last executing test programs: 2.888218093s ago: executing program 0 (id=6856): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$HIDIOCGCOLLECTIONINFO(r1, 0x4008c001, 0x0) 2.322171457s ago: executing program 0 (id=6859): ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd090387237ee530000000"], 0xfdef) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000100)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @dev, @local}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "f4cb985d86dd6266b5efb88a2c87eda081bac8b2f9a49d564054f1c9218f47b3", "cf8743eb4d9e776f94a6a58d36e006ac614f6f7bce9217cbfea31675d4a860cf6003977b1e4dbb16dc31cc76522bf19d", "5043edd2a8cc8c41345f8feb1a7a8e23043b8a465b1ed5bf8bc91307", {"c7193f7edd1efc4742dc481e6f57f901", "948177bcc5dea4029ba4683a6bdcd7a1"}}}}}}}, 0x0) 2.043634576s ago: executing program 0 (id=6860): r0 = openat$cdrom(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$CDROM_NEXT_WRITABLE(r0, 0x5394, 0x0) r1 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) write$binfmt_elf32(r1, 0x0, 0x0) syz_emit_vhci(&(0x7f00000008c0)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}, {0x9, 0xc9}}}, 0x6) write$binfmt_script(r1, &(0x7f0000000900)={'#! ', './file0'}, 0xb) r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) getsockopt$bt_hci(r2, 0x0, 0x2, &(0x7f0000000a40)=""/108, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) r3 = syz_create_resource$binfmt(0x0) execveat$binfmt(0xffffffffffffffff, r3, 0x0, &(0x7f0000001e80)={[0x0, &(0x7f0000001d40)='/dev/cdrom\x00', &(0x7f0000001d80)='#! ', &(0x7f0000001dc0)='/dev/cdrom\x00', &(0x7f0000001e00)='#! ', &(0x7f0000001e40)='\x00']}, 0x1000) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0) r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000002080), 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(0x0, r4) sendmsg$TIPC_NL_NODE_GET(r6, &(0x7f00000025c0)={&(0x7f0000002200)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x40080d0) ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r4, 0xc008aec1, &(0x7f0000002600)={0x4, 0x0, [{0xc0000000, 0xa, 0x1, 0x7fffffff, 0x79, 0x2, 0x5e43}, {0x80000007, 0x7b, 0x6, 0x5, 0x5, 0x4efd, 0x7fff}, {0x7, 0x6, 0x1, 0x5, 0x9, 0x7fff, 0x3}, {0x6, 0x8, 0x1, 0xe002, 0x401, 0x322, 0x7ff}]}) getsockopt$IP_VS_SO_GET_DAEMON(r6, 0x0, 0x487, &(0x7f00000026c0), &(0x7f0000002700)=0x30) sync_file_range(r2, 0x8, 0x9, 0x6) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0xc0189379, &(0x7f0000002740)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) r9 = fcntl$dupfd(r8, 0x0, r5) r10 = syz_clone(0x100000500, &(0x7f0000002780)="039cfa5ba7cd7d7644d243d18a8d41f227dce069f4f8fb5c30ac024d70e8af756ce4f8c97367796e3fd2190edbacfa1ab972c7164370b5c1074477d0d10f54503e183e473a5dde93c82f4fb4a61312436b75a32cc2756fcda852779b5b8e9aa3cd1ff27f9bedff25849890df27d310868892a3094e5fe207966db118267350a0946e62909c215e5bd9168aee9817f9266f898b81a7adba", 0x97, &(0x7f0000002840), &(0x7f0000002880), &(0x7f00000028c0)="60fdb032320382da6d8112945883") prctl$PR_SCHED_CORE(0x3e, 0x1, r10, 0x1, &(0x7f0000002900)) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000002b80)={&(0x7f0000002940)="4eaedbf4e8778a4c292ac924a53627fba4a8e16a1c58f4168b23c25d1dbe3eb849e1b7e48a3e3a2a541844e2130630dcd29ace23f181203c9ceb3f3328eae15ce27b8ccd1110138988ea88832fb0b3a5d7", &(0x7f00000029c0)=""/151, &(0x7f0000002a80)="0f01b7673c814d52a6f78b41b975a45361e031c6eaf790c651be47aa25222040ca5ab25ccf58c5c670c6d6beca53e299797034b65e843851d15fc059ffe0072b417f555fecfc4a2507304590c6f724b35cfe03f101006d7ff1897c2e49668c0ee32f6c4bfef5e79951f3268d8972826b9ce9e115a9e3e9db31f71b35ceef099ec9040231a473c05f", &(0x7f0000002b40)="ead1464f15ee5a", 0x6, r4}, 0x38) sendmsg$TIPC_NL_MEDIA_SET(r9, &(0x7f0000002dc0)={&(0x7f0000002bc0), 0xc, &(0x7f0000002d80)={&(0x7f0000002c00)={0x17c, r7, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}]}, @TIPC_NLA_MEDIA={0x74, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x59}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3ff}]}, @TIPC_NLA_BEARER={0x7c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xaf62}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x38fa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1289}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8}]}, @TIPC_NLA_SOCK_CON={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x10}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xb}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4008050) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000002e40)='}@', 0x2) 1.944142682s ago: executing program 0 (id=6862): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/sockstat6\x00') pread64(r1, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbff, {0x0, 0x0, 0x74, 0x0, 0x0, 0x5b2f3}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x2}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x2000c014) 1.943768559s ago: executing program 0 (id=6863): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r6 = dup3(r5, r4, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r6, 0xc018937d, &(0x7f00000003c0)={{0x1, 0x1, 0x18, r4, {0x5}}, './file0\x00'}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, 0x0}}], 0x0, 0x0, 0x0}) read$FUSE(r3, &(0x7f0000005180)={0x2020}, 0x2020) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200043, 0x118) readlinkat(r9, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)=""/143, 0x8f) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000380)={0x73622a85, 0xa, 0x2}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r8, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r2, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r10, r8, 0x0, 0x0, 0xdead, 0x8, &(0x7f0000000240)}) 1.852779703s ago: executing program 0 (id=6864): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="5000000009060102000063c521810000030000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0c00148008000140ac1414190c0002800800014064"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5758661d46}, 0x4) sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x48, 0x8, 0x6, 0x401, 0x0, 0x0, {0x3, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) 1.242499621s ago: executing program 2 (id=6869): r0 = openat$cdrom(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$CDROM_NEXT_WRITABLE(r0, 0x5394, 0x0) r1 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) write$binfmt_elf32(r1, 0x0, 0x0) syz_emit_vhci(&(0x7f00000008c0)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}, {0x9, 0xc9}}}, 0x6) write$binfmt_script(r1, &(0x7f0000000900)={'#! ', './file0'}, 0xb) r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) getsockopt$bt_hci(r2, 0x0, 0x2, &(0x7f0000000a40)=""/108, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) r3 = syz_create_resource$binfmt(0x0) execveat$binfmt(0xffffffffffffffff, r3, 0x0, &(0x7f0000001e80)={[0x0, &(0x7f0000001d40)='/dev/cdrom\x00', &(0x7f0000001d80)='#! ', &(0x7f0000001dc0)='/dev/cdrom\x00', &(0x7f0000001e00)='#! ', &(0x7f0000001e40)='\x00']}, 0x1000) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0) r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000002080), 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(0x0, r4) sendmsg$TIPC_NL_NODE_GET(r6, &(0x7f00000025c0)={&(0x7f0000002200)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x40080d0) ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r4, 0xc008aec1, &(0x7f0000002600)={0x4, 0x0, [{0xc0000000, 0xa, 0x1, 0x7fffffff, 0x79, 0x2, 0x5e43}, {0x80000007, 0x7b, 0x6, 0x5, 0x5, 0x4efd, 0x7fff}, {0x7, 0x6, 0x1, 0x5, 0x9, 0x7fff, 0x3}, {0x6, 0x8, 0x1, 0xe002, 0x401, 0x322, 0x7ff}]}) getsockopt$IP_VS_SO_GET_DAEMON(r6, 0x0, 0x487, &(0x7f00000026c0), &(0x7f0000002700)=0x30) sync_file_range(r2, 0x8, 0x9, 0x6) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0xc0189379, &(0x7f0000002740)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) r9 = fcntl$dupfd(r8, 0x0, r5) r10 = syz_clone(0x100000500, &(0x7f0000002780)="039cfa5ba7cd7d7644d243d18a8d41f227dce069f4f8fb5c30ac024d70e8af756ce4f8c97367796e3fd2190edbacfa1ab972c7164370b5c1074477d0d10f54503e183e473a5dde93c82f4fb4a61312436b75a32cc2756fcda852779b5b8e9aa3cd1ff27f9bedff25849890df27d310868892a3094e5fe207966db118267350a0946e62909c215e5bd9168aee9817f9266f898b81a7adba", 0x97, &(0x7f0000002840), &(0x7f0000002880), &(0x7f00000028c0)="60fdb032320382da6d8112945883") prctl$PR_SCHED_CORE(0x3e, 0x1, r10, 0x1, &(0x7f0000002900)) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000002b80)={&(0x7f0000002940)="4eaedbf4e8778a4c292ac924a53627fba4a8e16a1c58f4168b23c25d1dbe3eb849e1b7e48a3e3a2a541844e2130630dcd29ace23f181203c9ceb3f3328eae15ce27b8ccd1110138988ea88832fb0b3a5d7", &(0x7f00000029c0)=""/151, &(0x7f0000002a80)="0f01b7673c814d52a6f78b41b975a45361e031c6eaf790c651be47aa25222040ca5ab25ccf58c5c670c6d6beca53e299797034b65e843851d15fc059ffe0072b417f555fecfc4a2507304590c6f724b35cfe03f101006d7ff1897c2e49668c0ee32f6c4bfef5e79951f3268d8972826b9ce9e115a9e3e9db31f71b35ceef099ec9040231a473c05f", &(0x7f0000002b40)="ead1464f15ee5a", 0x6, r4}, 0x38) sendmsg$TIPC_NL_MEDIA_SET(r9, &(0x7f0000002dc0)={&(0x7f0000002bc0), 0xc, &(0x7f0000002d80)={&(0x7f0000002c00)={0x17c, r7, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}]}, @TIPC_NLA_MEDIA={0x74, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x59}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3ff}]}, @TIPC_NLA_BEARER={0x7c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xaf62}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x38fa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1289}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x10}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xb}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4008050) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000002e40)='}@', 0x2) 1.181143217s ago: executing program 2 (id=6871): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x6) ftruncate(r1, 0x2000000) fcntl$addseals(r1, 0x409, 0x7) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x1f, 0x9000000, 0x1000000}) 1.103788223s ago: executing program 2 (id=6872): r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0) ioctl$KVM_CREATE_VM(r0, 0x40086806, 0x21) read$FUSE(r0, &(0x7f0000002080)={0x2020}, 0x2020) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@deltaction={0x60, 0x18, 0x1, 0x70bd2c, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x4c, 0x1, [{0xc, 0x8d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x14, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0x28, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x24, 0x3, 0x6}}, {0x10, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x44000}, 0x20040844) 982.983603ms ago: executing program 1 (id=6874): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x422100, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000340)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0xfffc, 0x0, @empty}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='caif0\x00', 0x10) sendmmsg(r1, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4004041) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x405, 0xfffffffc, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x45502, 0x4}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6, 0x1, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4001}, 0x0) 981.930949ms ago: executing program 3 (id=6875): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f0000000080)={[0xeeee0000, 0xa000, 0xdddd0000, 0xb000], 0x2000000db, 0xc}) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0x4000, 0x4, 0x5, 0x0, 0x8, 0x3, 0xa, 0x7e, 0x4, 0x15, 0x5, 0x80204}, {0x804, 0x9, 0x1, 0x45, 0x7, 0x15, 0x4, 0x3, 0x0, 0x81, 0x6, 0x5, 0x20c}, {0x1, 0x3, 0x28, 0x4, 0x6, 0x7, 0x2, 0x50, 0xfd, 0x70, 0x0, 0x2}], 0xffbfffff}) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) r1 = socket$kcm(0x29, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000002940)={0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000002980)=""/4112, 0xfffffe09}], 0x1}, 0x0) openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x20000, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'gretap0\x00', &(0x7f00000002c0)={'syztnl0\x00', 0x0, 0x8000, 0x7800, 0x2, 0xffffffff, {{0xf, 0x4, 0x0, 0x38, 0x3c, 0x67, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010100, @loopback, {[@rr={0x7, 0x27, 0x47, [@remote, @broadcast, @loopback, @loopback, @multicast2, @private=0xa010100, @multicast2, @loopback, @dev={0xac, 0x14, 0x14, 0x13}]}]}}}}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x70bd2c, 0x2ddfdbff, {0x0, 0x0, 0x0, r3, {0x3, 0xfff1}, {0x4, 0xa}, {0x9, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x4048080}, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r4, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c000000130001000400"/20, @ANYRES32=0x0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r7, @ANYBLOB="1400350064756d6d7930"], 0x3c}, 0x1, 0x0, 0x0, 0x8004010}, 0x0) r8 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r8, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) r9 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) 883.201647ms ago: executing program 1 (id=6876): syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0x0, 0xc9, 0x81ad}}}, 0x8) syz_emit_vhci(&(0x7f00000000c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x1, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x0, 0xa}, {0x6f, 0x3, 0x4, 0x5, 0xd}}}}, 0x17) connect$inet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_io_uring_complete(0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@timestamp, @mss={0x2, 0x8}, @mss={0x2, 0x606}, @timestamp, @timestamp], 0x5) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x183040, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x2080, 0x0) 804.011668ms ago: executing program 1 (id=6877): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r1, 0x0, 0x18, &(0x7f00000002c0)=0x81, 0x4) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000000)={r2, 0x0, 0x1, 0x0, 0x1000000000000}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000200)=0x5) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'default', 0x20, 'trusted:', 's}z', 0x20, 0xfcd}, 0x2f, 0xfffffffffffffffa) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000001c0)=0x3) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_DEL_KEY(r4, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x40, r5, 0x2, 0x70bd28, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x20004080}, 0x20000840) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000140)=0xb) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0x6) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r6) sendmsg$DEVLINK_CMD_RATE_GET(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r7, 0x6a9354ab0d020bb7, 0x0, 0xffffffff, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000180)=0x7) 592.814037ms ago: executing program 1 (id=6878): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x40, 0x24, 0xf0b, 0x70bd2d, 0x25dfdbfb, {0x60, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}, {0x9}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x1fffc000, 0xb, 0x5}}}}]}, 0x40}}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000001380)=ANY=[@ANYBLOB="0180c2000003aaaaaaaaaaaa86dd607862840030000120010000100000000000000000000000fe8000000000000000000000000000002f04000000000000071800000000040000d604"], 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=ANY=[@ANYBLOB="180000001500010029bd7000fedbdf252d"], 0x18}}, 0x20000000) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000011c0)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="6f0400000000000004010007"], 0x28) setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r6, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {0x0}}, 0x10) r7 = dup(r3) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x4, 0x4, 0x4, 0x2, 0x0, 0x1, 0x7ffd}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r9}, &(0x7f00000002c0), &(0x7f0000000140)=r8}, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r7, 0x3554000) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x8, 0x4}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 462.933498ms ago: executing program 3 (id=6879): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@empty, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {0x0, 0xacb0, 0x400000000}, 0xfffd}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x4c050) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000ff0200000000000000000000000000012001000000000000000000000000000000000002000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000180000000000000020000000000000009000000000000000000000000000000000001000000000084000500ac1414aa000000000000000000000000000004d532000000000000007f0000010000000000000000000000000000000002010000000000000000000000000000640101020000000000000000ff000000fffffffc3c00000000000000000000000000000000000000000000000000000004"], 0x13c}}, 0x4080010) syz_emit_ethernet(0x46, &(0x7f0000002600)=ANY=[@ANYBLOB="0180c2fff5000180c200000286dd6000000000103a01fe800000000000000000000000000000ff020000000000000000000000000001"], 0x0) 461.645924ms ago: executing program 3 (id=6880): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000010000100feffffff00010000fe88000000000000e6ffffffffffff00fc0100000000000000000000000000010001071c4e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000ff02000000000000000000000000000100000000000000009201000000000000a39b000000000000ffff0000000000001c250800000000000200000000000000fcffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd700000350000020001002000000000000000480003006465666c617465"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000180)=[{&(0x7f00000001c0)="170000001500add427323b472545b4562d117fffffff81", 0x17}], 0x1) (async) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) (async) r2 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x7, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x9b090d, 0x2, '\x00', @p_u32=0x0}}) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="680100001a000100feffffff0001000000000000000000000000ffffe0000002fe8800000000000000000000000001010001071c4e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES8=r2], 0x168}, 0x1, 0x0, 0x0, 0x8841}, 0x0) 383.459153ms ago: executing program 3 (id=6881): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x3}}, 0x1c) (async) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff4000/0xa000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) (async) r1 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x8, 0xc4}) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x1, 0x0, &(0x7f00000004c0)='c', 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) (async) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x4) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB=')'], 0x50) io_uring_enter(r1, 0x2219, 0xcf74, 0x16, 0x0, 0x0) (async) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000080)={0x1}, 0x8) (async) sendmmsg$sock(r0, &(0x7f00000005c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000680)="8ca16f83", 0x4}], 0x1, &(0x7f0000000200)=[@txtime={{0x18, 0x1, 0x3d, 0x1fe}}], 0x18}}], 0x1, 0x84) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) fsopen(0x0, 0x1) listen(0xffffffffffffffff, 0x3) (async) syz_usb_connect$hid(0x0, 0x3f, 0x0, 0x0) (async) socket$packet(0x11, 0x2, 0x300) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) r4 = accept4$alg(r3, 0x0, 0x0, 0x80000) io_setup(0x42, &(0x7f0000000100)=0x0) io_submit(r5, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r4, &(0x7f0000000000)='e', 0x3f}]) (async) sendmmsg$alg(r4, &(0x7f0000001780)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)="00c91082813ea5b87f3fdac78c3971ee5e", 0x11}], 0x1, &(0x7f0000000400)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x1) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) (async) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r7], 0x50}}, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r8, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000200}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x48, 0x1406, 0x4, 0x70bd27, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x4084401}, 0x40) 382.990869ms ago: executing program 1 (id=6882): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) r3 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000080)={r4, 0x0, {0x0, 0x0, 0x0, 0x4000040000004, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0xa]}}) ioctl$LOOP_SET_CAPACITY(r3, 0x4c07) syz_open_dev$evdev(&(0x7f0000000140), 0x4, 0x60000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100001000000000000000000000000006601030000000000000000010000000900010073797a3000000000400000c79c0a01020000000000000000010000000900030073797a320000000014000480080001400000000108000240378b5ec30900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a300000000028000480240001800a00010071756575650000001400028006000340000100000600014000170000140000001100010000000000000000000000000a0000000000"], 0xd8}}, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000380)=[@text16={0x10, &(0x7f0000000440)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa100ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x40010}, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7ff}, 0x1c, 0x0}}], 0x1, 0x0) sendmsg$NFT_MSG_GETSET(r4, &(0x7f00000005c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a40000000a0a010200000000000000000200000a70000d405a0c2ab40d1e2fd8e2a9bd0501f8a1c93b389f90beeae84fc9f68b11d0e3ed2670dbd37f76d28bb4dca6e5bb082a13c410ab77b06900dca79fe9b5261e12e89019c18aed5432047c1519815ecb229a54c4827c2ddfebd49ea50eaadf2d6cda4e06aa04f15f2186da297caf8f0579e65033604ef4a86c0109ee9f4d0900010073797a30000000000c00118008"], 0xa4}, 0x1, 0x0, 0x0, 0x20000080}, 0x11) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS2(r2, 0x4068aea3, &(0x7f0000000200)={0xd5, 0x0, 0x2}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 381.855512ms ago: executing program 3 (id=6883): syz_emit_ethernet(0x32, &(0x7f0000000280)={@local, @link_local, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x1, 0x8, 0x24, 0x68, 0x0, 0x7, 0x21, 0x0, @rand_addr=0x64010100, @local}, {{0x4e21, 0x4e21, 0x1e, 0x1, 0xb, 0x0, 0x0, 0x0, 0x2, "740e23", 0x4d, '1\x00'}}}}}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000140)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="56c78e3c733d76696e65459beb1fb664f6ce6c0c7274696f7874656e642c6163638173733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000000)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000000c0), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000784000/0x4000)=nil, 0x4000, 0x1, 0x13, r1, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x54}}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000003480)={&(0x7f0000000b80)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100042002000500040001000000090001"], 0x5c}, 0x1, 0x40030000000000, 0x0, 0x4000005}, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef) 232.092715ms ago: executing program 2 (id=6884): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000400)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x2800000002000000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x7300, 0x4000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x4, 0x7300}, 0x28) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e22, 0xd, @loopback, 0x6}, 0x1c) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'veth0_vlan\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@private2, 0x0, r4}) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYRESHEX, @ANYRES32=r4, @ANYBLOB="3a8d04005a1000000800040044"], 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) openat$audio1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) r5 = dup(r1) sendmmsg$inet(r5, &(0x7f000000d4c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)="9e3b074a89", 0x5}], 0x1}}], 0x1, 0x95) read$FUSE(r5, &(0x7f00000075c0)={0x2020}, 0x2020) read$FUSE(r5, &(0x7f0000002a00)={0x2020}, 0x2020) r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x400) ioctl$DRM_IOCTL_WAIT_VBLANK(r6, 0xc018643a, &(0x7f0000000040)={0x4000000, 0x8, 0x4000040d}) close(r6) sendto$packet(r5, &(0x7f0000000240)="51cd", 0x2, 0x4008081, 0x0, 0x0) 153.157206ms ago: executing program 2 (id=6885): r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0xa0) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0xb3) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r2, 0xfffffffdffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x0, 0x0, &(0x7f0000000580)='GPL\x00', 0x10000, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cd06000000000000003388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408bab6c1f29cb62d0", 0x95}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b29", 0xce}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6cb75b5d05d6037f91e8f4f08e90d5313fb91fbdc5acd212f7d8c8", 0x59}, {&(0x7f0000000340)}], 0x4}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, 0x0, 0x0, &(0x7f0000000980)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}, @timestamping={{0x14, 0x1, 0x25, 0xffff}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}], 0xa8}}], 0x2, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x2, 0x129000) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r4, 0xc01064bd, &(0x7f00000001c0)={&(0x7f0000000040)="9b2d", 0x2}) close_range(r4, 0xffffffffffffffff, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f0000000300), 0x1, 0x203) ppoll(&(0x7f0000000280)=[{r6, 0x10320}], 0x1, 0x0, 0x0, 0x0) bind$alg(r5, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000780)="0000000000230e076b877a117fd685dbb87241b13910c4facee735fbe146ba44ac540ad7de89d867131d583f55711f99160fc150958b25b860a1f118a8e94d6b167ffd99cdfb980d1ab98f983d1202000000fc293f43f3eb2df304ace6686106213e01372f266e238958e0acbea2306eeaee2cd8c87ad311254965b27cb6b6a9338c", 0x82) r7 = accept4(r5, 0x0, 0x0, 0x800) r8 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r8, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r8, 0x1, 0x6, &(0x7f0000000140)=0x8, 0x4) connect$inet(r8, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r8, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) r9 = openat$audio1(0xffffffffffffff9c, &(0x7f0000001580), 0x138a09f12d120b2d, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r9, 0xc004500a, &(0x7f0000000200)=0x12) ioctl$SNDCTL_DSP_GETOSPACE(r9, 0x8010500c, &(0x7f0000000280)) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 152.743942ms ago: executing program 3 (id=6886): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) socket$kcm(0x11, 0x20000000000000a, 0x300) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x68}}, 0x0) r4 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r4, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000500)=[{&(0x7f0000001640)="5346f7f875528ef24043c68e04180a33", 0x10}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}, 0x0) (async) sendmsg$inet(r4, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000500)=[{&(0x7f0000001640)="5346f7f875528ef24043c68e04180a33", 0x10}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20) accept4$alg(r5, 0x0, 0x0, 0x1800) (async) r6 = accept4$alg(r5, 0x0, 0x0, 0x1800) sendmmsg$alg(r6, &(0x7f00000021c0)=[{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000100)="a92e81d0991808e33c2330164cf023df", 0x10}], 0x1, &(0x7f0000001040)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x880}], 0x1, 0x80001) (async) sendmmsg$alg(r6, &(0x7f00000021c0)=[{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000100)="a92e81d0991808e33c2330164cf023df", 0x10}], 0x1, &(0x7f0000001040)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x880}], 0x1, 0x80001) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x240800, 0x9e) (async) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x240800, 0x9e) recvmmsg(r6, &(0x7f0000004480)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000001080)=""/4096, 0x1000}], 0x1}, 0xffff}], 0x1, 0x10041, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x400caed0, &(0x7f0000000400)={0x1, 0x0, @ioapic={0xffffffff, 0xb, 0x8, 0x2, 0x0, [{0xc, 0xe, 0x5, '\x00', 0x4}, {0xf, 0x0, 0x4, '\x00', 0x4}, {0xff, 0x7, 0xf, '\x00', 0x7f}, {0x8, 0xa1, 0x2, '\x00', 0x9}, {0x1, 0x0, 0x0, '\x00', 0x80}, {0x1, 0x8, 0x7f, '\x00', 0x7f}, {0x9, 0x1, 0xd1, '\x00', 0x4}, {0xd, 0x1, 0x49}, {0xb8, 0x5a, 0x4, '\x00', 0x33}, {0x7, 0x3, 0x80, '\x00', 0x4}, {0x8, 0x2, 0xfc, '\x00', 0xff}, {0x5, 0xb, 0xc4, '\x00', 0x4}, {0x8, 0x5, 0x4, '\x00', 0x9}, {0x5, 0x1}, {0x0, 0x9, 0xc5, '\x00', 0x4}, {0x9, 0xc, 0x48, '\x00', 0x9}, {0x2, 0x8, 0x0, '\x00', 0xd}, {0x7, 0x6, 0x1b, '\x00', 0x2}, {0x4, 0x5, 0x3, '\x00', 0x4}, {0x0, 0x4e, 0x5, '\x00', 0x4}, {0xf0, 0x1, 0x7, '\x00', 0x1}, {0x78, 0x81, 0x5d, '\x00', 0x8}, {0xf, 0x10, 0xdb, '\x00', 0x5}, {0x7f, 0x63, 0x5, '\x00', 0x3}]}}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x18228}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'bridge0\x00'}]}, 0x34}}, 0x10) 66.185469ms ago: executing program 1 (id=6887): openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x80100, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x8, 0x2, 0xffffffffffffffff], 0x0, 0x200}) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1}) r4 = gettid() ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0xc0405626, &(0x7f0000000040)=0x6) timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=0x0) timer_settime(r5, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x101, 0xaec4, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x20000, 0x1c, 0x0, 0x5, 0x1], 0x0, 0x41981}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 2 (id=6888): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000080)=[{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0", 0x49}, {&(0x7f0000000a80)="e8700e444d50a969ff", 0x9}], 0x100000000000014d}], 0x492492492492721, 0x44800) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x80) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000900)=""/83, 0x53}], 0x2}, 0x50) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) statx(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x1000, 0x4, &(0x7f0000000980)) kernel console output (not intermixed with test programs): ame: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 593.167759][T21976] Call Trace: [ 593.167828][T21976] [ 593.167839][T21976] dump_stack_lvl+0x100/0x190 [ 593.167969][T21976] should_fail_ex.cold+0x5/0xa [ 593.168058][T21976] _copy_from_iter+0x1f4/0x1690 [ 593.168092][T21976] ? __asan_memset+0x23/0x50 [ 593.168174][T21976] ? __pfx__copy_from_iter+0x10/0x10 [ 593.168197][T21976] ? __pfx___alloc_skb+0x10/0x10 [ 593.168244][T21976] netlink_sendmsg+0x808/0xda0 [ 593.168270][T21976] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.168288][T21976] ? __might_fault+0x10/0x140 [ 593.168388][T21976] ____sys_sendmsg+0x9e1/0xb70 [ 593.168408][T21976] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.168430][T21976] ? __pfx_____sys_sendmsg+0x10/0x10 [ 593.168461][T21976] ___sys_sendmsg+0x190/0x1e0 [ 593.168483][T21976] ? __pfx____sys_sendmsg+0x10/0x10 [ 593.168533][T21976] __sys_sendmsg+0x170/0x220 [ 593.168560][T21976] ? __pfx___sys_sendmsg+0x10/0x10 [ 593.168601][T21976] do_syscall_64+0x106/0xf80 [ 593.168619][T21976] ? clear_bhb_loop+0x40/0x90 [ 593.168644][T21976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.168664][T21976] RIP: 0033:0x7fb1aaf9c819 [ 593.168682][T21976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 593.168700][T21976] RSP: 002b:00007fb1abdcc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 593.168770][T21976] RAX: ffffffffffffffda RBX: 00007fb1ab215fa0 RCX: 00007fb1aaf9c819 [ 593.168782][T21976] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000003 [ 593.168795][T21976] RBP: 00007fb1abdcc090 R08: 0000000000000000 R09: 0000000000000000 [ 593.168805][T21976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 593.168817][T21976] R13: 00007fb1ab216038 R14: 00007fb1ab215fa0 R15: 00007ffc80e3c778 [ 593.168842][T21976] [ 593.264509][T21979] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5954'. [ 593.348890][ T5292] Bluetooth: hci2: link tx timeout [ 593.352510][ T5292] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa [ 593.546671][T21994] Set syz1 is full, maxelem 65536 reached [ 593.559608][ T40] audit: type=1400 audit(1776082306.113:733): avc: denied { setopt } for pid=21995 comm="syz.0.5961" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 593.652918][T22002] __nla_validate_parse: 2 callbacks suppressed [ 593.652941][T22002] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5963'. [ 593.659720][ T6028] usb 8-1: new high-speed USB device number 80 using dummy_hcd [ 593.663791][T22002] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5963'. [ 593.677135][ T12] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 593.677411][T22002] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5963'. [ 593.681516][ T12] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 593.683947][T22002] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5963'. [ 593.695023][ T12] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 593.697807][ T12] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 593.809914][ T6028] usb 8-1: Using ep0 maxpacket: 8 [ 593.814444][ T6028] usb 8-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 593.818170][ T6028] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.831421][T19297] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 593.838343][ T6028] pvrusb2: Hardware description: Terratec Grabster AV400 [ 593.847740][ T6028] pvrusb2: ********** [ 593.849793][ T6028] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 593.854073][ T6028] pvrusb2: Important functionality might not be entirely working. [ 593.857376][ T6028] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 593.865590][ T6028] pvrusb2: ********** [ 593.973367][ T40] audit: type=1400 audit(1776082306.533:734): avc: denied { getopt } for pid=22024 comm="syz.0.5971" lport=42305 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 593.986401][ T40] audit: type=1400 audit(1776082306.543:735): avc: denied { read } for pid=22024 comm="syz.0.5971" lport=42305 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 593.996913][T19297] usb 6-1: Using ep0 maxpacket: 8 [ 594.001453][T19297] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 594.004895][T19297] usb 6-1: config 0 has no interface number 0 [ 594.007662][T19297] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 594.015785][T19297] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 594.021105][T19297] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 594.029729][T19297] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 594.037437][ T2491] pvrusb2: Invalid write control endpoint [ 594.045742][T19297] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 594.051379][T19297] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.057335][T19297] usb 6-1: config 0 descriptor?? [ 594.075587][T19297] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 594.088380][ T2491] pvrusb2: Invalid write control endpoint [ 594.090594][ T2491] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 594.094132][ T2491] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 594.097137][ T2491] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 594.100625][ T2491] pvrusb2: Device being rendered inoperable [ 594.103021][ T2491] cx25840 3-0044: Unable to detect h/w, assuming cx23887 [ 594.106033][ T2491] cx25840 3-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 594.122514][ T2491] pvrusb2: Attached sub-driver cx25840 [ 594.124918][ T2491] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 594.132306][ T2491] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 594.246815][ T5980] usb 8-1: USB disconnect, device number 80 [ 594.273922][T20659] usb 6-1: USB disconnect, device number 70 [ 594.282271][T20659] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 594.308313][T22042] FAULT_INJECTION: forcing a failure. [ 594.308313][T22042] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 594.313451][T22042] CPU: 2 UID: 0 PID: 22042 Comm: syz.2.5977 Tainted: G L syzkaller #0 PREEMPT(full) [ 594.313472][T22042] Tainted: [L]=SOFTLOCKUP [ 594.313477][T22042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 594.313484][T22042] Call Trace: [ 594.313489][T22042] [ 594.313494][T22042] dump_stack_lvl+0x100/0x190 [ 594.313519][T22042] should_fail_ex.cold+0x5/0xa [ 594.313536][T22042] _copy_to_user+0x32/0xd0 [ 594.313550][T22042] simple_read_from_buffer+0xcb/0x170 [ 594.313642][T22042] proc_fail_nth_read+0x1af/0x230 [ 594.313717][T22042] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 594.313735][T22042] ? rw_verify_area+0xce/0x6d0 [ 594.313806][T22042] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 594.313823][T22042] vfs_read+0x1e4/0xb30 [ 594.313835][T22042] ? __pfx_vfs_read+0x10/0x10 [ 594.313845][T22042] ? __fget_files+0x215/0x3d0 [ 594.313862][T22042] ? __fget_files+0x21f/0x3d0 [ 594.313878][T22042] ksys_read+0x12a/0x250 [ 594.313889][T22042] ? __pfx_ksys_read+0x10/0x10 [ 594.313903][T22042] do_syscall_64+0x106/0xf80 [ 594.313915][T22042] ? clear_bhb_loop+0x40/0x90 [ 594.313929][T22042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.313944][T22042] RIP: 0033:0x7fa28d15d04e [ 594.313958][T22042] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 594.313972][T22042] RSP: 002b:00007fa28e10cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 594.313989][T22042] RAX: ffffffffffffffda RBX: 00007fa28e10d6c0 RCX: 00007fa28d15d04e [ 594.314001][T22042] RDX: 000000000000000f RSI: 00007fa28e10d0a0 RDI: 0000000000000007 [ 594.314012][T22042] RBP: 00007fa28e10d090 R08: 0000000000000000 R09: 0000000000000000 [ 594.314022][T22042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 594.314034][T22042] R13: 00007fa28d416038 R14: 00007fa28d415fa0 R15: 00007ffddf8c73a8 [ 594.314057][T22042] [ 594.573582][T22050] netlink: 76 bytes leftover after parsing attributes in process `syz.0.5980'. [ 595.119716][ T6056] usb 8-1: new high-speed USB device number 81 using dummy_hcd [ 595.224350][ T40] audit: type=1400 audit(1776082307.783:736): avc: denied { getopt } for pid=22084 comm="syz.0.5993" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 595.287781][ T6056] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 595.294739][ T6056] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 595.300294][ T6056] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 595.306158][ T6056] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 595.311409][ T6056] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.321665][ T6056] usb 8-1: config 0 descriptor?? [ 595.336825][T22090] --map-set only usable from mangle table [ 595.371305][T15992] Bluetooth: hci2: command 0x0406 tx timeout [ 595.386877][T22090] xt_hashlimit: invalid rate [ 595.468165][T22090] input: syz0 as /devices/virtual/input/input28 [ 595.737405][ T6056] hid_parser_main: 27 callbacks suppressed [ 595.737477][ T6056] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 595.744121][ T6056] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 595.747400][ T6056] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 595.751087][ T6056] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 595.754587][ T6056] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 595.757809][ T6056] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 595.761685][ T6056] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 595.765089][ T6056] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 595.768702][ T6056] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 595.772542][ T6056] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 595.790272][ T6056] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 595.890463][ T830] usb 7-1: new high-speed USB device number 63 using dummy_hcd [ 596.015816][ T40] audit: type=1400 audit(1776082308.573:737): avc: denied { setopt } for pid=22069 comm="syz.3.5987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 596.045270][ T6056] usb 8-1: USB disconnect, device number 81 [ 596.079796][ T830] usb 7-1: Using ep0 maxpacket: 8 [ 596.084876][ T830] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 596.088876][ T830] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.101675][ T830] pvrusb2: Hardware description: Terratec Grabster AV400 [ 596.104779][ T830] pvrusb2: ********** [ 596.106504][ T830] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 596.113190][ T830] pvrusb2: Important functionality might not be entirely working. [ 596.116577][ T830] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 596.122165][ T830] pvrusb2: ********** [ 596.299972][ T2491] pvrusb2: Invalid write control endpoint [ 596.342213][ T2491] pvrusb2: Invalid write control endpoint [ 596.345504][ T2491] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 596.349127][ T2491] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 596.352753][ T2491] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 596.356554][ T2491] pvrusb2: Device being rendered inoperable [ 596.360798][ T2491] cx25840 3-0044: Unable to detect h/w, assuming cx23887 [ 596.363146][ T2491] cx25840 3-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 596.366858][ T2491] pvrusb2: Attached sub-driver cx25840 [ 596.369196][ T2491] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 596.372942][ T2491] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 596.373960][ T40] audit: type=1400 audit(1776082308.933:738): avc: denied { ioctl } for pid=22162 comm="syz.1.6007" path="socket:[94108]" dev="sockfs" ino=94108 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 596.382110][T22164] Set syz1 is full, maxelem 65536 reached [ 596.388504][T22164] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6007'. [ 596.436835][T22169] ubi31: attaching mtd0 [ 596.444329][T22169] ubi31: scanning is finished [ 596.445987][T22169] ubi31: empty MTD device detected [ 596.509326][ T830] usb 7-1: USB disconnect, device number 63 [ 596.536134][T22172] netlink: 'syz.1.6008': attribute type 1 has an invalid length. [ 596.557921][T22172] 8021q: adding VLAN 0 to HW filter on device bond1 [ 596.562836][T22172] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=22172 comm=syz.1.6008 [ 596.703948][T22182] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6011'. [ 596.707528][T22183] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6011'. [ 596.707700][T22182] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6011'. [ 596.710427][T22183] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6011'. [ 596.714146][T22182] netlink: 'syz.0.6011': attribute type 15 has an invalid length. [ 596.715128][T22169] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 596.715189][T22169] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 596.715207][T22169] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 596.715224][T22169] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 596.715243][T22169] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 596.715259][T22169] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 596.715282][T22169] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1897939018 [ 596.715303][T22169] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 596.717252][T22184] ubi31: background thread "ubi_bgt31d" started, PID 22184 [ 596.730392][T22183] netlink: 'syz.0.6011': attribute type 15 has an invalid length. [ 596.889504][ T40] audit: type=1800 audit(1776082309.443:739): pid=22195 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.6015" name="file0" dev="tmpfs" ino=1530 res=0 errno=0 [ 596.899785][ T40] audit: type=1400 audit(1776082309.453:740): avc: denied { name_bind } for pid=22194 comm="syz.0.6015" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 596.964672][T22204] SELinux: security_context_str_to_sid (E) failed with errno=-22 [ 596.973170][ T40] audit: type=1400 audit(1776082309.533:741): avc: denied { read } for pid=22203 comm="syz.1.6016" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 597.239710][T20659] usb 8-1: new high-speed USB device number 82 using dummy_hcd [ 597.399655][T20659] usb 8-1: Using ep0 maxpacket: 8 [ 597.403063][T20659] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 597.406665][T20659] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 597.409683][T20659] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.413781][T20659] usb 8-1: config 0 descriptor?? [ 597.622935][T20659] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 597.746062][T22220] overlayfs: failed to clone upperpath [ 597.862429][T22218] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 598.073429][T20659] usb 8-1: USB disconnect, device number 82 [ 598.100636][ T40] audit: type=1400 audit(1776082310.663:742): avc: denied { write } for pid=22234 comm="syz.2.6025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 598.198823][T22246] FAULT_INJECTION: forcing a failure. [ 598.198823][T22246] name failslab, interval 1, probability 0, space 0, times 0 [ 598.203525][T22246] CPU: 1 UID: 0 PID: 22246 Comm: syz.1.6027 Tainted: G L syzkaller #0 PREEMPT(full) [ 598.203553][T22246] Tainted: [L]=SOFTLOCKUP [ 598.203560][T22246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 598.203570][T22246] Call Trace: [ 598.203577][T22246] [ 598.203586][T22246] dump_stack_lvl+0x100/0x190 [ 598.203621][T22246] should_fail_ex.cold+0x5/0xa [ 598.203644][T22246] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 598.203667][T22246] should_failslab+0xc2/0x120 [ 598.203686][T22246] __kmalloc_noprof+0xe0/0x850 [ 598.203797][T22246] ? trace_kmalloc+0x101/0x130 [ 598.203819][T22246] kernfs_fop_write_iter+0x26a/0x5f0 [ 598.203844][T22246] iter_file_splice_write+0x830/0x10a0 [ 598.203878][T22246] ? __pfx_iter_file_splice_write+0x10/0x10 [ 598.203926][T22246] ? __pfx_copy_splice_read+0x10/0x10 [ 598.203958][T22246] ? __pfx_iter_file_splice_write+0x10/0x10 [ 598.203979][T22246] direct_splice_actor+0x192/0x6c0 [ 598.204001][T22246] splice_direct_to_actor+0x345/0xa30 [ 598.204023][T22246] ? __pfx_direct_splice_actor+0x10/0x10 [ 598.204047][T22246] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 598.204074][T22246] do_splice_direct+0x174/0x240 [ 598.204094][T22246] ? __pfx_do_splice_direct+0x10/0x10 [ 598.204111][T22246] ? avc_policy_seqno+0x9/0x20 [ 598.204132][T22246] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 598.204155][T22246] ? rw_verify_area+0xce/0x6d0 [ 598.204182][T22246] do_sendfile+0xadc/0xe20 [ 598.204212][T22246] ? __pfx_do_sendfile+0x10/0x10 [ 598.204238][T22246] ? __fget_files+0x21f/0x3d0 [ 598.204264][T22246] __x64_sys_sendfile64+0x1d8/0x220 [ 598.204284][T22246] ? ksys_write+0x1ac/0x250 [ 598.204299][T22246] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 598.204327][T22246] do_syscall_64+0x106/0xf80 [ 598.204343][T22246] ? clear_bhb_loop+0x40/0x90 [ 598.204365][T22246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.204382][T22246] RIP: 0033:0x7f8426f9c819 [ 598.204399][T22246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 598.204415][T22246] RSP: 002b:00007f8427dad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 598.204434][T22246] RAX: ffffffffffffffda RBX: 00007f8427215fa0 RCX: 00007f8426f9c819 [ 598.204445][T22246] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 598.204455][T22246] RBP: 00007f8427dad090 R08: 0000000000000000 R09: 0000000000000000 [ 598.204465][T22246] R10: 0000000008000002 R11: 0000000000000246 R12: 0000000000000001 [ 598.204475][T22246] R13: 00007f8427216038 R14: 00007f8427215fa0 R15: 00007ffcf4c46758 [ 598.204499][T22246] [ 598.887581][T22289] netlink: 'syz.1.6042': attribute type 13 has an invalid length. [ 598.891270][T22289] __nla_validate_parse: 60 callbacks suppressed [ 598.891286][T22289] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6042'. [ 598.908907][T22289] netlink: 'syz.1.6042': attribute type 13 has an invalid length. [ 598.910645][T13131] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 598.912571][T22289] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6042'. [ 598.916241][T13131] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 598.923627][T13131] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 598.927670][T13131] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 599.129788][ T5980] usb 8-1: new high-speed USB device number 83 using dummy_hcd [ 599.140901][T22304] overlayfs: missing 'lowerdir' [ 599.309685][ T830] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 599.309990][ T5980] usb 8-1: too many configurations: 36, using maximum allowed: 8 [ 599.323816][ T5980] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 599.327258][ T5980] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.330438][ T5980] usb 8-1: Product: syz [ 599.332122][ T5980] usb 8-1: Manufacturer: syz [ 599.334162][ T5980] usb 8-1: SerialNumber: syz [ 599.352820][ T5980] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 599.367066][ T5980] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 599.449709][ T830] usb 6-1: device descriptor read/64, error -71 [ 599.569762][T22287] random: crng reseeded on system resumption [ 599.589499][T19297] usb 8-1: USB disconnect, device number 83 [ 599.709704][ T830] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 599.839862][ T830] usb 6-1: device descriptor read/64, error -71 [ 599.950794][ T830] usb usb6-port1: attempt power cycle [ 600.299704][ T830] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 600.320370][ T830] usb 6-1: device descriptor read/8, error -71 [ 600.409729][ T5980] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive [ 600.412632][ T5980] ath9k_htc: Failed to initialize the device [ 600.417469][T19297] usb 8-1: ath9k_htc: USB layer deinitialized [ 600.579724][ T830] usb 6-1: new high-speed USB device number 74 using dummy_hcd [ 600.613927][ T830] usb 6-1: device descriptor read/8, error -71 [ 600.623362][T13131] bridge_slave_1: left allmulticast mode [ 600.625836][T13131] bridge_slave_1: left promiscuous mode [ 600.630593][T13131] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.641142][T13131] bridge_slave_0: left allmulticast mode [ 600.643014][T13131] bridge_slave_0: left promiscuous mode [ 600.644978][T13131] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.650580][T13131] veth0_to_bond: left allmulticast mode [ 600.652586][T13131] veth0_to_bond: left promiscuous mode [ 600.654650][T13131] bridge1: port 1(veth0_to_bond) entered disabled state [ 600.722666][ T830] usb usb6-port1: unable to enumerate USB device [ 600.846820][T13131] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 600.853351][T13131] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 600.858080][T13131] bond0 (unregistering): Released all slaves [ 600.996836][T13131] tipc: Disabling bearer [ 600.999516][T13131] tipc: Left network mode [ 601.292000][T22343] overlayfs: failed to resolve 'qY3aK': -2 [ 601.298203][T22345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6065'. [ 601.301759][T22345] FAULT_INJECTION: forcing a failure. [ 601.301759][T22345] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 601.306010][T22345] CPU: 1 UID: 0 PID: 22345 Comm: syz.3.6065 Tainted: G L syzkaller #0 PREEMPT(full) [ 601.306030][T22345] Tainted: [L]=SOFTLOCKUP [ 601.306034][T22345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 601.306042][T22345] Call Trace: [ 601.306047][T22345] [ 601.306052][T22345] dump_stack_lvl+0x100/0x190 [ 601.306078][T22345] should_fail_ex.cold+0x5/0xa [ 601.306095][T22345] _copy_to_user+0x32/0xd0 [ 601.306109][T22345] simple_read_from_buffer+0xcb/0x170 [ 601.306124][T22345] proc_fail_nth_read+0x1af/0x230 [ 601.306143][T22345] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 601.306161][T22345] ? rw_verify_area+0xce/0x6d0 [ 601.306179][T22345] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 601.306195][T22345] vfs_read+0x1e4/0xb30 [ 601.306208][T22345] ? __pfx_vfs_read+0x10/0x10 [ 601.306218][T22345] ? __fget_files+0x215/0x3d0 [ 601.306235][T22345] ? __fget_files+0x21f/0x3d0 [ 601.306251][T22345] ksys_read+0x12a/0x250 [ 601.306262][T22345] ? __pfx_ksys_read+0x10/0x10 [ 601.306276][T22345] do_syscall_64+0x106/0xf80 [ 601.306288][T22345] ? clear_bhb_loop+0x40/0x90 [ 601.306303][T22345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.306315][T22345] RIP: 0033:0x7fb1aaf5d04e [ 601.306326][T22345] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 601.306336][T22345] RSP: 002b:00007fb1abdcbfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 601.306348][T22345] RAX: ffffffffffffffda RBX: 00007fb1abdcc6c0 RCX: 00007fb1aaf5d04e [ 601.306355][T22345] RDX: 000000000000000f RSI: 00007fb1abdcc0a0 RDI: 0000000000000004 [ 601.306362][T22345] RBP: 00007fb1abdcc090 R08: 0000000000000000 R09: 0000000000000000 [ 601.306368][T22345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.306375][T22345] R13: 00007fb1ab216038 R14: 00007fb1ab215fa0 R15: 00007ffc80e3c778 [ 601.306389][T22345] [ 601.409142][T22350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6067'. [ 601.418788][T13131] hsr_slave_0: left promiscuous mode [ 601.422414][T13131] hsr_slave_1: left promiscuous mode [ 601.425548][T13131] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 601.429325][T13131] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 601.563911][T13131] team0 (unregistering): Port device team_slave_1 removed [ 601.574678][T13131] team0 (unregistering): Port device team_slave_0 removed [ 602.010002][T22367] openvswitch: netlink: Port -1 exceeds max allowable 65535 [ 602.088164][T22370] overlayfs: failed to clone upperpath [ 602.240666][T22377] openvswitch: netlink: IP tunnel TTL not specified. [ 602.712026][ T40] audit: type=1400 audit(1776082315.273:743): avc: denied { setopt } for pid=22398 comm="syz.0.6083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 602.721852][T22399] netlink: 'syz.0.6083': attribute type 89 has an invalid length. [ 602.721880][T22399] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6083'. [ 603.161754][ T40] audit: type=1400 audit(1776082315.723:744): avc: denied { create } for pid=22405 comm="syz.3.6085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 603.163717][T22407] 9p: Unknown uid 00000000004294967295 [ 603.170908][ T40] audit: type=1400 audit(1776082315.723:745): avc: denied { getopt } for pid=22405 comm="syz.3.6085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 605.135608][T22380] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 605.139178][T22406] netlink: 'syz.3.6085': attribute type 4 has an invalid length. [ 605.146495][T22406] netlink: 'syz.3.6085': attribute type 8 has an invalid length. [ 605.149137][T22406] netlink: 212 bytes leftover after parsing attributes in process `syz.3.6085'. [ 605.418723][ T40] audit: type=1800 audit(1776082317.973:746): pid=22434 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.6096" name="nullb0" dev="tmpfs" ino=1718 res=0 errno=0 [ 605.430924][ T54] usb 6-1: new high-speed USB device number 75 using dummy_hcd [ 605.438439][T22427] kvm: kvm [22426]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80 [ 605.461792][T22427] kvm: kvm [22426]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 605.465463][T22427] kvm: kvm [22426]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 605.559819][ T6056] usb 8-1: new high-speed USB device number 84 using dummy_hcd [ 605.574754][T22443] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048) [ 605.600407][ T54] usb 6-1: too many configurations: 13, using maximum allowed: 8 [ 605.611069][ T54] usb 6-1: config index 0 descriptor too short (expected 9, got 0) [ 605.614498][ T54] usb 6-1: can't read configurations, error -22 [ 605.729825][ T6056] usb 8-1: Using ep0 maxpacket: 8 [ 605.739894][ T54] usb 6-1: new high-speed USB device number 76 using dummy_hcd [ 605.743161][ T6056] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 605.746418][ T6056] usb 8-1: config 0 has no interface number 0 [ 605.748947][ T6056] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 605.753197][ T6056] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 605.757539][ T6056] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 605.761875][ T6056] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 605.766826][ T6056] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 605.771231][ T6056] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.778648][ T6056] usb 8-1: config 0 descriptor?? [ 605.788228][ T6056] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 605.902015][ T54] usb 6-1: too many configurations: 13, using maximum allowed: 8 [ 605.907216][ T54] usb 6-1: config index 0 descriptor too short (expected 9, got 0) [ 605.910684][ T54] usb 6-1: can't read configurations, error -22 [ 605.915344][ T54] usb usb6-port1: attempt power cycle [ 605.980647][T22465] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6108'. [ 605.989213][T22425] netlink: 'syz.3.6092': attribute type 4 has an invalid length. [ 605.995685][T20659] usb 8-1: USB disconnect, device number 84 [ 606.002209][T20659] ldusb 8-1:0.55: LD USB Device #0 now disconnected [ 606.213408][ T40] audit: type=1400 audit(1776082318.773:747): avc: denied { name_bind } for pid=22467 comm="syz.0.6109" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 606.269911][ T54] usb 6-1: new high-speed USB device number 77 using dummy_hcd [ 606.278124][T22474] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 606.293757][ T54] usb 6-1: too many configurations: 13, using maximum allowed: 8 [ 606.299884][ T54] usb 6-1: config index 0 descriptor too short (expected 9, got 0) [ 606.303226][ T54] usb 6-1: can't read configurations, error -22 [ 606.350190][T22484] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6113'. [ 606.429703][ T54] usb 6-1: new high-speed USB device number 78 using dummy_hcd [ 606.454366][ T54] usb 6-1: too many configurations: 13, using maximum allowed: 8 [ 606.460480][ T54] usb 6-1: config index 0 descriptor too short (expected 9, got 0) [ 606.469720][ T54] usb 6-1: can't read configurations, error -22 [ 606.472829][ T54] usb usb6-port1: unable to enumerate USB device [ 606.913349][T22497] kvm: kvm [22496]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80 [ 606.932668][T22497] kvm: kvm [22496]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 606.935679][T22497] kvm: kvm [22496]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 607.053463][T22505] netlink: 'syz.2.6122': attribute type 7 has an invalid length. [ 607.062793][T22505] netlink: 'syz.2.6122': attribute type 7 has an invalid length. [ 607.063702][ T12] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 607.071465][ T12] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 607.074395][ T12] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 607.077158][ T12] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 607.183913][T22521] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6128'. [ 607.298423][T22526] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6130'. [ 607.301368][T22526] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6130'. [ 607.794323][T22536] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6134'. [ 607.804785][T22536] ip6gre1: entered promiscuous mode [ 607.807000][T22536] ip6gre1: entered allmulticast mode [ 607.854382][T22542] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6137'. [ 607.904876][T22546] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6139'. [ 608.089439][T22553] overlayfs: failed to clone lowerpath [ 608.688317][T22647] Set syz1 is full, maxelem 65536 reached [ 608.691032][T22647] FAULT_INJECTION: forcing a failure. [ 608.691032][T22647] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 608.698437][T22647] CPU: 3 UID: 0 PID: 22647 Comm: syz.3.6152 Tainted: G L syzkaller #0 PREEMPT(full) [ 608.698459][T22647] Tainted: [L]=SOFTLOCKUP [ 608.698463][T22647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 608.698522][T22647] Call Trace: [ 608.698575][T22647] [ 608.698581][T22647] dump_stack_lvl+0x100/0x190 [ 608.698661][T22647] should_fail_ex.cold+0x5/0xa [ 608.698729][T22647] _copy_to_user+0x32/0xd0 [ 608.698752][T22647] simple_read_from_buffer+0xcb/0x170 [ 608.698810][T22647] proc_fail_nth_read+0x1af/0x230 [ 608.698874][T22647] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 608.698892][T22647] ? rw_verify_area+0xce/0x6d0 [ 608.698955][T22647] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 608.698972][T22647] vfs_read+0x1e4/0xb30 [ 608.698985][T22647] ? __pfx_vfs_read+0x10/0x10 [ 608.698995][T22647] ? __fget_files+0x215/0x3d0 [ 608.699011][T22647] ? __fget_files+0x21f/0x3d0 [ 608.699027][T22647] ksys_read+0x12a/0x250 [ 608.699038][T22647] ? __pfx_ksys_read+0x10/0x10 [ 608.699052][T22647] do_syscall_64+0x106/0xf80 [ 608.699071][T22647] ? clear_bhb_loop+0x40/0x90 [ 608.699113][T22647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.699126][T22647] RIP: 0033:0x7fb1aaf5d04e [ 608.699137][T22647] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 608.699149][T22647] RSP: 002b:00007fb1abdcbfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 608.699200][T22647] RAX: ffffffffffffffda RBX: 00007fb1abdcc6c0 RCX: 00007fb1aaf5d04e [ 608.699208][T22647] RDX: 000000000000000f RSI: 00007fb1abdcc0a0 RDI: 0000000000000004 [ 608.699214][T22647] RBP: 00007fb1abdcc090 R08: 0000000000000000 R09: 0000000000000000 [ 608.699221][T22647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 608.699227][T22647] R13: 00007fb1ab216038 R14: 00007fb1ab215fa0 R15: 00007ffc80e3c778 [ 608.699247][T22647] [ 609.432964][T22664] netlink: 'syz.2.6157': attribute type 1 has an invalid length. [ 609.435997][T22664] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6157'. [ 610.538027][T22681] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6162'. [ 610.584877][T22683] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20000 [ 611.107210][T22686] Set syz1 is full, maxelem 65536 reached [ 611.230222][ T5292] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 611.234287][ T40] audit: type=1400 audit(1776082323.793:748): avc: denied { connect } for pid=22691 comm="syz.0.6166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 611.275073][T22695] TC_ACT_REPEAT abuse ? [ 611.340015][T22697] Set syz1 is full, maxelem 65536 reached [ 611.619604][T22640] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 611.720535][T22704] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6171'. [ 611.733102][ T40] audit: type=1400 audit(1776082324.293:749): avc: denied { bind } for pid=22701 comm="syz.1.6170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 611.787936][ T40] audit: type=1400 audit(1776082324.343:750): avc: denied { write } for pid=22701 comm="syz.1.6170" path="socket:[98842]" dev="sockfs" ino=98842 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 611.843341][ T40] audit: type=1400 audit(1776082324.403:751): avc: denied { read } for pid=22701 comm="syz.1.6170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 611.911163][ T40] audit: type=1400 audit(1776082324.473:752): avc: denied { read } for pid=22701 comm="syz.1.6170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 611.966550][ T40] audit: type=1400 audit(1776082324.523:753): avc: denied { map } for pid=22701 comm="syz.1.6170" path="/dev/zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 612.060619][ T54] usb 8-1: new high-speed USB device number 85 using dummy_hcd [ 612.230220][ T54] usb 8-1: Using ep0 maxpacket: 16 [ 612.241442][ T54] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 612.247256][ T54] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 612.259083][ T54] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 612.267609][ T54] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.274714][ T54] usb 8-1: config 0 descriptor?? [ 612.281266][ T54] usbhid 8-1:0.0: couldn't find an input interrupt endpoint [ 612.327169][T22732] netlink: 'syz.0.6180': attribute type 33 has an invalid length. [ 612.332082][T22732] netlink: 152 bytes leftover after parsing attributes in process `syz.0.6180'. [ 612.548794][T22749] openvswitch: netlink: Key type 48 is out of range max 32 [ 612.554529][T22749] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 612.563347][T22749] CIFS mount error: No usable UNC path provided in device string! [ 612.563347][T22749] [ 612.567072][T22749] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 612.983218][T22780] netlink: 'syz.2.6192': attribute type 1 has an invalid length. [ 614.002143][T22787] netlink: 'syz.0.6194': attribute type 11 has an invalid length. [ 614.903766][ T34] usb 8-1: USB disconnect, device number 85 [ 615.814641][T22769] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 616.113709][T22825] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6203'. [ 616.269726][ T6056] usb 6-1: new high-speed USB device number 79 using dummy_hcd [ 616.364073][T22832] netlink: 'syz.3.6208': attribute type 10 has an invalid length. [ 616.375133][T22832] team0: Port device dummy0 added [ 616.440029][ T6056] usb 6-1: Using ep0 maxpacket: 8 [ 616.444215][ T6056] usb 6-1: unable to get BOS descriptor or descriptor too short [ 616.448818][ T6056] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 616.453436][ T6056] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 616.466511][ T6056] usb 6-1: New USB device found, idVendor=1235, idProduct=8212, bcdDevice= 0.40 [ 616.470512][ T6056] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 616.473769][ T6056] usb 6-1: Product: syz [ 616.475525][ T6056] usb 6-1: Manufacturer: syz [ 616.477462][ T6056] usb 6-1: SerialNumber: syz [ 616.639709][ T830] usb 8-1: new high-speed USB device number 86 using dummy_hcd [ 616.697259][T22823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 616.702740][T22823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 616.810187][ T830] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 616.814829][ T6056] usb 6-1: cannot find UAC_HEADER [ 616.817511][ T830] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.825091][ T830] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.834638][ T830] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.842879][ T830] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.845783][ T830] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.849178][ T830] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.862682][ T830] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.865562][ T830] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.868893][ T830] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.879483][ T6056] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 616.882474][ T830] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.885352][ T830] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.888676][ T830] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.892029][ T6056] usb 6-1: USB disconnect, device number 79 [ 616.897591][ T830] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.900611][ T830] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.904071][ T830] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.905414][T16531] udevd[16531]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 616.907043][ T830] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.914814][ T830] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.918331][ T830] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.921393][ T830] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.924423][ T830] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.927890][ T830] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.931792][ T830] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.934800][ T830] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.938317][ T830] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.943496][ T830] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 616.946455][ T830] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 616.949138][ T830] usb 8-1: Product: syz [ 616.950582][ T830] usb 8-1: Manufacturer: syz [ 616.952157][ T830] usb 8-1: SerialNumber: syz [ 616.955782][ T830] usb 8-1: config 0 descriptor?? [ 616.960863][ T830] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 617.737362][ T40] audit: type=1400 audit(1776082330.293:754): avc: denied { mounton } for pid=22851 comm="syz.1.6214" path="/syzcgroup/unified/syz1" dev="cgroup2" ino=68 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 617.754291][T22853] ntfs3(sr0): Primary boot signature is not NTFS. [ 617.757839][T22853] ntfs3(sr0): try to read out of volume at offset 0xf800 [ 617.766631][T22854] ntfs3(sr0): Primary boot signature is not NTFS. [ 617.769065][T22854] ntfs3(sr0): try to read out of volume at offset 0xf800 [ 619.149453][T22862] overlayfs: failed to clone upperpath [ 619.209774][ C2] usb 8-1: yurex_control_callback - control failed: -2 [ 619.213640][ T54] usb 8-1: USB disconnect, device number 86 [ 619.217335][ T54] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 619.722962][T22834] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 619.877709][T22874] FAULT_INJECTION: forcing a failure. [ 619.877709][T22874] name failslab, interval 1, probability 0, space 0, times 0 [ 619.883212][T22874] CPU: 0 UID: 0 PID: 22874 Comm: syz.2.6220 Tainted: G L syzkaller #0 PREEMPT(full) [ 619.883243][T22874] Tainted: [L]=SOFTLOCKUP [ 619.883250][T22874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 619.883319][T22874] Call Trace: [ 619.883379][T22874] [ 619.883392][T22874] dump_stack_lvl+0x100/0x190 [ 619.883491][T22874] should_fail_ex.cold+0x5/0xa [ 619.883570][T22874] ? tomoyo_realpath_from_path+0xb6/0x690 [ 619.883607][T22874] should_failslab+0xc2/0x120 [ 619.883670][T22874] __kmalloc_noprof+0xe0/0x850 [ 619.883756][T22874] tomoyo_realpath_from_path+0xb6/0x690 [ 619.883815][T22874] tomoyo_path_number_perm+0x23c/0x580 [ 619.883841][T22874] ? tomoyo_path_number_perm+0x22e/0x580 [ 619.883867][T22874] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 619.883918][T22874] ? find_held_lock+0x2b/0x80 [ 619.883994][T22874] ? __fget_files+0x215/0x3d0 [ 619.884064][T22874] ? hook_file_ioctl_common+0x146/0x410 [ 619.884090][T22874] ? __fget_files+0x21f/0x3d0 [ 619.884114][T22874] security_file_ioctl+0xd3/0x230 [ 619.884142][T22874] __x64_sys_ioctl+0xb7/0x210 [ 619.884172][T22874] do_syscall_64+0x106/0xf80 [ 619.884198][T22874] ? clear_bhb_loop+0x40/0x90 [ 619.884222][T22874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.884241][T22874] RIP: 0033:0x7fa28d19c819 [ 619.884259][T22874] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 619.884276][T22874] RSP: 002b:00007fa28e10d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 619.884337][T22874] RAX: ffffffffffffffda RBX: 00007fa28d415fa0 RCX: 00007fa28d19c819 [ 619.884349][T22874] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 619.884360][T22874] RBP: 00007fa28e10d090 R08: 0000000000000000 R09: 0000000000000000 [ 619.884370][T22874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 619.884381][T22874] R13: 00007fa28d416038 R14: 00007fa28d415fa0 R15: 00007ffddf8c73a8 [ 619.884412][T22874] [ 619.884420][T22874] ERROR: Out of memory at tomoyo_realpath_from_path. [ 619.993101][T22874] kvm: kvm [22871]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x792c [ 619.997235][T22874] kvm: kvm [22871]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 620.181103][T22891] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6225'. [ 620.374411][T22900] sit0: entered promiscuous mode [ 620.376587][T22900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6227'. [ 621.165120][ T40] audit: type=1400 audit(1776082333.723:755): avc: denied { read write } for pid=22936 comm="syz.3.6238" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 621.175651][ T40] audit: type=1400 audit(1776082333.723:756): avc: denied { open } for pid=22936 comm="syz.3.6238" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 621.186963][ T40] audit: type=1400 audit(1776082333.733:757): avc: denied { ioctl } for pid=22936 comm="syz.3.6238" path="/dev/loop-control" dev="devtmpfs" ino=657 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 621.189260][T22937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6238'. [ 621.470469][T22941] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 621.588791][T22951] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6243'. [ 621.939908][ T4422] usb 6-1: new high-speed USB device number 80 using dummy_hcd [ 622.093401][ T4422] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 622.097249][ T4422] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.100660][ T4422] usb 6-1: Product: syz [ 622.102538][ T4422] usb 6-1: Manufacturer: syz [ 622.104392][ T4422] usb 6-1: SerialNumber: syz [ 622.108778][ T4422] usb 6-1: config 0 descriptor?? [ 622.384455][T22959] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6244'. [ 622.469656][ T34] usb 8-1: new high-speed USB device number 87 using dummy_hcd [ 622.619816][ T34] usb 8-1: Using ep0 maxpacket: 8 [ 622.623869][ T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 622.639681][ T34] usb 8-1: config 0 has no interfaces? [ 622.642033][ T34] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 622.645763][ T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.651508][ T34] usb 8-1: config 0 descriptor?? [ 622.662035][ T6056] usb 6-1: USB disconnect, device number 80 [ 623.291545][T22966] program syz.1.6249 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 623.339390][ T40] audit: type=1400 audit(1776082335.893:758): avc: denied { connect } for pid=22967 comm="syz.1.6250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 623.439510][T22907] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 623.799788][ T34] usb 7-1: new high-speed USB device number 64 using dummy_hcd [ 623.955595][ T34] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 623.959383][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.962375][ T34] usb 7-1: Product: syz [ 623.963929][ T34] usb 7-1: Manufacturer: syz [ 623.965595][ T34] usb 7-1: SerialNumber: syz [ 623.970531][ T34] usb 7-1: config 0 descriptor?? [ 624.008940][T22997] overlayfs: failed to clone upperpath [ 624.228233][T23004] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6255'. [ 624.469081][T19297] usb 7-1: USB disconnect, device number 64 [ 624.566342][T23008] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6262'. [ 625.015857][T23014] Cannot find del_set index 2 as target [ 625.094767][ T5292] Bluetooth: hci1: Malformed LE Event: 0x0b [ 625.223381][ T40] audit: type=1400 audit(1776082337.783:759): avc: denied { getopt } for pid=23019 comm="syz.2.6267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 625.249933][ T54] usb 8-1: USB disconnect, device number 87 [ 626.259871][ T34] usb 7-1: new high-speed USB device number 65 using dummy_hcd [ 626.414074][ T34] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 626.417313][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 626.420220][ T34] usb 7-1: Product: syz [ 626.421886][ T34] usb 7-1: Manufacturer: syz [ 626.423895][ T34] usb 7-1: SerialNumber: syz [ 626.429388][ T34] usb 7-1: config 0 descriptor?? [ 626.690397][T23051] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6272'. [ 626.943486][ T830] usb 7-1: USB disconnect, device number 65 [ 627.118343][T23048] Set syz1 is full, maxelem 65536 reached [ 628.326232][T23031] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 628.410381][T23063] mkiss: ax0: crc mode is auto. [ 628.513875][ T40] audit: type=1400 audit(1776082341.073:760): avc: denied { getopt } for pid=23066 comm="syz.2.6280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 628.530885][T23069] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 628.533774][T23069] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 628.538558][T23069] vhci_hcd vhci_hcd.0: Device attached [ 628.545408][T23069] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(5) [ 628.548277][T23069] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 628.553772][T23069] vhci_hcd vhci_hcd.0: Device attached [ 628.556808][T23072] vhci_hcd: connection closed [ 628.556876][T23070] vhci_hcd: connection closed [ 628.557405][T22627] vhci_hcd vhci_hcd.1: stop threads [ 628.565337][T22627] vhci_hcd vhci_hcd.1: release socket [ 628.568099][T22627] vhci_hcd vhci_hcd.1: disconnect device [ 628.578279][T22627] vhci_hcd vhci_hcd.1: stop threads [ 628.581228][T22627] vhci_hcd vhci_hcd.1: release socket [ 628.583623][T22627] vhci_hcd vhci_hcd.1: disconnect device [ 628.629641][ T830] usb 8-1: new high-speed USB device number 88 using dummy_hcd [ 628.637354][ T40] audit: type=1400 audit(1776082341.193:761): avc: denied { create } for pid=23074 comm="syz.2.6282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 628.650686][ T40] audit: type=1400 audit(1776082341.213:762): avc: denied { sys_admin } for pid=23074 comm="syz.2.6282" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 628.780126][ T830] usb 8-1: Using ep0 maxpacket: 8 [ 628.784145][ T830] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 628.788466][ T830] usb 8-1: config 0 has no interfaces? [ 628.790875][ T830] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 628.794793][ T830] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.800589][ T830] usb 8-1: config 0 descriptor?? [ 628.875104][T23081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6284'. [ 629.094959][ T40] audit: type=1400 audit(1776082341.653:763): avc: denied { create } for pid=23091 comm="syz.1.6289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 629.103419][ T40] audit: type=1400 audit(1776082341.663:764): avc: denied { getopt } for pid=23093 comm="syz.0.6290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 629.144175][T23100] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6292'. [ 629.193166][T23105] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6293'. [ 629.938767][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.958405][T23116] dummy0: entered allmulticast mode [ 630.412381][T23126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6300'. [ 630.644558][T23135] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6304'. [ 631.381130][ T6056] usb 8-1: USB disconnect, device number 88 [ 631.473315][T23154] SELinux: failed to load policy [ 632.571761][T23109] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 632.695187][ T40] audit: type=1400 audit(1776082345.253:765): avc: denied { append } for pid=23159 comm="syz.2.6312" name="video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 632.999673][T19297] usb 8-1: new high-speed USB device number 89 using dummy_hcd [ 633.192506][T19297] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 633.196411][T19297] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 633.200176][T19297] usb 8-1: Product: syz [ 633.202140][T19297] usb 8-1: Manufacturer: syz [ 633.204233][T19297] usb 8-1: SerialNumber: syz [ 633.209063][T19297] usb 8-1: config 0 descriptor?? [ 633.477819][T23192] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6315'. [ 633.749478][ T34] usb 8-1: USB disconnect, device number 89 [ 634.409883][T22626] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.528598][T23202] kvm: kvm [23200]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x792c [ 634.532863][T23202] kvm: kvm [23200]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 634.695962][T23218] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6327'. [ 634.703862][ T40] audit: type=1400 audit(1776082347.263:766): avc: denied { ioctl } for pid=23217 comm="syz.1.6327" path="socket:[103540]" dev="sockfs" ino=103540 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 635.049509][T23227] netlink: 'syz.1.6330': attribute type 4 has an invalid length. [ 635.053963][T23227] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6330'. [ 635.129719][T19297] usb 7-1: new high-speed USB device number 66 using dummy_hcd [ 635.232359][T23230] Set syz1 is full, maxelem 65536 reached [ 635.283332][T19297] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 635.286459][T19297] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 635.289153][T19297] usb 7-1: Product: syz [ 635.290853][T19297] usb 7-1: Manufacturer: syz [ 635.292419][T19297] usb 7-1: SerialNumber: syz [ 635.297869][T19297] usb 7-1: config 0 descriptor?? [ 635.337186][T13125] nci: nci_rsp_packet: unknown rsp opcode 0x509 [ 635.560378][T23243] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6331'. [ 635.708867][ T34] usb 7-1: USB disconnect, device number 66 [ 636.152200][ T40] audit: type=1400 audit(1776082348.713:767): avc: denied { create } for pid=23247 comm="syz.0.6336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 636.160976][ T40] audit: type=1400 audit(1776082348.713:768): avc: denied { setopt } for pid=23247 comm="syz.0.6336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 636.549682][ T4422] usb 7-1: new high-speed USB device number 67 using dummy_hcd [ 636.699686][ T4422] usb 7-1: Using ep0 maxpacket: 8 [ 636.703455][ T4422] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 636.707908][ T4422] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 636.711644][ T4422] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.718104][ T4422] usb 7-1: config 0 descriptor?? [ 636.926792][ T4422] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 637.090023][T23260] netlink: 'syz.0.6341': attribute type 27 has an invalid length. [ 637.129682][T15992] Bluetooth: hci4: command 0x0406 tx timeout [ 638.256862][T23232] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 638.308137][T23276] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 638.579761][ T4422] usb 8-1: new high-speed USB device number 90 using dummy_hcd [ 638.753020][ T4422] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 638.756166][ T4422] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.758834][ T4422] usb 8-1: Product: syz [ 638.760631][ T4422] usb 8-1: Manufacturer: syz [ 638.762688][ T4422] usb 8-1: SerialNumber: syz [ 638.767825][ T4422] usb 8-1: config 0 descriptor?? [ 638.978273][T23301] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6356'. [ 639.027279][T23307] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6346'. [ 639.198575][T23289] Set syz1 is full, maxelem 65536 reached [ 639.248611][T23322] netlink: 132 bytes leftover after parsing attributes in process `syz.0.6362'. [ 639.297911][ T4422] usb 8-1: USB disconnect, device number 90 [ 639.326939][ T34] usb 7-1: USB disconnect, device number 67 [ 639.458833][T23335] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 639.470962][T23336] 9p: Bad value for 'source' [ 639.604468][ T40] audit: type=1400 audit(1776082352.163:769): avc: denied { watch_sb } for pid=23340 comm="syz.0.6367" path="/422" dev="tmpfs" ino=2258 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 639.719852][T22624] nci: nci_rsp_packet: unknown rsp opcode 0x509 [ 639.752913][T23354] syz.1.6371 (23354): attempted to duplicate a private mapping with mremap. This is not supported. [ 639.781553][ T40] audit: type=1400 audit(1776082352.343:770): avc: denied { setattr } for pid=23353 comm="syz.1.6371" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 639.784234][T23354] program syz.1.6371 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 639.797176][T23354] ata1.00: invalid command format 0 [ 639.845561][T23359] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 639.881693][T23359] misc userio: The device must be registered before sending interrupts [ 640.513996][ T40] audit: type=1400 audit(1776082353.073:771): avc: denied { name_bind } for pid=23361 comm="syz.0.6374" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 640.539253][ T40] audit: type=1400 audit(1776082353.093:772): avc: denied { ioctl } for pid=23363 comm="syz.1.6375" path="socket:[102818]" dev="sockfs" ino=102818 ioctlcmd=0x48f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 640.591790][ T40] audit: type=1400 audit(1776082353.153:773): avc: denied { getopt } for pid=23363 comm="syz.1.6375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 640.629736][T23369] netlink: 'syz.1.6375': attribute type 12 has an invalid length. [ 640.632740][T23369] netlink: 132 bytes leftover after parsing attributes in process `syz.1.6375'. [ 640.692744][ T40] audit: type=1400 audit(1776082353.253:774): avc: denied { append } for pid=23375 comm="syz.3.6378" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 641.151660][T23378] Set syz1 is full, maxelem 65536 reached [ 641.371934][T23364] Bluetooth: hci2: Opcode 0x0401 failed: -4 [ 642.569817][ T830] page_pool_release_retry() stalled pool shutdown: id 61, 51 inflight 120 sec [ 642.579753][ T5292] Bluetooth: hci2: command 0x0401 tx timeout [ 642.644972][T23347] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 642.707989][T23388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6382'. [ 642.712532][T23388] netlink: 'syz.0.6382': attribute type 30 has an invalid length. [ 642.764614][T23391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23391 comm=syz.0.6382 [ 642.808227][T23393] input: syz0 as /devices/virtual/input/input33 [ 642.870779][T23397] xt_l2tp: v2 tid > 0xffff: 2031748 [ 642.939797][ T34] usb 7-1: new high-speed USB device number 68 using dummy_hcd [ 643.089685][ T34] usb 7-1: Using ep0 maxpacket: 16 [ 643.092801][ T34] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 643.096457][ T34] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 643.101321][ T34] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 643.105037][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.110810][ T34] usb 7-1: config 0 descriptor?? [ 643.119774][T20659] usb 6-1: new high-speed USB device number 81 using dummy_hcd [ 643.125123][ T34] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 643.279710][T20659] usb 6-1: Using ep0 maxpacket: 8 [ 643.283031][T20659] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 643.285657][T20659] usb 6-1: config 0 has no interface number 0 [ 643.287608][T20659] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 643.291297][T20659] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 643.295086][T20659] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 643.298520][T20659] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 643.303365][T20659] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 643.306470][T20659] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.311305][T20659] usb 6-1: config 0 descriptor?? [ 643.316439][T20659] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 643.411982][T19297] usb 7-1: USB disconnect, device number 68 [ 643.479923][ T6028] usb 8-1: new high-speed USB device number 91 using dummy_hcd [ 643.524039][T20659] usb 6-1: USB disconnect, device number 81 [ 643.528386][T20659] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 643.564401][T23413] overlayfs: failed to clone upperpath [ 643.634787][ T6028] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 643.638254][ T6028] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.640773][T23417] overlayfs: failed to clone upperpath [ 643.641739][ T6028] usb 8-1: Product: syz [ 643.644533][ T6028] usb 8-1: Manufacturer: syz [ 643.646034][ T6028] usb 8-1: SerialNumber: syz [ 643.649698][ T6028] usb 8-1: config 0 descriptor?? [ 643.912926][T23420] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6388'. [ 644.020020][T23426] trusted_key: encrypted_key: insufficient parameters specified [ 644.022884][T23426] trusted_key: encrypted_key: insufficient parameters specified [ 644.057422][ T40] audit: type=1400 audit(1776082356.613:775): avc: denied { map } for pid=23427 comm="syz.1.6399" path="/proc/1279/task/1280/gid_map" dev="proc" ino=101276 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 644.066987][ T40] audit: type=1400 audit(1776082356.613:776): avc: denied { execute } for pid=23427 comm="syz.1.6399" path="/proc/1279/task/1280/gid_map" dev="proc" ino=101276 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 644.100689][ T4422] usb 8-1: USB disconnect, device number 91 [ 644.263504][T23437] Set syz1 is full, maxelem 65536 reached [ 644.390782][T23456] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6411'. [ 644.549007][T23460] syzkaller1: entered promiscuous mode [ 644.551140][T23460] syzkaller1: entered allmulticast mode [ 644.686193][ T6028] IPVS: starting estimator thread 0... [ 644.690063][T23467] i2c i2c-1: Frontend requested software zigzag, but didn't set the frequency step size [ 644.694670][T23465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6415'. [ 644.700458][T23468] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6414'. [ 644.705491][T23465] vlan2: entered allmulticast mode [ 644.707163][T23465] vlan0: entered allmulticast mode [ 644.709131][T23465] veth0_vlan: entered allmulticast mode [ 644.722721][T23470] netlink: 750 bytes leftover after parsing attributes in process `syz.1.6416'. [ 644.785315][T23477] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6418'. [ 644.789691][T23466] IPVS: using max 29 ests per chain, 69600 per kthread [ 645.013177][ T40] audit: type=1326 audit(1776082357.573:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23492 comm="syz.0.6425" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d59c819 code=0x7ffc0000 [ 645.020835][ T40] audit: type=1326 audit(1776082357.573:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23492 comm="syz.0.6425" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d59c819 code=0x7ffc0000 [ 645.024190][T23493] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6425'. [ 645.033227][ T40] audit: type=1326 audit(1776082357.583:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23492 comm="syz.0.6425" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd28d55d04e code=0x7ffc0000 [ 645.041388][ T40] audit: type=1326 audit(1776082357.583:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23492 comm="syz.0.6425" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d59c819 code=0x7ffc0000 [ 645.050950][ T40] audit: type=1326 audit(1776082357.583:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23492 comm="syz.0.6425" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd28d59c819 code=0x7ffc0000 [ 645.059208][ T40] audit: type=1326 audit(1776082357.583:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23492 comm="syz.0.6425" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d59c819 code=0x7ffc0000 [ 645.067596][ T40] audit: type=1326 audit(1776082357.583:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23492 comm="syz.0.6425" exe="/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd28d59c819 code=0x7ffc0000 [ 645.077539][ T40] audit: type=1326 audit(1776082357.583:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23492 comm="syz.0.6425" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d59c819 code=0x7ffc0000 [ 645.085709][ T40] audit: type=1326 audit(1776082357.583:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23492 comm="syz.0.6425" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd28d59c819 code=0x7ffc0000 [ 645.095197][ T40] audit: type=1326 audit(1776082357.583:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23492 comm="syz.0.6425" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d59c819 code=0x7ffc0000 [ 645.114798][T23499] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6427'. [ 645.164679][T23505] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6429'. [ 645.259516][T23510] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65312 sclass=netlink_route_socket pid=23510 comm=syz.1.6431 [ 645.359288][T23520] ref_ctr_offset mismatch. inode: 0x73d offset: 0x0 ref_ctr_offset(old): 0x16 ref_ctr_offset(new): 0x0 [ 645.972937][T23546] Set syz1 is full, maxelem 65536 reached [ 646.382521][T23527] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 646.384704][T23527] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 646.386914][T23527] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 646.626905][T23571] Set syz1 is full, maxelem 65536 reached [ 646.699726][ T6028] usb 8-1: new high-speed USB device number 92 using dummy_hcd [ 646.773568][T23582] mkiss: ax0: crc mode is auto. [ 646.849752][ T6028] usb 8-1: Using ep0 maxpacket: 8 [ 646.854131][ T6028] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 646.859526][ T6028] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 646.864516][ T6028] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.873564][ T6028] usb 8-1: config 0 descriptor?? [ 646.925631][T23596] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23596 comm=syz.0.6466 [ 646.928357][T23598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6467'. [ 646.967721][T23600] Set syz1 is full, maxelem 65536 reached [ 646.982730][T23602] overlayfs: failed to clone upperpath [ 647.082057][ T6028] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 647.286893][T23610] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6471'. [ 647.485745][ T6028] usb 8-1: USB disconnect, device number 92 [ 647.689807][ T5292] Bluetooth: hci1: command 0x0c1a tx timeout [ 648.409870][ T5292] Bluetooth: hci2: command 0x0401 tx timeout [ 648.409898][T15992] Bluetooth: hci4: command tx timeout [ 649.451765][T23660] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6488'. [ 649.833630][T23684] Can't find a SQUASHFS superblock on nullb0 [ 650.341745][ T830] usb 7-1: new high-speed USB device number 69 using dummy_hcd [ 650.476423][T23708] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6504'. [ 650.501728][ T830] usb 7-1: too many configurations: 36, using maximum allowed: 8 [ 650.519189][ T830] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 650.523221][ T830] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.526067][ T40] kauditd_printk_skb: 30 callbacks suppressed [ 650.526085][ T40] audit: type=1400 audit(1776082363.083:817): avc: denied { map } for pid=23712 comm="syz.0.6505" path="socket:[104058]" dev="sockfs" ino=104058 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 650.526571][ T830] usb 7-1: Product: syz [ 650.532670][ T40] audit: type=1400 audit(1776082363.083:818): avc: denied { read } for pid=23712 comm="syz.0.6505" path="socket:[104058]" dev="sockfs" ino=104058 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 650.543683][ T830] usb 7-1: Manufacturer: syz [ 650.563385][ T830] usb 7-1: SerialNumber: syz [ 650.571418][ T830] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 650.586559][ T6009] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 650.672867][T23718] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6507'. [ 650.684026][T23718] netem: change failed [ 650.799875][T23689] random: crng reseeded on system resumption [ 650.807144][ T4422] usb 7-1: USB disconnect, device number 69 [ 650.810251][ T6056] usb 6-1: new high-speed USB device number 82 using dummy_hcd [ 650.855600][T23722] random: crng reseeded on system resumption [ 650.940956][ T40] audit: type=1400 audit(1776082363.503:819): avc: denied { accept } for pid=23726 comm="syz.3.6511" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 650.972841][ T6056] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 650.975792][ T6056] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.978855][ T6056] usb 6-1: Product: syz [ 650.980444][ T6056] usb 6-1: Manufacturer: syz [ 650.981926][ T6056] usb 6-1: SerialNumber: syz [ 650.985287][ T6056] usb 6-1: config 0 descriptor?? [ 651.252809][T23734] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6506'. [ 651.342996][T23736] Set syz1 is full, maxelem 65536 reached [ 651.376247][ T40] audit: type=1400 audit(1776082363.933:820): avc: denied { write } for pid=23737 comm="syz.2.6515" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 651.377360][T23738] netlink: 64 bytes leftover after parsing attributes in process `syz.2.6515'. [ 651.383949][ T40] audit: type=1400 audit(1776082363.933:821): avc: denied { setattr } for pid=23737 comm="syz.2.6515" name="XDP" dev="sockfs" ino=104698 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 651.388287][T23738] Set syz1 is full, maxelem 65536 reached [ 651.457204][ T6028] usb 6-1: USB disconnect, device number 82 [ 651.525069][T23742] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6517'. [ 651.614194][T23748] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 651.620014][ T6009] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 651.623600][ T6009] ath9k_htc: Failed to initialize the device [ 651.626534][ T4422] usb 7-1: ath9k_htc: USB layer deinitialized [ 651.837749][ T40] audit: type=1400 audit(1776082364.393:822): avc: denied { create } for pid=23764 comm="syz.2.6525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 651.846834][ T40] audit: type=1400 audit(1776082364.393:823): avc: denied { setopt } for pid=23764 comm="syz.2.6525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 651.886590][T23770] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6526'. [ 651.889621][T23770] netlink: 'syz.2.6526': attribute type 21 has an invalid length. [ 651.892099][T23770] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6526'. [ 651.895350][T23770] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6526'. [ 651.898501][T23770] netlink: 'syz.2.6526': attribute type 21 has an invalid length. [ 651.901042][T23770] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6526'. [ 651.917685][T23770] comedi comedi3: dt2817: I/O port conflict (0x20d00,5) [ 651.921718][T23771] comedi comedi3: dt2817: I/O port conflict (0x20d00,5) [ 651.925545][T23770] tipc: Started in network mode [ 651.927682][T23770] tipc: Node identity 76bc4c83b4dc, cluster identity 4711 [ 651.930914][T23770] tipc: Enabled bearer , priority 0 [ 651.967602][T23770] syzkaller0: entered promiscuous mode [ 651.970206][T23770] syzkaller0: entered allmulticast mode [ 651.973148][T23770] tipc: Resetting bearer [ 651.987798][T23769] tipc: Resetting bearer [ 652.080620][ T40] audit: type=1400 audit(1776082364.643:824): avc: denied { ioctl } for pid=23773 comm="syz.1.6527" path="socket:[104159]" dev="sockfs" ino=104159 ioctlcmd=0xf50b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 652.090738][T23774] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000 [ 652.245193][T23784] program syz.1.6530 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 653.414081][T23769] tipc: Disabling bearer [ 653.420145][ T4422] tipc: Node number set to 3261090947 [ 653.488903][T23793] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65520 sclass=netlink_route_socket pid=23793 comm=syz.1.6533 [ 653.553914][T23802] 8021q: VLANs not supported on ip6tnl0 [ 653.609747][ T6009] usb 8-1: new high-speed USB device number 93 using dummy_hcd [ 653.749965][ T6009] usb 8-1: device descriptor read/64, error -71 [ 654.009726][ T6009] usb 8-1: new high-speed USB device number 94 using dummy_hcd [ 654.149661][ T6009] usb 8-1: device descriptor read/64, error -71 [ 654.260946][ T6009] usb usb8-port1: attempt power cycle [ 654.619700][ T6009] usb 8-1: new high-speed USB device number 95 using dummy_hcd [ 654.650177][ T40] audit: type=1400 audit(1776082367.213:825): avc: denied { mount } for pid=23824 comm="syz.1.6544" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 654.652619][ T6009] usb 8-1: device descriptor read/8, error -71 [ 654.671182][ T40] audit: type=1400 audit(1776082367.233:826): avc: denied { unmount } for pid=17097 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 654.911490][ T6009] usb 8-1: new high-speed USB device number 96 using dummy_hcd [ 654.930423][ T6009] usb 8-1: device descriptor read/8, error -71 [ 655.040292][ T6009] usb usb8-port1: unable to enumerate USB device [ 655.793974][T23853] netlink: 'syz.1.6552': attribute type 2 has an invalid length. [ 655.797329][T23853] netlink: 'syz.1.6552': attribute type 1 has an invalid length. [ 655.800282][T23853] netlink: 'syz.1.6552': attribute type 1 has an invalid length. [ 655.802960][T23852] netlink: 'syz.1.6552': attribute type 2 has an invalid length. [ 655.806172][T23852] netlink: 'syz.1.6552': attribute type 1 has an invalid length. [ 655.810410][T23853] 9pnet_virtio: no channels available for device ./file0 [ 655.813225][ T40] audit: type=1400 audit(1776082368.373:827): avc: denied { mounton } for pid=23851 comm="syz.1.6552" path="/548/file0" dev="tmpfs" ino=2939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 655.814577][T23852] netlink: 'syz.1.6552': attribute type 1 has an invalid length. [ 655.979492][T23855] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65520 sclass=netlink_route_socket pid=23855 comm=syz.0.6551 [ 656.299842][ T4422] usb 6-1: new high-speed USB device number 83 using dummy_hcd [ 656.390453][T23877] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 656.453974][ T4422] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 656.458112][ T4422] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 656.461627][ T4422] usb 6-1: Product: syz [ 656.463695][ T4422] usb 6-1: Manufacturer: syz [ 656.465703][ T4422] usb 6-1: SerialNumber: syz [ 656.470991][ T4422] usb 6-1: config 0 descriptor?? [ 656.514803][T23877] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 656.615439][T23877] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 656.712790][T23877] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 656.792826][T22627] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 656.807410][T22627] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 656.823509][T22627] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 656.846648][T22618] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 656.939977][T20659] usb 8-1: new high-speed USB device number 97 using dummy_hcd [ 657.080116][T23889] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65520 sclass=netlink_route_socket pid=23889 comm=syz.2.6564 [ 657.101573][T20659] usb 8-1: Using ep0 maxpacket: 8 [ 657.106067][T20659] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 657.111351][T20659] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 657.116007][T20659] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 657.120844][T20659] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 657.126770][T20659] usb 8-1: config 0 descriptor?? [ 657.337087][T20659] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 657.426076][ T40] audit: type=1400 audit(1776082369.983:828): avc: denied { listen } for pid=23907 comm="syz.2.6571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 657.534521][T23884] iowarrior 8-1:0.0: Error -90 while submitting URB [ 657.537402][T19297] usb 8-1: USB disconnect, device number 97 [ 657.752467][T23923] __nla_validate_parse: 1 callbacks suppressed [ 657.752485][T23923] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6577'. [ 658.086068][T23927] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6578'. [ 658.237830][T23929] program syz.3.6579 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 658.391018][T23933] tmpfs: Unknown parameter 'usrquota_inode_hardlimIt' [ 658.476778][T23939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6584'. [ 658.572699][T23947] netlink: 'syz.0.6588': attribute type 3 has an invalid length. [ 658.605299][T23950] : renamed from lo [ 658.683224][T23963] lo: entered allmulticast mode [ 658.739003][ T40] audit: type=1400 audit(1776082371.293:829): avc: denied { rmdir } for pid=23964 comm="syz.3.6594" name="file2" dev="9p" ino=79692087 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 658.760111][ T6009] usb 7-1: new high-speed USB device number 70 using dummy_hcd [ 658.909828][ T6009] usb 7-1: Using ep0 maxpacket: 8 [ 658.913043][ T6009] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 658.917043][ T6009] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 658.920285][ T6009] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 658.923073][ T6009] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 658.928490][ T6009] usb 7-1: config 0 descriptor?? [ 658.985664][T19297] usb 6-1: USB disconnect, device number 83 [ 659.143448][ T6009] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 659.155089][ T40] audit: type=1400 audit(1776082371.713:830): avc: denied { append } for pid=23981 comm="syz.3.6599" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 659.166035][T23982] Can't find a SQUASHFS superblock on nullb0 [ 659.222290][ T40] audit: type=1400 audit(1776082371.783:831): avc: denied { connect } for pid=23981 comm="syz.3.6599" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 659.342444][T23943] iowarrior 7-1:0.0: Error -90 while submitting URB [ 659.345745][T19297] usb 7-1: USB disconnect, device number 70 [ 659.539464][T24003] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6605'. [ 659.729265][T24010] IPv6: NLM_F_CREATE should be specified when creating new route [ 660.189353][T24026] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6612'. [ 660.192557][T24026] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6612'. [ 660.195926][T24026] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6612'. [ 660.198823][T24026] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6612'. [ 660.376070][T24028] kvm: kvm [24027]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x81 [ 660.381717][T24028] kvm: kvm [24027]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1 [ 660.548741][T24034] netlink: 'syz.1.6614': attribute type 1 has an invalid length. [ 660.551460][T24034] netlink: 228 bytes leftover after parsing attributes in process `syz.1.6614'. [ 660.769395][T24038] kvm: kvm [24037]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x240 [ 660.780663][T24038] kvm: kvm [24037]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xfa40 [ 660.789866][T24038] kvm: kvm [24037]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x10000ebd0 [ 660.793313][T24038] kvm: kvm [24037]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 660.803028][T24038] kvm: kvm [24037]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xb0000061d8 [ 660.810751][T24038] kvm: kvm [24037]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x61d8 [ 660.814412][T24038] kvm: kvm [24037]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 660.828874][T24038] kvm: kvm [24037]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xdb18 [ 660.943675][ T40] audit: type=1400 audit(1776082373.503:832): avc: denied { mount } for pid=24041 comm="syz.3.6617" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 661.027358][ T40] audit: type=1400 audit(1776082373.583:833): avc: denied { unmount } for pid=19461 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 661.161595][T15992] Bluetooth: hci2: unexpected event for opcode 0x0419 [ 661.196725][ T40] audit: type=1400 audit(1776082373.753:834): avc: denied { setopt } for pid=24048 comm="syz.3.6620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 661.526694][ T40] audit: type=1400 audit(1776082374.083:835): avc: denied { read } for pid=24066 comm="syz.2.6627" name="mouse0" dev="devtmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 661.608454][T24076] netlink: 'syz.2.6630': attribute type 10 has an invalid length. [ 661.611971][T24076] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6630'. [ 661.615748][T24076] team0: entered promiscuous mode [ 661.617549][T24076] team_slave_0: entered promiscuous mode [ 661.621057][T24076] team_slave_1: entered promiscuous mode [ 661.623733][T24076] team0: entered allmulticast mode [ 661.626025][T24076] team_slave_0: entered allmulticast mode [ 661.628343][T24076] team_slave_1: entered allmulticast mode [ 661.631262][T24076] 8021q: adding VLAN 0 to HW filter on device team0 [ 661.634584][T24076] bridge0: port 3(team0) entered blocking state [ 661.637909][T24076] bridge0: port 3(team0) entered disabled state [ 661.790814][T24083] mkiss: ax0: crc mode is auto. [ 661.928874][T24088] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 662.379728][ T6009] usb 8-1: new high-speed USB device number 98 using dummy_hcd [ 662.449700][T19297] usb 6-1: new high-speed USB device number 84 using dummy_hcd [ 662.540083][ T6009] usb 8-1: Using ep0 maxpacket: 8 [ 662.544371][ T6009] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 662.548921][ T6009] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 662.553186][ T6009] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 662.557157][ T6009] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 662.563031][ T6009] usb 8-1: config 0 descriptor?? [ 662.577562][T24122] tipc: Enabling of bearer rejected, failed to enable media [ 662.599769][T19297] usb 6-1: Using ep0 maxpacket: 8 [ 662.603941][T19297] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 662.608510][T19297] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 662.614744][T19297] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 662.621115][T19297] usb 6-1: config 0 descriptor?? [ 662.816821][ T40] audit: type=1400 audit(1776082375.373:836): avc: denied { mount } for pid=24098 comm="syz.3.6638" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 662.827925][T19297] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 662.878312][T15992] Bluetooth: hci2: Malformed LE Event: 0x0b [ 662.902305][ T6009] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1 [ 662.909092][ T6009] usb 8-1: USB disconnect, device number 98 [ 663.053214][T24142] IPv6: NLM_F_CREATE should be specified when creating new route [ 663.281614][ T34] usb 6-1: USB disconnect, device number 84 [ 663.321023][ T40] audit: type=1400 audit(1776082375.883:837): avc: denied { execheap } for pid=24144 comm="syz.2.6652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 663.379953][ T40] audit: type=1400 audit(1776082375.943:838): avc: denied { read } for pid=24144 comm="syz.2.6652" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 663.389367][ T40] audit: type=1400 audit(1776082375.943:839): avc: denied { open } for pid=24144 comm="syz.2.6652" path="/398/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 663.404735][T24146] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 663.409224][T24146] block device autoloading is deprecated and will be removed. [ 663.414252][ T40] audit: type=1400 audit(1776082375.973:840): avc: denied { ioctl } for pid=24144 comm="syz.2.6652" path="/398/file0/file0" dev="fuse" ino=64 ioctlcmd=0x929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 664.079792][ T6009] usb 7-1: new high-speed USB device number 72 using dummy_hcd [ 664.244048][ T6009] usb 7-1: too many configurations: 36, using maximum allowed: 8 [ 664.254995][ T6009] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 664.258025][ T6009] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.260942][ T6009] usb 7-1: Product: syz [ 664.262615][ T6009] usb 7-1: Manufacturer: syz [ 664.264476][ T6009] usb 7-1: SerialNumber: syz [ 664.270706][ T6009] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 664.285333][ T6056] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 664.341327][T24171] netlink: 'syz.1.6660': attribute type 1 has an invalid length. [ 664.343700][T24171] __nla_validate_parse: 1 callbacks suppressed [ 664.343712][T24171] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6660'. [ 664.387124][T24173] binder: 24172:24173 ioctl 4018620d 0 returned -22 [ 664.389521][T24173] binder: 24172:24173 ioctl c0306201 200000000240 returned -11 [ 664.394678][T24173] binder: 24172:24173 ioctl c0306201 200000000240 returned -11 [ 664.395067][T24174] binder: 24172:24174 ioctl 4018620d 0 returned -22 [ 664.493536][T24154] random: crng reseeded on system resumption [ 664.504492][T19297] usb 7-1: USB disconnect, device number 72 [ 664.959717][ T34] usb 6-1: new high-speed USB device number 85 using dummy_hcd [ 665.088425][T24189] IPv6: NLM_F_CREATE should be specified when creating new route [ 665.091374][T24190] netlink: 232 bytes leftover after parsing attributes in process `syz.3.6668'. [ 665.119937][ T34] usb 6-1: Using ep0 maxpacket: 8 [ 665.124074][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 665.128685][ T34] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 665.132971][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.139274][ T34] usb 6-1: config 0 descriptor?? [ 665.275070][ T40] audit: type=1400 audit(1776082377.833:841): avc: denied { write } for pid=24193 comm="syz.3.6670" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 665.285655][T24194] overlayfs: missing 'lowerdir' [ 665.353285][ T34] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 665.369965][ T6056] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 665.373183][ T6056] ath9k_htc: Failed to initialize the device [ 665.376318][T19297] usb 7-1: ath9k_htc: USB layer deinitialized [ 665.968393][T24216] netlink: 'syz.2.6677': attribute type 21 has an invalid length. [ 665.971796][T24216] netlink: 156 bytes leftover after parsing attributes in process `syz.2.6677'. [ 666.036991][ T40] audit: type=1400 audit(1776082378.593:842): avc: denied { setattr } for pid=24217 comm="syz.2.6678" name="SCTPv6" dev="sockfs" ino=105434 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 666.078995][T24221] netlink: 'syz.2.6679': attribute type 29 has an invalid length. [ 666.083111][T24221] netlink: 'syz.2.6679': attribute type 29 has an invalid length. [ 666.132099][T24221] netlink: 'syz.2.6679': attribute type 32 has an invalid length. [ 666.134631][T24221] netlink: 500 bytes leftover after parsing attributes in process `syz.2.6679'. [ 666.337147][T24229] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6682'. [ 666.406513][T24233] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 666.459758][ T4422] usb 7-1: new high-speed USB device number 73 using dummy_hcd [ 666.630435][ T4422] usb 7-1: Using ep0 maxpacket: 8 [ 666.634946][ T4422] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 666.638354][ T4422] usb 7-1: config 0 has no interface number 0 [ 666.641149][ T4422] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 666.645600][ T4422] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 666.650927][ T4422] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 666.655498][ T4422] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 666.660856][ T4422] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 666.664629][ T4422] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 666.671817][ T4422] usb 7-1: config 0 descriptor?? [ 666.680148][ T4422] ldusb 7-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 666.881098][T24227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 666.885414][T24227] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 666.893295][ T4422] usb 7-1: USB disconnect, device number 73 [ 666.901808][ T4422] ldusb 7-1:0.55: LD USB Device #1 now disconnected [ 666.921763][T24243] overlayfs: failed to clone upperpath [ 667.274640][T24246] NILFS (nullb0): couldn't find nilfs on the device [ 667.324426][T24250] batman_adv: batadv0: Adding interface: gretap1 [ 667.327072][T24250] batman_adv: batadv0: Interface activated: gretap1 [ 667.373356][ T40] audit: type=1400 audit(1776082379.933:843): avc: denied { connect } for pid=24251 comm="syz.3.6691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 667.380201][T24252] netlink: 830 bytes leftover after parsing attributes in process `syz.3.6691'. [ 667.676672][T24266] kvm_pr_unimpl_wrmsr: 3 callbacks suppressed [ 667.676695][T24266] kvm: kvm [24265]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x81 [ 667.685303][T24266] kvm: kvm [24265]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1 [ 667.737127][ T34] usb 6-1: USB disconnect, device number 85 [ 668.179740][ T34] usb 6-1: new high-speed USB device number 86 using dummy_hcd [ 668.361318][ T34] usb 6-1: too many configurations: 36, using maximum allowed: 8 [ 668.376185][ T34] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 668.386245][ T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 668.389798][ T34] usb 6-1: Product: syz [ 668.391715][ T34] usb 6-1: Manufacturer: syz [ 668.393848][ T34] usb 6-1: SerialNumber: syz [ 668.402769][ T34] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 668.428079][T20659] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 668.632603][T24287] random: crng reseeded on system resumption [ 668.649794][ T34] usb 6-1: USB disconnect, device number 86 [ 668.655044][ T40] audit: type=1400 audit(1776082381.213:844): avc: denied { ioctl } for pid=24303 comm="syz.2.6711" path="socket:[106279]" dev="sockfs" ino=106279 ioctlcmd=0xaee1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 668.725519][T24305] netlink: 5 bytes leftover after parsing attributes in process `syz.2.6711'. [ 668.730055][T24305] netlink: 5 bytes leftover after parsing attributes in process `syz.2.6711'. [ 668.800333][ T4422] usb 8-1: new high-speed USB device number 99 using dummy_hcd [ 668.962653][ T4422] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 668.965802][ T4422] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 668.968389][ T4422] usb 8-1: Product: syz [ 668.969911][ T4422] usb 8-1: Manufacturer: syz [ 668.971429][ T4422] usb 8-1: SerialNumber: syz [ 668.974984][ T4422] usb 8-1: config 0 descriptor?? [ 669.449681][T20659] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 669.452605][T20659] ath9k_htc: Failed to initialize the device [ 669.455357][ T34] usb 6-1: ath9k_htc: USB layer deinitialized [ 669.514375][ T4422] usb 8-1: USB disconnect, device number 99 [ 669.694146][T24325] kvm_pr_unimpl_wrmsr: 54 callbacks suppressed [ 669.694175][T24325] kvm_intel: kvm [24324]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x2 [ 669.730291][T24325] kvm: kvm [24324]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x81 [ 669.779370][T24325] kvm_intel: kvm [24324]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x81 [ 669.800099][T24325] kvm_intel: kvm [24324]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x81 [ 669.823104][T24325] kvm_intel: kvm [24324]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x81 [ 669.840213][T24325] kvm_intel: kvm [24324]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x81 [ 669.860991][T24325] kvm_intel: kvm [24324]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x81 [ 669.878836][T24325] kvm_intel: kvm [24324]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x81 [ 669.899823][T24325] kvm_intel: kvm [24324]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x81 [ 669.917733][T24325] kvm_intel: kvm [24324]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x81 [ 669.938529][T24325] kvm_intel: kvm [24324]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x81 [ 670.162554][ T40] audit: type=1400 audit(1776082382.723:845): avc: denied { getopt } for pid=24335 comm="syz.0.6722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 670.163184][T24337] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6722'. [ 670.176916][T24338] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6723'. [ 670.336017][T15992] Bluetooth: hci4: Malformed LE Event: 0x0b [ 670.398336][T24360] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6737'. [ 670.539761][ T4422] usb 8-1: new high-speed USB device number 100 using dummy_hcd [ 670.699925][ T6009] usb 6-1: new high-speed USB device number 87 using dummy_hcd [ 670.712486][ T4422] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 670.716238][ T4422] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.719062][ T4422] usb 8-1: Product: syz [ 670.720654][ T4422] usb 8-1: Manufacturer: syz [ 670.722314][ T4422] usb 8-1: SerialNumber: syz [ 670.725804][ T4422] usb 8-1: config 0 descriptor?? [ 670.849716][ T6009] usb 6-1: Using ep0 maxpacket: 8 [ 670.853665][ T6009] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 670.858090][ T6009] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 670.861876][ T6009] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 670.869033][ T6009] usb 6-1: config 0 descriptor?? [ 671.052812][T24374] IPv6: NLM_F_CREATE should be specified when creating new route [ 671.089886][ T6009] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 671.152630][ T6009] usb 8-1: USB disconnect, device number 100 [ 671.171929][T24382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6739'. [ 671.175413][T24382] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6739'. [ 671.178390][T24382] netlink: 'syz.0.6739': attribute type 19 has an invalid length. [ 671.185046][T24382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6739'. [ 671.193732][T24382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6739'. [ 671.197169][T24382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6739'. [ 671.201753][T24382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6739'. [ 671.205575][T24382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6739'. [ 671.290547][ T6056] usb 6-1: USB disconnect, device number 87 [ 671.296756][T24364] iowarrior_open - error, can't find device for minor 0 [ 671.798481][ T40] audit: type=1400 audit(1776082384.353:846): avc: denied { write } for pid=24392 comm="syz.3.6744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 671.935423][T24388] Set syz1 is full, maxelem 65536 reached [ 671.988202][T24404] hsr_slave_1 (unregistering): left promiscuous mode [ 672.036336][T24409] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 672.039318][T24409] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 672.044524][T24409] vhci_hcd vhci_hcd.0: Device attached [ 672.055374][T24411] vhci_hcd: connection closed [ 672.059687][T22627] vhci_hcd vhci_hcd.1: stop threads [ 672.064920][T22627] vhci_hcd vhci_hcd.1: release socket [ 672.067231][T22627] vhci_hcd vhci_hcd.1: disconnect device [ 672.090551][ T40] audit: type=1326 audit(1776082384.653:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24414 comm="syz.3.6751" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1aaf9c819 code=0x7ffc0000 [ 672.101078][ T40] audit: type=1326 audit(1776082384.653:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24414 comm="syz.3.6751" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1aaf9c819 code=0x7ffc0000 [ 672.112053][ T40] audit: type=1326 audit(1776082384.653:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24414 comm="syz.3.6751" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1aaf9c819 code=0x7ffc0000 [ 672.122958][ T40] audit: type=1326 audit(1776082384.653:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24414 comm="syz.3.6751" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb1aaf9c819 code=0x7ffc0000 [ 672.133883][ T40] audit: type=1326 audit(1776082384.663:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24414 comm="syz.3.6751" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1aaf9c819 code=0x7ffc0000 [ 672.145199][ T40] audit: type=1326 audit(1776082384.663:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24414 comm="syz.3.6751" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1aaf9c819 code=0x7ffc0000 [ 672.155874][ T40] audit: type=1326 audit(1776082384.663:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24414 comm="syz.3.6751" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1aaf9c819 code=0x7ffc0000 [ 672.166115][ T40] audit: type=1326 audit(1776082384.663:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24414 comm="syz.3.6751" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb1aaf9c4ab code=0x7ffc0000 [ 672.177035][ T40] audit: type=1326 audit(1776082384.663:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24414 comm="syz.3.6751" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb1aaf9c4ab code=0x7ffc0000 [ 672.341938][T24424] geneve2: entered promiscuous mode [ 672.348933][T13125] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 672.353151][T13125] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 672.357269][T13125] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 672.361107][T13125] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 672.659714][ T4422] usb 8-1: new high-speed USB device number 101 using dummy_hcd [ 672.809947][ T4422] usb 8-1: Using ep0 maxpacket: 8 [ 672.814092][ T4422] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 672.817772][ T4422] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 672.821169][ T4422] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 672.825480][ T4422] usb 8-1: config 0 descriptor?? [ 673.037735][ T4422] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 673.244801][T19297] usb 8-1: USB disconnect, device number 101 [ 673.474332][T24453] netlink: 'syz.0.6764': attribute type 20 has an invalid length. [ 673.477571][T24453] netlink: 'syz.0.6764': attribute type 20 has an invalid length. [ 673.657984][T24466] overlayfs: failed to clone upperpath [ 673.959429][T24480] netlink: 'syz.2.6775': attribute type 10 has an invalid length. [ 673.961601][T24478] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore [ 673.963589][T19297] usb 6-1: new high-speed USB device number 88 using dummy_hcd [ 673.965924][T24478] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 674.129986][T19297] usb 6-1: Using ep0 maxpacket: 8 [ 674.133881][T19297] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 674.138483][T19297] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 674.142716][T19297] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.149194][T19297] usb 6-1: config 0 descriptor?? [ 674.289892][ T34] usb 7-1: new high-speed USB device number 74 using dummy_hcd [ 674.358401][T19297] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 674.462616][ T34] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 674.465739][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.468529][ T34] usb 7-1: Product: syz [ 674.470088][ T34] usb 7-1: Manufacturer: syz [ 674.471701][ T34] usb 7-1: SerialNumber: syz [ 674.475599][ T34] usb 7-1: config 0 descriptor?? [ 674.563609][T19297] usb 6-1: USB disconnect, device number 88 [ 674.682985][ T34] usb 7-1: USB disconnect, device number 74 [ 674.909312][T24500] xfrm1: entered allmulticast mode [ 675.118382][T24511] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 675.125890][T24511] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 675.128418][T24511] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 675.131134][T24511] vhci_hcd vhci_hcd.0: Device attached [ 675.133947][T24513] vhci_hcd: connection closed [ 675.136099][T22624] vhci_hcd vhci_hcd.1: stop threads [ 675.140843][T22624] vhci_hcd vhci_hcd.1: release socket [ 675.143322][T22624] vhci_hcd vhci_hcd.1: disconnect device [ 675.279502][T24520] syzkaller0: entered promiscuous mode [ 675.281600][T24520] syzkaller0: entered allmulticast mode [ 675.648704][T24505] Set syz1 is full, maxelem 65536 reached [ 675.689632][T19297] usb 7-1: new high-speed USB device number 75 using dummy_hcd [ 675.849834][T19297] usb 7-1: Using ep0 maxpacket: 8 [ 675.854114][T19297] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 675.858610][T19297] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 675.863158][T19297] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.868880][T19297] usb 7-1: config 0 descriptor?? [ 676.021313][ T6028] usb 8-1: new high-speed USB device number 102 using dummy_hcd [ 676.080683][T19297] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 676.139785][ T34] usb 6-1: new high-speed USB device number 89 using dummy_hcd [ 676.196864][ T6028] usb 8-1: too many configurations: 36, using maximum allowed: 8 [ 676.211301][ T6028] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 676.215128][ T6028] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 676.218529][ T6028] usb 8-1: Product: syz [ 676.220411][ T6028] usb 8-1: Manufacturer: syz [ 676.222341][ T6028] usb 8-1: SerialNumber: syz [ 676.230901][ T6028] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 676.246031][T19297] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 676.294353][ T34] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 676.298495][ T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 676.302258][ T34] usb 6-1: Product: syz [ 676.304063][ T34] usb 6-1: Manufacturer: syz [ 676.306115][ T34] usb 6-1: SerialNumber: syz [ 676.311231][ T34] usb 6-1: config 0 descriptor?? [ 676.480980][ T6028] usb 8-1: USB disconnect, device number 102 [ 676.804430][T24560] "syz.0.6805" (24560) uses obsolete ecb(arc4) skcipher [ 676.818189][T24560] __nla_validate_parse: 9 callbacks suppressed [ 676.818202][T24560] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6805'. [ 676.863386][T24562] sctp: [Deprecated]: syz.0.6806 (pid 24562) Use of struct sctp_assoc_value in delayed_ack socket option. [ 676.863386][T24562] Use struct sctp_sack_info instead [ 677.045973][T24570] trusted_key: syz.3.6809 sent an empty control message without MSG_MORE. [ 677.099416][T24572] netlink: 'syz.0.6810': attribute type 1 has an invalid length. [ 677.119057][T24572] 8021q: adding VLAN 0 to HW filter on device bond4 [ 677.138304][T24572] netlink: 'syz.0.6810': attribute type 178 has an invalid length. [ 677.290553][T19297] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive [ 677.293487][T19297] ath9k_htc: Failed to initialize the device [ 677.296470][ T6028] usb 8-1: ath9k_htc: USB layer deinitialized [ 677.383694][T24590] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6816'. [ 677.394032][T24590] Set syz1 is full, maxelem 65536 reached [ 678.491097][ T34] usb 7-1: USB disconnect, device number 75 [ 678.565334][T24612] syzkaller0: entered promiscuous mode [ 678.567198][T24612] syzkaller0: entered allmulticast mode [ 678.584803][T24612] CIFS mount error: No usable UNC path provided in device string! [ 678.584803][T24612] [ 678.589232][T24612] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 678.866815][ T6056] usb 6-1: USB disconnect, device number 89 [ 678.913682][T24623] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=24623 comm=syz.3.6829 [ 679.031267][T24632] sock: sock_set_timeout: `syz.1.6830' (pid 24632) tries to set negative timeout [ 679.754227][T24639] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6832'. [ 679.933661][ T6056] IPVS: starting estimator thread 0... [ 679.944901][ T40] kauditd_printk_skb: 69 callbacks suppressed [ 679.944920][ T40] audit: type=1400 audit(1776082392.503:925): avc: denied { getopt } for pid=24652 comm="syz.0.6836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 680.039738][T24654] IPVS: using max 31 ests per chain, 74400 per kthread [ 680.642191][ T40] audit: type=1400 audit(1776082393.203:926): avc: denied { create } for pid=24680 comm="syz.2.6845" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 681.373188][ T5292] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 681.382488][ T5292] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 681.387559][ T5292] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 681.394554][ T5292] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 681.397950][ T5292] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 681.508522][T24700] chnl_net:caif_netlink_parms(): no params data found [ 681.575629][T24700] bridge0: port 1(bridge_slave_0) entered blocking state [ 681.578860][T24700] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.582180][T24700] bridge_slave_0: entered allmulticast mode [ 681.587098][T24700] bridge_slave_0: entered promiscuous mode [ 681.592304][T24700] bridge0: port 2(bridge_slave_1) entered blocking state [ 681.595269][T24700] bridge0: port 2(bridge_slave_1) entered disabled state [ 681.598381][T24700] bridge_slave_1: entered allmulticast mode [ 681.602721][T24700] bridge_slave_1: entered promiscuous mode [ 681.631008][T24700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 681.637714][T24700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 681.682300][T17097] syz_tun (unregistering): left allmulticast mode [ 681.691232][T24700] team0: Port device team_slave_0 added [ 681.696596][T24700] team0: Port device team_slave_1 added [ 681.714902][T24700] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 681.717863][T24700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 681.728028][T24700] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 681.734437][T24700] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 681.737349][T24700] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 681.749741][T24700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 681.788212][T24700] hsr_slave_0: entered promiscuous mode [ 681.792073][T24700] hsr_slave_1: entered promiscuous mode [ 681.814263][T22624] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 681.882539][T22624] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 681.970254][T22624] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 682.059163][T22624] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 682.060845][T24713] afs: Unknown parameter 'floc~A_$bjXj>(' [ 682.223066][T22624] bridge_slave_1: left allmulticast mode [ 682.224963][T22624] bridge_slave_1: left promiscuous mode [ 682.230382][T22624] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.238264][T22624] bridge_slave_0: left allmulticast mode [ 682.250682][T22624] bridge_slave_0: left promiscuous mode [ 682.252574][T22624] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.798019][T22624] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 682.810025][T22624] bond_slave_0: left allmulticast mode [ 682.814889][T22624] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 682.819467][T22624] bond_slave_1: left allmulticast mode [ 682.822514][T22624] bond0 (unregistering): Released all slaves [ 682.828079][T22624] bond1 (unregistering): Released all slaves [ 682.889454][T24720] Set syz1 is full, maxelem 65536 reached [ 683.225906][ T40] audit: type=1400 audit(1776082395.783:927): avc: denied { name_bind } for pid=24739 comm="syz.0.6859" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 683.256961][T22624] hsr_slave_0: left promiscuous mode [ 683.264985][T22624] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 683.268740][T22624] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 683.363215][T22624] team0 (unregistering): Port device team_slave_1 removed [ 683.377724][T22624] team0 (unregistering): Port device team_slave_0 removed [ 683.459718][ T5292] Bluetooth: hci0: command tx timeout [ 683.611903][T24756] bridge4: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 683.616789][T24700] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 683.628020][T24700] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 683.637427][T24700] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 683.643555][T24700] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 683.753269][T24700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 683.768277][T24700] 8021q: adding VLAN 0 to HW filter on device team0 [ 683.784856][T22626] bridge0: port 1(bridge_slave_0) entered blocking state [ 683.787803][T22626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 683.795810][T22626] bridge0: port 2(bridge_slave_1) entered blocking state [ 683.798500][T22626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 683.922919][T24700] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 683.962764][T24700] veth0_vlan: entered promiscuous mode [ 683.972076][T24700] veth1_vlan: entered promiscuous mode [ 683.997770][T24700] veth0_macvtap: entered promiscuous mode [ 684.004842][T24700] veth1_macvtap: entered promiscuous mode [ 684.027335][T24700] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 684.041264][T24700] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 684.051900][T22626] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.055605][T22626] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.061101][T22626] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.065065][T22626] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.150243][T22625] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 684.153673][T22625] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 684.185907][T22627] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 684.189319][T22627] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 684.209094][ T40] audit: type=1400 audit(1776082396.763:928): avc: denied { mounton } for pid=24700 comm="syz-executor" path="/syzkaller.Vl8VQm/syz-tmp" dev="sda1" ino=2046 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 684.224649][ T40] audit: type=1400 audit(1776082396.763:929): avc: denied { mount } for pid=24700 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 684.431922][T24766] Set syz1 is full, maxelem 65536 reached [ 684.538376][T15992] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 684.547316][T15992] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 684.555849][T15992] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 684.558831][T15992] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 684.563104][T24809] bridge0: port 3(ipvlan2) entered blocking state [ 684.565377][T24809] bridge0: port 3(ipvlan2) entered disabled state [ 684.567795][T24809] ipvlan2: entered allmulticast mode [ 684.568450][T15992] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 684.570281][T24809] bridge0: entered allmulticast mode [ 684.575390][T24809] ipvlan2: left allmulticast mode [ 684.577135][T24809] bridge0: left allmulticast mode [ 684.653752][T19501] syz_tun (unregistering): left allmulticast mode [ 684.656576][T19501] bond0: (slave syz_tun): Releasing backup interface [ 684.740269][T24806] chnl_net:caif_netlink_parms(): no params data found [ 684.772123][T24820] mkiss: ax0: crc mode is auto. [ 684.829382][T24812] team0: Port device dummy0 removed [ 684.831994][T24812] batman_adv: batadv0: Adding interface: dummy0 [ 684.834207][T24812] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 684.844117][T24812] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 684.919330][T24806] bridge0: port 1(bridge_slave_0) entered blocking state [ 684.922944][T24806] bridge0: port 1(bridge_slave_0) entered disabled state [ 684.927198][T24806] bridge_slave_0: entered allmulticast mode [ 684.932834][T24806] bridge_slave_0: entered promiscuous mode [ 684.937823][T24806] bridge0: port 2(bridge_slave_1) entered blocking state [ 684.941528][T24806] bridge0: port 2(bridge_slave_1) entered disabled state [ 684.946672][T24806] bridge_slave_1: entered allmulticast mode [ 684.951309][T24806] bridge_slave_1: entered promiscuous mode [ 684.979052][T24806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 684.986439][T24806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 685.017762][T24806] team0: Port device team_slave_0 added [ 685.021463][T24806] team0: Port device team_slave_1 added [ 685.036999][T24806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 685.039292][T24806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 685.047443][T24806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 685.052154][T24806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 685.054357][T24806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 685.062474][T24806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 685.096561][T24806] hsr_slave_0: entered promiscuous mode [ 685.098891][T24806] hsr_slave_1: entered promiscuous mode [ 685.101366][T24806] debugfs: 'hsr0' already exists in 'hsr' [ 685.103198][T24806] Cannot create hsr debugfs directory [ 685.183641][T24806] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 685.187002][T24806] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.265008][T24806] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 685.268050][T24806] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.323407][T24806] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 685.327004][T24806] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.415540][T24806] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 685.419462][T24806] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.529809][ T5292] Bluetooth: hci0: command tx timeout [ 685.630972][T24806] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 685.639281][T24806] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 685.652394][T24806] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 685.657015][T24806] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 685.679379][T24860] ------------[ cut here ]------------ [ 685.683122][T24860] kvm_is_error_gpa(gpa) == kvm_is_error_hva(uhva) [ 685.683139][T24860] WARNING: arch/x86/kvm/../../../virt/kvm/pfncache.c:267 at __kvm_gpc_refresh+0x1b24/0x24a0, CPU#1: syz.3.6886/24860 [ 685.692045][T24860] Modules linked in: [ 685.694633][T24860] CPU: 1 UID: 0 PID: 24860 Comm: syz.3.6886 Tainted: G L syzkaller #0 PREEMPT(full) [ 685.699450][T24860] Tainted: [L]=SOFTLOCKUP [ 685.700436][T24806] bridge0: port 2(bridge_slave_1) entered blocking state [ 685.701531][T24860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 685.704576][T24806] bridge0: port 2(bridge_slave_1) entered forwarding state [ 685.709494][T24860] RIP: 0010:__kvm_gpc_refresh+0x1b24/0x24a0 [ 685.709537][T24860] Code: 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 6e 09 00 00 48 8b 04 24 31 db 48 8b a8 10 01 00 00 e9 f2 ef ff ff e8 7d 5d 85 00 90 <0f> 0b 90 e9 92 f7 ff ff e8 6f 5d 85 00 48 85 db 0f 84 5a ec ff ff [ 685.713086][T24806] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.713179][T24806] bridge0: port 1(bridge_slave_0) entered forwarding state [ 685.731871][T24860] RSP: 0018:ffffc9000f48f250 EFLAGS: 00010293 [ 685.734309][T24860] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: ffffffff818380f9 [ 685.737500][T24860] RDX: ffff88802c97a4c0 RSI: ffffffff81839b43 RDI: ffff88802c97a4c0 [ 685.740304][T24860] RBP: ffffffffffffff01 R08: 0000000000000000 R09: 0000000000000001 [ 685.743915][T24860] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 685.747599][T24860] R13: ffff888000000001 R14: ffff888000000000 R15: ffffc9000f48f468 [ 685.747997][ T40] audit: type=1400 audit(1776082398.303:930): avc: denied { write } for pid=5866 comm="syz-executor" path="pipe:[7307]" dev="pipefs" ino=7307 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 685.752338][T24860] FS: 00007fb1abdcc6c0(0000) GS:ffff8880d6438000(0000) knlGS:0000000000000000 [ 685.766598][T24860] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 685.769443][T24860] CR2: 00002000000021c0 CR3: 0000000023013000 CR4: 0000000000352ef0 [ 685.773378][T24860] Call Trace: [ 685.773874][T24862] bridge_slave_1: left allmulticast mode [ 685.775010][T24860] [ 685.777417][T24862] bridge_slave_1: left promiscuous mode [ 685.778824][T24860] ? find_held_lock+0x2b/0x80 [ 685.781002][T24862] bridge0: port 2(bridge_slave_1) entered disabled state [ 685.783075][T24860] ? __pfx___mutex_lock+0x10/0x10 [ 685.789398][T24860] ? __lock_acquire+0x4a5/0x2630 [ 685.791159][T24860] ? __pfx___kvm_gpc_refresh+0x10/0x10 [ 685.793893][T24860] kvm_gpc_refresh+0xc9/0x190 [ 685.796357][T24860] kvm_xen_set_evtchn.part.0+0x168/0x230 [ 685.799088][T24860] ? kvm_xen_set_evtchn.part.0+0x153/0x230 [ 685.802012][T24860] kvm_xen_hvm_evtchn_send+0x22f/0x290 [ 685.804566][T24860] ? __pfx_kvm_xen_hvm_evtchn_send+0x10/0x10 [ 685.807305][T24860] kvm_arch_vm_ioctl+0x13ac/0x18d0 [ 685.809672][T24860] ? kernel_text_address+0x8d/0x100 [ 685.812163][T24860] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 685.814699][T24860] ? arch_stack_walk+0xa6/0xf0 [ 685.817222][T24860] ? __lock_acquire+0x4a5/0x2630 [ 685.819526][T24860] ? __lock_acquire+0x4a5/0x2630 [ 685.821865][T24860] ? __lock_acquire+0x4a5/0x2630 [ 685.824180][T24860] ? __lock_acquire+0x4a5/0x2630 [ 685.826459][T24860] ? is_bpf_text_address+0x8a/0x1a0 [ 685.828913][T24860] ? bpf_ksym_find+0x128/0x1c0 [ 685.831507][T24860] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 685.834886][T24860] ? is_bpf_text_address+0x94/0x1a0 [ 685.837504][T24860] ? kernel_text_address+0x8d/0x100 [ 685.840765][T24860] ? __kernel_text_address+0xd/0x30 [ 685.843233][T24860] ? unwind_get_return_address+0x59/0xa0 [ 685.846438][T24860] ? arch_stack_walk+0xa6/0xf0 [ 685.848638][T24860] ? tomoyo_path_number_perm+0x46d/0x580 [ 685.851521][T24860] ? stack_trace_save+0x8e/0xc0 [ 685.853874][T24860] ? __pfx_stack_trace_save+0x10/0x10 [ 685.856061][T24860] ? stack_depot_save_flags+0x27/0x9d0 [ 685.857959][T24860] ? __lock_acquire+0x4a5/0x2630 [ 685.860494][T24860] ? tomoyo_path_number_perm+0x46d/0x580 [ 685.863332][T24860] ? kasan_save_stack+0x3f/0x50 [ 685.866189][T24860] ? kasan_save_stack+0x30/0x50 [ 685.868491][T24860] ? kasan_save_track+0x14/0x30 [ 685.870764][T24860] ? kasan_save_free_info+0x3b/0x70 [ 685.873183][T24860] ? __kasan_slab_free+0x5f/0x80 [ 685.875539][T24860] kvm_vm_ioctl+0x1564/0x4080 [ 685.877569][T24860] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 685.880033][T24860] ? tomoyo_path_number_perm+0x46d/0x580 [ 685.882692][T24860] ? kasan_quarantine_put+0x104/0x240 [ 685.885183][T24860] ? lockdep_hardirqs_on+0x78/0x100 [ 685.887341][T24860] ? find_held_lock+0x2b/0x80 [ 685.889669][T24860] ? tomoyo_path_number_perm+0x28f/0x580 [ 685.892847][T24860] ? tomoyo_path_number_perm+0x28f/0x580 [ 685.895604][T24860] ? tomoyo_path_number_perm+0x188/0x580 [ 685.898337][T24860] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 685.901252][T24860] ? futex_wake+0x1ad/0x530 [ 685.903561][T24860] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 685.906345][T24860] ? do_vfs_ioctl+0x226/0x13e0 [ 685.908696][T24860] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 685.911184][T24860] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 685.914446][T24860] ? __fget_files+0x215/0x3d0 [ 685.916615][T24860] ? hook_file_ioctl_common+0x146/0x410 [ 685.918845][T24860] ? selinux_file_ioctl+0x139/0x290 [ 685.921255][T24860] ? selinux_file_ioctl+0xb4/0x290 [ 685.923616][T24860] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 685.926404][T24860] __x64_sys_ioctl+0x18e/0x210 [ 685.928130][T24860] do_syscall_64+0x106/0xf80 [ 685.929761][T24860] ? clear_bhb_loop+0x40/0x90 [ 685.931426][T24860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.933802][T24860] RIP: 0033:0x7fb1aaf9c819 [ 685.935938][T24860] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 685.943563][T24860] RSP: 002b:00007fb1abdcc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 685.948085][T24860] RAX: ffffffffffffffda RBX: 00007fb1ab215fa0 RCX: 00007fb1aaf9c819 [ 685.952072][T24860] RDX: 0000200000000400 RSI: 00000000400caed0 RDI: 0000000000000005 [ 685.955544][T24860] RBP: 00007fb1ab032c91 R08: 0000000000000000 R09: 0000000000000000 [ 685.959124][T24860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 685.962925][T24860] R13: 00007fb1ab216038 R14: 00007fb1ab215fa0 R15: 00007ffc80e3c778 [ 685.966537][T24860] [ 685.967989][T24860] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 685.971186][T24860] CPU: 1 UID: 0 PID: 24860 Comm: syz.3.6886 Tainted: G L syzkaller #0 PREEMPT(full) [ 685.976016][T24860] Tainted: [L]=SOFTLOCKUP [ 685.977921][T24860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 685.981780][T24860] Call Trace: [ 685.983300][T24860] [ 685.984625][T24860] dump_stack_lvl+0x100/0x190 [ 685.986776][T24860] vpanic+0x552/0x970 [ 685.988480][T24860] ? __pfx_vpanic+0x10/0x10 [ 685.990414][T24860] panic+0xd1/0xe0 [ 685.992252][T24860] ? __pfx_panic+0x10/0x10 [ 685.994246][T24860] ? check_panic_on_warn+0x1f/0x90 [ 685.996620][T24860] check_panic_on_warn.cold+0x19/0x34 [ 685.999036][T24860] ? __kvm_gpc_refresh+0x1b24/0x24a0 [ 686.001345][T24860] __warn.cold+0x191/0x348 [ 686.003187][T24860] __report_bug+0x296/0x3d0 [ 686.005147][T24860] ? __kvm_gpc_refresh+0x1b24/0x24a0 [ 686.007620][T24860] ? __pfx___report_bug+0x10/0x10 [ 686.009872][T24860] ? lockdep_unlock+0x5a/0xc0 [ 686.012154][T24860] ? __lock_acquire+0xd73/0x2630 [ 686.014445][T24860] ? __kvm_gpc_refresh+0x1b24/0x24a0 [ 686.016766][T24860] report_bug+0xb2/0x220 [ 686.018721][T24860] ? __kvm_gpc_refresh+0x1b24/0x24a0 [ 686.020995][T24860] handle_bug+0x16a/0x2a0 [ 686.022935][T24860] exc_invalid_op+0x17/0x50 [ 686.024906][T24860] asm_exc_invalid_op+0x1a/0x20 [ 686.027202][T24860] RIP: 0010:__kvm_gpc_refresh+0x1b24/0x24a0 [ 686.030020][T24860] Code: 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 6e 09 00 00 48 8b 04 24 31 db 48 8b a8 10 01 00 00 e9 f2 ef ff ff e8 7d 5d 85 00 90 <0f> 0b 90 e9 92 f7 ff ff e8 6f 5d 85 00 48 85 db 0f 84 5a ec ff ff [ 686.038290][T24860] RSP: 0018:ffffc9000f48f250 EFLAGS: 00010293 [ 686.041203][T24860] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: ffffffff818380f9 [ 686.045015][T24860] RDX: ffff88802c97a4c0 RSI: ffffffff81839b43 RDI: ffff88802c97a4c0 [ 686.047735][T24860] RBP: ffffffffffffff01 R08: 0000000000000000 R09: 0000000000000001 [ 686.050465][T24860] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888000000000 [ 686.053836][T24860] R13: ffff888000000001 R14: ffff888000000000 R15: ffffc9000f48f468 [ 686.057578][T24860] ? __kvm_gpc_refresh+0xd9/0x24a0 [ 686.059300][T24860] ? __kvm_gpc_refresh+0x1b23/0x24a0 [ 686.061090][T24860] ? find_held_lock+0x2b/0x80 [ 686.063334][T24860] ? __pfx___mutex_lock+0x10/0x10 [ 686.065740][T24860] ? __lock_acquire+0x4a5/0x2630 [ 686.068002][T24860] ? __pfx___kvm_gpc_refresh+0x10/0x10 [ 686.070680][T24860] kvm_gpc_refresh+0xc9/0x190 [ 686.072979][T24860] kvm_xen_set_evtchn.part.0+0x168/0x230 [ 686.075758][T24860] ? kvm_xen_set_evtchn.part.0+0x153/0x230 [ 686.078706][T24860] kvm_xen_hvm_evtchn_send+0x22f/0x290 [ 686.081311][T24860] ? __pfx_kvm_xen_hvm_evtchn_send+0x10/0x10 [ 686.084043][T24860] kvm_arch_vm_ioctl+0x13ac/0x18d0 [ 686.086570][T24860] ? kernel_text_address+0x8d/0x100 [ 686.088919][T24860] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 686.091742][T24860] ? arch_stack_walk+0xa6/0xf0 [ 686.093513][T24860] ? __lock_acquire+0x4a5/0x2630 [ 686.095213][T24860] ? __lock_acquire+0x4a5/0x2630 [ 686.096966][T24860] ? __lock_acquire+0x4a5/0x2630 [ 686.099039][T24860] ? __lock_acquire+0x4a5/0x2630 [ 686.101782][T24860] ? is_bpf_text_address+0x8a/0x1a0 [ 686.104171][T24860] ? bpf_ksym_find+0x128/0x1c0 [ 686.106441][T24860] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 686.109246][T24860] ? is_bpf_text_address+0x94/0x1a0 [ 686.111864][T24860] ? kernel_text_address+0x8d/0x100 [ 686.114823][T24860] ? __kernel_text_address+0xd/0x30 [ 686.117748][T24860] ? unwind_get_return_address+0x59/0xa0 [ 686.120186][T24860] ? arch_stack_walk+0xa6/0xf0 [ 686.122313][T24860] ? tomoyo_path_number_perm+0x46d/0x580 [ 686.124625][T24860] ? stack_trace_save+0x8e/0xc0 [ 686.126323][T24860] ? __pfx_stack_trace_save+0x10/0x10 [ 686.128224][T24860] ? stack_depot_save_flags+0x27/0x9d0 [ 686.130204][T24860] ? __lock_acquire+0x4a5/0x2630 [ 686.132648][T24860] ? tomoyo_path_number_perm+0x46d/0x580 [ 686.135675][T24860] ? kasan_save_stack+0x3f/0x50 [ 686.138123][T24860] ? kasan_save_stack+0x30/0x50 [ 686.140283][T24860] ? kasan_save_track+0x14/0x30 [ 686.142310][T24860] ? kasan_save_free_info+0x3b/0x70 [ 686.144627][T24860] ? __kasan_slab_free+0x5f/0x80 [ 686.146953][T24860] kvm_vm_ioctl+0x1564/0x4080 [ 686.149464][T24860] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 686.152066][T24860] ? tomoyo_path_number_perm+0x46d/0x580 [ 686.154649][T24860] ? kasan_quarantine_put+0x104/0x240 [ 686.157073][T24860] ? lockdep_hardirqs_on+0x78/0x100 [ 686.159436][T24860] ? find_held_lock+0x2b/0x80 [ 686.161116][T24860] ? tomoyo_path_number_perm+0x28f/0x580 [ 686.163805][T24860] ? tomoyo_path_number_perm+0x28f/0x580 [ 686.166563][T24860] ? tomoyo_path_number_perm+0x188/0x580 [ 686.169214][T24860] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 686.171964][T24860] ? futex_wake+0x1ad/0x530 [ 686.174165][T24860] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 686.176940][T24860] ? do_vfs_ioctl+0x226/0x13e0 [ 686.179215][T24860] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 686.181690][T24860] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 686.184523][T24860] ? __fget_files+0x215/0x3d0 [ 686.186109][T24860] ? hook_file_ioctl_common+0x146/0x410 [ 686.188282][T24860] ? selinux_file_ioctl+0x139/0x290 [ 686.191201][T24860] ? selinux_file_ioctl+0xb4/0x290 [ 686.193626][T24860] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 686.195441][T24860] __x64_sys_ioctl+0x18e/0x210 [ 686.197129][T24860] do_syscall_64+0x106/0xf80 [ 686.198656][T24860] ? clear_bhb_loop+0x40/0x90 [ 686.200741][T24860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.203452][T24860] RIP: 0033:0x7fb1aaf9c819 [ 686.206011][T24860] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 686.215030][T24860] RSP: 002b:00007fb1abdcc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 686.218065][T24860] RAX: ffffffffffffffda RBX: 00007fb1ab215fa0 RCX: 00007fb1aaf9c819 [ 686.220890][T24860] RDX: 0000200000000400 RSI: 00000000400caed0 RDI: 0000000000000005 [ 686.224497][T24860] RBP: 00007fb1ab032c91 R08: 0000000000000000 R09: 0000000000000000 [ 686.228179][T24860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.231936][T24860] R13: 00007fb1ab216038 R14: 00007fb1ab215fa0 R15: 00007ffc80e3c778 [ 686.234706][T24860] [ 686.236660][T24860] Kernel Offset: disabled [ 686.238264][T24860] Rebooting in 86400 seconds..