[ 106.202640][ T46] audit: type=1400 audit(1604259587.212:41): avc: denied { map } for pid=9878 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:52631' (ECDSA) to the list of known hosts. [ 109.947241][ T46] audit: type=1400 audit(1604259590.952:42): avc: denied { map } for pid=9890 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/11/01 19:39:51 fuzzer started 2020/11/01 19:39:51 dialing manager at 10.0.2.10:35385 2020/11/01 19:39:51 syscalls: 3476 2020/11/01 19:39:51 code coverage: enabled 2020/11/01 19:39:51 comparison tracing: enabled 2020/11/01 19:39:51 extra coverage: enabled 2020/11/01 19:39:51 setuid sandbox: enabled 2020/11/01 19:39:51 namespace sandbox: enabled 2020/11/01 19:39:51 Android sandbox: /sys/fs/selinux/policy does not exist 2020/11/01 19:39:51 fault injection: enabled 2020/11/01 19:39:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/11/01 19:39:51 net packet injection: enabled 2020/11/01 19:39:51 net device setup: enabled 2020/11/01 19:39:51 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/11/01 19:39:51 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/11/01 19:39:51 USB emulation: enabled 2020/11/01 19:39:51 hci packet injection: enabled 2020/11/01 19:39:51 wifi device emulation: enabled [ 110.719769][ T46] audit: type=1400 audit(1604259591.722:43): avc: denied { integrity } for pid=9907 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 19:40:48 executing program 0: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='utf8=0,nonumtail']) [ 167.311249][ T46] audit: type=1400 audit(1604259648.312:44): avc: denied { map } for pid=9909 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=25621 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 19:40:48 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x4b65, 0xfdfdffff) 19:40:48 executing program 2: prctl$PR_SET_MM(0x23, 0xc, &(0x7f0000ffa000/0x3000)=nil) 19:40:48 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) lseek(r0, 0x0, 0x6) [ 168.519066][ T9910] IPVS: ftp: loaded support on port[0] = 21 [ 168.639998][ T9910] chnl_net:caif_netlink_parms(): no params data found [ 168.670755][ T9912] IPVS: ftp: loaded support on port[0] = 21 [ 168.723991][ T9910] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.733429][ T9910] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.744415][ T9910] device bridge_slave_0 entered promiscuous mode [ 168.756949][ T9910] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.765487][ T9910] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.774388][ T9910] device bridge_slave_1 entered promiscuous mode [ 168.800969][ T9910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.823564][ T9910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.888610][ T9910] team0: Port device team_slave_0 added [ 168.900202][ T9910] team0: Port device team_slave_1 added [ 168.908884][ T9912] chnl_net:caif_netlink_parms(): no params data found [ 168.933015][ T9914] IPVS: ftp: loaded support on port[0] = 21 [ 168.948697][ T9910] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.964639][ T9910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.000823][ T9910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.023847][ T9910] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.034394][ T9910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.070613][ T9910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.100800][ T9916] IPVS: ftp: loaded support on port[0] = 21 [ 169.149912][ T9912] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.159275][ T9912] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.170381][ T9912] device bridge_slave_0 entered promiscuous mode [ 169.197292][ T9910] device hsr_slave_0 entered promiscuous mode [ 169.210622][ T9910] device hsr_slave_1 entered promiscuous mode [ 169.226242][ T9912] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.237550][ T9912] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.250144][ T9912] device bridge_slave_1 entered promiscuous mode [ 169.298533][ T9912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.315849][ T9912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.346328][ T9912] team0: Port device team_slave_0 added [ 169.361649][ T9912] team0: Port device team_slave_1 added [ 169.408607][ T9912] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.417088][ T9912] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.449778][ T9912] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.470018][ T9912] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.478568][ T9912] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.513922][ T9912] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.598353][ T9912] device hsr_slave_0 entered promiscuous mode [ 169.610605][ T9912] device hsr_slave_1 entered promiscuous mode [ 169.619671][ T9912] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 169.629311][ T9912] Cannot create hsr debugfs directory [ 169.636031][ T9916] chnl_net:caif_netlink_parms(): no params data found [ 169.755757][ T9914] chnl_net:caif_netlink_parms(): no params data found [ 169.757089][ T46] audit: type=1400 audit(1604259650.762:45): avc: denied { create } for pid=9910 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 169.822830][ T46] audit: type=1400 audit(1604259650.772:46): avc: denied { write } for pid=9910 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 169.831392][ T9910] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 169.854375][ T46] audit: type=1400 audit(1604259650.772:47): avc: denied { read } for pid=9910 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 169.926774][ T9910] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 169.944233][ T9916] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.952892][ T9916] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.962986][ T9916] device bridge_slave_0 entered promiscuous mode [ 169.978707][ T9916] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.988392][ T9916] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.997473][ T9916] device bridge_slave_1 entered promiscuous mode [ 170.010631][ T9910] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 170.027240][ T9912] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 170.060991][ T9910] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 170.072432][ T9912] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 170.082521][ T9912] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 170.094715][ T9916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 170.112802][ T9916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 170.130962][ T9912] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 170.158582][ T9914] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.168663][ T9914] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.178970][ T9914] device bridge_slave_0 entered promiscuous mode [ 170.188976][ T9914] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.200088][ T9914] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.250164][ T9914] device bridge_slave_1 entered promiscuous mode [ 170.278856][ T9916] team0: Port device team_slave_0 added [ 170.292011][ T9916] team0: Port device team_slave_1 added [ 170.336966][ T9914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 170.368014][ T9916] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.378642][ T9916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.421868][ T9916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.442520][ T9914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 170.477936][ T9916] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.490945][ T9916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.529767][ T9916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.532332][ T18] Bluetooth: hci0: command 0x0409 tx timeout [ 170.566984][ T9914] team0: Port device team_slave_0 added [ 170.577397][ T9914] team0: Port device team_slave_1 added [ 170.587879][ T9916] device hsr_slave_0 entered promiscuous mode [ 170.595635][ T9916] device hsr_slave_1 entered promiscuous mode [ 170.605952][ T9916] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.616738][ T9916] Cannot create hsr debugfs directory [ 170.644086][ T9914] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.652227][ T9914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.699476][ T9914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.702232][ T3476] Bluetooth: hci1: command 0x0409 tx timeout [ 170.722715][ T9914] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.743466][ T9914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.772502][ T9914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.820593][ T9914] device hsr_slave_0 entered promiscuous mode [ 170.892017][ T9914] device hsr_slave_1 entered promiscuous mode [ 170.901379][ T9914] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.912420][ T9914] Cannot create hsr debugfs directory [ 170.931575][ T3476] Bluetooth: hci2: command 0x0409 tx timeout [ 171.064808][ T9916] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 171.084772][ T9916] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 171.099133][ T9916] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 171.101606][ T5] Bluetooth: hci3: command 0x0409 tx timeout [ 171.139756][ T9916] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 171.171284][ T9912] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.195988][ T9910] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.210832][ T9914] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 171.230772][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.243485][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.276528][ T9912] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.288094][ T9914] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 171.307435][ T9914] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 171.335099][ T9914] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 171.348437][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.362782][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.374850][ T9910] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.400710][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.412214][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.422894][ T3334] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.431841][ T3334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.440870][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.454084][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.465095][ T3334] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.474819][ T3334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.484998][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.495533][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.505907][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.514928][ T3334] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.523700][ T3334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.533683][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.544377][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.570765][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.581147][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.591018][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.600803][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.609361][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.623338][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.633842][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.643620][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.662823][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.671808][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.682624][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.706726][ T9916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.733282][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.746061][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.764706][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.787371][ T9912] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 171.802353][ T9912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 171.815334][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.825319][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.834425][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.843816][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.854257][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.863357][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.876410][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.892874][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.905417][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.918069][ T9916] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.935851][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.946998][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.970364][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.979966][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.989681][ T3476] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.999020][ T3476] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.009953][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.019121][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.029492][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.044081][ T9910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.052634][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.064809][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.132643][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.155494][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.197629][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.222628][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.234233][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.243286][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.263793][ T9912] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.279962][ T9914] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.299391][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.314008][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.330502][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.344006][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.362021][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.374293][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.387733][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.409285][ T9910] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.419575][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.428772][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.444779][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.453973][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.463764][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.473255][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.487180][ T9914] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.499012][ T9916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.510434][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.520297][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.530358][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.540588][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.553032][ T3334] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.561200][ T3334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.577244][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.598210][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.611056][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.621252][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.623206][ T18] Bluetooth: hci0: command 0x041b tx timeout [ 172.630583][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.668119][ T9912] device veth0_vlan entered promiscuous mode [ 172.678682][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.688367][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.699008][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.709958][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.721554][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 172.733233][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 172.754807][ T9914] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 172.767526][ T9914] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 172.781677][ T9925] Bluetooth: hci1: command 0x041b tx timeout [ 172.789576][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.826864][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 172.844032][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 172.856500][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.866365][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.875768][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.885169][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.894507][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.903883][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.914128][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.924066][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.938358][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.960321][ T9912] device veth1_vlan entered promiscuous mode [ 172.970826][ T9925] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.981123][ T9925] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 173.000066][ T9916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.012399][ T9946] Bluetooth: hci2: command 0x041b tx timeout [ 173.021632][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 173.029585][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 173.042422][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 173.051295][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 173.061801][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.071291][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.102178][ T9914] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.113402][ T9910] device veth0_vlan entered promiscuous mode [ 173.134136][ T9910] device veth1_vlan entered promiscuous mode [ 173.146143][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 173.157772][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 173.171271][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 173.185824][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 173.191776][ T3334] Bluetooth: hci3: command 0x041b tx timeout [ 173.198264][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 173.225999][ T9912] device veth0_macvtap entered promiscuous mode [ 173.252095][ T9912] device veth1_macvtap entered promiscuous mode [ 173.266474][ T9916] device veth0_vlan entered promiscuous mode [ 173.284206][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 173.297757][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 173.312994][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 173.327441][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 173.339413][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 173.353526][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 173.366596][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 173.378564][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.388210][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.413696][ T9916] device veth1_vlan entered promiscuous mode [ 173.428091][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 173.437457][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 173.447194][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 173.462641][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.471084][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.483620][ T9914] device veth0_vlan entered promiscuous mode [ 173.496627][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 173.510217][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 173.525116][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 173.572526][ T9912] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.586429][ T9910] device veth0_macvtap entered promiscuous mode [ 173.605159][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 173.615591][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 173.625573][ T9946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 173.641150][ T9912] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.649922][ T9910] device veth1_macvtap entered promiscuous mode [ 173.662818][ T9914] device veth1_vlan entered promiscuous mode [ 173.670712][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 173.679880][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 173.688424][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 173.698492][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 173.714175][ T9912] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.725469][ T9912] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.737744][ T9912] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.748006][ T9912] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.784683][ T9916] device veth0_macvtap entered promiscuous mode [ 173.796039][ T9916] device veth1_macvtap entered promiscuous mode [ 173.806679][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 173.828422][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 173.837972][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 173.850687][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 173.862271][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 173.888405][ T9910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 173.901873][ T9910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.914946][ T9910] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.935564][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 173.947172][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 173.960859][ T9910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 173.975443][ T9910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.989287][ T9910] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.010782][ T9914] device veth0_macvtap entered promiscuous mode [ 174.026592][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 174.036991][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 174.048278][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 174.057802][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 174.068416][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 174.083002][ T9916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.100640][ T9916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.114020][ T9916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.130482][ T9916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.161905][ T9916] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.184085][ T9910] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.205845][ T9910] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.234413][ T9910] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.249657][ T9910] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.272147][ T9925] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 174.289422][ T9925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 174.310410][ T9914] device veth1_macvtap entered promiscuous mode [ 174.340468][ T9916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.359473][ T9916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.377311][ T9916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.395290][ T9916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.412017][ T9916] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.436902][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 174.448155][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 174.459437][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 174.488281][ T9916] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.500413][ T9916] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.512869][ T9916] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.524866][ T9916] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.539595][ T9940] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.549844][ T9940] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.571823][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 174.595238][ T9914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.606794][ T9914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.617486][ T9914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.628994][ T9914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.639589][ T9914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.650829][ T9914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.664188][ T9914] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.681909][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 174.684595][ T9940] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.690866][ T3334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 174.701587][ T9940] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.709687][ T3334] Bluetooth: hci0: command 0x040f tx timeout [ 174.715571][ T9914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.715596][ T9914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.715603][ T9914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.715607][ T9914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.715613][ T9914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.715617][ T9914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.716629][ T9914] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.718151][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 174.816992][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 174.826646][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 174.866908][ T9914] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.867753][ T46] audit: type=1400 audit(1604259655.872:48): avc: denied { associate } for pid=9912 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 174.878436][ T9914] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.905896][ T7] Bluetooth: hci1: command 0x040f tx timeout [ 174.921208][ T9914] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.939149][ T9914] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.975109][ T9940] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.984643][ T9940] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.995656][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 175.006678][ T9912] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 175.035474][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.056974][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.089548][ T9925] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 175.124800][ T9940] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.125204][ T3476] Bluetooth: hci2: command 0x040f tx timeout 19:40:56 executing program 1: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x2, [{0x0, 0x2}]}, @func_proto={0x0, 0x0, 0x0, 0x2}]}}, &(0x7f00000002c0)=""/4096, 0x3a, 0x1000, 0x1}, 0x20) [ 175.152031][ T9940] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.175642][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 175.192382][ T46] audit: type=1400 audit(1604259656.202:49): avc: denied { bpf } for pid=9954 comm="syz-executor.1" capability=39 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 19:40:56 executing program 1: syz_mount_image$romfs(&(0x7f0000000000)='romfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f00000000c0)) [ 175.212866][ T9940] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.242695][ T9943] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.260032][ T2952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.261745][ T3334] Bluetooth: hci3: command 0x040f tx timeout [ 175.287352][ T9940] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.294321][ T2952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.296155][ T9943] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.297556][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 175.316532][ T9957] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 175.328247][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 175.338830][ T9957] VFS: Can't find a romfs filesystem on dev loop1. [ 175.338830][ T9957] [ 175.355025][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 175.363007][ T9962] FAT-fs (loop0): bogus number of reserved sectors [ 175.438520][ T9962] FAT-fs (loop0): Can't find a valid FAT filesystem [ 175.499774][ T9957] MTD: Attempt to mount non-MTD device "/dev/loop1" 19:40:56 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x9, 0x1, 0x80, 0x400, 0x102}, 0x40) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000d00)="9ae8e8e4421b5d0df2d73679627325d4130c8b44b468e35aee18476aaa1b65161169d9d85fbd33983ef4617923b25ddda6fad31911f6bd6f3cadd7cf71c58159d6b110e3467bdc4c4d16e71e0323801d0918b980fba4de18165cc85e0c53f523574f6b620794b9c488be3353c7668dcd0052c9ce04a322f6c9a0952d7cbb9cabb29358d054802edaf88b26f585946fc784b0a0175ef041f33ec1a78d33d3a88b0b0bde41e336fcc72edb2aec32ee314e08d5185f37288775b79f063f72cffeb93b65464f19718f146d1cc37604c021932275157bad90d986028f69facb5fdffee0e9dc859badc538599c03515ee00b7164e4ca3c3eb688b6084473ccfe670432fc87e9e8807576b9bf4c751d2ffe409f710a", 0x112}], 0x1}}], 0x1, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000a40), &(0x7f0000000280), 0x400, r0}, 0x38) [ 175.613180][ T9957] VFS: Can't find a romfs filesystem on dev loop1. [ 175.613180][ T9957] [ 175.634893][ T9962] FAT-fs (loop0): bogus number of reserved sectors 19:40:56 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0xe, &(0x7f0000000b00)=ANY=[@ANYBLOB="b702000000000042bfa30000000000001602000000feffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000260404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000005b000000b700000000000000950000000000000063e165cd844a954b26c933db8e175e097efb3f55bb2007ee51050512b5b42128aa090a79507df79f2d8129cf487130d5f24bf901115e17392ac66ad029d1c08a2c6146101e04aeacea799a22a2fa798b5adc436b27d53337e5003e4be7f8000000000000dbc2777df150b70639e25b7496cb8dcdd77b85b94109a314fd085f028f2ed1a4535550614e09d6378198a60978670838337af2abd55a87ac0394b2f82ffab7d153d62058d0a413b2173619ccf55520f22c9cb6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0cca00a1efc54fa737c28b994a8512c816fdcceaede3faedc51d29a47ffeffffff00f4c7a53ac271d6d6f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804dc5fa77ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a7c2211fe4fd21a18986252a70f8f92eb6f0e8c7db3503680e5e5971ff4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f8d791fa99dac06b57479321a0574fb304bc2a168aa43328c8ddc20ea011bf5742e0e0d4334db16cb7fc20faf791ec85821d0c48fb657c29b302b0d2277b44af326f36f3e2c25a61ec45c3af97a8f17da954a9b34f79908755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d1665016ac59de637b30824d822133a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da3239acad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4a389c69608241730459f0123fd383d5612ff0230dc6eb55e9d46de56ef907b059b905c0289afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5826236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb778f54334354ec2697a03aff14a9aa4bd908a99494a65044dd539f5096412b926b2e095b84000243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c3630eeaebde922320178b00cc6ed7966130b547dbf8b497af0a77fbcf2cd1d0000000000000001c80000000000000000000000091bee53595a779d243a48cea769b10424d28804c026ab7f4a0281921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee8f8a836804ed3a1079b0282a12043408cd600087dc0dd22b634350761b9867682e11d94fff91af19f2f8df175d60a2892e456f5f4042bd13da2022f23daec61854f640f703db027665006e74f20675eb781925291578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfac92e6de9200000000000000000000000000009ec7eee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009d9c209644bb1cb603cd60a9e241435fe82d5a96b09c68c73de2f04f15d0053875732f2258aea65559eb00e76e9d092a2a60ca770663da451080cc36000906d5a9fad98c308e89bd5ffb6151d79c1cee1cdfba05e3633becd937d7a15762e5f5a3a0bc33fdbe28a0800000000000000c92fe7f791e8f602930950c89739f5d81e750d50515a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd43758624600e78f4458542b14f29611f95d4a2aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6820b6ec96280000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000000000000000000091e12aacf2ed9ee91cc82777c6a0da37e0219260f2944eb77cb7a20ab7ebcc2fbe2a986be27eacc454147267b05cba055cda2a57efefcb9a8761bc052bbb7f513b8c4167245753d31e7c1120a886bdf372ce255ca3c2aa8b0ebe42924db5d6d81e9b1514172e2f3fb1b46a1f7561b65c265b742d792d4f572d860718b5d9e94631657021612f6c974d10769e47575509bfe2d6ffa6cae835b0f492d32d12116c95e0b3b31713c20beae2dd340d7b67c3bed62b682a12363608d736289610fa8eb941d37a850c4f0d6f033f8438b57cedf532ee34e42b4041a682f54dc7b57200762d45724151014b733d497190f9ab3d5bab1f0635025ba9baa3a09b886e08c6bbd6e158f8e1c4ead2dc5bb4e2976a8383d8e415149455dc78439ae1b026ef03dfaa1f197a3b8ee7fcd1e39f5600a5c978584f97df1aed893821775c9b762f5acd2bf9a0eb18215ff90fe336bd75d3e8f704662d4084fa582afdd73d23546ae0abb118bdde3f4d1b661e7937b8631e7439bf23618d3f7ab482dde3249f42e660496098f30e38e152ead80d7291b54da4a3b08b8fd7ddaa830ec5933a0a674334b8d4269e425b9fa0255f3ba988cfd9ae6ed8154b633a0f108f3245d3a0212586e6c5762db4076d9ee42836d3000000000033baf08867c22a29335ab8976219d500961e2d0c1135a510d551ddd2c855a5642fd6539bac21f429e40740cd4c5ba3cb49da499c1a2c6bfb6b0e2e8d168bcb79f8054de46aeaf1d44c1f0958f24a93b88ac8d146afb94977527721e16dcfe4e014ee5a503cfe6ea2ed7fad0e83056941507016489f38643c128f5f37b453d811b185551bbd08336abed54a0e2419b1a0e53214dd296d152cf82f42472bf1fd52a22efdd111977d3cf6f20e942df77792fda2c99bee3175defd519b4fae37fc1fe86ed99335ef2ed821c64af516ac03585ec43071f5cc6030cf855b7e5d725aa8e9b7bf6d7b27a4e4e2fb2ed2501e5ce4435f8cbc0ad746c1b60d60f23d892939c96f750cd71824142404c26992c49c916b82bbc81c8d93c537c3a08cd58d0b4a64ddf9c55a7506c8cce89ff51c8ad5e63d1e2d1fd945635c130b4ad0dbcead5ec8cb3be6a0a82cef44e31148d94bd7edc9e94a4e295f1743754a5ee9f444a10838f8979c07c81946625761c9deb0d0e8f1cd5ebd"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffff4d}, 0x48) [ 175.652923][ T46] audit: type=1400 audit(1604259656.652:50): avc: denied { map_create } for pid=9977 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 175.653033][ T9962] FAT-fs (loop0): Can't find a valid FAT filesystem [ 175.697745][ T46] audit: type=1400 audit(1604259656.662:51): avc: denied { map_read map_write } for pid=9977 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 19:40:56 executing program 0: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='utf8=0,nonumtail']) 19:40:56 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newsa={0x144, 0x10, 0x713, 0x0, 0x0, {{@in=@local, @in6=@mcast2}, {@in6=@empty, 0x0, 0x32}, @in=@empty, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @offload={0xc, 0x1c, {r2}}]}, 0x144}}, 0x0) 19:40:56 executing program 1: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/uts\x00') setns(r0, 0x0) [ 175.815521][ T46] audit: type=1400 audit(1604259656.822:52): avc: denied { prog_load } for pid=9982 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 175.880783][ T46] audit: type=1400 audit(1604259656.822:53): avc: denied { perfmon } for pid=9982 comm="syz-executor.2" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 175.926259][ T46] audit: type=1400 audit(1604259656.932:54): avc: denied { prog_run } for pid=9982 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 19:40:56 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000080)='%', 0x1}], 0x1, &(0x7f00000015c0)=[@sndinfo={0x20}, @prinfo={0x18}], 0x38}, 0x4040840) 19:40:57 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newsa={0x144, 0x10, 0x713, 0x0, 0x0, {{@in=@local, @in6=@mcast2}, {@in6=@empty, 0x0, 0x32}, @in=@empty, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @offload={0xc, 0x1c, {r2}}]}, 0x144}}, 0x0) 19:40:57 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newsa={0x144, 0x10, 0x713, 0x0, 0x0, {{@in=@local, @in6=@mcast2}, {@in6=@empty, 0x0, 0x32}, @in=@empty, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @offload={0xc, 0x1c, {r2}}]}, 0x144}}, 0x0) 19:40:57 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='mqueue\x00', 0x0, 0x0) creat(&(0x7f0000000540)='./file0/bus\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') read$FUSE(r0, 0x0, 0x0) 19:40:57 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000080)='%', 0x1}], 0x1, &(0x7f00000015c0)=[@sndinfo={0x20}, @prinfo={0x18}], 0x38}, 0x4040840) [ 176.166484][T10000] FAT-fs (loop0): bogus number of reserved sectors [ 176.201239][T10004] kernel read not supported for file /bus (pid: 10004 comm: syz-executor.1) [ 176.218628][ T46] audit: type=1800 audit(1604259657.222:55): pid=10004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="mqueue" ino=39737 res=0 errno=0 [ 176.223681][T10000] FAT-fs (loop0): Can't find a valid FAT filesystem 19:40:57 executing program 0: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='utf8=0,nonumtail']) 19:40:57 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newsa={0x144, 0x10, 0x713, 0x0, 0x0, {{@in=@local, @in6=@mcast2}, {@in6=@empty, 0x0, 0x32}, @in=@empty, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @offload={0xc, 0x1c, {r2}}]}, 0x144}}, 0x0) 19:40:57 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000080)='%', 0x1}], 0x1, &(0x7f00000015c0)=[@sndinfo={0x20}, @prinfo={0x18}], 0x38}, 0x4040840) 19:40:57 executing program 1: bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0xe, 0x4, 0x4, 0xef39, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x7}, 0x40) [ 176.402640][T10017] [ 176.419797][T10024] FAT-fs (loop0): bogus number of reserved sectors [ 176.453940][T10017] ============================= 19:40:57 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000080)='%', 0x1}], 0x1, &(0x7f00000015c0)=[@sndinfo={0x20}, @prinfo={0x18}], 0x38}, 0x4040840) [ 176.458674][T10024] FAT-fs (loop0): Can't find a valid FAT filesystem [ 176.468154][T10017] WARNING: suspicious RCU usage [ 176.492309][T10017] 5.10.0-rc1-syzkaller #0 Not tainted [ 176.505472][T10017] ----------------------------- [ 176.516732][T10017] drivers/net/bonding/bond_main.c:395 suspicious rcu_dereference_check() usage! [ 176.535397][T10017] 19:40:57 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff110000020000000058000b4824ca805f64009400ff0325010ebc000800008020008000f0fffe00e809005300e21e9fb9000010000100091010000000000002000000", 0x58}], 0x1) [ 176.535397][T10017] other info that might help us debug this: [ 176.535397][T10017] [ 176.552029][T10017] [ 176.552029][T10017] rcu_scheduler_active = 2, debug_locks = 1 [ 176.569390][T10017] 1 lock held by syz-executor.3/10017: [ 176.584538][T10017] #0: ffff88806c563b68 (&net->xfrm.xfrm_cfg_mutex){+.+.}-{3:3}, at: xfrm_netlink_rcv+0x5c/0x90 19:40:57 executing program 2: syz_mount_image$jfs(&(0x7f0000000240)='jfs\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='errors=c']) [ 176.623020][T10017] 19:40:57 executing program 0: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='utf8=0,nonumtail']) [ 176.623020][T10017] stack backtrace: [ 176.637583][T10017] CPU: 2 PID: 10017 Comm: syz-executor.3 Not tainted 5.10.0-rc1-syzkaller #0 [ 176.643841][T10017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 176.671317][T10036] JFS: c is an invalid error handler [ 176.661476][T10017] Call Trace: [ 176.661476][T10017] dump_stack+0x107/0x163 [ 176.661476][T10017] bond_ipsec_add_sa+0x1dc/0x240 [ 176.661476][T10017] xfrm_dev_state_add+0x2da/0x7b0 19:40:57 executing program 1: bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0xe, 0x4, 0x4, 0xef39, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x7}, 0x40) [ 176.661476][T10017] xfrm_add_sa+0x2166/0x34f0 [ 176.661476][T10017] ? xfrm_send_report+0x510/0x510 [ 176.661476][T10017] ? bpf_lsm_capable+0x5/0x10 [ 176.686422][T10040] FAT-fs (loop0): bogus number of reserved sectors [ 176.688516][T10017] ? security_capable+0x8f/0xc0 [ 176.688516][T10017] ? __nla_parse+0x3d/0x50 [ 176.700992][T10040] FAT-fs (loop0): Can't find a valid FAT filesystem [ 176.701561][T10017] ? xfrm_send_report+0x510/0x510 [ 176.701561][T10017] xfrm_user_rcv_msg+0x42f/0x8b0 [ 176.701561][T10017] ? xfrm_do_migrate+0x800/0x800 [ 176.701561][T10017] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 176.701561][T10017] ? __mutex_lock+0x626/0x10e0 [ 176.701561][T10017] netlink_rcv_skb+0x153/0x420 [ 176.701561][T10017] ? xfrm_do_migrate+0x800/0x800 [ 176.701561][T10017] ? netlink_ack+0xaa0/0xaa0 [ 176.701561][T10017] xfrm_netlink_rcv+0x6b/0x90 [ 176.701561][T10017] netlink_unicast+0x533/0x7d0 [ 176.701561][T10017] ? netlink_attachskb+0x810/0x810 [ 176.701561][T10017] netlink_sendmsg+0x856/0xd90 [ 176.701561][T10017] ? netlink_unicast+0x7d0/0x7d0 [ 176.701561][T10017] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 176.701561][T10017] ? netlink_unicast+0x7d0/0x7d0 [ 176.701561][T10017] sock_sendmsg+0xcf/0x120 [ 176.701561][T10017] ____sys_sendmsg+0x6e8/0x810 [ 176.701561][T10017] ? kernel_sendmsg+0x50/0x50 [ 176.701561][T10017] ? do_recvmmsg+0x6c0/0x6c0 [ 176.701561][T10017] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 176.701561][T10017] ___sys_sendmsg+0xf3/0x170 [ 176.701561][T10017] ? sendmsg_copy_msghdr+0x160/0x160 [ 176.701561][T10017] ? __fget_files+0x272/0x400 19:40:57 executing program 3: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x802, 0x0) write$UHID_INPUT(r0, &(0x7f0000000040)={0x8, {"8688ec73f914ce23dfebec1918f0106323cadcc4abaf8009b403a4d7edfeacf12b496bd1a84d7cb768e75c2155a9014dda2ce5480ceae89d7418549b5bf7d1a4fbd3ca573cd49f12221bdacda0e1eac832f1d12d1377871b114a356a5f8ee05a264110b9ac172dc6b5245562a6617b60e86764b4e25dfc5d6cfc2f5b8b2695cdd4dab2292d626a27e074317850a40113a8a740381a05cb234e349d4361b256d1afc45fad368022df0139bbfd8f54729596fa42e23c85a82328cc455eab641ec20662f8f7cff540180dd0143a22475ccef1aef46b3ae4dce816145e342d6a653e3ca6671591f100143a5563a57384be5385b78b15c08bac94f11f23b220c516e81107e78ae3593f737399fa4f78bc8af4a6ad11f60ca6874fa7ce16477582a072ec22aa054deb1b0af26823caf496038e07c544805e0679581d842be0059f5b90406c8b844f193f8a21a18617d1304fe4dd57d151fe978d0ea6b7b14eb9e013cbc7f386653bc00858a741a25bb1ffaef7bd2d92255d301e43033f39c0b3daf89f58a469d29a8036dacab823b2e498e6606ee8515ec989b5e523bc1cf7a36853e490f9a7724d7612473045c60fb4b87f079828486d6179eba9c0fc5770ff9cf9f14dfc0909b2e4966e8473470a2f3b3bbe11ef8025da60dc1992c84ad0b2e825c2d2adbcab66863618e5c7406e6164f5c4844a24c5532a73fa879b5641f742ff763c1dbcff1551d0f7de310f4d28e2b24643e0d614b88ece6b663774efcacb4fa430bd8f0070b868eeb5348acef99d50bb2f3053f89729295b64971c5a66dbb33b037326595f25ccb14d6b6af48c08184dc32202c228a544e0dd895f93c5ab73d66dcacaca65ccba6df993d1ca3fc9433696a4b83115bccabd5b4b19905a5ef0d94128fe3b73d9e8872b5f608e69b428d2cb3eec75bc821dabf31f537fa9b63ce234393f8d32699cd700fe8abdd98e3186d66127bbead491239266af269e9513a549a8e1f4858f40a0ce155efed27bfce158b2b1eb66ae42026bb3cfd330c4081098c418ad884587bd8ec3419b74b4fccd6a12e6d6b132a9844c820ba121b736a488e4f85b45750a74334299e6956ad796717e00f985be74f9c32390bab147a5b8a93cd7a609f8a7dc3b7b729636269a41522528cae44da07e021469b7385edb8c619646e4e9983d63b0c83d90df242e39f28e89e6e50cb9bed0701e8bb9a3f02a54abade61b6718b77ad7d9d85050a01a837ec0d771ed1b623b10db464ddf3c305840aa051c31c7bc257e150e265eecf79f86a85c42ed32050c5640662dc545693f57c23c8efb0c3f4d793625aff99b1a39068a3d25c077438fb24c449dec59f9795cc7637bf22c386534c161264d8dd0d3dcce3e25a4d343e007d512d8ca1a5586c1844b6b9d890dba8e66b46b172577f8ea22e1373d2aab7aabbbe504c7998cc61185334cc37adaca1392c05aa0bfcecdd1515ad5311fca718bb399828f5b25927a87b2dd1b2cf96d0a2dc0f5ed05b6a72961b206e61239a4864b247f5be86cef0ed18f501a6586464382ca1c2e2360d7865b990f5d92c5fe070935d3df9b6a57af8e9e38b50397efe0be476e6ce9330b2bbf6575ead37fefeec6a3a4a0f4d0d7137e318fd9dbd197c5dfd4e39d9b6b60ab38422f458c2b5442d97be9da9af06bc6df07820f9e7f71764bcc6e4612088b4119eae1d3dce9c8ac0cfbd123d008e404d1f00ae02e71d6607c8c0de023ef9e318edd1f46b088837fc51cc01627cef8d11741180d2bfea240963fc6019de693723741ce89497c2c0e0d106aa7f95ab03778554bd3152aa904689473354e6feeeecc6f07dde70c40793931556d460877aec6d6e915d2eddfd08986147f70b4d74465ee61201d98ad3cdd5e85fdfd9e7ac0d7eaf78ea3a1fce522c0d97c29537fd5e482c1f99fb20952e4a48252d2ac44d0e1a10f19d1c60798ed9f9faa750de957a8145dacafc7bb809a708e13259270e2d1c95e1cc60ffa6185fdc93ee146f500de637e3058dde6007d1733bf2afc01a79022da6da83df391d3b8a018138c7ff4acc4143bcd6ff09002056f5f7167b339273552fa8b56c1a1855d4c713d5486a4db42dd25436982b2a7ca6c4a117b304937ab0ee602d607988dec7aac0ec654a02e5a2e4a133754e3a7c4050c6adc3d56afc63ddac896f56234bd0a06c133603b759d15c317a4dcf6480581cd2fc7ccb651486234164d4101da5f7ee23d19e445edec7abc58b2f5b5e262512ed4f7755c8fd18cea2dd82613f04875aa74f5889da20f2721391d4cb8ca26887209ef64040831453cd369c59b123f444220a07e962ab7d32ee34352bb31702ffbd00888700a852f89a51cd2e8418f5d93c9cdbcd294d8af71556b9546860459b2abd055c78f2e7de4b69e2069cb9945562001835d409f7f6d32a744fdc6a6973c836a3b0d92e57a17d3bd4fafd7707159927c92729e9c1f257a7a4488442afd4042156805d66b1bb9f7da2f61878b6807b57227698b66f09b125718e01477c6149d798c34a8b069cdca84ae9faf150a1814f51d574190991ac49143025e06e0da0ea637312b7f7e4335ee05598256e6a4bccef95a93718f12bc99cc061e9a76a5b136ebfc8705faa6bafbf38bf5a863ee146869ac9e5d5bd5675ae634235bf06f04252d01f2ede33c4ce322b44c3e5cd6e1f7de3174100e2d4814e3fecc68ac8a4a984e446d13cca61cc313dc4145f09fafa84ced5f6ba64d225258b047c68d5a32448d94bc8c6653125251b7075f8082052aa5394951281d96bff1050d4dec180365d165ff50b851343a40329d66510d496cc2e321ef9129df8f3de91f668397ec035e643cfdb8e63475dcc9850e68de8738154669549c7496dddaac78ba4a9203b719b78c66d499d806e8ec99b590d9a11c6d39f9bcec363cbb14b1a41f747b7fc82e458c938b24708632c85faa771d2f954b127409a5c1adb7a0ad24eea0f720ed173006a25891e8c4325af29847856c06d71a56b6500dde0fdf9a4ffab5cdcb52be1973db38246b5dbd1af12d61b2a26560a29f07b1fae129d96bb9ce0b8b9eaeae2f7ad644247a8a16be5e4b4beaa42fdd3c31e8d025591178f53e9274c5972504dcbfeb56d425496648f8bd700250bae12fa4e4ada0715e0a1cde90d18971692fad6a8e8dfc875b5b044451900db881fbfb1cd27f9c9586f571a3cc612115d1ddcc6951793745b1777f797cfa4d64a8d5f33deb6e0e52cabb63cedec014afdcffa574e7385212b746a646be116b93871559570bd407411d04af9230f11344dd2a001e74d4c0f38b6aec21167907f8123bcde1acb9059fb50e77f25debba33979b217e90c29c9bdc1927388cf556694756a397f63d6ae901a447d1b8ade5fff83a7fcbc0831a918caf8eb05a12cac3e8a9ffa90cf5fdb5ae601b20d1086f59d9978c211d4be7e8e7825bc29f72c859970841a109e901be47903459d5f0fd20902c65422b8f8a214c9d6d9ea280882d00d2a2391bc0bd2e0c7d89a3e92c75287dbcd31d8721fa839413575a3a66b381509ba3bd79bcd6106a5a286cf1dcdaa507c6690fe8789b5fa86236b7936c11c961bf3d37109f9b8a9e61bf4507d72c92f23d927fa43f8160a382c3c34f60c53f541648f69d04ce1204bd53f432d714d065ec14aa105d08418150a116e33e3a8006c14cf0b09db34f31758952a5ad650a567777ca9a93ee7a7c7f94855b3c73f348dd04761a04597a758992e2831ef90d82ffe2096c901671d1ed3dfc62924f016c32343cb7f6bfd6a63e53ae25d69192f22e369335316683e877bfc698ef3705a4ec0b96c7def99f8995a74a639793b571c80ee4f99bd1c5f0a183cda15a5c03f7aa831b92386d9900e7ed6853704cdbeb1a457e723f2c1beb276fb7059ccfdb88205bdbcf8202235dffcc2565c605612f7f157a029e37602628b873b8db810a8243f752df0ed1add89ea1c92b580336cd3e7f298ee5c5e4f0e65a7cb60a28e77322e1762d44b0df6ac0605395d9d22f6e0281d783998b2a6e0802a5843f8f96cc6108e629acf28f37f3f36e7804530c5ed32b9d69e7e365c7b0ef064cf3120ee04ab46339a8e5b836df4d72466feb50f2ed52ebae6d1711c11bcf50f4eeb28022dc56eedd73d23375817f6eed75d72c2b6d51a81178ea4b40925f6a272dcea4cec00fe24c3ad01b91606a1db25322cea0c66a9b596479d6b8b0cd333fb900da0c145f05216484d26a37733b7a8659553d7775439fadcafa488f98487a1d343584ebc351746ff5da7b074841bf74f5a97215427827b66beaa6b9c26c982e209c6a71201f63035c7ef15a828d64b5fc1136e88622e16a2f1e4a453c444ab485040970779aea4c14d162798a43a82b32a6a34740699727c844f2c21a9bba485a22ca12c0fb9459aaf6849774f3825ee4975c3571f15fc50b9bf26eaa87db89ceb5cb9b0b3c3d057281c686f5f6de7885054b72ca58a2ba08893bf9a29dd30baf40663be4efef7d801bcf140f022709be186c3786664ce5b45483179763ac27f6deee775d0146c4c81bc0cae405188c38251b468ba9763bb54c9b26e6c55925466baba43c859fb3deef5f4a93515138c783d9ef1dcb9637d556c0a834d5cec987c68871b42d395f8370389c3dbd1f0cb02663ba7ef983daf2de523bcee030f67999957dab09562055f47f4d0325032be3916579551abb34c94d1f742723e8c1b8f4bbb904185b4f03300637ad90b5968f711e4eefeada166700f8d1318fe07807bbc6fe220feb9a4b2644bfe78061bfaa8aa2e08cc299cbbad01f3c0b2dcf036967da538750ff3172e3399437d6dfdec09cf34ac4992102ea62682103ac01065ff9272ce8f79d529a734a9b4d3776a63b1d42e81367887ba8ef23d1ba9342b79f8b79751eb0123e75eb4777860f67003354b11915c7e9292a8fccafd030f92b9a1870cfa9c4525cf3ec2be9992c3545753959fd8febf2b6c49f0b2f9b873f04b9ea5f2fdefa3f696b4bd73f16214ba6f6b233d91ac5a523abc403980765eaedb07fe7729dcb3453f6843ebc58803453c51a5f0019056dcff60da54d8042df0406f0a5c47f777e3f07348592b0a2a94117f66b31fca3c625494cbf9e8028aee9cb145ce2a06359d0f1e2074012f004d52179d109764ac55684f1df062c80ae815c14fbc300f0c6f649ab2ba1ca6fe2cb149f50607669ba2f50bd2975d8818a65e3c90d6be5afe535d44ddcf365acd833ad02406795801f66978d3664360880d1c9063003e3a7c132722c8698c53cf2264efbc0ea677d751ed96759f2fe619936b6fff0bd5552cd5babf016c2a6afa97e30e68b3a284b7f5be52ee5ce866c38e485dc743dec7f6972d193b41a32c391fe1c2621e6962ae0f3bdee636fa2c3494184e42a91db608a6d3f6b8ee79e1ff22213ccc5721c1306e99f91ab2481b2a67abf70be9b86b9b84cbe5658389ed27ba687dfe0c29016af5396c7dcb9677e6c31089f68205e3603499682e8fd5c9f345f102ecedbdb233e4cae431dd52143e77e6eb7f77d12cc6b1b4b043fe22c30ab9212c18e51ddbb249044681f53c5b3319bbfd0595479d1b8be5f56f5d7058d181ad70118fc56c0c54d35cc1e0d834524dfef73016377811a6b8cdb4c1de598c72a5b6be6bdc57d727c03916991c5953f5b8e294e483b67afe80212fb91c8de4059d2aa4ab5567755b7bd1411196ea7b5087758137332c69e19cf2fca3306fc137302c8c587a575fb1162f5656fae747a3089959b3f96a96956df0565e97f0ac47d9636fe", 0x1000}}, 0x1006) [ 176.701561][T10017] ? lock_downgrade+0x6d0/0x6d0 [ 176.701561][T10017] ? find_held_lock+0x2d/0x110 [ 176.701561][T10017] ? __fget_files+0x294/0x400 19:40:58 executing program 3: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) mbind(&(0x7f0000d6b000/0x1000)=nil, 0x1000, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfe3000)=nil, 0xfe3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) [ 176.701561][T10017] ? __fget_light+0xea/0x280 [ 176.701561][T10017] __sys_sendmsg+0xe5/0x1b0 [ 176.701561][T10017] ? __sys_sendmsg_sock+0xb0/0xb0 [ 176.701561][T10017] ? __do_sys_futex+0x2a2/0x470 [ 176.701561][T10017] ? syscall_enter_from_user_mode+0x1d/0x50 [ 176.701561][T10017] do_syscall_64+0x2d/0x70 [ 176.701561][T10017] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 176.701561][T10017] RIP: 0033:0x45da59 [ 176.701561][T10017] Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.701561][T10017] RSP: 002b:00007f2fc2a98c88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 176.701561][T10017] RAX: ffffffffffffffda RBX: 0000000000720a60 RCX: 000000000045da59 [ 176.701561][T10017] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 176.701561][T10017] RBP: 00000000004aab8b R08: 0000000000000000 R09: 0000000000000000 [ 176.701561][T10017] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf00 [ 176.701561][T10017] R13: 00007ffea8e528ef R14: 00007f2fc2a79000 R15: 0000000000000003 [ 176.715167][T10017] bond0: (slave bond_slave_0): Slave does not support ipsec offload [ 176.782523][ T3334] Bluetooth: hci0: command 0x0419 tx timeout [ 176.814875][T10036] JFS: c is an invalid error handler [ 176.941837][ T3334] Bluetooth: hci1: command 0x0419 tx timeout [ 177.182876][ T36] Bluetooth: hci2: command 0x0419 tx timeout 19:40:58 executing program 1: bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0xe, 0x4, 0x4, 0xef39, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x7}, 0x40) [ 177.295391][T10053] mmap: syz-executor.3 (10053) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 177.344682][ T36] Bluetooth: hci3: command 0x0419 tx timeout 19:40:58 executing program 2: syz_mount_image$jfs(&(0x7f0000000240)='jfs\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='errors=c']) 19:40:58 executing program 0: getpgrp(0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0xaa821100, 0x0, 0x0, 0x0, 0x0) 19:40:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newlink={0x8c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x6c, 0x12, 0x0, 0x1, @ip6erspan={{0xe, 0x1, 'ip6erspan\x00'}, {0x58, 0x2, 0x0, 0x1, [@IFLA_GRE_TTL={0x5, 0x8, 0x9}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e21}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2={0xfc, 0x2, [], 0x1}}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e22}, @IFLA_GRE_REMOTE={0x14, 0x7, @mcast2}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}]}}}]}, 0x8c}}, 0x0) [ 177.373933][T10064] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/10064 [ 177.394967][T10064] caller is lockdep_hardirqs_on_prepare+0x5e/0x410 [ 177.413328][T10064] CPU: 2 PID: 10064 Comm: syz-executor.0 Not tainted 5.10.0-rc1-syzkaller #0 [ 177.436570][T10064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 177.461563][T10064] Call Trace: [ 177.461563][T10064] dump_stack+0x107/0x163 [ 177.461563][T10064] check_preemption_disabled+0x123/0x130 [ 177.492479][T10064] lockdep_hardirqs_on_prepare+0x5e/0x410 [ 177.492479][T10064] trace_hardirqs_on+0x5b/0x1c0 [ 177.514693][T10064] __bad_area_nosemaphore+0xc6/0x400 [ 177.521499][T10064] do_user_addr_fault+0x7d7/0xb40 [ 177.536829][T10064] exc_page_fault+0x9e/0x180 [ 177.541531][T10064] ? asm_exc_page_fault+0x8/0x30 [ 177.561567][T10064] asm_exc_page_fault+0x1e/0x30 [ 177.561567][T10064] RIP: 0033:0x339fef0 [ 177.574677][T10064] Code: Unable to access opcode bytes at RIP 0x339fec6. [ 177.582158][T10064] RSP: 002b:00007f898f7d9c90 EFLAGS: 00010217 [ 177.601809][T10064] RAX: 0000000000000000 RBX: 00000000006f43e0 RCX: 000000000045da59 [ 177.615164][T10064] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 177.640754][T10064] RBP: 00000000004aab8b R08: ffffffffffffffff R09: 0000000000000000 [ 177.677234][T10064] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf00 [ 177.712289][T10064] R13: 00007ffda9be274f R14: 00007f898f7ba000 R15: 0000000000000003 [ 177.736393][T10064] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/10064 [ 177.754923][T10064] caller is lockdep_hardirqs_on+0x38/0x110 [ 177.765464][T10064] CPU: 2 PID: 10064 Comm: syz-executor.0 Not tainted 5.10.0-rc1-syzkaller #0 [ 177.775401][T10064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 177.791593][T10064] Call Trace: [ 177.804477][T10064] dump_stack+0x107/0x163 [ 177.804477][T10064] check_preemption_disabled+0x123/0x130 [ 177.813943][T10064] ? __bad_area_nosemaphore+0xc6/0x400 [ 177.831462][T10064] lockdep_hardirqs_on+0x38/0x110 [ 177.844502][T10064] __bad_area_nosemaphore+0xc6/0x400 [ 177.861202][T10064] do_user_addr_fault+0x7d7/0xb40 [ 177.872271][T10064] exc_page_fault+0x9e/0x180 [ 177.883466][T10064] ? asm_exc_page_fault+0x8/0x30 [ 177.896235][T10064] asm_exc_page_fault+0x1e/0x30 [ 177.903425][T10064] RIP: 0033:0x339fef0 [ 177.914204][T10064] Code: Unable to access opcode bytes at RIP 0x339fec6. [ 177.928541][T10064] RSP: 002b:00007f898f7d9c90 EFLAGS: 00010217 [ 177.936258][T10064] RAX: 0000000000000000 RBX: 00000000006f43e0 RCX: 000000000045da59 [ 177.948923][T10064] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 177.960710][T10064] RBP: 00000000004aab8b R08: ffffffffffffffff R09: 0000000000000000 [ 177.971652][T10064] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf00 [ 177.983559][T10064] R13: 00007ffda9be274f R14: 00007f898f7ba000 R15: 0000000000000003 19:40:59 executing program 0: getpgrp(0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0xaa821100, 0x0, 0x0, 0x0, 0x0) [ 178.046403][T10071] JFS: c is an invalid error handler 19:40:59 executing program 1: bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0xe, 0x4, 0x4, 0xef39, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x7}, 0x40) 19:40:59 executing program 3: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000100)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=@newqdisc={0x38, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7, 0x1, 'fq\x00'}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x9}]}}]}, 0x38}}, 0x0) 19:40:59 executing program 0: getpgrp(0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0xaa821100, 0x0, 0x0, 0x0, 0x0) 19:40:59 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f00000005c0)={0x1f, 0x0, 0x2}, 0x6) 19:40:59 executing program 0: getpgrp(0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0xaa821100, 0x0, 0x0, 0x0, 0x0) 19:40:59 executing program 2: syz_mount_image$jfs(&(0x7f0000000240)='jfs\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='errors=c']) 19:40:59 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x13, 0x0, 0x0) 19:40:59 executing program 1: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000c80)={0x1, "2e1100b0df6d7fcf409def1a1fc1ed341c5533b89b0603ae37c860fe2c09c110ff00f45709d664539e1e381f35071f061ac0e16f328dca5d39656da02489672db6d19f37405111e97aa998473f0e8d1e8f3b32b99730931041cfd6c2df99a9d60031c125814bb6ee11e303000000b33d0000000049ad4ae8d462fcf5fa3b57806356cdb615f058b0fed6706a4d152ed0cea438f8387c3440ba6ba9cc08452fc04250db61cf3bcacfe9d34b6a31de9d05a5615416a1e222dcba8dee9f0cdc7527d27e8a15b700000000000000000000000000000000cd846e9ea6bfe963e86814a576b24813ddfa8130a04b4ad6d8791c698df63e5e23fa327326484829f3f7769669e325cd2485e172bf12"}, 0x44b, 0x800) 19:40:59 executing program 0: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = socket(0x1e, 0x1, 0x0) io_submit(r0, 0x1, &(0x7f0000000a40)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) [ 178.199685][T10097] JFS: c is an invalid error handler 19:40:59 executing program 3: syz_mount_image$efs(&(0x7f0000000000)='efs\x00', &(0x7f0000000100)='./file0\x00', 0x5a800, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004e65744253442020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202000000000000000001f0000000000001f0000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001812000000000000000000001300000000220014000000000000140008000000000800780913141510080200000100000101002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020323032303039313932303231313630300832303230303931393230323131363030083030303030303030303030303030303000323032303039313932303231313630300801005b4150504c49434154494f4e205553455d2d2d3e202e2e2e00"/928, 0x3a0, 0x8000}, {&(0x7f0000010400)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00... <--[APPLICATION USE]\x00'/64, 0x40, 0x8540}, {&(0x7f0000010500)="ff43443030310100"/32, 0x20, 0x8800}, {&(0x7f0000010600)="01001400000001000000050015000000010046494c4530000000000000000000", 0x20, 0x9000}, {&(0x7f0000010700)="01000000001400010000050000000015000146494c4530000000000000000000", 0x20, 0x9800}, {&(0x7f0000010800)="fe00140000000000001400080000000008007809131415100802000001000001010053500701beef004552b9010a495e01494545455f503132383254484520494545452050313238322050524f544f434f4c2050524f564944455320535550504f525420464f5220504f5349582046494c452053595354454d2053454d414e544943532e504c4541534520434f4e54414354205448452049454545205354414e4441524453204445504152544d454e542c20504953434154415741592c204e4a2c2055534120464f52205448452050313238322053504543494649434154494f4e2e43451c011e0000000000001e00000000000000004b0000000000004b4e00140000000000001400080000000008007809131415100802000001000001010150582c01c0410000000041c003000000000000035cf901000001f95c535f010000015f53090000000000000980001700000000000017640000000000006478091314151008000000010000010b46494c452e434f4c443b3150582c01ed810000000081ed01000000000000015cf901000001f95c535f010000015f530800000000000008544619010e78091314151008780913141510087809131415104e4d0e010066696c652e636f6c640076001500000000000015000800000000080078091314151008020000010000010546494c453050582c01ed410000000041ed02000000000000025cf901000001f95c535f010000015f530300000000000003544619010e78091314151008780913141510087809131415104e4d0a010066696c6530007a0018000000000000180a0000000000000a78091314151008000000010000010846494c45312e3b310050582c01ed810000000081ed01000000000000015cf901000001f95c535f010000015f530700000000000007544619010e78091314151008780913141510087809131415104e4d0a010066696c6531007a001900000000000019282300000000232878091314151008000000010000010846494c45322e3b310050582c01ed810000000081ed02000000000000025cf901000001f95c535f010000015f530600000000000006544619010e78091314151008780913141510087809131415104e4d0a010066696c6532007a001900000000000019282300000000232878091314151008000000010000010846494c45332e3b310050582c01ed810000000081ed02000000000000025cf901000001f95c535f010000015f530600000000000006544619010e78091314151008780913141510087809131415104e4d0a010066696c653300"/960, 0x3c0, 0xa000}, {&(0x7f0000010c00)="4e00150000000000001500080000000008007809131415100802000001000001010050582c01ed410000000041ed02000000000000025cf901000001f95c535f010000015f5303000000000000034e00140000000000001400080000000008007809131415100802000001000001010150582c01c0410000000041c003000000000000035cf901000001f95c535f010000015f5309000000000000097a0016000000000000161a0400000000041a78091314151008000000010000010846494c45302e3b310050582c01ed810000000081ed01000000000000015cf901000001f95c535f010000015f530400000000000004544619010e78091314151008780913141510087809131415104e4d0a010066696c653000aa001700000000000017260000000000002678091314151008000000010000010846494c45312e3b310050582c01ffa100000000a1ff01000000000000015cf901000001f95c535f010000015f530500000000000005544619010e7809131415100878091314151008780913141510534c31010008000003746d70001573797a2d696d61676567656e393131303733343438000566696c6530000566696c65304e4d0a010066696c6531", 0x1c0, 0xa800}, {&(0x7f0000010e00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0xb000}, {&(0x7f0000011300)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0xb800}, {&(0x7f0000011400)='syzkallers\x00'/32, 0x20, 0xc000}, {&(0x7f0000011500)="50582c01c0410000000041c003000000000000035cf901000001f95c535f010000015f530900000000000009544619010e78091314151008780913141510087809131415104e4d0601002e00"/96, 0x60, 0xf000}], 0x0, &(0x7f0000011600)) 19:40:59 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x64, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x39, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @val={0x4, 0x6}, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7}, @void}}]]}, 0x64}}, 0x0) 19:40:59 executing program 2: syz_mount_image$jfs(&(0x7f0000000240)='jfs\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='errors=c']) 19:40:59 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x0, 0x0) preadv(r0, &(0x7f0000001340)=[{&(0x7f0000000080)=""/4080, 0xff0}], 0x1, 0x84, 0x0) 19:40:59 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000003e00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xb, 0x3}], {0x14, 0x10}}, 0x3c}}, 0x0) 19:40:59 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c58110308d9123127ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r2, 0x5, 0x6, @local}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000001c0)={r2, 0x3, 0x6, @link_local}, 0x10) 19:40:59 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newsa={0x104, 0x10, 0x801, 0x0, 0x0, {{@in6=@mcast1, @in6=@mcast1}, {@in=@dev, 0x0, 0x3c}, @in6=@loopback, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in=@dev}]}, 0x104}}, 0x0) [ 178.461989][T10120] JFS: c is an invalid error handler [ 178.472128][T10130] device lo entered promiscuous mode [ 178.483181][T10129] device lo left promiscuous mode 19:40:59 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000080)={0x9, 0x0, 0x0, 0x0, 0x0, "2c9b7663afce7ed7b02b71fa26dec1c97531f8"}) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNISCRNMAP(r1, 0x5412, &(0x7f0000000040)) [ 178.538598][T10135] mip6: mip6_destopt_init_state: state's mode is not 2: 0 19:40:59 executing program 3: r0 = memfd_create(&(0x7f0000000000)='#em\x06\x00\x00\x00', 0x0) write$eventfd(r0, &(0x7f0000000080), 0x8) r1 = dup(r0) pread64(r1, 0x0, 0x0, 0x0) 19:40:59 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x402c5342, &(0x7f00000002c0)) 19:40:59 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_DELAY(r0, 0x4144, 0x0) 19:40:59 executing program 3: bind(0xffffffffffffffff, &(0x7f0000000040)=@generic={0x0, "0000010000000000080044944eeba71a2f76e252922cb18f6e2e2aba000000012e0b3836005404b0e0631a4ce875f2e3ff5f163ee340b767950080000000fa00000101013c581103e6d8123127ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x3d, &(0x7f0000000080)={0x0, 0x0}, 0x8) 19:40:59 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x18}, [@ldst={0x5, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffffb}, 0x48) 19:40:59 executing program 1: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f00000001c0)={0x18, 0x0, {0x4, @dev, 'vlan1\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x80047453, &(0x7f0000000000)={0x18, 0x0, {0x0, @dev, 'veth1\x00'}}) 19:40:59 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TYPE(r0, &(0x7f0000019140)={0x0, 0x0, &(0x7f0000019100)={&(0x7f0000000080)={0x30, 0xd, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}]}, 0x30}}, 0x0) 19:40:59 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, 0x0, &(0x7f0000000040)) 19:40:59 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x54, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x4}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}]}, 0x54}}, 0x0) 19:40:59 executing program 2: madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xa) clone(0x0, 0x0, 0x0, 0x0, 0x0) 19:40:59 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) listen(r0, 0xe9) r1 = socket(0x2, 0x1, 0x0) dup2(r1, r0) [ 178.821240][T10170] netlink: 'syz-executor.1': attribute type 5 has an invalid length. 19:40:59 executing program 0: r0 = memfd_create(&(0x7f0000000040)='4\xacXrcO\b\xc4ut/eve\x94\xa1m\x1e\x12\x8ai,\xbeTnt#\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c46001b00d2000000000001000003003e0000001000000006000000001e40000000000000000000000000008b0000000010000038"], 0x44) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 19:40:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x3, 0x2a0, 0x0, 0x0, 0x148, 0x0, 0x148, 0x208, 0x240, 0x240, 0x208, 0x240, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00', {}, {}, 0x6}, 0x0, 0x118, 0x178, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@inet=@multiport={{0x50, 'multiport\x00'}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xfffc}}}}, {{@ip={@local, @empty, 0x0, 0x0, 'veth0_vlan\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x300) 19:40:59 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x54, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x4}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}]}, 0x54}}, 0x0) 19:40:59 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) listen(r0, 0xe9) r1 = socket(0x2, 0x1, 0x0) dup2(r1, r0) [ 178.926609][T10192] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 178.943912][T10194] Cannot find add_set index 65532 as target 19:40:59 executing program 0: r0 = fsopen(&(0x7f0000000080)='tracefs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 19:40:59 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) listen(r0, 0xe9) r1 = socket(0x2, 0x1, 0x0) dup2(r1, r0) 19:41:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x3, 0x2a0, 0x0, 0x0, 0x148, 0x0, 0x148, 0x208, 0x240, 0x240, 0x208, 0x240, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00', {}, {}, 0x6}, 0x0, 0x118, 0x178, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@inet=@multiport={{0x50, 'multiport\x00'}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xfffc}}}}, {{@ip={@local, @empty, 0x0, 0x0, 'veth0_vlan\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x300) 19:41:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x54, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x4}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}]}, 0x54}}, 0x0) 19:41:00 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x17, 0x0, 0x0) [ 179.023900][T10206] Cannot find add_set index 65532 as target [ 179.040772][T10208] netlink: 'syz-executor.1': attribute type 5 has an invalid length. 19:41:00 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) listen(r0, 0xe9) r1 = socket(0x2, 0x1, 0x0) dup2(r1, r0) 19:41:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x3, 0x2a0, 0x0, 0x0, 0x148, 0x0, 0x148, 0x208, 0x240, 0x240, 0x208, 0x240, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00', {}, {}, 0x6}, 0x0, 0x118, 0x178, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@inet=@multiport={{0x50, 'multiport\x00'}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xfffc}}}}, {{@ip={@local, @empty, 0x0, 0x0, 'veth0_vlan\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x300) [ 179.101870][T10215] Cannot find add_set index 65532 as target 19:41:00 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000040)=0xffffffff, 0x4) 19:41:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x54, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x4}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}]}, 0x54}}, 0x0) [ 179.144985][T10223] netlink: 'syz-executor.1': attribute type 5 has an invalid length. 19:41:00 executing program 3: write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0x0, 0x0, {{0x0, 0x8}}}, 0x60) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/215) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd01009341", 0x6}], 0x1000000000000006, 0x0, 0x0) 19:41:00 executing program 0: sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000280)=ANY=[@ANYBLOB="020d0000100000002f314468fffffff9030006000720000002004000c3060000000000f5000000000800120002000100000000000000000030006c000203000000000000000000b20200760760d02c0000000000000000230a00000cfa98ab000000000000000000030005000000000002"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f00000000c0), 0x4000676, 0x0) 19:41:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x3, 0x2a0, 0x0, 0x0, 0x148, 0x0, 0x148, 0x208, 0x240, 0x240, 0x208, 0x240, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00', {}, {}, 0x6}, 0x0, 0x118, 0x178, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@inet=@multiport={{0x50, 'multiport\x00'}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xfffc}}}}, {{@ip={@local, @empty, 0x0, 0x0, 'veth0_vlan\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x300) 19:41:00 executing program 0: capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)) prlimit64(0x0, 0x4, &(0x7f0000000080)={0x0, 0x7}, 0x0) [ 179.214109][T10232] Cannot find add_set index 65532 as target [ 179.224493][T10235] capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure 19:41:00 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r0, 0x40046f41, 0x76006e) 19:41:00 executing program 0: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x20000080, 0x0, 0x0, 0x200000b0, 0x200000e0], 0x0, 0x0, &(0x7f0000000080)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, {}, {}]}, 0x108) 19:41:00 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f00000002c0)='/dev/video#\x00', 0x800, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000480)={0x2, @vbi}) 19:41:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_UPDELAY={0x8, 0x12, 0xffffffff}]}}}]}, 0x3c}}, 0x0) [ 179.382363][T10246] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551615) 19:41:00 executing program 0: r0 = socket(0x23, 0x5, 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x113, 0x2, 0x0, 0x1590000) 19:41:00 executing program 2: r0 = socket(0x29, 0x5, 0x0) sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x10}, 0xfffffc1d}}, 0x0) 19:41:00 executing program 3: write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0x0, 0x0, {{0x0, 0x8}}}, 0x60) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/215) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd01009341", 0x6}], 0x1000000000000006, 0x0, 0x0) [ 179.419942][T10246] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 19:41:00 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@struct={0x8, 0x0, 0x0, 0xf}]}, {0x0, [0x0]}}, &(0x7f0000000300)=""/250, 0x27, 0xfa, 0x8}, 0x20) 19:41:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0x0, 0x0, "1a0000018000"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCL_BLANKSCREEN(r2, 0x541c, 0x0) [ 179.499248][T10260] BPF:[1] Invalid name_offset:8 19:41:00 executing program 2: r0 = socket(0x29, 0x5, 0x0) sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x10}, 0xfffffc1d}}, 0x0) 19:41:00 executing program 0: openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0xa4500, 0x0) [ 179.516798][T10261] BPF:[1] Invalid name_offset:8 19:41:00 executing program 1: r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000005440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 19:41:00 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x2, [@enum={0x0, 0x1, 0x0, 0x6, 0x4, [{}]}]}}, 0x0, 0x2e}, 0x20) 19:41:00 executing program 3: write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0x0, 0x0, {{0x0, 0x8}}}, 0x60) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/215) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd01009341", 0x6}], 0x1000000000000006, 0x0, 0x0) 19:41:00 executing program 0: syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x20000, 0x4000) 19:41:00 executing program 1: r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000005440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 19:41:00 executing program 2: r0 = socket(0x29, 0x5, 0x0) sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x10}, 0xfffffc1d}}, 0x0) 19:41:00 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x6, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000009}}]}, 0x28}}, 0x0) 19:41:00 executing program 1: r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000005440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 19:41:00 executing program 3: write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0x0, 0x0, {{0x0, 0x8}}}, 0x60) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/215) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd01009341", 0x6}], 0x1000000000000006, 0x0, 0x0) 19:41:00 executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224000100000000090400000903000000092100000001222200090581030800000000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') 19:41:00 executing program 1: r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000005440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 19:41:00 executing program 2: r0 = socket(0x29, 0x5, 0x0) sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x10}, 0xfffffc1d}}, 0x0) 19:41:00 executing program 1: clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') syz_open_procfs(r0, 0x0) tkill(r0, 0x33) 19:41:00 executing program 2: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xaf01, 0x0) 19:41:00 executing program 3: prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='//selinux\x00\x00\x01\x10') r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='cgroup.stat\x00', 0x275a, 0x0) 19:41:00 executing program 1: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x6000, 0x1) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) ioctl$BLKGETSIZE64(r0, 0x80081270, &(0x7f0000000040)) 19:41:00 executing program 3: prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='//selinux\x00\x00\x01\x10') r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='cgroup.stat\x00', 0x275a, 0x0) [ 180.072009][ T23] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 180.322356][ T23] usb 5-1: Using ep0 maxpacket: 16 [ 180.461999][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.481607][ T23] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 180.501264][ T23] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 180.517777][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.536535][ T23] usb 5-1: config 0 descriptor?? [ 181.029028][ T23] HID 045e:07da: Invalid code 65791 type 1 [ 181.044150][ T23] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:045E:07DA.0002/input/input5 [ 181.073038][ T23] microsoft 0003:045E:07DA.0002: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 182.798385][ T3334] usb 5-1: USB disconnect, device number 2 19:41:03 executing program 1: socket$kcm(0x2, 0x3, 0x2) r0 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f00000007c0)={'geneve1\x00', @link_local}) 19:41:03 executing program 3: prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='//selinux\x00\x00\x01\x10') r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='cgroup.stat\x00', 0x275a, 0x0) 19:41:03 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x12, 0x1, 0x0, 0xf0}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0) 19:41:03 executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224000100000000090400000903000000092100000001222200090581030800000000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') 19:41:03 executing program 3: prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='//selinux\x00\x00\x01\x10') r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='cgroup.stat\x00', 0x275a, 0x0) 19:41:03 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x12, 0x1, 0x0, 0xf0}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0) 19:41:03 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x12, 0x1, 0x0, 0xf0}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0) 19:41:03 executing program 3: r0 = socket$inet(0x2, 0x3, 0xff) sendto$inet(r0, &(0x7f00000001c0)="1c26be040f6f56f47ab656d5d5a7edd6e4efe5c4", 0x14, 0xc010, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) 19:41:03 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGETCMAP(r0, 0x4604, &(0x7f00000001c0)={0x0, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000100), 0x0, 0x0}) 19:41:04 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x12, 0x1, 0x0, 0xf0}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0) 19:41:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)=@newlink={0x48, 0x10, 0xc3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb, 0x1, 'erspan\x00'}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_DPORT={0x6}, @IFLA_GRE_ENCAP_SPORT={0x6}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x48}}, 0x0) [ 183.252003][ T3334] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 183.501677][ T3334] usb 5-1: Using ep0 maxpacket: 16 [ 183.641746][ T3334] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.658834][ T3334] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 183.677226][ T3334] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 183.695374][ T3334] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.716810][ T3334] usb 5-1: config 0 descriptor?? [ 184.203734][ T3334] HID 045e:07da: Invalid code 65791 type 1 [ 184.216096][ T3334] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:045E:07DA.0003/input/input6 [ 184.236129][ T3334] microsoft 0003:045E:07DA.0003: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 19:41:06 executing program 1: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x48, 0x2, {{}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x0, 0x0, 0x49d, 0x0, 0x0, 0x80000000}}]}}}]}, 0x78}}, 0x0) 19:41:06 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)=@newtaction={0x78, 0x30, 0x17b, 0x0, 0x0, {}, [{0x64, 0x1, [@m_bpf={0x60, 0x1, 0x0, 0x0, {{0x8, 0x1, 'bpf\x00'}, {0x38, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x2}, @TCA_ACT_BPF_PARMS={0x18}, @TCA_ACT_BPF_OPS={0x14, 0x4, [{}, {}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) 19:41:06 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x200000000000004) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="480000001400f90c09004beafd0d8c56028447000bffe0064e230f00000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) 19:41:06 executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224000100000000090400000903000000092100000001222200090581030800000000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') [ 185.969710][ T3069] usb 5-1: USB disconnect, device number 3 19:41:07 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001440)={0x8, {"a2e3ad21ed6b52f99cfbf4c087f719b4d04fe7ff7fc6e5539b636e0e8b546a9b377194370890e0878fdb1ac6e7049b48b4956c409a472a5b67f3988f7ef31952a981ffe8d178708c523c921b1b5d4b0a169b58d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fef5952a5391fd5615d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e67d1d7232f17696294378ce716dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f7927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a483bf2aa74fc3357de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a39973132f02768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90195c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b010a3ad0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 19:41:07 executing program 3: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='dummy0\x00', 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername(r3, &(0x7f00000003c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, &(0x7f00000000c0)=0x80) mmap(&(0x7f0000005000/0x3000)=nil, 0x200000, 0x0, 0x12, r4, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:41:07 executing program 1: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000270008000f8010020004000000000000000000080002943a05df153595a4b414c4c4552202046415431362020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff056000ffffff09a0000bc0000de0000f000111200113400115600117800119f0ffff0f00"/96, 0x60, 0x1e0}, {&(0x7f0000010200)="f8fffffff0ff056000ffffff09a0000bc0000de0000f000111200113400115600117800119f0ffff0f00"/64, 0x40, 0x400}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e880325132510000e880325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010003ae970325132510000e970325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c453120202020202020003ae970325132510000e970325107000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c453220202020202020003ae970325132510000e970325108002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c20003ae970325132510000e97032511a0064000000", 0x120, 0x600}, {&(0x7f0000010500)="2e2020202020202020202010003ae970325132510000e97032510300000000002e2e20202020202020202010003ae970325132510000e970325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202020003ae970325132510000e970325104001a040000", 0x80, 0x1600}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x1800}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0x1e00}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x4400}], 0x0, &(0x7f0000010d00)) 19:41:07 executing program 1: r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@get={0xe0, 0x13, 0x3, 0x0, 0x0, {{'aegis128\x00'}}}, 0xe0}}, 0x0) 19:41:07 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000540)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) [ 186.262424][ T46] kauditd_printk_skb: 8 callbacks suppressed 19:41:07 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x95, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0x9) 19:41:07 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000dc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x308, 0x0, 0x0, 0x0, 0x0, 0x0, 0x238, 0x238, 0x238, 0x238, 0x238, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x42], 0x0, 0x120, 0x140, 0x0, {}, [@common=@inet=@multiport={{0x50, 'multiport\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x368) [ 186.262435][ T46] audit: type=1400 audit(1604259667.272:58): avc: denied { create } for pid=10397 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 186.326772][ T46] audit: type=1400 audit(1604259667.322:59): avc: denied { open } for pid=10403 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 186.367341][ T46] audit: type=1400 audit(1604259667.332:60): avc: denied { kernel } for pid=10403 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 186.411613][ T46] audit: type=1400 audit(1604259667.332:61): avc: denied { confidentiality } for pid=10403 comm="syz-executor.2" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 186.449414][ T3069] usb 5-1: new high-speed USB device number 4 using dummy_hcd VM DIAGNOSIS: 19:40:58 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff840e40bc RDI=ffffffff8faed8c0 RBP=ffffffff8faed880 RSP=ffffc90002546ff0 R8 =0000000000000001 R9 =0000000000000003 R10=000000000000000a R11=0000000000000000 R12=0000000000000020 R13=fffffbfff1f5db63 R14=fffffbfff1f5db1a R15=dffffc0000000000 RIP=ffffffff840e4110 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f2fc2a99700 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2f524000 CR3=000000006e9e8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000007359680000000000735980 XMM02=00000000007359600000000000735968 XMM03=00000000007359800000000000735960 XMM04=656d6172665f7463656a6e695f313132 XMM05=00000000000001e80000000000000006 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000069c1d RBX=ffff888010ac4380 RCX=1ffffffff19d9139 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffed1002158870 RSP=ffffc9000041fdf8 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000001 R13=0000000000000001 R14=ffffffff8cecc388 R15=0000000000000000 RIP=ffffffff88e78ed3 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fdd70867008 CR3=000000006acc6000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000e40000000000000003 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000e40000000000000003 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=ffff88801d971df0 RBX=1ffff9200082cef0 RCX=0000000000000006 RDX=dffffc0000000000 RSI=ffff88801d971dd0 RDI=ffff88801d9714c0 RBP=ffff88801d971dd0 RSP=ffffc90004167748 R8 =0000000000000000 R9 =ffffffff8ecca677 R10=fffffbfff1d994ce R11=0000000000000000 R12=0000000000000006 R13=ffff88801d971df2 R14=0000000000000040 R15=0000000000040000 RIP=ffffffff81559719 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f8dca6367a0 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f8dca63d000 CR3=000000002ad0d000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=20202020202020202020202020202020 XMM02=000000000000000000ff0000ff000000 XMM03=00000000000000000000000000000000 XMM04=75722f766564752f62696c2f002f2a2f XMM05=5b6d626974627c2a5d392d305b646d7c XMM06=2d305b6d626974627c2a5d392d305b64 XMM07=2d63707276633a3174633a554d45516e XMM08=ffffffffffffffffffffffffffffffff XMM09=00000020202020202020202020202000 XMM10=ffffffffffffffffffffffffffffffff XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=000000566ce8870a RBX=0000000000000001 RCX=00000000000006e0 RDX=0000000000000056 RSI=ffff88802cd1fa00 RDI=000000000003ffa4 RBP=ffff88802cd1fa00 RSP=ffffc90002517b80 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=000000000003ffa4 R13=0000000000000000 R14=ffff88802cd26840 R15=0000000000026840 RIP=ffffffff812d93bb RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000003336940 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020000040 CR3=000000006dcc7000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000007359680000000000735980 XMM02=00000000007359600000000000735968 XMM03=00000000007359800000000000735960 XMM04=0000000000000000000000ff00000000 XMM05=00000000000000380000000000000001 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000