.815244][T11632] tipc: Started in network mode [ 159.818302][T11632] tipc: Node identity ac14140f, cluster identity 4711 [ 159.821628][T11632] tipc: New replicast peer: 255.255.255.255 [ 159.826192][T11632] tipc: Enabled bearer , priority 10 [ 159.845013][T11610] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.001544][ T3521] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.016068][ T3521] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.040582][ T3521] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.055856][ T3521] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.150843][T11648] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2664'. [ 160.194853][ T39] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 160.342460][ T39] usb 9-1: Using ep0 maxpacket: 8 [ 160.354214][ T39] usb 9-1: unable to get BOS descriptor or descriptor too short [ 160.360669][ T39] usb 9-1: unable to read config index 0 descriptor/start: -71 [ 160.365304][ T39] usb 9-1: can't read configurations, error -71 [ 160.689252][ T40] audit: type=1400 audit(1777663607.333:502): avc: denied { listen } for pid=11667 comm="syz.0.2673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 160.698637][ T40] audit: type=1400 audit(1777663607.333:503): avc: denied { read } for pid=11667 comm="syz.0.2673" path="socket:[40991]" dev="sockfs" ino=40991 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 160.825891][ T5878] tipc: Node number set to 2886997007 [ 161.052432][T11685] loop9: detected capacity change from 0 to 524287999 [ 161.066158][T11685] ldm_validate_partition_table(): Disk read failed. [ 161.070744][T11685] Dev loop9: unable to read RDB block 0 [ 161.076170][T11685] loop9: unable to read partition table [ 161.078965][T11685] loop_reread_partitions: partition scan of loop9 (3 x) failed (rc=-5) [ 161.766127][T11717] netlink: 'syz.4.2695': attribute type 4 has an invalid length. [ 161.984636][ T59] wlan1: Trigger new scan to find an IBSS to join [ 162.612222][ T39] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 162.783678][ T39] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 162.788994][ T39] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.793237][ T39] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.798200][ T39] usb 5-1: config 0 interface 0 has no altsetting 0 [ 162.802676][ T39] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.806787][ T39] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.811620][ T39] usb 5-1: config 0 interface 0 has no altsetting 0 [ 162.816056][ T39] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.820058][ T39] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.825114][ T39] usb 5-1: config 0 interface 0 has no altsetting 0 [ 162.829291][ T39] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.835071][ T39] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.840068][ T39] usb 5-1: config 0 interface 0 has no altsetting 0 [ 162.844298][ T39] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.848580][ T39] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.853611][ T39] usb 5-1: config 0 interface 0 has no altsetting 0 [ 162.857707][ T39] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.861834][ T39] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.867004][ T39] usb 5-1: config 0 interface 0 has no altsetting 0 [ 162.871120][ T39] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.875496][ T39] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.880541][ T39] usb 5-1: config 0 interface 0 has no altsetting 0 [ 162.884922][ T39] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.891499][ T39] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.898734][ T39] usb 5-1: config 0 interface 0 has no altsetting 0 [ 162.906218][ T39] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 162.911784][ T39] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 162.918126][ T39] usb 5-1: Product: syz [ 162.918895][ T46] wlan1: Creating new IBSS network, BSSID c2:f9:85:1d:43:7e [ 162.920048][ T39] usb 5-1: Manufacturer: syz [ 162.920068][ T39] usb 5-1: SerialNumber: syz [ 162.928887][ T39] usb 5-1: config 0 descriptor?? [ 162.951481][ T39] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 163.148667][ T39] usb 5-1: USB disconnect, device number 16 [ 163.164687][ T39] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 163.227363][T11771] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2714'. [ 163.259564][T11775] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2715'. [ 163.265658][T11775] macvlan0: entered promiscuous mode [ 163.269747][T11775] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2715'. [ 163.396214][T11783] loop7: detected capacity change from 0 to 7 [ 163.408942][ C0] blk_print_req_error: 194 callbacks suppressed [ 163.408962][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 163.416271][ C0] buffer_io_error: 210 callbacks suppressed [ 163.416287][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 163.426572][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 163.430721][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 163.436817][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 163.441015][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 163.445139][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 163.449201][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 163.453819][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 163.457898][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 163.464805][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 163.468907][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 163.475692][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 163.479860][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 163.484700][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 163.488829][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 163.493360][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 163.497465][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 163.501014][T11783] ldm_validate_partition_table(): Disk read failed. [ 163.501239][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 163.507150][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 163.513381][T11783] Dev loop7: unable to read RDB block 0 [ 163.516768][T11783] loop7: unable to read partition table [ 163.519699][T11783] loop7: partition table beyond EOD, truncated [ 163.523973][T11783] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %֐ȵ4FLQk݊5) failed (rc=-5) [ 163.538630][T11784] ldm_validate_partition_table(): Disk read failed. [ 163.542656][T11784] Dev loop7: unable to read RDB block 0 [ 163.546276][T11784] loop7: unable to read partition table [ 163.551341][T11784] loop7: partition table beyond EOD, truncated [ 163.644407][T11788] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2721'. [ 163.735263][T11797] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2724'. [ 163.837504][ T40] audit: type=1400 audit(1777663610.483:504): avc: denied { setopt } for pid=11806 comm="syz.4.2729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 164.032210][T11820] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2736'. [ 164.474338][T11850] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2750'. [ 164.479756][T11850] netlink: 200 bytes leftover after parsing attributes in process `syz.5.2750'. [ 164.509904][ T40] audit: type=1400 audit(1777663611.153:505): avc: denied { lock } for pid=11853 comm="syz.4.2751" path="socket:[40279]" dev="sockfs" ino=40279 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 164.644432][T11863] capability: warning: `syz.4.2755' uses 32-bit capabilities (legacy support in use) [ 164.776575][ T40] audit: type=1400 audit(1777663611.423:506): avc: denied { watch } for pid=11868 comm="syz.4.2758" path="/sys/kernel/rcu_expedited" dev="sysfs" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 164.787057][ T40] audit: type=1400 audit(1777663611.423:507): avc: denied { watch_sb watch_reads } for pid=11868 comm="syz.4.2758" path="/sys/kernel/rcu_expedited" dev="sysfs" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=file permissive=1 [ 165.184019][T11885] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2766'. [ 165.189285][T11885] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2766'. [ 165.309229][ T5837] hid-generic 0005:0B57:0003.000A: item fetching failed at offset 0/2 [ 165.320563][ T5837] hid-generic 0005:0B57:0003.000A: probe with driver hid-generic failed with error -22 [ 165.821077][T11912] binder: 11911:11912 ioctl c018620c 2000000000c0 returned -22 [ 166.834924][ T40] audit: type=1400 audit(1777663613.483:508): avc: denied { remount } for pid=11933 comm="syz.0.2789" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 166.880507][ T40] audit: type=1400 audit(1777663613.523:509): avc: denied { bind } for pid=11937 comm="syz.4.2791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 167.031465][T11954] IPv6: NLM_F_CREATE should be specified when creating new route [ 167.035195][T11954] IPv6: Can't replace route, no match found [ 167.077610][ T40] audit: type=1400 audit(1777663613.723:510): avc: denied { mounton } for pid=11956 comm="syz.0.2800" path="/723/file0" dev="hugetlbfs" ino=42231 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=dir permissive=1 [ 167.077680][T11958] overlay: filesystem on ./file0 is read-only [ 167.130836][ T40] audit: type=1326 audit(1777663613.773:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11959 comm="syz.5.2801" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f53ef99cdd9 code=0x0 [ 167.180052][ T40] audit: type=1400 audit(1777663613.823:512): avc: denied { mount } for pid=11963 comm="syz.0.2803" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 167.190716][ T40] audit: type=1400 audit(1777663613.823:513): avc: denied { mounton } for pid=11963 comm="syz.0.2803" path="/724/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 167.252874][T11970] loop3: detected capacity change from 0 to 7 [ 167.286705][T11970] ldm_validate_partition_table(): Disk read failed. [ 167.293089][T11970] Dev loop3: unable to read RDB block 0 [ 167.296453][T11970] loop3: unable to read partition table [ 167.299182][T11970] loop3: partition table beyond EOD, truncated [ 167.302798][T11970] loop_reread_partitions: partition scan of loop3 (Cj̖P=ý?}X %֐ȵ4FLQk݊5) failed (rc=-5) [ 167.522142][ T5837] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 167.682197][ T5837] usb 5-1: Using ep0 maxpacket: 8 [ 167.685382][ T5837] usb 5-1: config index 0 descriptor too short (expected 74, got 45) [ 167.688386][ T5837] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 167.692801][ T5837] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 167.696389][ T5837] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 1024 [ 167.700229][ T5837] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 167.703995][ T5837] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 167.708422][ T5837] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 167.711512][ T5837] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.921501][ T5837] usb 5-1: GET_CAPABILITIES returned 0 [ 167.924614][ T5837] usbtmc 5-1:16.0: can't read capabilities [ 168.123248][ T5837] usb 5-1: USB disconnect, device number 17 [ 168.205575][ T5742] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 168.216188][ T5742] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 168.219618][ T5742] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 168.225127][ T5742] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 168.228038][ T5742] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 168.672083][ T5878] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 168.688609][T12018] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 168.752545][T11992] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.755585][T11992] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.758674][T11992] bridge_slave_0: entered allmulticast mode [ 168.762526][T11992] bridge_slave_0: entered promiscuous mode [ 168.770972][T11992] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.776454][T11992] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.779920][T11992] bridge_slave_1: entered allmulticast mode [ 168.784854][T11992] bridge_slave_1: entered promiscuous mode [ 168.820677][T11992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.822111][ T5878] usb 9-1: Using ep0 maxpacket: 8 [ 168.831078][ T5878] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 168.835384][T11992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.839073][ T5878] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 168.850574][ T5878] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 168.859555][ T5878] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 168.872540][ T5878] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 168.877951][ T5878] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 168.883151][T11992] team0: Port device team_slave_0 added [ 168.885113][ T5878] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.889205][T11992] team0: Port device team_slave_1 added [ 168.917947][T11992] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.921089][T11992] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.933140][T11992] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.939514][T11992] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.942998][T11992] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.954278][T11992] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.994839][T11992] hsr_slave_0: entered promiscuous mode [ 168.998261][T11992] hsr_slave_1: entered promiscuous mode [ 169.001365][T11992] debugfs: 'hsr0' already exists in 'hsr' [ 169.004046][T11992] Cannot create hsr debugfs directory [ 169.100221][ T5878] usb 9-1: GET_CAPABILITIES returned 0 [ 169.103249][ T5878] usbtmc 9-1:16.0: can't read capabilities [ 169.194241][T11992] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 169.204063][T11992] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 169.208087][T11992] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 169.217570][T11992] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 169.221598][T11992] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 169.230077][T11992] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 169.234959][T11992] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 169.241614][T11992] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 169.275706][T11992] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.278186][T11992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.280699][T11992] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.283109][T11992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.301247][ T5731] usb 9-1: USB disconnect, device number 7 [ 169.311816][T12048] __nla_validate_parse: 2 callbacks suppressed [ 169.311834][T12048] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2831'. [ 169.314762][T11992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.320516][T11992] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.535724][T12066] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2838'. [ 169.637700][T12076] batman_adv: batadv0: Adding interface: gretap1 [ 169.641112][T12076] batman_adv: batadv0: Interface activated: gretap1 [ 169.736489][T11992] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.980720][T11992] veth0_vlan: entered promiscuous mode [ 169.991449][T11992] veth1_vlan: entered promiscuous mode [ 170.006827][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 170.006846][ T40] audit: type=1400 audit(1777663616.653:517): avc: denied { load_policy } for pid=12115 comm="syz.4.2857" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 170.025093][T11992] veth0_macvtap: entered promiscuous mode [ 170.030159][T11992] veth1_macvtap: entered promiscuous mode [ 170.040771][T11992] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 170.049746][T11992] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 170.078533][ T1260] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.084427][ T79] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.099150][ T79] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.107828][ T79] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.187209][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.192384][T12124] xt_hashlimit: size too large, truncated to 1048576 [ 170.192844][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.224896][T12116] SELinux: failed to load policy [ 170.230650][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.234485][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.284744][T12129] syz.4.2862 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 170.313391][ T5742] Bluetooth: hci4: command tx timeout [ 170.512180][ T40] audit: type=1400 audit(1777663617.153:518): avc: denied { listen } for pid=12143 comm="syz.0.2869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 170.655920][T12150] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 170.692060][ T39] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 170.744389][ T40] audit: type=1400 audit(1777663617.393:519): avc: denied { create } for pid=12157 comm="syz.4.2876" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 170.829142][T12165] geneve2: entered promiscuous mode [ 170.831370][T12165] geneve2: entered allmulticast mode [ 170.854052][ T39] usb 10-1: Using ep0 maxpacket: 8 [ 170.858209][ T39] usb 10-1: config 179 has an invalid interface number: 65 but max is 0 [ 170.862105][ T39] usb 10-1: config 179 has no interface number 0 [ 170.865007][ T39] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 170.869869][ T39] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 170.875690][ T39] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 170.881410][ T39] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 170.886828][ T39] usb 10-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 170.893061][ T39] usb 10-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 170.897152][ T39] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.906489][T12140] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 171.175175][ T39] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:179.65/input/input28 [ 171.218239][T12184] vxcan0: tx address claim with dest, not broadcast [ 171.348448][ T5739] usb 10-1: USB disconnect, device number 5 [ 171.348500][ C2] xpad 10-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 171.356173][ C2] dummy_hcd dummy_hcd.5: timer fired with no URBs pending? [ 171.650950][T12217] 9p: Invalid uid '0x00000000ffffffff' [ 171.946301][T12244] kvm: kvm [12242]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x4000001f) [ 172.255044][T12274] Attempt to restore checkpoint with obsolete wellknown handles [ 172.375120][T12285] kernel read not supported for file /file1 (pid: 12285 comm: syz.0.2937) [ 172.380795][ T40] audit: type=1800 audit(1777663619.023:520): pid=12285 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.2937" name="file1" dev="mqueue" ino=44094 res=0 errno=0 [ 172.393719][ T5742] Bluetooth: hci4: command tx timeout [ 172.460634][T12297] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2942'. [ 172.465879][T12297] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2942'. [ 172.469858][T12297] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2942'. [ 172.587422][T12303] netlink: 'syz.5.2947': attribute type 1 has an invalid length. [ 172.828631][T12333] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 172.833441][T12333] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 172.838908][T12333] overlayfs: fs on '.' does not support file handles, falling back to xino=off. [ 172.898810][T12341] blkio.reset_stats is deprecated [ 173.237747][ T40] audit: type=1400 audit(1777663875.888:521): avc: denied { setopt } for pid=12374 comm="syz.0.2980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 173.250771][ T40] audit: type=1400 audit(1777663875.898:522): avc: denied { read } for pid=12374 comm="syz.0.2980" path="socket:[45196]" dev="sockfs" ino=45196 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 173.321675][T12380] SELinux: ebitmap: truncated map [ 173.350458][T12380] SELinux: failed to load policy [ 173.398050][ T40] audit: type=1400 audit(1777663876.048:523): avc: denied { read } for pid=12387 comm="syz.0.2986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 173.528036][ T40] audit: type=1400 audit(1777663876.178:524): avc: denied { append } for pid=12403 comm="syz.4.2993" name="event0" dev="devtmpfs" ino=941 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 173.553345][T12406] gtp0: entered allmulticast mode [ 173.557570][T12406] team0: Device gtp0 is of different type [ 173.906390][ T5739] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 173.992371][ T39] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 174.062799][ T5739] usb 10-1: Using ep0 maxpacket: 8 [ 174.066897][ T5739] usb 10-1: config index 0 descriptor too short (expected 301, got 45) [ 174.070518][ T5739] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 174.074626][ T5739] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 174.078706][ T5739] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 174.082978][ T5739] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 174.089168][ T5739] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 174.093520][ T5739] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.152092][ T39] usb 9-1: Using ep0 maxpacket: 16 [ 174.161892][ T39] usb 9-1: unable to get BOS descriptor or descriptor too short [ 174.164605][ T39] usb 9-1: no configurations [ 174.166163][ T39] usb 9-1: can't read configurations, error -22 [ 174.307939][ T5739] usb 10-1: GET_CAPABILITIES returned 0 [ 174.310336][ T5739] usbtmc 10-1:16.0: can't read capabilities [ 174.462831][ T5742] Bluetooth: hci4: command tx timeout [ 174.513246][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.517756][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.521496][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.525241][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.530658][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.534573][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.538348][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.542114][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.545423][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.553034][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.556885][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.560712][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.564521][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.568092][ C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.575315][ C1] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.579416][ C1] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 174.589014][ T29] usb 10-1: USB disconnect, device number 6 [ 175.860186][T12488] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3033'. [ 175.863894][T12488] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3033'. [ 175.872320][ T79] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 175.875192][ T79] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 175.878204][ T79] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 175.881213][ T79] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 175.904183][ T40] audit: type=1400 audit(1777663878.558:525): avc: denied { connect } for pid=12489 comm="syz.4.3034" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 175.992068][ T39] usb 11-1: new full-speed USB device number 2 using dummy_hcd [ 176.155754][ T39] usb 11-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 176.160017][ T39] usb 11-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 176.163858][ T39] usb 11-1: Product: syz [ 176.165841][ T39] usb 11-1: Manufacturer: syz [ 176.168069][ T39] usb 11-1: SerialNumber: syz [ 176.172731][ T39] usb 11-1: config 0 descriptor?? [ 176.284984][T12517] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 176.391267][ T39] usb 11-1: USB disconnect, device number 2 [ 176.475378][T12531] netlink: 190972 bytes leftover after parsing attributes in process `syz.4.3053'. [ 176.552856][ T5742] Bluetooth: hci4: command tx timeout [ 176.671578][T12547] loop5: detected capacity change from 0 to 128 [ 176.762123][ T5739] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 176.933284][ T5739] usb 9-1: too many configurations: 9, using maximum allowed: 8 [ 176.940229][ T5739] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 176.948390][ T5739] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 9 [ 176.963334][ T5739] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 176.968115][ T5739] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 9 [ 176.975116][T12573] IPv6: Can't replace route, no match found [ 176.975748][ T5739] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 176.983300][ T5739] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 9 [ 176.988478][ T5739] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 176.993784][ T5739] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 9 [ 176.998959][ T5739] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.004245][ T5739] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 9 [ 177.009837][ T5739] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.014899][ T5739] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 9 [ 177.020031][ T5739] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.026696][ T5739] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 9 [ 177.031909][ T5739] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.037303][ T5739] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 9 [ 177.042059][ T40] audit: type=1326 audit(1777663879.688:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12580 comm="syz.5.3078" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f53ef99cdd9 code=0x0 [ 177.043898][ T5739] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 177.056752][ T5739] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 177.060944][ T5739] usb 9-1: Product: syz [ 177.063955][ T5739] usb 9-1: Manufacturer: syz [ 177.066236][ T5739] usb 9-1: SerialNumber: syz [ 177.072937][ T5739] usb 9-1: config 0 descriptor?? [ 177.173717][ T40] audit: type=1400 audit(1777663879.828:527): avc: denied { watch } for pid=12592 comm="syz.0.3083" path="/810/file0" dev="tmpfs" ino=4130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 177.283636][ T5739] usb 9-1: USB disconnect, device number 10 [ 177.356895][ T40] audit: type=1400 audit(1777663880.008:528): avc: denied { mount } for pid=12607 comm="syz.6.3090" name="/" dev="pstore" ino=6429 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 177.406249][T12612] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3093'. [ 177.451346][T12612] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3093'. [ 177.809820][ T40] audit: type=1400 audit(1777663880.458:529): avc: denied { name_bind } for pid=12637 comm="syz.0.3103" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 177.903479][T12646] SELinux: Context system_u:object_r:hald_var_lib_t:s0 is not valid (left unmapped). [ 177.910312][ T5809] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 177.912264][ T40] audit: type=1400 audit(1777663880.558:530): avc: denied { relabelto } for pid=12645 comm="syz.5.3107" name="file0" dev="tmpfs" ino=1390 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:hald_var_lib_t:s0" [ 177.915242][ T5809] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 177.927021][ T40] audit: type=1400 audit(1777663880.568:531): avc: denied { associate } for pid=12645 comm="syz.5.3107" name="file0" dev="tmpfs" ino=1390 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:hald_var_lib_t:s0" [ 177.928057][ T5809] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 177.943778][ T5809] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 177.947077][ T5809] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 177.948693][ T40] audit: type=1400 audit(1777663880.598:532): avc: denied { rmdir } for pid=10085 comm="syz-executor" name="file0" dev="tmpfs" ino=1390 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:hald_var_lib_t:s0" [ 177.950125][ T5809] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 177.964204][ T5809] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 177.966812][ T5809] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 177.969383][ T5809] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 177.972498][ T5809] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 177.976248][ T5809] hid-generic 0000:0000:0000.000B: hidraw1: HID v0.00 Device [Zw[ba|\rn)A#6oү?aIs5hV3(; [ 177.976248][ T5809] ѝP$zɷX$w[SRezxuSrl[5l'ZCz2] on [ 178.004216][T12652] use of bytesused == 0 is deprecated and will be removed in the future, [ 178.010842][T12652] use the actual size instead. [ 178.022242][T12653] fido_id[12653]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 178.093099][T12661] tap0: tun_chr_ioctl cmd 1074025677 [ 178.095641][T12661] tap0: linktype set to 801 [ 178.168339][T12667] raw_sendmsg: syz.4.3117 forgot to set AF_INET. Fix it! [ 178.233038][T12674] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3120'. [ 178.542483][ T54] usb 11-1: new high-speed USB device number 3 using dummy_hcd [ 178.712747][ T54] usb 11-1: Using ep0 maxpacket: 8 [ 178.715812][ T54] usb 11-1: config index 0 descriptor too short (expected 301, got 45) [ 178.718962][ T54] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 178.722603][ T54] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 178.725962][ T54] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 178.730222][ T54] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 178.735722][ T54] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 178.739798][ T54] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.946197][T12707] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3136'. [ 178.957053][ T54] usb 11-1: GET_CAPABILITIES returned 0 [ 178.959718][ T54] usbtmc 11-1:16.0: can't read capabilities [ 178.983420][ T5742] Bluetooth: hci2: unexpected cc 0x200a length: 2 > 1 [ 179.158810][ T39] usb 11-1: USB disconnect, device number 3 [ 179.373733][ T40] audit: type=1400 audit(1777663882.018:533): avc: denied { mount } for pid=12725 comm="syz.5.3145" name="/" dev="ramfs" ino=45614 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 179.666877][T12751] loop6: detected capacity change from 0 to 8 [ 179.768957][T12751] Dev loop6: unable to read RDB block 8 [ 179.771897][T12751] loop6: unable to read partition table [ 179.774990][T12751] loop6: partition table beyond EOD, truncated [ 179.777339][T12751] loop_reread_partitions: partition scan of loop6 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 179.953069][T12772] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3165'. [ 180.532094][ T54] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 180.552825][T12799] SELinux: failed to load policy [ 180.702319][T10006] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 180.705173][ T54] usb 10-1: Using ep0 maxpacket: 8 [ 180.715655][ T54] usb 10-1: unable to get BOS descriptor or descriptor too short [ 180.722658][ T54] usb 10-1: unable to read config index 0 descriptor/start: -71 [ 180.729994][ T54] usb 10-1: can't read configurations, error -71 [ 180.862144][T10006] usb 9-1: Using ep0 maxpacket: 8 [ 180.866168][T10006] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 180.869871][T10006] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 180.874884][T10006] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 180.879467][T10006] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 180.884483][T10006] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 180.890401][T10006] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 180.894488][T10006] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.992139][ T5731] usb 11-1: new high-speed USB device number 4 using dummy_hcd [ 181.106409][T10006] usb 9-1: GET_CAPABILITIES returned 0 [ 181.109068][T10006] usbtmc 9-1:16.0: can't read capabilities [ 181.142109][ T5731] usb 11-1: Using ep0 maxpacket: 8 [ 181.146134][ T5731] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 181.151088][ T5731] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 181.155886][ T5731] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 181.160317][ T5731] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 181.166715][ T5731] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 181.169812][ T5731] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.312883][ T5878] usb 9-1: USB disconnect, device number 11 [ 181.386708][ T5731] usb 11-1: GET_CAPABILITIES returned 0 [ 181.389318][ T5731] usbtmc 11-1:16.0: can't read capabilities [ 181.589390][T12815] usbtmc 11-1:16.0: usbtmc488_ioctl_trigger returned -71 [ 181.599259][ T5837] usb 11-1: USB disconnect, device number 4 [ 181.618534][T12836] loop6: detected capacity change from 0 to 8 [ 181.764810][T12836] Dev loop6: unable to read RDB block 8 [ 181.768918][T12836] loop6: unable to read partition table [ 181.771694][T12836] loop6: partition table beyond EOD, truncated [ 181.775736][T12836] loop_reread_partitions: partition scan of loop6 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 182.447068][ T40] audit: type=1400 audit(1777663885.098:534): avc: denied { write } for pid=12894 comm="syz.5.3221" path="socket:[45807]" dev="sockfs" ino=45807 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 182.541244][T12902] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 182.615571][T12910] netlink: 'syz.4.3234': attribute type 1 has an invalid length. [ 182.719700][T12924] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3235'. [ 182.841765][T12941] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.897164][T12951] vxcan0: tx address claim with dlc 0 [ 183.090351][T12966] macvlan3: entered promiscuous mode [ 183.092381][T12966] bridge0: entered promiscuous mode [ 183.192622][T12977] netem: change failed [ 183.223766][T12979] TCP: TCP_TX_DELAY enabled [ 183.344509][T12992] loop5: detected capacity change from 0 to 7 [ 183.353765][ T5731] af_packet: tpacket_rcv: packet too big, clamped from 116 to 4294967272. macoff=96 [ 183.532641][T12992] Dev loop5: unable to read RDB block 7 [ 183.535379][T12992] loop5: unable to read partition table [ 183.536225][ C0] blk_print_req_error: 45 callbacks suppressed [ 183.536237][ C0] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 183.538228][T12992] loop5: partition table beyond EOD, [ 183.540066][ C0] buffer_io_error: 45 callbacks suppressed [ 183.540076][ C0] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 183.553762][T12992] truncated [ 183.555612][T12992] loop_reread_partitions: partition scan of loop5 (Wý* %4FLQk݊5) failed (rc=-5) [ 183.709051][T13004] SELinux: ebitmap: truncated map [ 183.743709][T13004] SELinux: failed to load policy [ 184.262534][ T5878] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 184.412060][ T5878] usb 10-1: Using ep0 maxpacket: 8 [ 184.424388][ T5878] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 184.428784][ T5878] usb 10-1: config 0 has no interfaces? [ 184.447210][ T5878] usb 10-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 184.454704][ T5878] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.467232][ T5878] usb 10-1: Product: syz [ 184.468983][ T5878] usb 10-1: Manufacturer: syz [ 184.470829][ T5878] usb 10-1: SerialNumber: syz [ 184.474295][ T40] audit: type=1400 audit(1777663887.128:535): avc: denied { write } for pid=13047 comm="syz.6.3291" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 184.488360][ T5878] usb 10-1: config 0 descriptor?? [ 184.588432][T13056] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.3295'. [ 184.705028][ T5878] usb 10-1: USB disconnect, device number 9 [ 184.748752][T13067] bond2: ARP target 9.0.0.0 is already present [ 184.751692][T13067] bond2: option arp_ip_target: invalid value (9) [ 184.757625][T13067] bond2 (unregistering): Released all slaves [ 185.010736][T13085] misc userio: Begin command sent, but we're already running [ 185.448442][T13111] netlink: 112 bytes leftover after parsing attributes in process `syz.5.3320'. [ 185.476624][T13113] netlink: 'syz.0.3322': attribute type 2 has an invalid length. [ 185.496331][T13113] !: entered promiscuous mode [ 185.506998][T13113] netlink: 'syz.0.3322': attribute type 2 has an invalid length. [ 185.510584][T13113] !: left promiscuous mode [ 185.688229][T13131] openvswitch: netlink: IP tunnel dst address not specified [ 185.761254][T13141] netlink: 'syz.4.3336': attribute type 9 has an invalid length. [ 185.763826][T13141] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3336'. [ 185.784059][ T54] IPVS: starting estimator thread 0... [ 185.872847][T13144] IPVS: using max 22 ests per chain, 52800 per kthread [ 186.000964][ T40] audit: type=1400 audit(1777663888.648:536): avc: denied { mounton } for pid=13164 comm="syz.4.3347" path="/372/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1 [ 186.223938][ T5744] Bluetooth: hci1: command 0x0406 tx timeout [ 186.918092][ T5744] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 186.930770][ T5744] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 186.936419][ T5744] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 186.944163][ T5744] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 186.954115][ T5744] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 187.135561][T13227] macvtap1: entered promiscuous mode [ 187.138043][T13227] macvtap1: entered allmulticast mode [ 187.140836][T13227] batadv_slave_0: entered promiscuous mode [ 187.148402][T13227] batadv_slave_0: entered allmulticast mode [ 187.159031][T13227] team0: Device macvtap1 failed to register rx_handler [ 187.163479][T13227] batadv_slave_0: left allmulticast mode [ 187.166355][T13227] batadv_slave_0: left promiscuous mode [ 187.327117][T13244] loop9: detected capacity change from 0 to 7 [ 187.335097][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.338002][ T40] audit: type=1400 audit(1777663889.988:537): avc: denied { setopt } for pid=13241 comm="syz.6.3378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 187.339270][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.351297][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.355047][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.360518][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.363559][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.367246][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.370676][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.374312][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.377401][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.380542][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.383731][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.386662][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.389758][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.393073][T13244] ldm_validate_partition_table(): Disk read failed. [ 187.504329][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.507385][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.511101][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.514192][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.529877][T13244] Dev loop9: unable to read RDB block 0 [ 187.532826][T13244] loop9: unable to read partition table [ 187.534906][T13244] loop9: partition table beyond EOD, truncated [ 187.542417][T13244] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 187.569694][T13204] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.574712][T13204] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.577770][T13204] bridge_slave_0: entered allmulticast mode [ 187.583147][T13204] bridge_slave_0: entered promiscuous mode [ 187.588989][T13204] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.594142][T13204] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.598569][T13204] bridge_slave_1: entered allmulticast mode [ 187.599958][T13204] bridge_slave_1: entered promiscuous mode [ 187.642602][T13204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.649393][T13204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.685583][T13204] team0: Port device team_slave_0 added [ 187.690622][T13204] team0: Port device team_slave_1 added [ 187.728281][T13204] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.731397][T13204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.742599][T13204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.748982][T13204] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.751928][T13204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.763804][T13204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.809803][T13204] hsr_slave_0: entered promiscuous mode [ 187.814199][T13204] hsr_slave_1: entered promiscuous mode [ 187.817768][T13204] debugfs: 'hsr0' already exists in 'hsr' [ 187.820706][T13204] Cannot create hsr debugfs directory [ 187.856069][ T40] audit: type=1400 audit(1777663890.508:538): avc: denied { write } for pid=13280 comm="syz.0.3391" name="ptp0" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 188.007082][T13204] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 188.013841][T13204] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.109822][T13204] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 188.114444][T13204] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.269407][T13204] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 188.273125][T13204] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.355018][T13204] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 188.359490][T13204] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.763019][T13204] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 188.776838][T13204] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 188.790752][T13204] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 188.806684][T13204] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 188.813869][T13204] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 188.820267][T13204] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 188.825084][T13204] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 188.833090][T13204] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 188.875851][ T40] audit: type=1400 audit(1777663891.528:539): avc: denied { accept } for pid=13325 comm="syz.6.3408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 188.930995][T13204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.950045][T13204] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.961437][ T1260] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.964861][ T1260] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.979198][ T3521] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.982497][ T3521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.024848][ T5742] Bluetooth: hci0: command tx timeout [ 189.212848][ T5878] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 189.364409][T13204] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.365315][ T5878] usb 5-1: Using ep0 maxpacket: 16 [ 189.378557][ T5878] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 189.383225][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.387247][ T5878] usb 5-1: Product: syz [ 189.389362][ T5878] usb 5-1: Manufacturer: syz [ 189.391697][ T5878] usb 5-1: SerialNumber: syz [ 189.587609][T13204] veth0_vlan: entered promiscuous mode [ 189.600422][T13204] veth1_vlan: entered promiscuous mode [ 189.609425][ T5878] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 189.626891][ T5878] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 189.630946][T13204] veth0_macvtap: entered promiscuous mode [ 189.637828][ T5878] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 189.638424][T13204] veth1_macvtap: entered promiscuous mode [ 189.642247][ T5878] usb 5-1: media controller created [ 189.657097][ T5878] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 189.659517][T13204] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 189.674245][T13204] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.695467][ T1260] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.699367][ T1260] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.707966][ T1260] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.711910][ T1260] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.747310][T13365] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3418'. [ 189.848108][ T1260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.851257][ T1260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.887415][ T161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.893146][ T161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.915351][ T5878] zl10353_read_register: readreg error (reg=127, ret==-110) [ 189.960165][ T5878] dvb_usb_gl861 5-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 189.973202][ T5878] usb 5-1: USB disconnect, device number 18 [ 190.268195][T13400] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3433'. [ 190.391198][T13412] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3439'. [ 190.398945][T13412] bond0: entered promiscuous mode [ 190.400899][T13412] bond_slave_0: entered promiscuous mode [ 190.403533][T13412] bond_slave_1: entered promiscuous mode [ 190.407815][T13412] bond0: left promiscuous mode [ 190.410046][T13412] bond_slave_0: left promiscuous mode [ 190.413917][T13412] bond_slave_1: left promiscuous mode [ 190.477728][ T40] audit: type=1400 audit(1777663893.128:540): avc: denied { connect } for pid=13417 comm="syz.0.3442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 190.653337][T13441] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3452'. [ 190.695776][ T5742] Bluetooth: hci1: unexpected cc 0x0c5b length: 2 > 1 [ 190.698563][ T5742] Bluetooth: hci1: unexpected event for opcode 0x0c5b [ 190.916674][T13468] netlink: 92 bytes leftover after parsing attributes in process `syz.6.3464'. [ 190.940438][T13469] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3465'. [ 191.104105][ T5742] Bluetooth: hci0: command tx timeout [ 191.109326][T13486] bond1: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 191.114852][T13486] bond1 (unregistering): Released all slaves [ 191.142201][T13490] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3473'. [ 191.147181][T13490] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3473'. [ 191.266019][T13499] kvm: kvm [13497]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000007b) = 0x2001 [ 191.270523][ T5742] Bluetooth: hci1: unexpected event for opcode 0x0c22 [ 191.317217][T13504] dummy0: entered promiscuous mode [ 191.325063][T13504] dummy0: left promiscuous mode [ 191.399727][T13511] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 191.404710][T13511] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 191.457296][ T40] audit: type=1400 audit(1777664150.108:541): avc: denied { mounton } for pid=13513 comm="syz.6.3486" path="/146/file0" dev="tmpfs" ino=766 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 191.755054][T13531] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 191.792181][ T5809] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 191.942222][ T5809] usb 10-1: Using ep0 maxpacket: 16 [ 191.948544][ T5809] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 191.953896][ T5809] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 191.959705][ T5809] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 191.965794][ T5809] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.971914][ T5809] usb 10-1: config 0 descriptor?? [ 192.382488][ T5878] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 192.425488][T13563] Bluetooth: MGMT ver 1.23 [ 192.544282][ T5878] usb 9-1: config 0 has no interfaces? [ 192.546160][ T5878] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 192.549291][ T5878] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.554783][ T5878] usb 9-1: config 0 descriptor?? [ 192.763863][ T5878] usb 9-1: USB disconnect, device number 12 [ 192.995674][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 193.182726][ T5742] Bluetooth: hci0: command tx timeout [ 193.305585][T13602] Bluetooth: hci1: expected 19 bytes, got 2 bytes [ 193.618708][ T40] audit: type=1400 audit(1777664152.268:542): avc: denied { ioctl } for pid=13624 comm="syz.6.3538" path="socket:[51158]" dev="sockfs" ino=51158 ioctlcmd=0x894c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 193.699912][T13629] tun0: tun_chr_ioctl cmd 1074025672 [ 193.704988][T13629] tun0: ignored: set checksum disabled [ 193.768387][ T40] audit: type=1400 audit(1777664152.418:543): avc: denied { setattr } for pid=13632 comm="syz.6.3542" name="NETLINK" dev="sockfs" ino=51163 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 193.880455][T13639] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3545'. [ 194.507189][T13669] netlink: 71 bytes leftover after parsing attributes in process `syz.4.3558'. [ 194.564314][ T5809] usbhid 10-1:0.0: can't add hid device: -71 [ 194.571866][ T5809] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 194.582999][ T5809] usb 10-1: USB disconnect, device number 10 [ 194.654979][T13677] macvlan0: entered promiscuous mode [ 194.856867][T13697] netlink: 'syz.4.3571': attribute type 4 has an invalid length. [ 194.860502][T13697] netlink: 'syz.4.3571': attribute type 8 has an invalid length. [ 194.865872][T13697] __nla_validate_parse: 4 callbacks suppressed [ 194.865887][T13697] netlink: 212 bytes leftover after parsing attributes in process `syz.4.3571'. [ 195.124780][T13706] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0 [ 195.132164][ T5805] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 195.262218][ T5742] Bluetooth: hci0: command tx timeout [ 195.292099][ T5805] usb 10-1: Using ep0 maxpacket: 8 [ 195.296281][ T5805] usb 10-1: config 179 has an invalid interface number: 65 but max is 0 [ 195.301928][ T5805] usb 10-1: config 179 has no interface number 0 [ 195.304975][ T5805] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 195.309754][ T5805] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 195.315779][ T5805] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 195.317270][T13712] Bluetooth: MGMT ver 1.23 [ 195.320505][ T5805] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 195.327673][ T5805] usb 10-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 195.333571][ T5805] usb 10-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 195.337379][ T5805] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.344845][T13699] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 195.412181][ T39] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 195.521581][T13718] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3581'. [ 195.560240][ T5805] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:179.65/input/input30 [ 195.594035][ T39] usb 9-1: unable to get BOS descriptor or descriptor too short [ 195.604230][ T39] usb 9-1: unable to read config index 0 descriptor/start: -71 [ 195.612219][ T39] usb 9-1: can't read configurations, error -71 [ 195.760958][ T5879] usb 10-1: USB disconnect, device number 11 [ 195.761193][ C1] xpad 10-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 195.766749][ C1] xpad 10-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 196.269344][T13756] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 196.274265][T13756] overlayfs: fs on './cgroup' does not support file handles, falling back to index=off,nfs_export=off. [ 196.312056][T13758] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3600'. [ 196.680527][T13789] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.722563][T13796] netem: change failed [ 197.034862][T13820] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3630'. [ 197.048211][T13820] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3630'. [ 197.088736][ T5878] IPVS: starting estimator thread 0... [ 197.192804][T13825] IPVS: using max 26 ests per chain, 62400 per kthread [ 197.258464][T13833] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3636'. [ 197.372123][ T5878] usb 11-1: new high-speed USB device number 5 using dummy_hcd [ 197.376125][ T40] audit: type=1400 audit(1777664156.028:544): avc: denied { read } for pid=13841 comm="syz.4.3640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 197.441889][ T40] audit: type=1400 audit(1777664156.088:545): avc: denied { read append } for pid=13845 comm="syz.4.3642" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 197.453443][T13846] nd_bus ndbus0: __nd_ioctl:bus unknown input size cmd: cmd_call field: 1 [ 197.525336][ T5878] usb 11-1: config 0 has an invalid interface number: 50 but max is 0 [ 197.529373][ T5878] usb 11-1: config 0 has no interface number 0 [ 197.534518][ T5878] usb 11-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 197.544692][ T5878] usb 11-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 197.549434][ T5878] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.553401][ T5878] usb 11-1: Product: syz [ 197.555499][ T5878] usb 11-1: Manufacturer: syz [ 197.558326][ T5878] usb 11-1: SerialNumber: syz [ 197.564556][ T5878] usb 11-1: config 0 descriptor?? [ 197.574605][ T5878] yurex 11-1:0.50: USB YUREX device now attached to Yurex #0 [ 197.713846][T13867] mmap: syz.5.3652 (13867) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 197.736543][ T40] audit: type=1326 audit(1777664156.388:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13858 comm="syz.4.3648" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f624cd9cdd9 code=0x7fc00000 [ 197.744214][ T40] audit: type=1326 audit(1777664156.388:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13858 comm="syz.4.3648" exe="/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f624cd9cdd9 code=0x7fc00000 [ 197.751343][ T40] audit: type=1326 audit(1777664156.388:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13858 comm="syz.4.3648" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f624cd9cdd9 code=0x7fc00000 [ 197.760354][T13872] mac80211_hwsim hwsim22 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 197.760394][ T40] audit: type=1326 audit(1777664156.388:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13858 comm="syz.4.3648" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f624cd9cdd9 code=0x7fc00000 [ 197.773414][ T40] audit: type=1326 audit(1777664156.388:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13858 comm="syz.4.3648" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f624cd9cdd9 code=0x7fc00000 [ 197.780992][ T40] audit: type=1326 audit(1777664156.388:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13858 comm="syz.4.3648" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f624cd9cdd9 code=0x7fc00000 [ 197.829837][ C0] usb 11-1: yurex_control_callback - control failed: -71 [ 197.829891][T10159] usb 11-1: USB disconnect, device number 5 [ 197.839745][T10159] yurex 11-1:0.50: USB YUREX #0 now disconnected [ 197.847856][T13880] team0: No ports can be present during mode change [ 198.176280][T13908] Falling back ldisc for ttyS3. [ 198.346461][ T1342] hid-generic 0005:16C0:5505.000C: item fetching failed at offset 0/2 [ 198.351641][ T1342] hid-generic 0005:16C0:5505.000C: probe with driver hid-generic failed with error -22 [ 198.414359][T13922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3677'. [ 198.417486][T13922] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3677'. [ 198.446487][ T161] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 198.452139][ T161] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 198.455798][ T161] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 198.455943][T13922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3677'. [ 198.460841][ T161] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 198.462965][T13922] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3677'. [ 198.521696][T13930] overlayfs: upper fs does not support tmpfile. [ 198.625475][T13944] loop5: detected capacity change from 0 to 2640 [ 198.628649][T13944] buffer_io_error: 11 callbacks suppressed [ 198.628664][T13944] Buffer I/O error on dev loop5, logical block 0, async page read [ 198.636619][T13944] Buffer I/O error on dev loop5, logical block 0, async page read [ 198.639336][T13944] Buffer I/O error on dev loop5, logical block 0, async page read [ 198.646698][T13944] Buffer I/O error on dev loop5, logical block 0, async page read [ 198.650074][T13944] Buffer I/O error on dev loop5, logical block 0, async page read [ 198.655099][T13944] Buffer I/O error on dev loop5, logical block 0, async page read [ 198.658169][T13944] Buffer I/O error on dev loop5, logical block 0, async page read [ 198.660961][T13944] Buffer I/O error on dev loop5, logical block 0, async page read [ 198.663708][T13944] ldm_validate_partition_table(): Disk read failed. [ 198.668819][T13944] Buffer I/O error on dev loop5, logical block 0, async page read [ 198.675960][T13944] Buffer I/O error on dev loop5, logical block 0, async page read [ 198.680351][T13944] Dev loop5: unable to read RDB block 0 [ 198.683472][T13950] bond1: invalid ARP target 0.0.0.0 specified for addition [ 198.686665][T13950] bond1: option arp_ip_target: invalid value (0) [ 198.692814][T13950] bond1 (unregistering): Released all slaves [ 198.740787][T13944] loop5: unable to read partition table [ 198.743862][T13944] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 198.867393][T13968] SELinux: security_context_str_to_sid () failed with errno=-22 [ 198.876965][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 198.876981][ T40] audit: type=1400 audit(1777664157.528:572): avc: denied { getopt } for pid=13961 comm="syz.0.3695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 199.024698][T13983] ptrace attach of "/syz-executor exec"[11992] was attempted by "/syz-executor exec"[13983] [ 199.319440][ T40] audit: type=1400 audit(1777664157.968:573): avc: denied { create } for pid=13999 comm="syz.6.3712" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 199.342273][ T1342] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 199.362552][T10159] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 199.503578][ T1434] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.506401][ T1434] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.524406][ T1342] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.529396][ T1342] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 199.532119][T10159] usb 5-1: Using ep0 maxpacket: 8 [ 199.534359][ T1342] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 199.538155][T10159] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 199.541559][ T1342] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 199.541583][ T1342] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.545196][ T1342] usb 9-1: config 0 descriptor?? [ 199.547111][T10159] usb 5-1: config 0 has no interfaces? [ 199.560708][T10159] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b [ 199.564993][T10159] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.568485][T10159] usb 5-1: Product: syz [ 199.570335][T10159] usb 5-1: Manufacturer: syz [ 199.573316][T10159] usb 5-1: SerialNumber: syz [ 199.577899][T10159] usb 5-1: config 0 descriptor?? [ 199.787179][ T2317] usb 5-1: USB disconnect, device number 19 [ 199.902321][ T161] wlan1: Trigger new scan to find an IBSS to join [ 199.965392][ T1342] hid_parser_main: 6 callbacks suppressed [ 199.965413][ T1342] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 199.975040][ T1342] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 199.978502][ T1342] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 199.981900][ T1342] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 199.985387][ T1342] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 199.988627][ T1342] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 199.991888][ T1342] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 199.995580][ T1342] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 199.998805][ T1342] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 200.002298][ T1342] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 200.023711][ T1342] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 200.234807][T10159] usb 9-1: USB disconnect, device number 15 [ 200.459318][T14035] netlink: 'syz.5.3727': attribute type 29 has an invalid length. [ 200.467097][T14035] netlink: 'syz.5.3727': attribute type 29 has an invalid length. [ 200.473888][T14035] __nla_validate_parse: 1 callbacks suppressed [ 200.473903][T14035] netlink: 500 bytes leftover after parsing attributes in process `syz.5.3727'. [ 200.481299][T14035] unsupported nla_type 58 [ 200.616142][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3736'. [ 200.619153][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3736'. [ 200.679149][T14061] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3740'. [ 200.895269][ T40] audit: type=1400 audit(1777664159.548:574): avc: denied { listen } for pid=14079 comm="syz.6.3749" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 200.904220][ T40] audit: type=1400 audit(1777664159.548:575): avc: denied { accept } for pid=14079 comm="syz.6.3749" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 200.910647][ T40] audit: type=1400 audit(1777664159.548:576): avc: denied { bind } for pid=14082 comm="syz.5.3750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 201.016740][T14093] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3755'. [ 201.360784][T14113] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3764'. [ 201.473716][T14119] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3767'. [ 201.615984][ T40] audit: type=1400 audit(1777664160.268:577): avc: denied { ioctl } for pid=14126 comm="syz.4.3770" path="socket:[54813]" dev="sockfs" ino=54813 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 201.783654][ T40] audit: type=1326 audit(1777664160.438:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14135 comm="syz.0.3774" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5169d9cdd9 code=0x0 [ 202.021378][T14148] smc: net device bond0 applied user defined pnetid SYZ2 [ 202.026929][T14148] netlink: 14 bytes leftover after parsing attributes in process `syz.5.3779'. [ 202.054021][T14148] smc: removing net device bond0 with user defined pnetid SYZ2 [ 202.059116][T14148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.068144][T14148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.076247][T14148] bond0 (unregistering): Released all slaves [ 202.175693][T14154] team0 (unregistering): Port device team_slave_0 removed [ 202.180835][T14154] team0 (unregistering): Port device team_slave_1 removed [ 202.330162][ T40] audit: type=1400 audit(1777664160.978:579): avc: denied { accept } for pid=14157 comm="syz.5.3784" lport=40383 faddr=10.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 202.352144][T14164] syzkaller1: entered allmulticast mode [ 202.398590][T14166] netlink: 'syz.6.3787': attribute type 29 has an invalid length. [ 202.404926][T14166] netlink: 'syz.6.3787': attribute type 29 has an invalid length. [ 202.409986][T14166] netlink: 500 bytes leftover after parsing attributes in process `syz.6.3787'. [ 202.719851][ T40] audit: type=1400 audit(1777664161.368:580): avc: denied { mount } for pid=14188 comm="syz.0.3798" name="/" dev="autofs" ino=53012 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 202.730392][ T40] audit: type=1400 audit(1777664161.368:581): avc: denied { read } for pid=14188 comm="syz.0.3798" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 202.849139][T14196] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input32 [ 202.943048][ T13] wlan1: Trigger new scan to find an IBSS to join [ 203.629541][T14254] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 204.255281][ T1342] usb 11-1: new high-speed USB device number 6 using dummy_hcd [ 204.411375][ T1342] usb 11-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 204.419283][ T1342] usb 11-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 204.426913][ T1342] usb 11-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 204.434967][ T1342] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.449916][T14267] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 204.457788][ T1342] usb 11-1: Quirk or no altset; falling back to MIDI 1.0 [ 204.678735][ T5837] usb 11-1: USB disconnect, device number 6 [ 205.285444][T14339] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3865'. [ 205.581076][T14353] erspan0: entered promiscuous mode [ 205.595478][T14353] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3872'. [ 205.650304][T14357] bond1: option downdelay: invalid value (18446744073709551615) [ 205.654499][T14357] bond1: option downdelay: allowed values 0 - 2147483647 [ 205.659497][T14357] bond1 (unregistering): Released all slaves [ 206.179786][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 206.179804][ T40] audit: type=1400 audit(1777664164.828:591): avc: denied { mounton } for pid=14387 comm="syz.6.3887" path="/241/file0" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1 [ 206.432715][ T5805] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 206.552122][ T1342] usb 11-1: new high-speed USB device number 7 using dummy_hcd [ 206.702998][ T1342] usb 11-1: Using ep0 maxpacket: 8 [ 206.706692][ T1342] usb 11-1: config index 0 descriptor too short (expected 301, got 45) [ 206.712948][ T1342] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 206.716981][ T1342] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 206.721400][ T1342] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 206.726369][ T1342] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 206.731335][ T1342] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 206.735311][ T1342] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.944056][ T1342] usb 11-1: usb_control_msg returned -32 [ 206.945937][ T1342] usbtmc 11-1:16.0: can't read capabilities [ 207.032150][ T1159] wlan1: Trigger new scan to find an IBSS to join [ 207.296116][T14413] usbtmc 11-1:16.0: INDICATOR_PULSE returned 0 [ 207.498382][ T5805] usb 11-1: USB disconnect, device number 7 [ 207.896937][ T40] audit: type=1400 audit(1777664166.548:592): avc: denied { setopt } for pid=14438 comm="syz.4.3910" lport=57195 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 207.943779][T14441] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3911'. [ 207.948409][T14441] netlink: 'syz.4.3911': attribute type 7 has an invalid length. [ 207.951844][T14441] netlink: 'syz.4.3911': attribute type 8 has an invalid length. [ 207.956209][T14441] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3911'. [ 207.970627][T14441] gretap0: entered promiscuous mode [ 207.976640][T14441] gretap0: left promiscuous mode [ 208.102726][ T40] audit: type=1400 audit(1777664166.758:593): avc: denied { ioctl } for pid=14446 comm="syz.6.3914" path="socket:[55335]" dev="sockfs" ino=55335 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 208.124845][ T40] audit: type=1400 audit(1777664166.768:594): avc: denied { write } for pid=14446 comm="syz.6.3914" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 208.211798][ T59] ip6_tunnel: syztnl0 xmit: Local address not yet configured! [ 208.224092][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.227425][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.400439][T14462] netlink: 6032 bytes leftover after parsing attributes in process `syz.4.3920'. [ 208.476954][T14464] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3921'. [ 208.480608][T14464] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3921'. [ 209.078323][T14494] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.3935'. [ 209.138670][ T40] audit: type=1400 audit(1777664167.788:595): avc: denied { module_request } for pid=14498 comm="syz.6.3937" kmod="netdev-wlan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 209.413320][T14518] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3943'. [ 209.468523][T14523] netlink: 7 bytes leftover after parsing attributes in process `syz.4.3946'. [ 209.685313][T14543] netlink: 212348 bytes leftover after parsing attributes in process `syz.5.3956'. [ 209.690607][T14543] netlink: ct family unspecified [ 209.738679][ T40] audit: type=1400 audit(1777664168.388:596): avc: denied { getopt } for pid=14547 comm="syz.5.3958" lport=40982 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 209.842119][ T2317] usb 11-1: new high-speed USB device number 8 using dummy_hcd [ 209.992101][ T2317] usb 11-1: Using ep0 maxpacket: 32 [ 209.996707][ T2317] usb 11-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 210.000582][ T2317] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.012962][ T2317] usb 11-1: config 0 descriptor?? [ 210.022586][ T2317] as10x_usb: device has been detected [ 210.026325][ T2317] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 210.035579][ T2317] usb 11-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 210.074376][ T40] audit: type=1400 audit(1777664168.728:597): avc: denied { firmware_load } for pid=2317 comm="kworker/3:2" path="/lib/firmware/as102_data1_st.hex" dev="sda1" ino=297 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 210.075063][ T2317] as10x_usb: error during firmware upload part1 [ 210.088034][ T2317] Registered device nBox DVB-T Dongle [ 210.220686][ T5731] usb 11-1: USB disconnect, device number 8 [ 210.245923][ T5731] Unregistered device nBox DVB-T Dongle [ 210.247423][ T5731] as10x_usb: device has been disconnected [ 210.612830][T14565] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 210.771019][ T40] audit: type=1326 audit(1777664169.418:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14578 comm="syz.4.3973" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f624cd9cdd9 code=0x0 [ 210.824110][T14585] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 211.247212][T14598] __nla_validate_parse: 1 callbacks suppressed [ 211.247229][T14598] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3980'. [ 211.514490][ T40] audit: type=1400 audit(1777664170.168:599): avc: denied { append } for pid=14613 comm="syz.6.3985" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 211.992318][ T79] wlan1: Trigger new scan to find an IBSS to join [ 212.382103][ C2] ip6_tunnel: syztnl0 xmit: Local address not yet configured! [ 212.628848][T14647] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4000'. [ 212.634545][T14647] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4000'. [ 212.637901][ T40] audit: type=1400 audit(1777664171.288:600): avc: denied { set_context_mgr } for pid=14648 comm="syz.6.4001" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 212.639641][T14647] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4000'. [ 212.653910][T14647] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4000'. [ 212.717376][T14655] netlink: 'syz.4.4003': attribute type 12 has an invalid length. [ 212.721351][T14655] netlink: 'syz.4.4003': attribute type 29 has an invalid length. [ 212.723416][T14654] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4004'. [ 212.726265][T14655] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4003'. [ 212.742457][T14655] netlink: 'syz.4.4003': attribute type 1 has an invalid length. [ 212.749265][T14655] netlink: 'syz.4.4003': attribute type 2 has an invalid length. [ 212.753160][T14655] netlink: 15 bytes leftover after parsing attributes in process `syz.4.4003'. [ 212.903687][ T79] wlan1: Creating new IBSS network, BSSID 00:8d:ff:ff:00:00 [ 212.934254][T14672] netlink: 'syz.5.4012': attribute type 11 has an invalid length. [ 212.975633][T14674] syz_tun: entered allmulticast mode [ 212.979421][T14673] syz_tun: left allmulticast mode [ 213.043378][T14681] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4016'. [ 213.048105][T14681] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4016'. [ 213.052354][ T39] usb 11-1: new high-speed USB device number 9 using dummy_hcd [ 213.206863][ T39] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 213.211219][ T39] usb 11-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 213.216097][ T39] usb 11-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 213.225205][ T39] usb 11-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 213.229393][ T39] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 213.233501][ T39] usb 11-1: Product: syz [ 213.235572][ T39] usb 11-1: Manufacturer: syz [ 213.237761][ T39] usb 11-1: SerialNumber: syz [ 213.354379][ T5837] usb 9-1: new high-speed USB device number 16 using dummy_hcd [ 213.452278][ T39] usblp 11-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 213.503568][ T5837] usb 9-1: Using ep0 maxpacket: 8 [ 213.507872][ T5837] usb 9-1: config 0 has an invalid interface number: 55 but max is 0 [ 213.514634][ T5837] usb 9-1: config 0 has no interface number 0 [ 213.517880][ T5837] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 213.524727][ T5837] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 213.530085][ T5837] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 213.536960][ T5837] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 213.543037][ T5837] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 213.547093][ T5837] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.556525][ T5837] usb 9-1: config 0 descriptor?? [ 213.572478][ T5837] ldusb 9-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 213.651459][ T40] audit: type=1400 audit(1777664172.298:601): avc: denied { read write } for pid=14660 comm="syz.6.4006" name="lp0" dev="devtmpfs" ino=3335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 213.660967][ T54] usb 11-1: USB disconnect, device number 9 [ 213.664515][ T54] usblp0: removed [ 213.667013][ T40] audit: type=1400 audit(1777664172.298:602): avc: denied { open } for pid=14660 comm="syz.6.4006" path="/dev/usb/lp0" dev="devtmpfs" ino=3335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 213.760275][ T40] audit: type=1400 audit(1777664172.408:603): avc: denied { ioctl } for pid=14712 comm="syz.5.4031" path="socket:[58413]" dev="sockfs" ino=58413 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 213.773454][ T5731] usb 9-1: USB disconnect, device number 16 [ 213.780396][ T5731] ldusb 9-1:0.55: LD USB Device #1 now disconnected [ 214.324450][T14734] Invalid argument reading file caps for ./file0 [ 214.438129][T14745] atomic_op ffff8880381fb998 conn xmit_atomic 0000000000000000 [ 215.932095][T10006] usb 11-1: new high-speed USB device number 10 using dummy_hcd [ 216.084043][T10006] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 216.087913][T10006] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 216.092633][T10006] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 216.096754][T10006] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.103895][T10006] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 216.108051][T10006] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 216.111733][T10006] usb 11-1: Product: syz [ 216.113871][T10006] usb 11-1: Manufacturer: syz [ 216.125281][T10006] cdc_wdm 11-1:1.0: skipping garbage [ 216.127649][T10006] cdc_wdm 11-1:1.0: skipping garbage [ 216.131180][T10006] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device [ 216.134395][T10006] cdc_wdm 11-1:1.0: Unknown control protocol [ 216.334827][ T40] audit: type=1400 audit(1777664174.988:604): avc: denied { read write } for pid=14786 comm="syz.6.4061" name="cdc-wdm0" dev="devtmpfs" ino=3343 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 216.348992][ T40] audit: type=1400 audit(1777664174.988:605): avc: denied { open } for pid=14786 comm="syz.6.4061" path="/dev/cdc-wdm0" dev="devtmpfs" ino=3343 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 216.415910][ T39] usb 11-1: USB disconnect, device number 10 [ 216.808229][T14827] netlink: 'syz.6.4076': attribute type 21 has an invalid length. [ 216.812632][T14827] __nla_validate_parse: 2 callbacks suppressed [ 216.812646][T14827] netlink: 128 bytes leftover after parsing attributes in process `syz.6.4076'. [ 216.819933][T14827] netlink: 3 bytes leftover after parsing attributes in process `syz.6.4076'. [ 216.826257][T14827] netlink: 'syz.6.4076': attribute type 21 has an invalid length. [ 216.829695][T14827] netlink: 128 bytes leftover after parsing attributes in process `syz.6.4076'. [ 216.842179][T14827] netlink: 3 bytes leftover after parsing attributes in process `syz.6.4076'. [ 216.940267][T14836] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4082'. [ 217.282129][ T54] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 217.433027][ T54] usb 9-1: Using ep0 maxpacket: 8 [ 217.437136][ T54] usb 9-1: config 0 has an invalid interface number: 55 but max is 0 [ 217.440959][ T54] usb 9-1: config 0 has no interface number 0 [ 217.444056][ T54] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 217.449159][ T54] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 217.458973][ T54] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 217.464060][ T5731] usb 11-1: new high-speed USB device number 11 using dummy_hcd [ 217.464802][ T54] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 217.473821][ T54] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 217.477700][ T54] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.483762][ T54] usb 9-1: config 0 descriptor?? [ 217.493748][ T54] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 217.624032][ T5731] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.628769][ T5731] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.633487][ T5731] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 217.638991][ T5731] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 217.643007][ T5731] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.648510][ T5731] usb 11-1: config 0 descriptor?? [ 217.695448][ T5837] usb 9-1: USB disconnect, device number 17 [ 217.695477][ C0] ldusb 9-1:0.55: usb_submit_urb failed (-19) [ 217.701704][ T5837] ldusb 9-1:0.55: LD USB Device #0 now disconnected [ 218.060874][ T5731] hid_parser_main: 28 callbacks suppressed [ 218.060889][ T5731] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 218.068150][ T5731] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 218.071419][ T5731] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 218.076324][ T5731] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 218.078943][ T5731] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 218.081465][ T5731] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 218.085411][ T5731] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 218.088175][ T5731] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 218.091273][ T5731] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 218.094778][ T5731] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 218.110334][ T5731] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 218.324087][ T5837] usb 11-1: USB disconnect, device number 11 [ 218.562368][ T5744] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 218.572666][ T5744] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 218.576798][ T5744] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 218.581274][ T5744] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 218.585596][ T5744] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 219.074736][T14885] netlink: 4400 bytes leftover after parsing attributes in process `syz.6.4097'. [ 219.187155][T14862] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.195328][T14862] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.198735][T14862] bridge_slave_0: entered allmulticast mode [ 219.206487][T14862] bridge_slave_0: entered promiscuous mode [ 219.212989][T14862] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.216337][T14862] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.219727][T14862] bridge_slave_1: entered allmulticast mode [ 219.225424][T14862] bridge_slave_1: entered promiscuous mode [ 219.258476][T14862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.267788][T14862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.297437][T14862] team0: Port device team_slave_0 added [ 219.302533][T14862] team0: Port device team_slave_1 added [ 219.334999][T14862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.340887][T14862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 219.353285][T14862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.359495][T14862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.361923][T14862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 219.370713][T14862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.411435][T14862] hsr_slave_0: entered promiscuous mode [ 219.414273][T14862] hsr_slave_1: entered promiscuous mode [ 219.416703][T14862] debugfs: 'hsr0' already exists in 'hsr' [ 219.418688][T14862] Cannot create hsr debugfs directory [ 219.546531][T14862] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 219.556252][T14862] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 219.559722][T14862] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 219.565837][T14862] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 219.569071][T14862] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 219.579513][T14862] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 219.587433][T14862] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 219.596506][T14862] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 219.629003][T14862] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.631419][T14862] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.633950][T14862] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.636480][T14862] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.716804][T14862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.745710][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.757559][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.777701][T14862] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.788555][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.791818][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.801589][ T3521] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.804956][ T3521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.113142][T14946] netlink: 'syz.6.4118': attribute type 3 has an invalid length. [ 220.226677][T14862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.558505][T14862] veth0_vlan: entered promiscuous mode [ 220.568422][T14862] veth1_vlan: entered promiscuous mode [ 220.596626][T14862] veth0_macvtap: entered promiscuous mode [ 220.603880][T14862] veth1_macvtap: entered promiscuous mode [ 220.620150][T14862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.623947][ T5744] Bluetooth: hci3: command tx timeout [ 220.653349][T14862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.683579][ T1159] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.687713][ T1159] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.696184][ T1159] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.700800][ T1159] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.798834][ T161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.802436][ T161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.844711][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.847601][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.869681][ T40] audit: type=1400 audit(1777664179.518:606): avc: denied { mounton } for pid=14862 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 220.953878][ T39] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 221.122149][ T39] usb 9-1: Using ep0 maxpacket: 8 [ 221.132412][ T39] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 221.137382][ T39] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 221.141728][ T39] usb 9-1: config 0 interface 0 has no altsetting 0 [ 221.145229][ T39] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 221.147625][T14931] kexec: Could not allocate control_code_buffer [ 221.149275][ T39] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.154688][ T5742] block nbd6: Receive control failed (result -32) [ 221.156318][T14961] block nbd6: shutting down sockets [ 221.161590][ T39] usb 9-1: config 0 descriptor?? [ 221.200645][ T40] audit: type=1400 audit(1777664179.848:607): avc: denied { perfmon } for pid=14977 comm="syz.5.4128" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 221.211183][ T40] audit: type=1400 audit(1777664179.848:608): avc: denied { bpf } for pid=14977 comm="syz.5.4128" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 221.249836][T14982] xt_hashlimit: size too large, truncated to 1048576 [ 221.262238][ C2] ip6_tunnel: syztnl0 xmit: Local address not yet configured! [ 221.600939][ T39] mcp2221 0003:04D8:00DD.000F: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 221.774537][T14972] i2c i2c-2: unsupported multi-msg i2c transaction [ 221.781143][ T5739] usb 9-1: USB disconnect, device number 18 [ 222.240999][ T40] audit: type=1400 audit(1777664180.888:609): avc: denied { setopt } for pid=15020 comm="syz.6.4148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 222.272595][T15023] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.4150'. [ 222.331611][T15025] input: syz0 as /devices/virtual/input/input33 [ 222.431778][T15037] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4156'. [ 222.573057][T15050] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4163'. [ 222.704630][ T5742] Bluetooth: hci3: command tx timeout [ 222.994736][T15081] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4177'. [ 223.119907][ T40] audit: type=1400 audit(1777664181.768:610): avc: denied { read } for pid=15090 comm="syz.7.4181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 223.353066][ T5837] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 223.513733][ T5837] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 223.533207][ T5837] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 223.537779][ T5837] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 223.541798][ T5837] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.552395][T15089] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 223.574113][ T5837] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 223.597543][T15106] o2cb: This node has not been configured. [ 223.617047][T15106] o2cb: Cluster check failed. Fix errors before retrying. [ 223.624755][T15106] (syz.5.4186,15106,3):user_dlm_register:674 ERROR: status = -22 [ 223.631035][T15106] (syz.5.4186,15106,3):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 223.693264][T15108] syzkaller1: entered promiscuous mode [ 223.695836][T15108] syzkaller1: entered allmulticast mode [ 223.787173][ T5739] usb 9-1: USB disconnect, device number 19 [ 224.024852][ T79] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 224.035616][T15135] loop5: detected capacity change from 0 to 1 [ 224.039443][T15135] Dev loop5: unable to read RDB block 1 [ 224.042485][T15135] loop5: unable to read partition table [ 224.045123][T15135] loop5: partition table beyond EOD, truncated [ 224.047878][T15135] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 224.139561][T15141] netlink: 48 bytes leftover after parsing attributes in process `syz.7.4203'. [ 224.196499][T15152] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4207'. [ 224.279462][T15157] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4210'. [ 224.525716][T15182] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 224.653217][T15190] netlink: 762 bytes leftover after parsing attributes in process `syz.4.4223'. [ 224.767924][T15198] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4227'. [ 224.783289][ T5742] Bluetooth: hci3: command tx timeout [ 224.877268][T15202] A link change request failed with some changes committed already. Interface syzkaller0 may have been left with an inconsistent configuration, please check. [ 224.949206][T15208] netlink: 'syz.5.4232': attribute type 1 has an invalid length. [ 224.952989][T15208] netlink: 88 bytes leftover after parsing attributes in process `syz.5.4232'. [ 224.957002][T15208] netlink: 'syz.5.4232': attribute type 1 has an invalid length. [ 224.992101][ T1342] usb 12-1: new high-speed USB device number 2 using dummy_hcd [ 225.163839][ T1342] usb 12-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 225.172310][ T1342] usb 12-1: config 0 interface 0 has no altsetting 0 [ 225.178131][ T1342] usb 12-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 225.182767][ T1342] usb 12-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 225.186633][ T1342] usb 12-1: Product: syz [ 225.188686][ T1342] usb 12-1: Manufacturer: syz [ 225.190994][ T1342] usb 12-1: SerialNumber: syz [ 225.197301][ T1342] usb 12-1: config 0 descriptor?? [ 225.208070][ T1342] usb 12-1: selecting invalid altsetting 0 [ 225.328596][T15230] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 225.341117][T15230] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 225.350773][T15230] bond0 (unregistering): Released all slaves [ 225.404918][T11762] usb 12-1: USB disconnect, device number 2 [ 225.528661][T15242] binder: 15241:15242 ioctl c0306201 2000000001c0 returned -14 [ 226.115735][T15271] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 226.477982][T15293] netlink: 'syz.4.4268': attribute type 5 has an invalid length. [ 226.484883][T15293] netlink: 'syz.4.4268': attribute type 5 has an invalid length. [ 226.792241][ T2317] usb 11-1: new high-speed USB device number 12 using dummy_hcd [ 226.862363][ T5742] Bluetooth: hci3: command tx timeout [ 226.944202][ T2317] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 226.953365][ T2317] usb 11-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 226.962512][ T2317] usb 11-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 226.973340][ T2317] usb 11-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 226.981728][ T2317] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 226.989289][ T2317] usb 11-1: Product: syz [ 226.995119][ T2317] usb 11-1: Manufacturer: syz [ 226.997246][ T2317] usb 11-1: SerialNumber: syz [ 227.080732][T15320] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 227.218936][ T2317] usblp 11-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 227.424081][ T40] audit: type=1400 audit(1777664186.078:611): avc: denied { ioctl } for pid=15298 comm="syz.6.4272" path="/dev/usb/lp0" dev="devtmpfs" ino=3397 ioctlcmd=0x500d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 227.424942][ T5805] usb 11-1: USB disconnect, device number 12 [ 227.445778][ T5805] usblp0: removed [ 227.450977][T15344] __nla_validate_parse: 4 callbacks suppressed [ 227.450990][T15344] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4292'. [ 227.652346][ T1342] usb 12-1: new full-speed USB device number 3 using dummy_hcd [ 227.815347][ T1342] usb 12-1: config 0 has an invalid interface number: 8 but max is 0 [ 227.819157][ T1342] usb 12-1: config 0 has no interface number 0 [ 227.822643][ T1342] usb 12-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 227.827665][ T1342] usb 12-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 227.832762][ T1342] usb 12-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 227.839186][ T1342] usb 12-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 227.843473][ T1342] usb 12-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 227.848160][ T1342] usb 12-1: Product: syz [ 227.850173][ T1342] usb 12-1: SerialNumber: syz [ 227.855450][ T1342] usb 12-1: config 0 descriptor?? [ 227.861413][ T1342] cm109 12-1:0.8: invalid payload size 0, expected 4 [ 227.872417][ T1342] input: CM109 USB driver as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:0.8/input/input34 [ 227.996252][T15371] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 227.999321][T15371] IPv6: NLM_F_CREATE should be set when creating new route [ 228.038207][T15373] trusted_key: syz.4.4306 sent an empty control message without MSG_MORE. [ 228.068005][ C2] cm109 12-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 228.292188][ T1342] usb 11-1: new high-speed USB device number 13 using dummy_hcd [ 228.327749][ C3] cm109 12-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 228.327946][ T5739] usb 12-1: USB disconnect, device number 3 [ 228.330789][ C3] cm109 12-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 228.339558][ T5739] cm109 12-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 228.402256][ T5805] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 228.442851][ T1342] usb 11-1: too many configurations: 9, using maximum allowed: 8 [ 228.447108][ T1342] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.450930][ T1342] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.455783][ T1342] usb 11-1: config 0 interface 0 has no altsetting 0 [ 228.459624][ T1342] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.463754][ T1342] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.468089][ T1342] usb 11-1: config 0 interface 0 has no altsetting 0 [ 228.471856][ T1342] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.475886][ T1342] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.480154][ T1342] usb 11-1: config 0 interface 0 has no altsetting 0 [ 228.484100][ T1342] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.490323][ T1342] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.495075][ T1342] usb 11-1: config 0 interface 0 has no altsetting 0 [ 228.500731][ T1342] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.504673][ T1342] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.509117][ T1342] usb 11-1: config 0 interface 0 has no altsetting 0 [ 228.515025][ T1342] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.518979][ T1342] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.523749][ T1342] usb 11-1: config 0 interface 0 has no altsetting 0 [ 228.527557][ T1342] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.531617][ T1342] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.536148][ T1342] usb 11-1: config 0 interface 0 has no altsetting 0 [ 228.539939][ T1342] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.543899][ T1342] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.548235][ T1342] usb 11-1: config 0 interface 0 has no altsetting 0 [ 228.553209][ T1342] usb 11-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 228.556887][ T1342] usb 11-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 228.560332][ T1342] usb 11-1: Product: syz [ 228.562195][ T1342] usb 11-1: Manufacturer: syz [ 228.564155][ T1342] usb 11-1: SerialNumber: syz [ 228.564360][ T5805] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 228.568825][ T1342] usb 11-1: config 0 descriptor?? [ 228.570239][ T5805] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 228.575976][ T5805] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 228.577962][ T1342] yurex 11-1:0.0: USB YUREX device now attached to Yurex #0 [ 228.578604][ T5805] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.580721][T15381] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 228.588392][ T5805] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 228.795831][ T5805] usb 9-1: USB disconnect, device number 20 [ 228.828735][ C2] usb 11-1: yurex_control_callback - control failed: -71 [ 228.829085][ T54] usb 11-1: USB disconnect, device number 13 [ 228.841823][ T54] yurex 11-1:0.0: USB YUREX #0 now disconnected [ 228.983774][T15395] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4316'. [ 229.045610][T15399] netlink: 'syz.7.4318': attribute type 7 has an invalid length. [ 229.049088][T15399] netlink: 'syz.7.4318': attribute type 8 has an invalid length. [ 229.055997][T15399] netlink: 'syz.7.4318': attribute type 7 has an invalid length. [ 229.059650][T15399] netlink: 208784 bytes leftover after parsing attributes in process `syz.7.4318'. [ 229.104926][T15402] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4319'. [ 229.108801][T15402] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4319'. [ 229.253419][T15414] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4325'. [ 229.302726][T15420] netlink: 236 bytes leftover after parsing attributes in process `syz.5.4327'. [ 229.305815][T15420] netlink: 236 bytes leftover after parsing attributes in process `syz.5.4327'. [ 229.390341][ T40] audit: type=1400 audit(1777664188.038:612): avc: denied { block_suspend } for pid=15421 comm="syz.7.4329" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 229.633174][T15442] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4338'. [ 230.025680][T15475] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4352'. [ 230.173541][ T40] audit: type=1400 audit(1777664188.828:613): avc: denied { execute } for pid=15486 comm="syz.4.4359" path="/dev/video8" dev="devtmpfs" ino=976 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 230.230229][ T40] audit: type=1400 audit(1777664188.878:614): avc: denied { name_bind } for pid=15491 comm="syz.7.4362" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 230.437112][T15509] syzkaller1: entered promiscuous mode [ 230.439824][T15509] syzkaller1: entered allmulticast mode [ 231.762940][ T40] audit: type=1400 audit(1777664190.408:615): avc: denied { unlink } for pid=15587 comm="syz.4.4404" name="file0" dev="9p" ino=72634811 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 231.773505][ T40] audit: type=1400 audit(1777664190.418:616): avc: denied { create } for pid=15587 comm="syz.4.4404" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 232.154180][T15606] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 232.376499][ T40] audit: type=1326 audit(1777664191.028:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15613 comm="syz.5.4416" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f53ef99cdd9 code=0x0 [ 232.812114][T15628] __nla_validate_parse: 6 callbacks suppressed [ 232.812130][T15628] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4421'. [ 232.818488][T15628] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4421'. [ 232.825255][T15628] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4421'. [ 232.830945][T15628] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4421'. [ 232.837063][T15628] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4421'. [ 232.841139][T15628] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4421'. [ 232.883730][ T40] audit: type=1400 audit(1777664191.538:618): avc: denied { bind } for pid=15629 comm="syz.6.4422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 233.177062][ T40] audit: type=1400 audit(1777664191.828:619): avc: denied { create } for pid=15648 comm="syz.6.4428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 233.186102][ T40] audit: type=1400 audit(1777664191.828:620): avc: denied { sys_admin } for pid=15648 comm="syz.6.4428" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 233.189004][T15651] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.4429'. [ 233.403045][T15670] loop1: detected capacity change from 0 to 16384 [ 234.404861][ T40] audit: type=1400 audit(1777664194.056:621): avc: denied { mounton } for pid=15725 comm="syz.6.4457" path="/proc/792" dev="proc" ino=61655 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 234.661409][ T40] audit: type=1400 audit(1777664194.306:622): avc: denied { ioctl } for pid=15740 comm="syz.6.4464" path="socket:[60642]" dev="sockfs" ino=60642 ioctlcmd=0x8b32 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 234.711481][T15745] overlayfs: failed to clone upperpath [ 234.737017][T15747] netlink: 'syz.6.4468': attribute type 4 has an invalid length. [ 234.754439][T15747] netlink: 'syz.6.4468': attribute type 17 has an invalid length. [ 234.802811][T15753] misc userio: Invalid payload size [ 234.914753][T15755] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4466'. [ 234.918112][T15755] netlink: 'syz.7.4466': attribute type 26 has an invalid length. [ 234.957692][T15757] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4472'. [ 234.981127][ T40] audit: type=1326 audit(1777664194.626:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15758 comm="syz.5.4473" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f53ef99cdd9 code=0x0 [ 235.008217][T15764] vcan0: tx drop: invalid sa for name 0xfffffffffffffffe [ 235.248164][T15790] netlink: 'syz.6.4487': attribute type 29 has an invalid length. [ 235.256004][T15790] netlink: 'syz.6.4487': attribute type 29 has an invalid length. [ 235.264473][T15790] netlink: 500 bytes leftover after parsing attributes in process `syz.6.4487'. [ 235.402627][ T5739] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 235.567694][ T5739] usb 9-1: Using ep0 maxpacket: 8 [ 235.583142][ T5739] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 235.593256][ T5739] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 235.598528][ T5739] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 235.603588][ T5739] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 235.607932][ T5739] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 235.616275][ T5739] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 235.620387][ T5739] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.660710][ T40] audit: type=1400 audit(1777664195.306:624): avc: denied { module_load } for pid=15817 comm="syz.6.4500" path="/389/bus" dev="tmpfs" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 235.661142][T15818] Invalid ELF header magic: != ELF [ 235.692426][T15820] sctp: [Deprecated]: syz.7.4501 (pid 15820) Use of struct sctp_assoc_value in delayed_ack socket option. [ 235.692426][T15820] Use struct sctp_sack_info instead [ 235.780775][ T40] audit: type=1804 audit(1777664195.426:625): pid=15826 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.6.4504" name="/newroot/391/file0" dev="tmpfs" ino=2038 res=1 errno=0 [ 235.838091][ T5739] usb 9-1: usb_control_msg returned -32 [ 235.840874][ T5739] usbtmc 9-1:16.0: can't read capabilities [ 235.923158][ T40] audit: type=1400 audit(1777664195.566:626): avc: denied { create } for pid=15838 comm="syz.6.4510" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 235.976457][T15843] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 235.982976][ T5089] Bluetooth: hci2: command 0x0406 tx timeout [ 236.073635][T15848] comedi comedi1: s526: I/O port conflict (0x100,64) [ 236.191652][T15857] usbtmc 9-1:16.0: control status returned 0 [ 236.304916][T15859] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.308716][T15859] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.393298][ T5805] usb 9-1: USB disconnect, device number 21 [ 236.484281][T15859] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 236.497545][T15859] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 236.659893][T15865] nbd: must specify at least one socket [ 236.748767][ T161] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.753949][ T161] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.758223][ T161] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.764904][ T161] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.837704][T15873] smc: adding net device bond0 with user defined pnetid SYZ2 [ 236.871158][ T40] audit: type=1400 audit(1777664196.516:627): avc: denied { mount } for pid=15879 comm="syz.5.4528" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 236.871734][T15880] overlayfs: failed to clone lowerpath [ 237.322088][ T1342] usb 11-1: new high-speed USB device number 14 using dummy_hcd [ 237.472045][ T1342] usb 11-1: Using ep0 maxpacket: 8 [ 237.475803][ T1342] usb 11-1: config index 0 descriptor too short (expected 301, got 45) [ 237.479270][ T1342] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 237.483551][ T1342] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 237.487376][ T1342] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 237.491290][ T1342] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 237.496557][ T1342] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 237.500339][ T1342] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.618228][T15927] IPVS: sh: FWM 3 0x00000003 - no destination available [ 237.621464][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 237.713343][ T1342] usb 11-1: usb_control_msg returned -32 [ 237.715844][ T1342] usbtmc 11-1:16.0: can't read capabilities [ 238.066939][T15954] usbtmc 11-1:16.0: usb_control_msg returned -32 [ 238.070880][ T5731] usb 11-1: USB disconnect, device number 14 [ 238.272166][T10006] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 238.320166][T15961] team0: Device ipvlan1 failed to register rx_handler [ 238.424375][T10006] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 238.428591][T10006] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 238.432831][T10006] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 238.436011][T10006] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 238.441180][T10006] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 238.447514][T10006] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 238.451163][T10006] usb 9-1: Manufacturer: syz [ 238.455932][T10006] usb 9-1: config 0 descriptor?? [ 238.554175][T15974] __nla_validate_parse: 6 callbacks suppressed [ 238.554236][T15974] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4571'. [ 238.634977][T15978] team0: Device ipvlan1 failed to register rx_handler [ 238.718195][T15983] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4575'. [ 238.723341][T15983] hsr_slave_0: left promiscuous mode [ 238.726759][T15983] hsr_slave_1: left promiscuous mode [ 238.876492][T10006] hid_parser_main: 10 callbacks suppressed [ 238.876514][T10006] appleir 0003:05AC:8243.0010: unknown main item tag 0x0 [ 238.895895][T10006] appleir 0003:05AC:8243.0010: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 238.946621][T15992] ------------[ cut here ]------------ [ 238.950185][T15992] !chanctx_conf [ 238.950195][T15992] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x5c5/0x730, CPU#1: syz.5.4579/15992 [ 238.955043][T15992] Modules linked in: [ 238.957575][T15992] CPU: 1 UID: 0 PID: 15992 Comm: syz.5.4579 Tainted: G L syzkaller #0 PREEMPT(full) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 238.963569][T15992] Tainted: [L]=SOFTLOCKUP [ 238.964987][T15992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 238.968970][T15992] RIP: 0010:rate_control_rate_init+0x5c5/0x730 [ 238.971050][T15992] Code: 48 8d 35 00 00 00 00 e8 f9 34 e3 f6 e8 f4 8c ec f6 e9 20 fe ff ff e8 1a 49 07 f7 90 0f 0b 90 e9 12 fe ff ff e8 0c 49 07 f7 90 <0f> 0b 90 eb b1 e8 01 49 07 f7 e8 4c 95 eb f6 31 ff 89 c3 89 c6 e8 [ 238.977654][T15992] RSP: 0018:ffffc9000d5d7200 EFLAGS: 00010283 [ 238.979690][T15992] RAX: 000000000000074c RBX: ffff888058978000 RCX: ffffc90007261000 [ 238.982549][T15992] RDX: 0000000000080000 RSI: ffffffff8b014294 RDI: ffff88802599ca00 [ 238.985149][T15992] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 238.987756][T15992] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888059631940 [ 238.990357][T15992] R13: ffff888038600f20 R14: ffff88805b554000 R15: 0000000000000000 [ 238.993615][T15992] FS: 00007f53f08e76c0(0000) GS:ffff8880d6476000(0000) knlGS:0000000000000000 [ 238.996596][T15992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 238.998772][T15992] CR2: 0000200000001080 CR3: 0000000034824000 CR4: 0000000000352ef0 [ 239.001800][T15992] Call Trace: [ 239.003457][T15992] [ 239.004924][T15992] rate_control_rate_init_all_links+0x76/0x1f0 [ 239.007731][T15992] sta_apply_auth_flags.isra.0+0x4aa/0x500 [ 239.010445][T15992] sta_apply_parameters+0x1234/0x2090 [ 239.013621][T15992] ? __sta_info_alloc+0x1146/0x1cd0 [ 239.016050][T15992] ieee80211_add_station+0x3ff/0x760 [ 239.018496][T15992] nl80211_new_station+0x14a9/0x20f0 [ 239.021026][T15992] ? __pfx_nl80211_new_station+0x10/0x10 [ 239.024725][T15992] ? nl80211_pre_doit+0x19a/0xae0 [ 239.027088][T15992] genl_family_rcv_msg_doit+0x214/0x300 [ 239.029778][T15992] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 239.032771][T15992] ? bpf_lsm_capable+0x9/0x10 [ 239.034903][T15992] ? security_capable+0x80/0x260 [ 239.037222][T15992] ? ns_capable+0xd2/0xf0 [ 239.039217][T15992] genl_rcv_msg+0x560/0x800 [ 239.041333][T15992] ? __pfx_genl_rcv_msg+0x10/0x10 [ 239.043756][T15992] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 239.046201][T15992] ? __pfx_nl80211_new_station+0x10/0x10 [ 239.048843][T15992] ? __pfx_nl80211_post_doit+0x10/0x10 [ 239.051345][T15992] netlink_rcv_skb+0x159/0x420 [ 239.054410][T15992] ? __pfx_genl_rcv_msg+0x10/0x10 [ 239.056730][T15992] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 239.059137][T15992] ? netlink_deliver_tap+0x1ae/0xcc0 [ 239.061537][T15992] genl_rcv+0x28/0x40 [ 239.063490][T15992] netlink_unicast+0x585/0x850 [ 239.066337][T15992] ? __pfx_netlink_unicast+0x10/0x10 [ 239.068714][T15992] netlink_sendmsg+0x8b0/0xda0 [ 239.071035][T15992] ? __pfx_netlink_sendmsg+0x10/0x10 [ 239.073528][T15992] ? __might_fault+0x10/0x140 [ 239.076143][T15992] ____sys_sendmsg+0x9e1/0xb70 [ 239.078406][T15992] ? __pfx_netlink_sendmsg+0x10/0x10 [ 239.080952][T15992] ? __pfx_____sys_sendmsg+0x10/0x10 [ 239.083712][T15992] ? preempt_schedule_thunk+0x16/0x30 [ 239.086153][T15992] ? try_to_wake_up+0x5f6/0x1900 [ 239.089317][T15992] ___sys_sendmsg+0x190/0x1e0 [ 239.091518][T15992] ? __pfx____sys_sendmsg+0x10/0x10 [ 239.093936][T15992] ? futex_private_hash_put+0x107/0x1c0 [ 239.096494][T15992] __sys_sendmsg+0x170/0x220 [ 239.098703][T15992] ? __pfx___sys_sendmsg+0x10/0x10 [ 239.101156][T15992] ? __x64_sys_futex+0x34f/0x4d0 [ 239.103676][T15992] ? rcu_is_watching+0x12/0xc0 [ 239.105930][T15992] do_syscall_64+0x10b/0xf80 [ 239.108161][T15992] ? clear_bhb_loop+0x40/0x90 [ 239.110276][T15992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.113853][T15992] RIP: 0033:0x7f53ef99cdd9 [ 239.115925][T15992] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 239.124500][T15992] RSP: 002b:00007f53f08e7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 239.128284][T15992] RAX: ffffffffffffffda RBX: 00007f53efc15fa0 RCX: 00007f53ef99cdd9 [ 239.131795][T15992] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 239.135410][T15992] RBP: 00007f53efa32d69 R08: 0000000000000000 R09: 0000000000000000 [ 239.138942][T15992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.143444][T15992] R13: 00007f53efc16038 R14: 00007f53efc15fa0 R15: 00007ffcbb6ec428 [ 239.146999][T15992] [ 239.148438][T15992] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 239.151674][T15992] CPU: 1 UID: 0 PID: 15992 Comm: syz.5.4579 Tainted: G L syzkaller #0 PREEMPT(full) [ 239.156480][T15992] Tainted: [L]=SOFTLOCKUP [ 239.158439][T15992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 239.162935][T15992] Call Trace: [ 239.164458][T15992] [ 239.165811][T15992] dump_stack_lvl+0x100/0x190 [ 239.167911][T15992] vpanic+0x552/0x970 [ 239.169709][T15992] ? __pfx_vpanic+0x10/0x10 [ 239.171643][T15992] panic+0xd1/0xe0 [ 239.173347][T15992] ? __pfx_panic+0x10/0x10 [ 239.175364][T15992] check_panic_on_warn.cold+0x19/0x34 [ 239.177767][T15992] ? rate_control_rate_init+0x5c5/0x730 [ 239.180301][T15992] __warn.cold+0x191/0x328 [ 239.182368][T15992] __report_bug+0x296/0x3d0 [ 239.184433][T15992] ? rate_control_rate_init+0x5c5/0x730 [ 239.186956][T15992] ? __pfx___report_bug+0x10/0x10 [ 239.189240][T15992] ? kasan_save_track+0x14/0x30 [ 239.191533][T15992] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 239.194388][T15992] ? ieee80211_add_station+0x5f1/0x760 [ 239.196866][T15992] ? nl80211_new_station+0x14a9/0x20f0 [ 239.199440][T15992] ? genl_family_rcv_msg_doit+0x214/0x300 [ 239.202035][T15992] ? netlink_rcv_skb+0x159/0x420 [ 239.204170][T15992] ? netlink_unicast+0x585/0x850 [ 239.206415][T15992] ? netlink_sendmsg+0x8b0/0xda0 [ 239.208537][T15992] ? ____sys_sendmsg+0x9e1/0xb70 [ 239.210850][T15992] ? rate_control_rate_init+0x5c5/0x730 [ 239.213319][T15992] report_bug+0xb2/0x220 [ 239.215202][T15992] ? rate_control_rate_init+0x5c5/0x730 [ 239.217669][T15992] handle_bug+0x16a/0x2a0 [ 239.219618][T15992] exc_invalid_op+0x17/0x50 [ 239.221627][T15992] asm_exc_invalid_op+0x1a/0x20 [ 239.223796][T15992] RIP: 0010:rate_control_rate_init+0x5c5/0x730 [ 239.226619][T15992] Code: 48 8d 35 00 00 00 00 e8 f9 34 e3 f6 e8 f4 8c ec f6 e9 20 fe ff ff e8 1a 49 07 f7 90 0f 0b 90 e9 12 fe ff ff e8 0c 49 07 f7 90 <0f> 0b 90 eb b1 e8 01 49 07 f7 e8 4c 95 eb f6 31 ff 89 c3 89 c6 e8 [ 239.234970][T15992] RSP: 0018:ffffc9000d5d7200 EFLAGS: 00010283 [ 239.237741][T15992] RAX: 000000000000074c RBX: ffff888058978000 RCX: ffffc90007261000 [ 239.241308][T15992] RDX: 0000000000080000 RSI: ffffffff8b014294 RDI: ffff88802599ca00 [ 239.244886][T15992] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 239.248413][T15992] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888059631940 [ 239.252143][T15992] R13: ffff888038600f20 R14: ffff88805b554000 R15: 0000000000000000 [ 239.255752][T15992] ? rate_control_rate_init+0x5c4/0x730 [ 239.258284][T15992] rate_control_rate_init_all_links+0x76/0x1f0 [ 239.261147][T15992] sta_apply_auth_flags.isra.0+0x4aa/0x500 [ 239.263802][T15992] sta_apply_parameters+0x1234/0x2090 [ 239.266181][T15992] ? __sta_info_alloc+0x1146/0x1cd0 [ 239.268500][T15992] ieee80211_add_station+0x3ff/0x760 [ 239.270890][T15992] nl80211_new_station+0x14a9/0x20f0 [ 239.273308][T15992] ? __pfx_nl80211_new_station+0x10/0x10 [ 239.275904][T15992] ? nl80211_pre_doit+0x19a/0xae0 [ 239.278011][T15992] genl_family_rcv_msg_doit+0x214/0x300 [ 239.280449][T15992] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 239.283185][T15992] ? bpf_lsm_capable+0x9/0x10 [ 239.285314][T15992] ? security_capable+0x80/0x260 [ 239.287504][T15992] ? ns_capable+0xd2/0xf0 [ 239.289399][T15992] genl_rcv_msg+0x560/0x800 [ 239.291392][T15992] ? __pfx_genl_rcv_msg+0x10/0x10 [ 239.293691][T15992] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 239.296052][T15992] ? __pfx_nl80211_new_station+0x10/0x10 [ 239.298604][T15992] ? __pfx_nl80211_post_doit+0x10/0x10 [ 239.301119][T15992] netlink_rcv_skb+0x159/0x420 [ 239.303340][T15992] ? __pfx_genl_rcv_msg+0x10/0x10 [ 239.305673][T15992] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 239.308118][T15992] ? netlink_deliver_tap+0x1ae/0xcc0 [ 239.310535][T15992] genl_rcv+0x28/0x40 [ 239.312370][T15992] netlink_unicast+0x585/0x850 [ 239.314563][T15992] ? __pfx_netlink_unicast+0x10/0x10 [ 239.316982][T15992] netlink_sendmsg+0x8b0/0xda0 [ 239.319162][T15992] ? __pfx_netlink_sendmsg+0x10/0x10 [ 239.321635][T15992] ? __might_fault+0x10/0x140 [ 239.323854][T15992] ____sys_sendmsg+0x9e1/0xb70 [ 239.326001][T15992] ? __pfx_netlink_sendmsg+0x10/0x10 [ 239.328357][T15992] ? __pfx_____sys_sendmsg+0x10/0x10 [ 239.330673][T15992] ? preempt_schedule_thunk+0x16/0x30 [ 239.333122][T15992] ? try_to_wake_up+0x5f6/0x1900 [ 239.335370][T15992] ___sys_sendmsg+0x190/0x1e0 [ 239.337520][T15992] ? __pfx____sys_sendmsg+0x10/0x10 [ 239.339909][T15992] ? futex_private_hash_put+0x107/0x1c0 [ 239.342545][T15992] __sys_sendmsg+0x170/0x220 [ 239.344649][T15992] ? __pfx___sys_sendmsg+0x10/0x10 [ 239.346997][T15992] ? __x64_sys_futex+0x34f/0x4d0 [ 239.349255][T15992] ? rcu_is_watching+0x12/0xc0 [ 239.351471][T15992] do_syscall_64+0x10b/0xf80 [ 239.353559][T15992] ? clear_bhb_loop+0x40/0x90 [ 239.355717][T15992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.358398][T15992] RIP: 0033:0x7f53ef99cdd9 [ 239.360500][T15992] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 239.369021][T15992] RSP: 002b:00007f53f08e7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 239.372784][T15992] RAX: ffffffffffffffda RBX: 00007f53efc15fa0 RCX: 00007f53ef99cdd9 [ 239.376352][T15992] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 239.379822][T15992] RBP: 00007f53efa32d69 R08: 0000000000000000 R09: 0000000000000000 [ 239.383399][T15992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.386865][T15992] R13: 00007f53efc16038 R14: 00007f53efc15fa0 R15: 00007ffcbb6ec428 [ 239.390401][T15992] [ 239.392751][T15992] Kernel Offset: disabled [ 239.394697][T15992] Rebooting in 86400 seconds..