last executing test programs: 2.596825844s ago: executing program 3 (id=5119): r0 = signalfd(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000a00)=""/102400, 0x19000) getrlimit(0x5, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000000)={0x200401, 0x0, 0x30000, 0xb998, 0x0, "194f2f83c2e798c3584770116cddc8819592b1"}) write$binfmt_aout(r2, &(0x7f0000000000)=ANY=[], 0xff2e) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001ac0)={0x5c, 0x0, 0x5, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b}, 0x0, @random=0x6, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x5c}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x28, r6, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'wlan1\x00'}}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00'}, 0x94) socket$nl_route(0x10, 0x3, 0x0) 1.997214023s ago: executing program 3 (id=5135): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r5) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) r6 = socket$kcm(0x11, 0x3, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x1, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_flower={{0xb}, {0x10, 0x2, [@TCA_FLOWER_KEY_ETH_SRC={0xa, 0x6, @broadcast}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$kcm(r6, &(0x7f0000002900)={&(0x7f0000000500)=@xdp={0x2c, 0x8, r4, 0xc}, 0x80, &(0x7f0000002f40)=[{&(0x7f0000000180)}], 0x1}, 0x4) 1.879255728s ago: executing program 3 (id=5140): syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0xc7, 0x1e, &(0x7f0000000400)="b88a660772f0cb53e5c83b5f9dccb917d1639ed89d5380cfa1f1d735a2d3b370cc0537d288f11548fff48462fbf1ae6d2ad6af92bc230fff4d0ff684744c1016477d8a5f82e312f63f7fb44498813eab89455db56ccd33db050eb360e65e1b021bc7c946a7c28ef6b9a01fff0c48f6b8f01fe25f086f88e8715d14983d00cf9e60803078259725e3822468f905bbcb92d96c7c8cdc84c9e9ad83207e43da9b2e2ad51aded9d41ba6e7187333128935e72535ab6a1e7068d9a633a950085c40894f9f603dc34007", &(0x7f0000000040)=""/30, 0x1, 0x0, 0xf2, 0xc, &(0x7f0000000500)="b42a29d9f5089d4bdb1a0b80ee7eb831de1515c0396de1a18bc9e5ef46ae58be428007c8581b8496d41212938ecf33157112202e912f93081324762e7ed08b4be18cf3a353f6cdbe86259adf84fa97274ceea6dc1199a281f5b9f6af4e527c5047cb3ecc636dd805d6b1554c1d0fa894a0e880b4fbeb7981346fd8ae1ab88313d3250cc626eea78c5fc9477bf4732514b1d998793f73f104aaf066a7dfb943b0ebf8bd7fea72dd9d258fb75faca86e5dbd2190460b15cfbe33dc89fcf8cea28834d98499f40d0489dce3967c3f3548810cdf62394c5617414d78603241966a55cfce57df90f014f5224c012a286db1eefc04", &(0x7f0000000140)="bcbabe27fe9d1db4078609f3", 0x3, 0x0, 0x3}, 0x50) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') ioctl$BTRFS_IOC_ADD_DEV(r1, 0xb701, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000018c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) landlock_restrict_self(0xffffffffffffffff, 0xf) r3 = syz_io_uring_setup(0x5194, &(0x7f0000000300)={0x0, 0x58c9, 0x400, 0x1, 0x2b9}, &(0x7f0000000100)=0x0, &(0x7f00000002c0)=0x0) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000001c0)=[{&(0x7f00000004c0)=""/120, 0x78}], 0x1) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='='], 0x38}}, 0x80) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000d, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x92, 0x0, @fd=r6, 0x1000, 0x0, 0x6, 0x0, 0x1}) io_uring_enter(r3, 0x6686, 0x2936, 0x28, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x6, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES16=0x0, @ANYRES64=r4], 0x0, 0x7, 0x0, 0x0, 0x41000, 0xf72cb191e650caa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffd44, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) syz_open_dev$loop(&(0x7f0000000280), 0x10001, 0x14f600) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x1, 0x0, {}, {0x0, 0x0, 0xfc, 0x4, 0x0, 0xfe, "9000"}, 0x0, 0x2, {}, 0x20800}) r8 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r8, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbff}, 0xc) r9 = socket$kcm(0x10, 0x3, 0x10) setsockopt$MRT6_ADD_MFC_PROXY(r7, 0x29, 0xd2, &(0x7f0000000380)={{0xa, 0x4e21, 0x8, @remote}, {0xa, 0x4e20, 0x1409, @private1, 0x200}, 0x1, {[0x5, 0x6, 0x4, 0x4, 0x8000, 0x8, 0xffffffff, 0x3]}}, 0x5c) sendmsg$kcm(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0) write$binfmt_misc(r7, &(0x7f0000000040), 0xe09) r10 = syz_open_dev$radio(&(0x7f00000000c0), 0x2, 0x2) ioctl$VIDIOC_G_TUNER(r10, 0xc054561d, &(0x7f0000000140)={0x0, "4ff88b2de3b3323b4f0558449d00", 0x2, 0x0, 0x0, 0x7ff, 0x0, 0x4, 0x2, 0xb}) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) 1.798640923s ago: executing program 3 (id=5141): r0 = syz_open_dev$I2C(&(0x7f0000000100), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000ffffffffff02000000580001800d0001007564703a73797a31000000"], 0x6c}}, 0x0) (async) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000ffffffffff02000000580001800d0001007564703a73797a31000000"], 0x6c}}, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x40140) poll(&(0x7f00000001c0)=[{r3, 0xc020}, {r0, 0x4044}], 0x2, 0xffffff04) (async) poll(&(0x7f00000001c0)=[{r3, 0xc020}, {r0, 0x4044}], 0x2, 0xffffff04) 1.226836458s ago: executing program 1 (id=5143): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) sendmmsg(r0, 0x0, 0x0, 0x0) 1.226545486s ago: executing program 1 (id=5144): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) ioctl$TUNSETPERSIST(r6, 0x400454c9, 0x1) ioctl$TUNSETPERSIST(r6, 0x400454cb, 0x1) ioctl$TUNSETPERSIST(r6, 0x400454cb, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x54, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0xb, 0x4}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0xf77d, 0x2, 0x1}, {0x9, 0x0, 0x1}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20051090}, 0x8000) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$SIOCSIFHWADDR(r10, 0x8924, &(0x7f0000000000)={'vlan0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}) close(r10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x7, r11, 0x3b}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000140)="d0", 0x1}], 0x1}, 0xc804) 1.087518353s ago: executing program 1 (id=5145): r0 = syz_open_dev$media(&(0x7f0000000000), 0x4007, 0x42e00) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000940)=0xffffffffffffffff) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0x7c81, 0x0) 1.01893546s ago: executing program 1 (id=5146): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x1000, 0x0, r0}, 0x50) close(0x3) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r4 = socket$packet(0x11, 0x2, 0x300) bind$packet(r4, &(0x7f0000000d00)={0x11, 0x0, r3, 0x1, 0x7f, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb5}}, 0x14) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f0000000600)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0xb, [@fwd={0x1}, @type_tag={0x1, 0x0, 0x0, 0x12, 0x1}]}, {0x0, [0x5f, 0x61, 0x2e, 0x5f, 0x2e, 0x0, 0x30, 0x30, 0x2e]}}, &(0x7f0000000640)=""/137, 0x3b, 0x89, 0x1, 0x3}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@bloom_filter={0x1e, 0x1f, 0x4, 0x7fff, 0x40, 0xffffffffffffffff, 0x9bdf, '\x00', r3, r5, 0x0, 0x0, 0x1, 0x8}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1}, &(0x7f0000000180), &(0x7f00000002c0)=r0}, 0x20) r6 = socket(0x2d, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(r6, &(0x7f0000000080)={&(0x7f0000000100)={0x2d, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x20014081}, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0xfffffff2, 0x800000000006, 0x0, 0x0, 0x0, 0x0) sendmmsg$alg(r6, &(0x7f00000005c0)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000004c0)="d190d17941d3793e1d3382f0ab2b1991e4e83f53f06be6e67186a914da975ea883edd31e893ad0908292d359b52cfd0a47efac09a5a96593750949bce0eb74a7cbea63b85dc502741f09daa1a02b18276c49d452a656714d9c0567c533331946d3a5563242bc9dde7776e3", 0x6b}], 0x1, &(0x7f0000000580)=[@assoc={0x18, 0x117, 0x4, 0x1}], 0x18, 0x80}], 0x1, 0x4040010) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x62, 0x5, 0x430, 0x2a0, 0x2a0, 0xffffffff, 0x188, 0xe0, 0x398, 0x398, 0xffffffff, 0x398, 0x398, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00'}, 0x0, 0xa8, 0xe0, 0x0, {0x22e}, [@common=@unspec=@statistic={{0x38}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x19, @multicast1, @remote, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @multicast1, @empty, @gre_key, @icmp_id}}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_hsr\x00', 'ipvlan0\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key}}}}, {{@ip={@remote, @empty, 0x0, 0x0, 'veth1_to_batadv\x00', 'pim6reg\x00', {0xff}}, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@ttl={{0x28}}, @common=@inet=@tcpmss={{0x28}, {0xf}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x16, @remote, @broadcast, @icmp_id, @port=0xfffc}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x490) r8 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f0000000180)={'pcl730\x00', [0xd00, 0x4, 0x10001, 0x0, 0x3, 0xcc7, 0x8, 0x7, 0x5, 0xff, 0x2, 0x1, 0x1, 0x2, 0x9, 0x9, 0xbc76146, 0x9, 0xffffffff, 0x40000003, 0x8c, 0x8, 0x5, 0x6, 0x800b, 0x48, 0x5, 0x6, 0xd, 0x1, 0x8000]}) r9 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r9, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x2, 0xd59f7f, 0xf9, 0x42, 0x200008, 0x3, 0x3, 0x2800, 0x27fc, 0x2, 0x2, 0x1d, 0x22, {0x8, 0xffffffff}, 0xd0, 0x8}}) 959.132804ms ago: executing program 3 (id=5150): openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="6000000002060108000000000000000005000003050005000a000000050001000700000005000400000000000900020073797a310000000014000300686173683a69702c706f72742c69700014000780080006400000020008000840"], 0x60}, 0x1, 0x0, 0x0, 0x90}, 0x40c0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRESOCT], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 684.951114ms ago: executing program 0 (id=5154): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) getsockopt(r2, 0x111, 0x4, 0x0, &(0x7f0000000080)) connect$inet6(0xffffffffffffffff, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f00000000c0)={{0x80}, 'port0\x00', 0xe3, 0x1b1c07, 0x1000, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6}) readv(r3, &(0x7f0000000080)=[{&(0x7f0000002600)=""/46, 0x2e}], 0x1) r4 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_elf64(r4, &(0x7f00000000c0)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x0, 0x7, 0x2, 0x81, 0x3, 0x3e, 0xfffffff9, 0x1d8, 0x40, 0x8b, 0xd33, 0x5, 0x38, 0x1, 0x78, 0x7, 0x9}, [{0x6474e551, 0x2, 0x2007, 0x5, 0x7fff, 0x7980, 0x0, 0x3}]}, 0x78) lsetxattr$security_capability(&(0x7f0000002580)='./file0\x00', &(0x7f00000025c0), 0x0, 0x0, 0x0) close(r4) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) close_range(r3, r3, 0x0) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) close_range(r5, r5, 0x0) 584.536125ms ago: executing program 0 (id=5155): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x8000}, 0x50) (async) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000002480)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, &(0x7f0000000040), 0xfffffffffffffeff}, 0x0) (async) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000040), 0x4) (async) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') (async) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'}) r2 = socket(0x2c, 0x3, 0x0) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x48) (async, rerun: 64) r4 = socket(0x2c, 0x3, 0x0) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) (async) r5 = userfaultfd(0x801) (async) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) (async) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async, rerun: 64) timer_settime(r6, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) (async, rerun: 64) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x5031, 0xffffffffffffffff, 0xc2dcc000) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x428}) (async) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) (async) r8 = socket$unix(0x1, 0x2, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r10, @ANYBLOB="0c009900ff070000780000001400040073797a6a616c6c657230000000000000080005000700"], 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r3, &(0x7f0000000140), &(0x7f0000000080)=@udp=r4}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r3, &(0x7f0000000140), &(0x7f0000000080)=@tcp6=r2, 0x2}, 0x20) (async) mknodat(r1, &(0x7f0000000040)='./file0\x00', 0x200, 0x9) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x4) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=@newlink={0x20, 0x10, 0x100, 0x0, 0x0, {0x0, 0x0, 0x0, r11}}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 584.198988ms ago: executing program 0 (id=5156): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'default', 0x20, 'trusted:', 's}z', 0x20, 0xfcd}, 0x2f, 0xfffffffffffffffa) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x24, 0x10, 0x200, 0x0, 0x40000000, {0x0, 0x0, 0x0, 0x0, {0x9, 0x4}, {0x4}, {0xe, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x0) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x20400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'comedi_test\x00', [0x83fb, 0x789b1c25, 0x29, 0x4, 0x4, 0xcc7, 0x8, 0x8d, 0x9, 0x0, 0x2, 0x1, 0x8, 0x1, 0x6, 0x81, 0x6, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e5c, 0xb, 0xffc00004, 0x725bd8a9, 0x8, 0x100006, 0xf7fffff7, 0xfffffff8]}) ioctl$COMEDI_INSNLIST(r2, 0x8010640b, &(0x7f0000000200)={0x0, 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r10 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r11) ioctl$IOCTL_GET_NCIDEV_IDX(r10, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r12, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r13], 0x1c}}, 0x4008054) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000240)=0x0) sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x34, 0x0, 0x10, 0x70bd2b, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r13}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r14}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x34}}, 0x200180d0) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@newqdisc={0x30, 0x28, 0x100, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cbq={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r15 = socket$netlink(0x10, 0x3, 0x0) r16 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r16, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r15, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newqdisc={0x24, 0x29, 0x4ee4e6a52ff56541, 0x4005, 0xfffffdfc, {0x0, 0x0, 0x0, r17, {}, {0xffff, 0xffff}, {0x2, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x408d8}, 0x0) 476.398894ms ago: executing program 2 (id=5158): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0xfffe, 0x9, @mcast2={0xff, 0x3}, 0x80}, 0x1c) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000340)=ANY=[], 0x8) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='batadv0\x00', 0x10) sendto$inet6(r0, &(0x7f0000000040)="82ff0000", 0x49, 0x0, 0x0, 0xf) 447.585143ms ago: executing program 0 (id=5159): getsockopt(0xffffffffffffffff, 0x200000000114, 0x2720, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r3, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r3, 0x0, &(0x7f0000000080)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x40000) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x1, 0xf) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x403, 0x78bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x44}, 0x1, 0x0, 0x0, 0x600}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x58, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4408}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @loopback}, @IFLA_GENEVE_TTL_INHERIT={0x5, 0xc, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 444.046159ms ago: executing program 2 (id=5160): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0xffff2153, 0x2, 0xa, 0xd, 0x1c4, 0x7, 0x2, 0x6}}}}]}, 0x58}}, 0x2000c090) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xd, 0x0, 0x9, 0x3}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20048081}, 0xc0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r8) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) r9 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\x00', 0x1}], 0x1}, 0x4) 318.558905ms ago: executing program 0 (id=5161): r0 = socket$rxrpc(0x21, 0x2, 0xa) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) fcntl$setstatus(r1, 0x4, 0x4400) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r4) getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001240)=@delchain={0x3c, 0x64, 0x400, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {0xfff3, 0xe}, {0xa, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_FLAGS={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40044}, 0x4804) r6 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r6, 0x29, 0x43, &(0x7f0000000240)=0x3b, 0x4) r7 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r7, &(0x7f0000000080)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) syz_genetlink_get_family_id$tipc2(&(0x7f00000020c0), r2) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00') read$FUSE(r8, &(0x7f0000000080)={0x2020}, 0x2020) sendmsg$inet(r7, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000002140), r1) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f0000002240)={&(0x7f0000002100)={0x10, 0x0, 0x0, 0xa4081200}, 0xc, &(0x7f0000002200)={&(0x7f0000002180)={0x4c, r9, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x8}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1b}, @MPTCP_PM_ATTR_LOC_ID={0x5}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x389441b5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x4000001) connect$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24) r10 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000200), 0x20a00, 0x0) ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000040)=0x11) ioctl$TIOCSSOFTCAR(r10, 0x5412, &(0x7f0000000040)=0x8) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) 256.173417ms ago: executing program 0 (id=5162): mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r4, 0x9c3fa077fa966179, 0x12, 0x0, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800) 185.187304ms ago: executing program 2 (id=5163): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32=r1, @ANYBLOB="0000000000000000240012800b000100627269646765000014000280060027000000000005002d"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 183.394181ms ago: executing program 2 (id=5164): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) (async) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_pidfd_open(r1, 0x0) fcntl$setlease(r2, 0x400, 0x1) syz_pidfd_open(r1, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x41, 0x0) (async) io_uring_register$IORING_REGISTER_PROBE(r0, 0x8, &(0x7f0000000000)={0x0, 0x0, 0x0, '\x00', [{}]}, 0x1) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe0}}, 0x0) 182.921087ms ago: executing program 1 (id=5165): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd2b, 0xfffffffe, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0x5, 0x3, 0x2, 0x1}, 0xffffffff}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}}, 0x2) close(r3) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r2, &(0x7f0000000640)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r6, 0x40}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000200)="27030200000314000e00203c0024000000000006", 0x14}, {&(0x7f00000022c0)="6037524d630f68287629547bd5c098e381953c405689f3afe4ec", 0x1a}], 0x2}, 0x4041) 118.389365ms ago: executing program 2 (id=5166): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000540)='\x00', 0x1}, {&(0x7f0000000440)="cac668b490040f7127cacdeaddd68f80a03f0d943bc0fff55e39bc1a18ab8cf1262632e044d619eef5e44506125cc27d10940c903237db8b782d172fbd90c642dac13b57038466add96d", 0x4a}], 0x2}}], 0x1, 0x20008050) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x0, 0x8}, 0x8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x9) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4138ae84, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW2(r5, 0x402c542c, &(0x7f00000000c0)={0xfffffbd8, 0x0, 0x4, 0x6, 0x6, "03170e00000000000000000000000000004000", 0x4, 0x200}) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_ECN={0x8, 0xa, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0xff) ioctl$TIOCGPTPEER(r4, 0x4004092b, 0x200000000005) ioctl$VHOST_SET_VRING_BASE(r4, 0x4008af12, &(0x7f0000000100)={0x2, 0x6}) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x5, 0x2, 0x9c, 0x0, 0x2, 0x7f, 0x9, 0x5, 0x2, 0x5, 0x5, 0x5, 0x0, 0x9, 0x8, 0xe, 0x6, 0x8, 0xf, '\x00', 0x0, 0x3f92}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r9 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f0000000000)='source', &(0x7f0000000300)='#\n$)-.\x02\xcc\xd7\xb2f\xcdY\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112s\x88\n\x13:\xd6\xfa\xd5?\xc7\xfd&\x8d*\xbb|&#\xe9\xa3\'\x91>\x8f\x97\x18\xce\x92\xc9\xa8\x1c\x9d\\C\xfeI%\xae\x8fKHq\x89\x83\xbb\x9dC\xd6Hy\xfao\x04\xa4\xb6\x88\xdb\xa1b\xae\xa7\x87\xcc\xc7\xa4\xdc\n=/o\xf3\x96\xaf\b1\x1b48\bu\x01\xab\x90Q\xe8r\xe7\r\'-06,\xff\x84x\'+\xd5\xd4?[e\x19\xa3\\p\xe9\x8a\xb9\xe495\x12B\x06\xe5\x8f\x83Vb\xf1\xbc\x00E\x1a\x9bH$\x1f^\x9dX\xd0\xca\xcc\xc9\x86\xaa\xd0\x9c\xc0\x82\xabE\xcc{\xcd\xd3\xdb\x97v\x9c\xbd%fN1\xd4[\xa0\x0f\xdd.\x15\xf1)\xd6\xd8\x1cb\xc5\xd9=c\xb5U|+K*\x9f\x01u\xb0\xe4\x98_o\xb5\xdcN\xe3C\x15\x1f\xa91g\x89v\\^\x107N\'r\xa4\xb1tVv\bej\xf8\xa0\xe0\a\xd1\xfb\xa6\x80s\xd5L\x87f\"\xaf\xd2\xe1qc\xde\x03\xd1\xf6\x12\x9c\x11\xe58\xa6&\xa1I\x93\xfa\xed\xe0w\x9eM\xa3\xf2\xe0\xaa\x9d\xbf\xa9\xda|\xaa\xc3\x86$\x835\xca\x88V\x1e\xeb\xda\xe4pW#', 0xfeffffff00000000) close_range(r3, r8, 0x2) r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/uevent_helper', 0x129a82, 0x0) sendfile(r10, r10, 0x0, 0x8) ioctl$FS_IOC_SETVERSION(r10, 0x40087602, &(0x7f0000000000)=0x6) 118.117014ms ago: executing program 2 (id=5167): r0 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f00000003c0)="0f326635004000000f300f00d636808a0d0001ba4300b80b00eb66b88c5000000f23d02a3ff866352000000e0f23f80f01c30f789deb32660f3a21cf220f2bb00058660f1bde", 0x46}], 0x1, 0x0, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xfffc}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x4}, @NFTA_TARGET_NAME={0x8, 0x1, 'LED\x00'}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x80}, 0x1, 0x0, 0x0, 0x20048000}, 0x200000c4) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) syz_io_uring_setup(0x56d6, &(0x7f0000000440)={0x0, 0xabf4, 0x8, 0x4, 0x24f}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="440100000e0833878b89cc70101d9cb0719c6a012f0a000000dc779514bf0826036d98ae9913854a33759be32d7c6241ec8b8ff31c11a1", @ANYRES16=r0, @ANYBLOB="000226bd7000fedbdf2518000000080001007063690011000200303030303a30303a31302e3000000000080003000000000008000b000300000006001600070000000500120000000000060011000700000008000b0000020000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b00060000000600160000080000050012000000000006001100ff7f000008000b00ff0f0000080001007063690011000200303030303a30303a31302e3000000000080003000200000008000b00ff0f000006001600001000000500120001000000060011000800000008000b0000080000080001007063690011000200303030303a30303a31302e3000000000080003000200000008000b000700000006001600040000000500120001000000060011000600000008000b001e050000"], 0x144}, 0x1, 0x0, 0x0, 0x4004800}, 0x20000810) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) syz_emit_ethernet(0x3e, &(0x7f0000000600)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x6, 0x6, "bc71b5", 0x8, 0x11, 0x1, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, {[], {0x4e24, 0x4e21, 0x8}}}}}}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800014000000000080002400000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c00038018000380140001007465616d300000000000000000000000080007"], 0xd8}, 0x1, 0x0, 0x0, 0x4008894}, 0x200008d4) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYRESOCT=0x0, @ANYRESOCT=0x0, @ANYRES32=r9, @ANYRES64=r9], 0x44}, 0x1, 0x0, 0x0, 0x4040800}, 0x0) 10.061821ms ago: executing program 3 (id=5168): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, &(0x7f00000009c0)=@framed={{}, [@printk={@p, {0x3, 0x0, 0x6, 0xa, 0x1, 0xfff8, 0x41}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd2b, 0xfffffffe, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0x5, 0x3, 0x2, 0x1}, 0xffffffff}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}}, 0x2) close(r3) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r2, &(0x7f0000000640)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r6, 0x40}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000200)="27030200000314000e00203c0024000000000006", 0x14}, {&(0x7f00000022c0)="6037524d630f68287629547bd5c098e381953c405689f3afe4ec", 0x1a}], 0x2}, 0x4041) 0s ago: executing program 1 (id=5169): socket$unix(0x1, 0x5, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = syz_io_uring_setup(0xbde, &(0x7f0000000540)={0x0, 0xec25, 0x400, 0x3, 0x38a}, &(0x7f0000000dc0)=0x0, &(0x7f0000000a40)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000d00)=[{&(0x7f00000001c0)=""/30, 0x1e}], 0x1}) io_uring_enter(r2, 0x40857ba, 0x0, 0xe, 0x0, 0x0) kernel console output (not intermixed with test programs): ipc: Enabling of bearer rejected, already enabled [ 498.869037][ T397] Bluetooth: hci2: Frame reassembly failed (-84) [ 500.917671][T16440] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3540'. [ 500.920700][T16440] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3540'. [ 500.925106][T16440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3540'. [ 500.928808][T16440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3540'. [ 500.929598][ T5288] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 500.929661][T16280] Bluetooth: hci2: command 0x1003 tx timeout [ 500.931861][T16440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3540'. [ 500.939135][T16440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3540'. [ 501.056643][T16446] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3542'. [ 501.102262][T16445] tipc: Enabling of bearer rejected, already enabled [ 501.329528][ T50] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 501.469495][ T50] usb 6-1: device descriptor read/64, error -71 [ 501.739564][ T50] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 501.879545][ T50] usb 6-1: device descriptor read/64, error -71 [ 501.909514][ T6016] usb 7-1: new full-speed USB device number 103 using dummy_hcd [ 501.999821][ T50] usb usb6-port1: attempt power cycle [ 502.101247][ T6016] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 502.104952][ T6016] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 502.111918][ T6016] usb 7-1: New USB device found, idVendor=0525, idProduct=b4a8, bcdDevice= 0.41 [ 502.115494][ T6016] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 502.118746][ T6016] usb 7-1: Product: syz [ 502.120414][ T6016] usb 7-1: Manufacturer: syz [ 502.122212][ T6016] usb 7-1: SerialNumber: syz [ 502.337204][ T6016] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 103 if 0 alt 0 proto 1 vid 0x0525 pid 0xB4A8 [ 502.349560][ T50] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 502.370056][ T50] usb 6-1: device descriptor read/8, error -71 [ 502.541845][T16464] netlink: 144 bytes leftover after parsing attributes in process `syz.3.3550'. [ 502.543338][ T54] usb 7-1: USB disconnect, device number 103 [ 502.556210][ T54] usblp0: removed [ 502.629626][ T50] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 502.659937][ T50] usb 6-1: device descriptor read/8, error -71 [ 502.769797][ T50] usb usb6-port1: unable to enumerate USB device [ 503.096667][ T61] Bluetooth: hci2: Frame reassembly failed (-84) [ 503.218299][T16479] tipc: Enabling of bearer rejected, already enabled [ 503.938914][T16486] ptrace attach of "/syz-executor exec"[16487] was attempted by "/syz-executor exec"[16486] [ 505.169663][ T5288] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 505.169700][T16280] Bluetooth: hci2: command 0x1003 tx timeout [ 505.251202][ T40] audit: type=1400 audit(1774452895.948:519): avc: denied { bind } for pid=16491 comm="syz.1.3559" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 505.269927][ T40] audit: type=1400 audit(1774452895.948:520): avc: denied { listen } for pid=16491 comm="syz.1.3559" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 505.600032][ T24] usb 5-1: new full-speed USB device number 123 using dummy_hcd [ 505.753113][ T24] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 505.756934][ T24] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 505.760317][ T24] usb 5-1: Product: syz [ 505.762181][ T24] usb 5-1: Manufacturer: syz [ 505.764141][ T24] usb 5-1: SerialNumber: syz [ 505.768882][ T24] usb 5-1: config 0 descriptor?? [ 505.785179][ T54] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 505.931077][ T54] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 505.935236][ T54] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 505.938911][ T54] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 505.942770][ T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.949062][ T54] usb 6-1: config 0 descriptor?? [ 505.975384][ T1460] usb 5-1: USB disconnect, device number 123 [ 506.162329][ T9] usb 6-1: USB disconnect, device number 8 [ 506.180848][T16513] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3566'. [ 506.453773][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.829703][ T90] Bluetooth: hci2: Frame reassembly failed (-84) [ 506.989924][ T40] audit: type=1400 audit(1774452897.688:521): avc: denied { create } for pid=16523 comm="syz.3.3570" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 507.009632][ T40] audit: type=1400 audit(1774452897.698:522): avc: denied { write } for pid=16523 comm="syz.3.3570" name="file0" dev="tmpfs" ino=2319 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 507.020442][ T40] audit: type=1400 audit(1774452897.698:523): avc: denied { open } for pid=16523 comm="syz.3.3570" path="/431/file0" dev="tmpfs" ino=2319 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 507.029542][ T40] audit: type=1400 audit(1774452897.698:524): avc: denied { ioctl } for pid=16523 comm="syz.3.3570" path="/431/file0" dev="tmpfs" ino=2319 ioctlcmd=0x1269 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 507.039209][ T40] audit: type=1400 audit(1774452897.708:525): avc: denied { unlink } for pid=12985 comm="syz-executor" name="file0" dev="tmpfs" ino=2319 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 507.167008][T16533] tipc: Enabling of bearer rejected, already enabled [ 507.249941][ T6016] usb 7-1: new high-speed USB device number 104 using dummy_hcd [ 507.411233][ T6016] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9865, setting to 1024 [ 507.416077][ T6016] usb 7-1: New USB device found, idVendor=0b05, idProduct=1abe, bcdDevice= 0.00 [ 507.420685][ T6016] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.427790][ T6016] usb 7-1: config 0 descriptor?? [ 507.431176][T16526] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 507.711047][ T54] usb 5-1: new high-speed USB device number 124 using dummy_hcd [ 507.843193][ T6016] asus 0003:0B05:1ABE.0017: unknown main item tag 0x0 [ 507.845917][ T6016] asus 0003:0B05:1ABE.0017: unknown main item tag 0x0 [ 507.851003][ T6016] asus 0003:0B05:1ABE.0017: unknown main item tag 0x0 [ 507.853648][ T6016] asus 0003:0B05:1ABE.0017: unknown main item tag 0x0 [ 507.856156][ T6016] asus 0003:0B05:1ABE.0017: unknown main item tag 0x0 [ 507.858764][ T6016] asus 0003:0B05:1ABE.0017: unknown main item tag 0x0 [ 507.861645][ T6016] asus 0003:0B05:1ABE.0017: unknown main item tag 0x0 [ 507.863897][ T6016] asus 0003:0B05:1ABE.0017: unknown main item tag 0x0 [ 507.866042][ T6016] asus 0003:0B05:1ABE.0017: unknown main item tag 0x0 [ 507.868339][ T6016] asus 0003:0B05:1ABE.0017: unknown main item tag 0x0 [ 507.872541][ T6016] asus 0003:0B05:1ABE.0017: unbalanced collection at end of report description [ 507.875676][ T6016] asus 0003:0B05:1ABE.0017: Asus hid parse failed: -22 [ 507.877908][ T6016] asus 0003:0B05:1ABE.0017: probe with driver asus failed with error -22 [ 507.881218][ T54] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 507.884741][ T54] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 507.888191][ T54] usb 5-1: config 0 interface 0 has no altsetting 0 [ 507.892980][ T54] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 507.896773][ T54] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 507.900469][ T54] usb 5-1: Product: syz [ 507.901893][ T54] usb 5-1: Manufacturer: syz [ 507.903677][ T54] usb 5-1: SerialNumber: syz [ 507.908598][ T54] usb 5-1: config 0 descriptor?? [ 507.913139][ T54] hub 5-1:0.0: bad descriptor, ignoring hub [ 507.915685][ T54] hub 5-1:0.0: probe with driver hub failed with error -5 [ 507.921254][ T54] usb 5-1: selecting invalid altsetting 0 [ 508.040569][ T1460] usb 7-1: USB disconnect, device number 104 [ 508.354057][T16546] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3579'. [ 508.358194][T16546] veth1_macvtap: left promiscuous mode [ 508.362470][T16546] macsec0: entered promiscuous mode [ 508.374558][T16546] veth1_macvtap: entered promiscuous mode [ 508.379602][T16546] macsec0: left promiscuous mode [ 508.393006][ T40] audit: type=1400 audit(1774452899.088:526): avc: denied { create } for pid=16545 comm="syz.3.3579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 508.662589][T16560] tipc: Enabling of bearer rejected, already enabled [ 508.809640][T16535] usb 5-1: reset high-speed USB device number 124 using dummy_hcd [ 508.860748][T16280] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 508.862110][ T5288] Bluetooth: hci2: command 0x1003 tx timeout [ 509.197768][T16535] usb 5-1: failed to restore interface 0 altsetting 251 (error=-71) [ 509.206357][ T6016] usb 5-1: USB disconnect, device number 124 [ 510.034208][T16588] wg1 speed is unknown, defaulting to 1000 [ 510.038046][T16588] wg1 speed is unknown, defaulting to 1000 [ 510.043487][T16588] wg1 speed is unknown, defaulting to 1000 [ 510.048873][T16588] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 510.065070][T16588] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 510.131569][T16588] wg1 speed is unknown, defaulting to 1000 [ 510.136709][T16588] wg1 speed is unknown, defaulting to 1000 [ 510.141423][T16588] wg1 speed is unknown, defaulting to 1000 [ 510.149987][T16588] wg1 speed is unknown, defaulting to 1000 [ 510.334697][T16600] fuse: Unknown parameter '0xffffffffffffffff' [ 510.955608][ T40] audit: type=1400 audit(1774452901.648:527): avc: denied { setopt } for pid=16618 comm="syz.3.3607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 511.548269][T16605] syz.2.3600 (16605): drop_caches: 2 [ 511.946314][T16623] tipc: Enabling of bearer rejected, already enabled [ 512.839812][T16634] hub 9-0:1.0: USB hub found [ 512.841895][T16634] hub 9-0:1.0: 1 port detected [ 513.184987][ T40] audit: type=1400 audit(1774452903.878:528): avc: denied { wake_alarm } for pid=16635 comm="syz.0.3613" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 513.619524][ T6016] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 513.780790][ T6016] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 513.784572][ T6016] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 513.787810][ T6016] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 513.792204][ T6016] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 513.795102][ T6016] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.799212][ T6016] usb 6-1: config 0 descriptor?? [ 514.213819][ T6016] usbhid 6-1:0.0: can't add hid device: -71 [ 514.215800][ T6016] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 514.225808][ T6016] usb 6-1: USB disconnect, device number 9 [ 514.495618][T16673] tipc: Enabling of bearer rejected, already enabled [ 514.999566][ T6016] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 515.150581][ T6016] usb 6-1: no configurations [ 515.152786][ T6016] usb 6-1: can't read configurations, error -22 [ 515.279538][ T6016] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 515.730167][ T6016] usb 6-1: no configurations [ 515.731981][ T6016] usb 6-1: can't read configurations, error -22 [ 515.734360][ T6016] usb usb6-port1: attempt power cycle [ 515.978742][ T40] audit: type=1400 audit(1774452906.668:529): avc: denied { getopt } for pid=16689 comm="syz.3.3633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 516.022734][T16696] QAT: failed to copy from user. [ 516.089535][ T6016] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 516.122791][ T6016] usb 6-1: no configurations [ 516.125493][ T6016] usb 6-1: can't read configurations, error -22 [ 516.186778][T16700] tipc: Enabling of bearer rejected, already enabled [ 516.279537][ T6016] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 516.311579][ T6016] usb 6-1: no configurations [ 516.313312][ T6016] usb 6-1: can't read configurations, error -22 [ 516.318378][ T6016] usb usb6-port1: unable to enumerate USB device [ 516.430823][ T40] audit: type=1400 audit(1774452907.128:530): avc: denied { write } for pid=16713 comm="syz.0.3644" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 516.438231][ T40] audit: type=1400 audit(1774452907.128:531): avc: denied { open } for pid=16713 comm="syz.0.3644" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 516.709727][ T50] usb 5-1: new full-speed USB device number 125 using dummy_hcd [ 516.871640][T16722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3647'. [ 517.063280][ T50] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 517.066398][ T50] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 517.069012][ T50] usb 5-1: Product: syz [ 517.070659][ T50] usb 5-1: Manufacturer: syz [ 517.072255][ T50] usb 5-1: SerialNumber: syz [ 517.076015][ T50] usb 5-1: config 0 descriptor?? [ 517.282751][ T6016] usb 5-1: USB disconnect, device number 125 [ 518.130210][T16738] syz.0.3653 (16738): drop_caches: 2 [ 518.207278][ T1460] usb 6-1: new full-speed USB device number 14 using dummy_hcd [ 518.255707][T16740] wg1 speed is unknown, defaulting to 1000 [ 518.371861][ T1460] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 518.374862][ T1460] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 518.381419][ T1460] usb 6-1: New USB device found, idVendor=0525, idProduct=b4a8, bcdDevice= 0.41 [ 518.384757][ T1460] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 518.387658][ T1460] usb 6-1: Product: syz [ 518.389154][ T1460] usb 6-1: Manufacturer: syz [ 518.391160][ T1460] usb 6-1: SerialNumber: syz [ 518.609739][ T1460] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 0 proto 1 vid 0x0525 pid 0xB4A8 [ 518.814563][ T24] usb 6-1: USB disconnect, device number 14 [ 518.819741][ T24] usblp0: removed [ 519.358255][T16767] wg1 speed is unknown, defaulting to 1000 [ 519.469579][ T6015] usb 7-1: new high-speed USB device number 105 using dummy_hcd [ 519.629628][ T6015] usb 7-1: Using ep0 maxpacket: 8 [ 519.632539][ T6015] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 519.635076][ T6015] usb 7-1: config 0 has no interface number 0 [ 519.637033][ T6015] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 519.640967][ T6015] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 519.644804][ T6015] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 519.648491][ T6015] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 519.652088][ T6015] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 519.656389][ T6015] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 519.659866][ T6015] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.671136][ T6015] usb 7-1: config 0 descriptor?? [ 519.681393][ T6015] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 519.707625][T16773] syz.1.3664 (16773): drop_caches: 2 [ 519.878210][T16761] ldusb 7-1:0.55: Couldn't submit interrupt_in_urb -90 [ 519.883176][ T50] usb 7-1: USB disconnect, device number 105 [ 519.895499][ T50] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 519.999594][ T24] usb 5-1: new high-speed USB device number 126 using dummy_hcd [ 520.171174][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 520.175818][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 520.180223][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 520.185645][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 520.189743][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.196101][ T24] usb 5-1: config 0 descriptor?? [ 520.605329][ T24] usbhid 5-1:0.0: can't add hid device: -71 [ 520.607505][ T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 520.618938][ T24] usb 5-1: USB disconnect, device number 126 [ 520.759575][ T54] usb 7-1: new high-speed USB device number 106 using dummy_hcd [ 520.911599][ T54] usb 7-1: config index 0 descriptor too short (expected 39, got 27) [ 520.915419][ T54] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 520.919856][ T54] usb 7-1: config 0 interface 0 has no altsetting 0 [ 520.924666][ T54] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 520.928093][ T54] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 520.932083][ T54] usb 7-1: Product: syz [ 520.934270][ T54] usb 7-1: Manufacturer: syz [ 520.936489][ T54] usb 7-1: SerialNumber: syz [ 520.940311][ T54] usb 7-1: config 0 descriptor?? [ 520.944164][ T54] hub 7-1:0.0: bad descriptor, ignoring hub [ 520.946608][ T54] hub 7-1:0.0: probe with driver hub failed with error -5 [ 520.952548][ T54] usb 7-1: selecting invalid altsetting 0 [ 521.149328][ T54] libceph: connect (1)[c::]:6789 error -101 [ 521.151610][ T54] libceph: mon0 (1)[c::]:6789 connect error [ 521.304289][T16795] ceph: No mds server is up or the cluster is laggy [ 521.609514][ T1460] usb 5-1: new full-speed USB device number 127 using dummy_hcd [ 521.659567][ T6016] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 521.761067][ T1460] usb 5-1: config 246 has an invalid interface number: 166 but max is 0 [ 521.764356][ T1460] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 521.768708][ T1460] usb 5-1: config 246 has no interface number 0 [ 521.771575][ T1460] usb 5-1: config 246 interface 166 altsetting 118 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 521.776091][ T1460] usb 5-1: config 246 interface 166 has no altsetting 0 [ 521.780483][ T1460] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63 [ 521.783624][ T1460] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.786729][ T1460] usb 5-1: Product: syz [ 521.788610][ T1460] usb 5-1: Manufacturer: syz [ 521.790925][ T1460] usb 5-1: SerialNumber: syz [ 521.819532][ T6016] usb 6-1: Using ep0 maxpacket: 8 [ 521.823503][ T6016] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 521.827218][ T6016] usb 6-1: config 0 has no interface number 0 [ 521.830265][ T6016] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 521.834849][ T6016] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 521.839810][ T6016] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 521.844866][ T6016] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 521.850705][ T6016] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 521.854735][ T6016] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.860103][T16788] usb 7-1: reset high-speed USB device number 106 using dummy_hcd [ 521.860618][ T6016] usb 6-1: config 0 descriptor?? [ 521.868208][ T6016] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 522.000982][ T1460] usb 5-1: Cannot retrieve CPort count: -71 [ 522.003205][ T1460] usb 5-1: Cannot retrieve CPort count: -71 [ 522.005340][ T1460] es2_ap_driver 5-1:246.166: probe with driver es2_ap_driver failed with error -71 [ 522.013206][ T1460] usb 5-1: USB disconnect, device number 127 [ 522.234838][T16788] usb 7-1: failed to restore interface 0 altsetting 251 (error=-71) [ 522.238756][ T9] usb 7-1: USB disconnect, device number 106 [ 522.769556][ T1460] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 522.921201][ T1460] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 522.925108][ T1460] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 522.928717][ T1460] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 522.933603][ T1460] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 522.937251][ T1460] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.942502][ T1460] usb 5-1: config 0 descriptor?? [ 523.029546][ T9] usb 7-1: new high-speed USB device number 107 using dummy_hcd [ 523.201714][ T9] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 523.204540][ T9] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 523.207876][ T9] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 523.210961][ T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 523.214658][ T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 523.219522][ T9] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 523.222798][ T9] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 523.225659][ T9] usb 7-1: Product: syz [ 523.227067][ T9] usb 7-1: Manufacturer: syz [ 523.232181][ T9] cdc_wdm 7-1:1.0: skipping garbage [ 523.233881][ T9] cdc_wdm 7-1:1.0: skipping garbage [ 523.236440][ T9] cdc_wdm 7-1:1.0: cdc-wdm1: USB WDM device [ 523.238316][ T9] cdc_wdm 7-1:1.0: Unknown control protocol [ 523.351617][ T1460] usbhid 5-1:0.0: can't add hid device: -71 [ 523.353851][ T1460] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 523.357542][ T1460] usb 5-1: USB disconnect, device number 2 [ 523.473791][T16847] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3695'. [ 523.487252][ T9] usb 7-1: USB disconnect, device number 107 [ 524.130554][ T24] usb 6-1: USB disconnect, device number 15 [ 524.133799][T16832] ldusb 6-1:0.55: Couldn't submit interrupt_in_urb -19 [ 524.143122][ T24] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 524.820683][T16866] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3700'. [ 524.824684][T16866] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3700'. [ 525.228741][T16873] kvm: kvm [16872]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 525.232731][T16873] kvm: kvm [16872]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 525.769614][ T24] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 525.919644][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 525.924402][ T24] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 525.928596][ T24] usb 6-1: config 0 has no interface number 0 [ 525.931967][ T24] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 525.936501][ T24] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 525.941726][ T24] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 525.946531][ T24] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 525.952696][ T24] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 525.956767][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.963190][ T24] usb 6-1: config 0 descriptor?? [ 525.971209][ T24] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 526.004577][ T40] audit: type=1400 audit(1774452916.698:532): avc: denied { setopt } for pid=16886 comm="syz.0.3710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 526.179682][ T24] usb 6-1: USB disconnect, device number 16 [ 526.185628][ T24] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 526.978679][T16904] input: syz1 as /devices/virtual/input/input42 [ 527.689601][ T54] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 527.869550][ T54] usb 6-1: Using ep0 maxpacket: 8 [ 527.873800][ T54] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 527.877765][ T54] usb 6-1: config 0 has no interface number 0 [ 527.880973][ T54] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 527.885442][ T54] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 527.890545][ T54] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 527.895204][ T54] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 527.900782][ T54] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 527.904177][ T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.909047][ T54] usb 6-1: config 0 descriptor?? [ 527.917111][ T54] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 528.117431][ T1460] usb 6-1: USB disconnect, device number 17 [ 528.122858][ T1460] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 528.849031][ T40] audit: type=1400 audit(1774452919.538:533): avc: denied { watch } for pid=16953 comm="syz.3.3736" path="/505/file0" dev="tmpfs" ino=2699 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 528.960790][T16956] dvmrp9: entered allmulticast mode [ 529.417570][T16960] input: syz1 as /devices/virtual/input/input43 [ 529.629553][ T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 529.713301][ T6101] hid_parser_main: 445 callbacks suppressed [ 529.713318][ T6101] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 529.736641][ T6101] hid-generic 0000:0000:0000.0018: hidraw1: HID v0.00 Device [syz1] on syz0 [ 529.781425][ T24] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 529.784156][ T24] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 529.787617][ T24] usb 5-1: config 0 interface 0 has no altsetting 0 [ 529.791585][ T24] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 529.794732][ T24] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 529.797418][ T24] usb 5-1: Product: syz [ 529.798994][ T24] usb 5-1: Manufacturer: syz [ 529.800742][ T24] usb 5-1: SerialNumber: syz [ 529.809252][ T24] usb 5-1: config 0 descriptor?? [ 529.812569][ T24] hub 5-1:0.0: bad descriptor, ignoring hub [ 529.814665][ T24] hub 5-1:0.0: probe with driver hub failed with error -5 [ 529.818700][ T24] usb 5-1: selecting invalid altsetting 0 [ 529.899832][ T50] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 530.049520][ T50] usb 6-1: Using ep0 maxpacket: 8 [ 530.052377][ T50] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 530.054913][ T50] usb 6-1: config 0 has no interface number 0 [ 530.056860][ T50] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 530.060321][ T50] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 530.063937][ T50] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 530.067340][ T50] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 530.071380][ T50] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 530.074220][ T50] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.078005][ T50] usb 6-1: config 0 descriptor?? [ 530.082874][ T50] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 530.207306][ T6015] libceph: connect (1)[c::]:6789 error -101 [ 530.210271][ T6015] libceph: mon0 (1)[c::]:6789 connect error [ 530.294307][ T54] usb 6-1: USB disconnect, device number 18 [ 530.314315][ T54] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 530.479959][ T6015] libceph: connect (1)[c::]:6789 error -101 [ 530.482127][ T6015] libceph: mon0 (1)[c::]:6789 connect error [ 530.709600][T16958] usb 5-1: reset high-speed USB device number 3 using dummy_hcd [ 530.778758][T16982] ceph: No mds server is up or the cluster is laggy [ 531.063942][T16958] usb 5-1: failed to restore interface 0 altsetting 251 (error=-71) [ 531.068165][ T1460] usb 5-1: USB disconnect, device number 3 [ 531.079572][T15952] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 531.233087][T15952] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 531.236778][T15952] usb 6-1: can't read configurations, error -61 [ 531.389741][T15952] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 531.561453][T15952] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 531.565286][T15952] usb 6-1: can't read configurations, error -61 [ 531.573166][T15952] usb usb6-port1: attempt power cycle [ 531.919641][T15952] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 531.955344][T15952] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 531.958436][T15952] usb 6-1: can't read configurations, error -61 [ 532.007397][ T40] audit: type=1400 audit(1774452922.698:534): avc: denied { read } for pid=17006 comm="syz.0.3755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 532.061323][ T40] audit: type=1400 audit(1774452922.758:535): avc: denied { write } for pid=17006 comm="syz.0.3755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 532.099964][T15952] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 532.128761][T15952] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 532.133852][T15952] usb 6-1: can't read configurations, error -61 [ 532.138448][T15952] usb usb6-port1: unable to enumerate USB device [ 532.237267][ T40] audit: type=1400 audit(1774452922.928:536): avc: denied { mount } for pid=17012 comm="syz.3.3756" name="/" dev="ramfs" ino=65758 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 532.248891][T17013] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 532.254299][T17013] bond0: (slave lo): Error: Device can not be enslaved while up [ 532.711196][ T50] usb 7-1: new high-speed USB device number 108 using dummy_hcd [ 532.859572][ T50] usb 7-1: Using ep0 maxpacket: 8 [ 532.862799][ T50] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 532.865471][ T50] usb 7-1: config 0 has no interface number 0 [ 532.867510][ T50] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 532.871393][ T50] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 532.875433][ T50] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 532.879318][ T50] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 532.884216][ T50] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 532.887552][ T50] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.892103][ T50] usb 7-1: config 0 descriptor?? [ 532.900792][ T50] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 533.242599][T17025] netlink: zone id is out of range [ 533.244432][T17025] netlink: zone id is out of range [ 533.246448][T17025] netlink: zone id is out of range [ 533.249218][T17025] netlink: zone id is out of range [ 533.252722][T17025] netlink: zone id is out of range [ 533.254440][T17025] netlink: zone id is out of range [ 533.256048][T17025] netlink: zone id is out of range [ 533.257859][T17025] netlink: zone id is out of range [ 533.259737][T17025] netlink: zone id is out of range [ 533.262609][T17025] netlink: zone id is out of range [ 533.832993][T17031] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3763'. [ 534.619521][ T1460] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 534.769610][ T1460] usb 6-1: Using ep0 maxpacket: 8 [ 534.777558][ T1460] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 534.781583][ T1460] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 534.784723][ T1460] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 534.787902][ T1460] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 534.792289][ T1460] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 534.795171][ T1460] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.801209][ T1460] usb 6-1: config 0 descriptor?? [ 535.170989][ T1460] usb 7-1: USB disconnect, device number 108 [ 535.175020][ T1460] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 535.182154][T17047] wg1 speed is unknown, defaulting to 1000 [ 535.228086][ T50] usb 6-1: USB disconnect, device number 23 [ 535.719585][ T1460] usb 7-1: new high-speed USB device number 109 using dummy_hcd [ 535.871280][ T1460] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 535.874622][ T1460] usb 7-1: can't read configurations, error -61 [ 536.009766][ T1460] usb 7-1: new high-speed USB device number 110 using dummy_hcd [ 536.182223][ T1460] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 536.185229][ T1460] usb 7-1: can't read configurations, error -61 [ 536.187467][ T1460] usb usb7-port1: attempt power cycle [ 536.539657][ T1460] usb 7-1: new high-speed USB device number 111 using dummy_hcd [ 536.562023][ T1460] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 536.565156][ T1460] usb 7-1: can't read configurations, error -61 [ 536.689565][ T1460] usb 7-1: new high-speed USB device number 112 using dummy_hcd [ 536.732321][ T1460] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 536.736203][ T1460] usb 7-1: can't read configurations, error -61 [ 536.741429][ T1460] usb usb7-port1: unable to enumerate USB device [ 536.765870][T17058] delete_channel: no stack [ 536.979684][ T1460] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 537.140937][ T1460] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 537.143882][ T1460] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 537.147512][ T1460] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 537.150841][ T1460] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 537.155174][ T1460] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 537.161017][ T1460] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 537.164908][ T1460] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 537.167642][ T1460] usb 5-1: Product: syz [ 537.168964][ T1460] usb 5-1: Manufacturer: syz [ 537.174575][ T1460] cdc_wdm 5-1:1.0: skipping garbage [ 537.176300][ T1460] cdc_wdm 5-1:1.0: skipping garbage [ 537.179009][ T1460] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 537.181625][ T1460] cdc_wdm 5-1:1.0: Unknown control protocol [ 537.230233][T17083] "syz.1.3783" (17083) uses obsolete ecb(arc4) skcipher [ 537.394895][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 537.397630][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 537.402213][T15952] usb 5-1: USB disconnect, device number 4 [ 537.404131][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 537.407622][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 537.410408][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 538.448835][T17104] kvm: kvm [17103]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1000011d8 [ 538.464226][T17104] kvm: kvm [17103]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x58b9 [ 538.488627][T17104] kvm_intel: kvm [17103]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x513f [ 538.536360][T17104] kvm: kvm [17103]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x3109 [ 539.089919][T17121] syz.0.3794 (17121): drop_caches: 2 [ 539.590150][ T6101] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 539.791587][ T6101] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 539.794910][ T6101] usb 6-1: can't read configurations, error -61 [ 539.874095][ T40] audit: type=1326 audit(1774452930.568:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17141 comm="syz.0.3804" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5ece39c799 code=0x0 [ 539.919787][ T6101] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 540.071486][ T6101] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 540.074180][ T6101] usb 6-1: can't read configurations, error -61 [ 540.076837][ T6101] usb usb6-port1: attempt power cycle [ 540.419573][ T6101] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 540.440565][ T1460] usb 7-1: new high-speed USB device number 113 using dummy_hcd [ 540.442253][ T6101] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 540.445328][ T6101] usb 6-1: can't read configurations, error -61 [ 540.569684][ T6101] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 540.591491][ T6101] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 540.594591][ T6101] usb 6-1: can't read configurations, error -61 [ 540.596860][ T6101] usb usb6-port1: unable to enumerate USB device [ 540.689648][ T1460] usb 7-1: Using ep0 maxpacket: 8 [ 540.696046][ T1460] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 540.700953][ T1460] usb 7-1: config 0 has no interface number 0 [ 540.704125][ T1460] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 540.708704][ T1460] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 540.715253][ T1460] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 540.721477][ T1460] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 540.727931][ T1460] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 540.733420][ T1460] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.756610][ T1460] usb 7-1: config 0 descriptor?? [ 540.812362][ T1460] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 540.988066][ T1460] usb 7-1: USB disconnect, device number 113 [ 540.995260][ T1460] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 541.259639][ T50] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 541.421136][ T50] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 541.424736][ T50] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 541.439604][ T50] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 541.442985][ T50] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 541.446380][ T50] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 541.456971][ T50] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 541.461377][ T50] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 541.464756][ T50] usb 5-1: Product: syz [ 541.466526][ T50] usb 5-1: Manufacturer: syz [ 541.475818][ T50] cdc_wdm 5-1:1.0: skipping garbage [ 541.477946][ T50] cdc_wdm 5-1:1.0: skipping garbage [ 541.482999][ T50] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 541.485394][ T50] cdc_wdm 5-1:1.0: Unknown control protocol [ 541.683504][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 541.685646][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 541.687764][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 541.690179][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 541.692463][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 541.694614][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 541.697271][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 541.699985][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 541.702233][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 541.704452][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 541.706595][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 541.708714][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 541.710799][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 541.715444][T15952] usb 5-1: USB disconnect, device number 5 [ 542.394470][T17184] input: syz1 as /devices/virtual/input/input45 [ 542.750499][ T50] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 542.899567][ T50] usb 6-1: Using ep0 maxpacket: 8 [ 542.902451][ T50] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 542.905458][ T50] usb 6-1: config 0 has no interface number 0 [ 542.907977][ T50] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 542.913017][ T50] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 542.917936][ T50] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 542.922792][ T50] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 542.928195][ T50] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 542.932460][ T50] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.938617][ T50] usb 6-1: config 0 descriptor?? [ 542.952064][ T50] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 542.999654][ T6101] usb 7-1: new high-speed USB device number 114 using dummy_hcd [ 543.152734][ T6015] usb 6-1: USB disconnect, device number 28 [ 543.159959][ T6015] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 543.161482][ T6101] usb 7-1: config index 0 descriptor too short (expected 39, got 27) [ 543.165549][ T6101] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 543.169558][ T6101] usb 7-1: config 0 interface 0 has no altsetting 0 [ 543.177722][ T6101] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 543.181952][ T6101] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 543.188650][ T6101] usb 7-1: Product: syz [ 543.192333][ T6101] usb 7-1: Manufacturer: syz [ 543.194386][ T6101] usb 7-1: SerialNumber: syz [ 543.199518][ T6101] usb 7-1: config 0 descriptor?? [ 543.203685][ T6101] hub 7-1:0.0: bad descriptor, ignoring hub [ 543.206352][ T6101] hub 7-1:0.0: probe with driver hub failed with error -5 [ 543.213874][ T6101] usb 7-1: selecting invalid altsetting 0 [ 543.659949][T17222] overlayfs: failed to clone upperpath [ 544.109602][T17201] usb 7-1: reset high-speed USB device number 114 using dummy_hcd [ 544.159879][T17239] syz.1.3838 (17239): drop_caches: 2 [ 544.486498][T17201] usb 7-1: failed to restore interface 0 altsetting 251 (error=-71) [ 544.492543][ T6015] usb 7-1: USB disconnect, device number 114 [ 544.851561][T17255] bridge0: port 2(bridge_slave_1) entered disabled state [ 544.856355][T17255] bridge_slave_1: left allmulticast mode [ 544.858769][T17255] bridge_slave_1: left promiscuous mode [ 544.861875][T17255] bridge0: port 2(bridge_slave_1) entered disabled state [ 545.704842][T17283] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3856'. [ 547.348497][T17334] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 547.351651][T17334] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 547.612615][ T40] audit: type=1326 audit(1774452938.308:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17341 comm="syz.1.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f626c39c799 code=0x7ffc0000 [ 547.621023][ T40] audit: type=1326 audit(1774452938.308:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17341 comm="syz.1.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f626c39c799 code=0x7ffc0000 [ 547.629364][ T40] audit: type=1326 audit(1774452938.308:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17341 comm="syz.1.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f626c39c799 code=0x7ffc0000 [ 547.637373][ T40] audit: type=1326 audit(1774452938.308:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17341 comm="syz.1.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f626c39c799 code=0x7ffc0000 [ 547.644863][ T40] audit: type=1326 audit(1774452938.308:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17341 comm="syz.1.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f626c39c799 code=0x7ffc0000 [ 547.651575][ T40] audit: type=1326 audit(1774452938.308:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17341 comm="syz.1.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f626c39c799 code=0x7ffc0000 [ 547.658212][ T40] audit: type=1326 audit(1774452938.308:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17341 comm="syz.1.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f626c39c799 code=0x7ffc0000 [ 547.666362][ T40] audit: type=1326 audit(1774452938.308:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17341 comm="syz.1.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f626c39c799 code=0x7ffc0000 [ 547.673036][ T40] audit: type=1326 audit(1774452938.308:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17341 comm="syz.1.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f626c39c799 code=0x7ffc0000 [ 547.680718][ T40] audit: type=1326 audit(1774452938.308:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17341 comm="syz.1.3878" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f626c39c799 code=0x7ffc0000 [ 548.463842][T17371] tipc: Enabling of bearer rejected, already enabled [ 548.953627][T17378] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3890'. [ 549.749974][ T6015] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 549.910150][ T6015] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 549.913690][ T6015] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 549.916727][ T6015] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 549.921380][ T6015] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 549.924614][ T6015] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.931740][ T6015] usb 6-1: config 0 descriptor?? [ 550.064274][T17412] overlayfs: failed to clone upperpath [ 550.349012][ T6015] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 550.703625][ T50] usb 6-1: USB disconnect, device number 29 [ 550.869661][T17436] overlayfs: failed to clone upperpath [ 551.863075][T17455] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3920'. [ 552.459563][T15952] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 552.622111][T15952] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 552.626977][T15952] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 552.631352][T15952] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 552.636426][T15952] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 552.640217][T15952] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.646711][T15952] usb 6-1: config 0 descriptor?? [ 553.218035][T17511] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3937'. [ 553.908569][T15952] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 553.934095][T15952] usb 6-1: USB disconnect, device number 30 [ 553.971813][T17529] fido_id[17529]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb6/report_descriptor': No such file or directory [ 553.979529][T17528] overlayfs: failed to clone upperpath [ 555.018907][ T5288] Bluetooth: hci2: sending frame failed (-49) [ 555.022739][T16280] Bluetooth: hci2: Opcode 0x1003 failed: -49 [ 555.303954][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 555.304041][ T40] audit: type=1400 audit(1774452945.998:575): avc: denied { create } for pid=17568 comm="syz.3.3960" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 555.317351][ T40] audit: type=1400 audit(1774452945.998:576): avc: denied { sys_admin } for pid=17568 comm="syz.3.3960" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 556.436145][T17593] Invalid source name [ 556.446097][ T40] audit: type=1400 audit(1774452947.138:577): avc: denied { setopt } for pid=17591 comm="syz.1.3967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 557.098464][T17607] overlayfs: failed to clone upperpath [ 557.485221][T17622] input: syz1 as /devices/virtual/input/input46 [ 558.888484][ T6101] libceph: connect (1)[c::]:6789 error -101 [ 558.892679][ T6101] libceph: mon0 (1)[c::]:6789 connect error [ 559.150101][ T6101] libceph: connect (1)[c::]:6789 error -101 [ 559.152951][ T6101] libceph: mon0 (1)[c::]:6789 connect error [ 559.216556][T17674] overlayfs: failed to clone upperpath [ 559.261761][ T40] audit: type=1400 audit(1774452949.958:578): avc: denied { getopt } for pid=17675 comm="syz.0.3996" lport=48594 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 559.317347][T17657] ceph: No mds server is up or the cluster is laggy [ 559.622181][ T40] audit: type=1400 audit(1774452950.318:579): avc: denied { mount } for pid=17680 comm="syz.0.3998" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1 [ 560.353753][T17712] wg1 speed is unknown, defaulting to 1000 [ 561.374396][T17728] overlayfs: failed to clone upperpath [ 561.682346][T17740] netlink: 'syz.3.4016': attribute type 1 has an invalid length. [ 561.684985][T17740] net_ratelimit: 10 callbacks suppressed [ 561.684997][T17740] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 563.363812][T17775] netlink: 'syz.2.4033': attribute type 1 has an invalid length. [ 563.627836][T17793] vcan0: entered allmulticast mode [ 563.629981][T17793] vcan0: left allmulticast mode [ 563.749596][ T9] usb 6-1: new full-speed USB device number 31 using dummy_hcd [ 563.931040][ T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 563.934489][ T9] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 563.938919][ T9] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 563.942149][ T9] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 563.944945][ T9] usb 6-1: Product: syz [ 563.946435][ T9] usb 6-1: Manufacturer: syz [ 563.948040][ T9] usb 6-1: SerialNumber: syz [ 563.952600][ T9] usb 6-1: config 0 descriptor?? [ 564.157761][ T50] usb 6-1: USB disconnect, device number 31 [ 564.198494][T17805] netlink: 52 bytes leftover after parsing attributes in process `syz.3.4039'. [ 564.774712][T17815] overlayfs: failed to clone upperpath [ 565.696148][T17845] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4052'. [ 565.709610][ T6015] usb 6-1: new full-speed USB device number 32 using dummy_hcd [ 565.881881][ T6015] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 565.885953][ T6015] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 565.891585][ T6015] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 565.895440][ T6015] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 565.898633][ T6015] usb 6-1: Product: syz [ 565.900166][ T6015] usb 6-1: Manufacturer: syz [ 565.901739][ T6015] usb 6-1: SerialNumber: syz [ 565.904448][ T6015] usb 6-1: config 0 descriptor?? [ 566.012214][ T5288] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 566.015535][ T5288] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 566.018969][ T5288] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 566.024656][ T5288] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 566.029661][ T5288] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 566.036908][T16280] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 566.040738][T16280] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 566.043503][T16280] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 566.046615][T16280] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 566.049391][T16280] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 566.102388][T17850] wg1 speed is unknown, defaulting to 1000 [ 566.108616][ T1460] usb 6-1: USB disconnect, device number 32 [ 566.203250][T17850] chnl_net:caif_netlink_parms(): no params data found [ 566.301384][T17850] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.304103][T17850] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.306641][T17850] bridge_slave_0: entered allmulticast mode [ 566.309543][T17850] bridge_slave_0: entered promiscuous mode [ 566.314763][T17850] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.318161][T17850] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.324298][T17850] bridge_slave_1: entered allmulticast mode [ 566.328457][T17850] bridge_slave_1: entered promiscuous mode [ 566.386980][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 566.457649][T17850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 566.463057][T17850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 566.480309][T17850] team0: Port device team_slave_0 added [ 566.483553][T17850] team0: Port device team_slave_1 added [ 566.498682][T17850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 566.501278][T17850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 566.510041][T17850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 566.530132][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 566.554624][T17850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 566.557530][T17850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 566.566945][T17850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 566.610744][T17850] hsr_slave_0: entered promiscuous mode [ 566.614161][T17850] hsr_slave_1: entered promiscuous mode [ 566.617318][T17850] debugfs: 'hsr0' already exists in 'hsr' [ 566.620095][T17850] Cannot create hsr debugfs directory [ 566.665976][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 566.767679][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.033830][ T12] bridge_slave_1: left allmulticast mode [ 567.036954][ T12] bridge_slave_1: left promiscuous mode [ 567.039646][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 567.047558][ T12] bridge_slave_0: left allmulticast mode [ 567.053309][ T12] bridge_slave_0: left promiscuous mode [ 567.056148][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 567.091211][ T50] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 567.165977][ T12] dvmrp9 (unregistering): left allmulticast mode [ 567.219705][ T50] usb 6-1: device descriptor read/64, error -71 [ 567.230702][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 567.235372][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 567.240219][ T12] bond0 (unregistering): Released all slaves [ 567.297130][T17883] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4061'. [ 567.327017][ T12] tipc: Disabling bearer [ 567.336248][ T12] tipc: Left network mode [ 567.509511][ T50] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 567.639582][ T50] usb 6-1: device descriptor read/64, error -71 [ 567.778148][ T50] usb usb6-port1: attempt power cycle [ 567.901457][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.966593][T17850] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 567.971178][T17850] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 567.976959][T17850] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 567.981260][T17850] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 568.025556][T17850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 568.037530][ T12] hsr_slave_0: left promiscuous mode [ 568.040695][ T12] hsr_slave_1: left promiscuous mode [ 568.042802][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 568.045191][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 568.048383][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 568.051459][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 568.061672][ T12] veth1_macvtap: left promiscuous mode [ 568.063720][ T12] veth0_macvtap: left promiscuous mode [ 568.065734][ T12] veth1_vlan: left promiscuous mode [ 568.067792][ T12] veth0_vlan: left promiscuous mode [ 568.129737][ T5288] Bluetooth: hci2: command tx timeout [ 568.149635][ T50] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 568.170321][ T50] usb 6-1: device descriptor read/8, error -71 [ 568.239117][ T12] team0 (unregistering): Port device team_slave_1 removed [ 568.246112][ T12] team0 (unregistering): Port device team_slave_0 removed [ 568.315676][T17850] 8021q: adding VLAN 0 to HW filter on device team0 [ 568.323842][ T397] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.326239][ T397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 568.341722][ T90] bridge0: port 2(bridge_slave_1) entered blocking state [ 568.344259][ T90] bridge0: port 2(bridge_slave_1) entered forwarding state [ 568.409553][ T50] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 568.450859][ T50] usb 6-1: device descriptor read/8, error -71 [ 568.569748][ T50] usb usb6-port1: unable to enumerate USB device [ 568.592695][T17850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 568.616662][T17850] veth0_vlan: entered promiscuous mode [ 568.622378][T17850] veth1_vlan: entered promiscuous mode [ 568.639448][T17850] veth0_macvtap: entered promiscuous mode [ 568.652769][T17850] veth1_macvtap: entered promiscuous mode [ 568.667282][T17850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 568.676329][T17850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 568.683821][ T1194] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.687500][ T1194] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.697730][ T1194] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.709681][ T1194] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.716597][T17938] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4070'. [ 568.770804][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 568.774253][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 568.802508][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 568.805063][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 568.818724][ T40] audit: type=1400 audit(1774452959.508:580): avc: denied { mounton } for pid=17850 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 568.914031][ T40] audit: type=1400 audit(1774452959.608:581): avc: denied { ioctl } for pid=17945 comm="syz.3.4073" path="socket:[69919]" dev="sockfs" ino=69919 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 569.131258][ T40] audit: type=1400 audit(1774452959.828:582): avc: denied { read } for pid=17947 comm="syz.3.4074" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 569.452692][T17966] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4078'. [ 569.521146][T17970] overlayfs: failed to clone upperpath [ 569.693186][T17978] overlayfs: failed to clone upperpath [ 569.697143][ T40] audit: type=1400 audit(1774452960.388:583): avc: denied { unmount } for pid=17977 comm="syz.0.4083" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 569.941027][ T40] audit: type=1400 audit(1774452960.638:584): avc: denied { audit_write } for pid=17986 comm="syz.1.4087" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 570.032115][T17990] tipc: Enabling of bearer rejected, already enabled [ 570.209679][ T5288] Bluetooth: hci2: command tx timeout [ 572.945461][T18077] Invalid ELF header magic: != ELF [ 572.969735][ T40] audit: type=1400 audit(1774452963.628:585): avc: denied { module_load } for pid=18076 comm="syz.0.4116" path=2F6D656D66643A20C736BE918D183229219A25A2D238D606070EFCFE128F2613AE254054A3B03E5CECA9F951403641108C6E7C202864656C6574656429 dev="hugetlbfs" ino=69983 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=system permissive=1 [ 573.282509][T18098] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4123'. [ 573.948700][T18113] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4128'. [ 574.139729][ T5288] Bluetooth: hci2: command tx timeout [ 574.238313][T18131] overlayfs: failed to clone upperpath [ 574.285661][T18135] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4137'. [ 575.379564][ T9] usb 6-1: new full-speed USB device number 37 using dummy_hcd [ 575.552732][ T9] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 575.559058][ T9] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 575.563025][ T9] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 575.565557][ T9] usb 6-1: Product: syz [ 575.566965][ T9] usb 6-1: Manufacturer: syz [ 575.573580][ T9] usb 6-1: SerialNumber: syz [ 575.578892][ T9] usb 6-1: config 0 descriptor?? [ 575.803410][ T50] usb 6-1: USB disconnect, device number 37 [ 576.795140][T18203] overlayfs: failed to clone upperpath [ 577.444743][T18223] tipc: Enabling of bearer rejected, already enabled [ 577.515573][T18197] syz.1.4158 (18197) used greatest stack depth: 18680 bytes left [ 578.401706][T18258] overlayfs: failed to clone lowerpath [ 578.593997][T18262] overlayfs: failed to clone upperpath [ 579.156536][T18289] overlayfs: failed to clone upperpath [ 580.525636][T18345] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4207'. [ 580.568693][ T40] audit: type=1400 audit(1774452971.258:586): avc: denied { mount } for pid=18348 comm="syz.2.4208" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 580.845635][T18356] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4210'. [ 583.155907][T18442] Device name cannot be null; rc = [-22] [ 584.011902][T18461] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4242'. [ 584.042919][T18461] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18461 comm=syz.1.4242 [ 584.048266][T18461] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4242'. [ 584.124144][T18472] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4246'. [ 585.075977][T18522] wg1 speed is unknown, defaulting to 1000 [ 585.858619][T18543] tipc: Enabling of bearer rejected, failed to enable media [ 585.890341][T18547] overlayfs: failed to clone upperpath [ 585.995328][T18560] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4279'. [ 586.961356][T18585] wg1 speed is unknown, defaulting to 1000 [ 587.962369][T18628] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.064886][T18628] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.347843][T18651] wg1 speed is unknown, defaulting to 1000 [ 588.751102][T18628] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.916335][T18628] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.026095][ T90] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.034648][ T1146] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.044119][ T1146] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.052494][ T90] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.140488][T18660] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4317'. [ 589.222028][T18662] batman_adv: batadv0: Adding interface: ipvlan2 [ 589.224373][T18662] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 589.249650][T18662] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.256204][T18662] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.262863][T18662] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 589.417682][T18681] wg1 speed is unknown, defaulting to 1000 [ 589.428571][T18683] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4328'. [ 589.453068][T18683] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.457059][T18683] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.196659][T18742] warning: `syz.0.4351' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 590.856929][T18752] netlink: 52 bytes leftover after parsing attributes in process `syz.1.4353'. [ 591.088750][ T40] audit: type=1326 audit(1774452981.778:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18772 comm="syz.0.4360" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ece39c799 code=0x7ffc0000 [ 591.097962][ T40] audit: type=1326 audit(1774452981.778:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18772 comm="syz.0.4360" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ece39c799 code=0x7ffc0000 [ 591.106062][ T40] audit: type=1326 audit(1774452981.788:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18772 comm="syz.0.4360" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ece39c799 code=0x7ffc0000 [ 591.115185][ T40] audit: type=1326 audit(1774452981.788:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18772 comm="syz.0.4360" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ece39c799 code=0x7ffc0000 [ 591.124820][ T40] audit: type=1326 audit(1774452981.788:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18772 comm="syz.0.4360" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5ece39c799 code=0x7ffc0000 [ 591.134908][ T40] audit: type=1326 audit(1774452981.788:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18772 comm="syz.0.4360" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ece39c799 code=0x7ffc0000 [ 591.145050][ T40] audit: type=1326 audit(1774452981.788:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18772 comm="syz.0.4360" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ece39c799 code=0x7ffc0000 [ 591.154664][ T40] audit: type=1326 audit(1774452981.798:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18772 comm="syz.0.4360" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ece39c799 code=0x7ffc0000 [ 591.174187][ T40] audit: type=1326 audit(1774452981.798:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18772 comm="syz.0.4360" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ece39c799 code=0x7ffc0000 [ 591.184240][ T40] audit: type=1326 audit(1774452981.798:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18772 comm="syz.0.4360" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5ece39c42b code=0x7ffc0000 [ 591.209145][T18781] tipc: Enabling of bearer rejected, already enabled [ 591.854642][T18802] netlink: 116 bytes leftover after parsing attributes in process `syz.1.4369'. [ 592.611482][T18833] overlayfs: failed to resolve './file1': -2 [ 592.775275][T18851] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4386'. [ 592.786690][T18851] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4386'. [ 592.790646][T18851] netlink: 'syz.1.4386': attribute type 7 has an invalid length. [ 592.793462][T18851] netlink: 'syz.1.4386': attribute type 13 has an invalid length. [ 592.884826][T18859] wg1 speed is unknown, defaulting to 1000 [ 592.941131][T18863] overlayfs: failed to resolve './file1': -2 [ 593.062795][T18877] fuse: Bad value for 'fd' [ 595.389899][T18982] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4437'. [ 596.082921][T18995] overlayfs: failed to clone upperpath [ 596.251398][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0c [ 596.254503][ T5288] Bluetooth: Wrong link type (-22) [ 596.257525][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 596.261708][ T5288] Bluetooth: Wrong link type (-22) [ 596.263963][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 596.264224][T19004] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4445'. [ 596.266704][ T5288] Bluetooth: Wrong link type (-22) [ 596.434935][T19030] overlayfs: failed to clone upperpath [ 596.529229][T19043] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4455'. [ 596.577659][T19048] tipc: Enabling of bearer rejected, failed to enable media [ 596.650001][T19054] Option ''MO' to dns_resolver key: bad/missing value [ 596.652293][T19055] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4460'. [ 596.751421][T19059] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4461'. [ 596.868395][T19065] overlayfs: failed to clone upperpath [ 598.217275][T19121] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4479'. [ 598.283236][T19124] wg1 speed is unknown, defaulting to 1000 [ 598.347485][T19129] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4481'. [ 598.438414][T19134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4483'. [ 599.040894][T19148] tipc: Enabling of bearer rejected, failed to enable media [ 599.237279][T19163] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4493'. [ 599.366928][T19170] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4497'. [ 599.433105][T19174] Option ''MO' to dns_resolver key: bad/missing value [ 599.874868][T19180] wg1 speed is unknown, defaulting to 1000 [ 601.033956][T19233] Option ''MO' to dns_resolver key: bad/missing value [ 602.724560][T19284] Option ''MO' to dns_resolver key: bad/missing value [ 602.922082][T19286] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping [ 604.088609][T19306] wg1 speed is unknown, defaulting to 1000 [ 604.113157][T19309] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4547'. [ 604.707600][T19342] tipc: Enabling of bearer rejected, already enabled [ 604.995527][T19344] wg1 speed is unknown, defaulting to 1000 [ 605.080381][T19349] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4561'. [ 605.376388][T19365] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4567'. [ 605.400985][T19369] overlayfs: failed to resolve './file0': -2 [ 605.664957][T19391] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4575'. [ 605.814872][T19398] overlayfs: failed to resolve './file0': -2 [ 606.212534][T19430] syz_tun: entered allmulticast mode [ 606.215378][T19429] overlayfs: failed to resolve './file0': -2 [ 606.222258][T19430] dvmrp6: entered allmulticast mode [ 606.241964][T19433] syz_tun: left allmulticast mode [ 606.452324][T19447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4593'. [ 606.788098][T19462] overlayfs: failed to resolve './file0': -2 [ 607.466280][T19486] netlink: 'syz.0.4606': attribute type 5 has an invalid length. [ 607.472429][T19486] openvswitch: netlink: Missing key (keys=40, expected=100) [ 607.515813][T19488] wg1 speed is unknown, defaulting to 1000 [ 607.644363][T19501] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4611'. [ 607.797023][T19510] overlayfs: failed to resolve './file0': -2 [ 608.624443][T19541] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4622'. [ 608.834233][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0c [ 608.836631][ T5288] Bluetooth: Wrong link type (-22) [ 608.839007][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 608.842338][ T5288] Bluetooth: Wrong link type (-22) [ 608.844790][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 608.847900][ T5288] Bluetooth: Wrong link type (-22) [ 608.878556][T19559] overlayfs: failed to resolve './file1': -2 [ 609.183324][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0c [ 609.186114][ T5288] Bluetooth: Wrong link type (-22) [ 609.188345][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 609.192209][ T5288] Bluetooth: Wrong link type (-22) [ 609.194670][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 609.197558][ T5288] Bluetooth: Wrong link type (-22) [ 609.208854][T19591] tipc: Enabling of bearer rejected, already enabled [ 609.446841][ T40] kauditd_printk_skb: 45 callbacks suppressed [ 609.446853][ T40] audit: type=1400 audit(1774453000.138:642): avc: denied { ioctl } for pid=19612 comm="syz.1.4650" path="socket:[72429]" dev="sockfs" ino=72429 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 609.776466][T19640] bond1: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 609.787425][T19640] bond1 (unregistering): Released all slaves [ 609.819506][ T40] audit: type=1400 audit(1774453000.508:643): avc: denied { setopt } for pid=19639 comm="syz.1.4659" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 609.958860][T19661] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4668'. [ 609.976770][T19664] tipc: Enabling of bearer rejected, already enabled [ 610.578933][T19678] netlink: 'syz.2.4674': attribute type 1 has an invalid length. [ 610.966890][T19711] overlayfs: failed to clone upperpath [ 611.245304][T19731] wg1 speed is unknown, defaulting to 1000 [ 611.262885][T19733] trusted_key: syz.2.4691 sent an empty control message without MSG_MORE. [ 611.823311][T19741] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4693'. [ 612.249536][T19768] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4703'. [ 612.273704][T19769] Option ''MO' to dns_resolver key: bad/missing value [ 612.534988][T19796] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4710'. [ 612.592541][T19803] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4712'. [ 612.627749][T19805] tipc: Started in network mode [ 612.630111][T19805] tipc: Node identity 080211000001, cluster identity 4711 [ 612.632406][T19807] delete_channel: no stack [ 612.632842][T19805] tipc: Enabled bearer , priority 10 [ 612.635519][T19807] netlink: 'syz.2.4714': attribute type 2 has an invalid length. [ 612.642334][T19807] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4714'. [ 612.807039][T19822] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4720'. [ 612.852556][T19825] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4722'. [ 613.196359][T19846] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2368 sclass=netlink_route_socket pid=19846 comm=syz.0.4732 [ 613.198230][T19844] wg1 speed is unknown, defaulting to 1000 [ 613.236594][T19848] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4733'. [ 613.361784][T19858] Option ''MO' to dns_resolver key: bad/missing value [ 613.377781][T19860] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4737'. [ 613.481284][T19866] tipc: Enabling of bearer rejected, already enabled [ 613.534281][ T40] audit: type=1400 audit(1774453004.228:644): avc: denied { getopt } for pid=19867 comm="syz.1.4741" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 613.550537][T19870] wg1 speed is unknown, defaulting to 1000 [ 613.649547][ T831] tipc: Node number set to 134418688 [ 614.058524][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0c [ 614.061685][ T5288] Bluetooth: Wrong link type (-22) [ 614.064319][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 614.067448][ T5288] Bluetooth: Wrong link type (-22) [ 614.070142][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 614.073219][ T5288] Bluetooth: Wrong link type (-22) [ 614.075743][ T5288] Bluetooth: hci2: link tx timeout [ 614.079681][ T5288] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 614.161583][T19911] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2368 sclass=netlink_route_socket pid=19911 comm=syz.0.4755 [ 614.732828][T19928] tipc: Enabling of bearer rejected, already enabled [ 614.779732][T16280] Bluetooth: Unknown BR/EDR signaling command 0x0c [ 614.782539][T16280] Bluetooth: Wrong link type (-22) [ 614.784762][T16280] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 614.787492][T16280] Bluetooth: Wrong link type (-22) [ 614.792407][T16280] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 614.795317][T16280] Bluetooth: Wrong link type (-22) [ 614.797597][T16280] Bluetooth: hci2: link tx timeout [ 614.803547][T16280] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 614.852538][T19941] openvswitch: netlink: Missing key (keys=40, expected=100) [ 615.579565][T19983] Invalid ELF header magic: != ELF [ 615.579625][ T40] audit: type=1400 audit(1774453006.268:645): avc: denied { module_load } for pid=19979 comm="syz.3.4775" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 615.652439][T19989] __nla_validate_parse: 4 callbacks suppressed [ 615.652452][T19989] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4777'. [ 615.727955][T19993] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4779'. [ 615.871152][T20009] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4786'. [ 615.905735][T20012] fuse: Bad value for 'fd' [ 615.925026][T20015] overlayfs: missing 'lowerdir' [ 616.032325][T20028] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4792'. [ 616.129767][T16280] Bluetooth: hci2: command 0x0406 tx timeout [ 616.143108][T20036] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4795'. [ 616.555531][T20056] overlayfs: missing 'workdir' [ 616.873262][T20094] Option ''MO' to dns_resolver key: bad/missing value [ 616.961402][ T40] audit: type=1400 audit(1774453007.658:646): avc: denied { mount } for pid=20098 comm="syz.3.4810" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 616.961828][T20100] tipc: Can't bind to reserved service type 0 [ 617.092221][T20116] netlink: 'syz.3.4814': attribute type 13 has an invalid length. [ 617.364864][T20128] netlink: 'syz.3.4817': attribute type 13 has an invalid length. [ 617.605731][T20140] tipc: Enabling of bearer rejected, already enabled [ 617.921771][T20154] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4822'. [ 618.152050][T20163] overlayfs: missing 'lowerdir' [ 618.188495][T20169] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4827'. [ 618.333591][T20177] cifs: Unknown parameter 'rdmanderfs/binder0' [ 618.342842][T20179] netlink: 'syz.0.4832': attribute type 1 has an invalid length. [ 618.374690][T20179] 8021q: adding VLAN 0 to HW filter on device bond1 [ 618.413321][T20179] vlan2: entered allmulticast mode [ 618.415386][T20179] bond1: entered allmulticast mode [ 618.455676][T20188] netlink: 'syz.2.4836': attribute type 1 has an invalid length. [ 618.471077][T20188] bond2: entered promiscuous mode [ 618.475863][T20193] netlink: 'syz.0.4837': attribute type 1 has an invalid length. [ 618.479652][T20188] 8021q: adding VLAN 0 to HW filter on device bond2 [ 618.485686][T20188] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4836'. [ 618.488680][T20188] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4836'. [ 618.493618][T20188] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4836'. [ 618.505685][T20188] bond2: (slave bridge2): making interface the new active one [ 618.508472][T20188] bridge2: entered promiscuous mode [ 618.511655][T20188] bond2: (slave bridge2): Enslaving as an active interface with an up link [ 618.531430][T20196] netlink: 'syz.3.4839': attribute type 1 has an invalid length. [ 618.540529][T20193] 8021q: adding VLAN 0 to HW filter on device bond2 [ 618.570127][T20196] 8021q: adding VLAN 0 to HW filter on device bond1 [ 618.576604][T20197] vlan3: entered allmulticast mode [ 618.578531][T20197] bond2: entered allmulticast mode [ 618.586674][T20196] vlan2: entered allmulticast mode [ 618.588758][T20196] bond1: entered allmulticast mode [ 618.593342][T20196] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 618.598902][T20196] netlink: 'syz.3.4839': attribute type 28 has an invalid length. [ 618.631755][T20193] bond2: (slave geneve2): making interface the new active one [ 618.639475][T20193] geneve2: entered allmulticast mode [ 618.642714][T20193] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 619.544753][T20293] wg1 speed is unknown, defaulting to 1000 [ 619.553906][T20287] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 620.009188][T20333] tmpfs: Unknown parameter 'n wȵC\`剶;2ḖGr_iU' [ 620.123921][T20343] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan1, syncid = 4, id = 0 [ 620.127264][T20342] IPVS: stopping backup sync thread 20343 ... [ 620.342576][T20364] tipc: Enabling of bearer rejected, failed to enable media [ 620.448528][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0c [ 620.450797][ T5288] Bluetooth: Wrong link type (-22) [ 620.452485][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 620.455037][ T5288] Bluetooth: Wrong link type (-22) [ 620.458656][T20381] tipc: Enabling of bearer rejected, failed to enable media [ 620.601190][T20396] tipc: Enabling of bearer rejected, already enabled qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x8f000) [ 620.750549][T20405] __nla_validate_parse: 3 callbacks suppressed [ 620.750562][T20405] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4898'. [ 620.833706][ T40] audit: type=1400 audit(1774453011.528:647): avc: denied { setopt } for pid=20410 comm="syz.2.4901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 621.372454][T20443] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 621.375408][T20443] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 621.573177][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 621.575145][ T5288] Bluetooth: Wrong link type (-22) [ 621.657675][T20455] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4915'. [ 622.076157][T20474] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4921'. qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x1b9000) [ 622.530474][T20494] netlink: 136 bytes leftover after parsing attributes in process `syz.3.4930'. [ 622.578296][ T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.625583][T20500] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4933'. [ 622.659159][ T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.738382][ T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.823368][ T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.915292][ T46] bridge_slave_1: left allmulticast mode [ 622.917389][ T46] bridge_slave_1: left promiscuous mode [ 622.919956][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.933383][ T46] bridge_slave_0: left allmulticast mode [ 622.936124][ T46] bridge_slave_0: left promiscuous mode [ 622.938265][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 623.023766][ T46] dvmrp6 (unregistering): left allmulticast mode [ 623.032598][ T46] bond2 (unregistering): (slave geneve2): Releasing active interface [ 623.035191][ T46] geneve2 (unregistering): left allmulticast mode [ 623.099274][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 623.104219][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 623.108058][ T46] bond0 (unregistering): Released all slaves [ 623.118351][ T46] bond1 (unregistering): Released all slaves [ 623.135858][ T46] bond2 (unregistering): Released all slaves [ 623.205899][ T46] tipc: Disabling bearer [ 623.208065][ T46] tipc: Left network mode [ 623.223775][ T1116] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 623.226649][ T1116] ata1: failed to read log page 10h (errno=-5) [ 623.229281][ T1116] ata1.00: exception Emask 0x1 SAct 0x40000800 SErr 0x0 action 0x0 [ 623.239798][ T1116] ata1.00: irq_stat 0x41000008 [ 623.242038][ T1116] ata1.00: failed command: READ FPDMA QUEUED [ 623.244638][ T1116] ata1.00: cmd 60/c8:58:fe:16:08/0d:00:00:00:00/40 tag 11 ncq dma 1806336 in [ 623.244638][ T1116] res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 623.253168][ T1116] ata1.00: status: { DRDY } [ 623.255168][ T1116] ata1.00: error: { ABRT } [ 623.257485][ T1116] ata1.00: failed command: WRITE FPDMA QUEUED [ 623.260363][ T1116] ata1.00: cmd 61/78:f0:be:2c:0a/04:00:00:00:00/40 tag 30 ncq dma 585728 out [ 623.260363][ T1116] res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 623.261209][ T46] IPVS: stopping master sync thread 14236 ... [ 623.267570][ T1116] ata1.00: status: { DRDY } [ 623.274597][ T1116] ata1.00: error: { ABRT } [ 623.277326][ T1116] ata1.00: configured for UDMA/100 [ 623.280815][ T1116] sd 0:0:0:0: [sda] tag#11 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=1s [ 623.284924][ T1116] sd 0:0:0:0: [sda] tag#11 Sense Key : Aborted Command [current] [ 623.288215][ T1116] sd 0:0:0:0: [sda] tag#11 Add. Sense: No additional sense information [ 623.292755][ T1116] sd 0:0:0:0: [sda] tag#11 CDB: Read(10) 28 00 00 08 16 fe 00 0d c8 00 [ 623.296454][ T1116] I/O error, dev sda, sector 530174 op 0x0:(READ) flags 0x80700 phys_seg 88 prio class 2 [ 623.301136][ T1116] ata1: EH complete [ 623.323386][T20513] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4935'. [ 623.532835][T20528] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4940'. [ 623.612856][T16280] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 623.617069][T16280] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 623.622016][T16280] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 623.625777][T16280] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 623.630952][T16280] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 623.661016][ T46] hsr_slave_0: left promiscuous mode [ 623.663715][ T46] hsr_slave_1: left promiscuous mode [ 623.666052][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 623.668784][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 623.671764][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 623.674223][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 623.676988][ T46] batman_adv: batadv0: Interface deactivated: macvtap1 [ 623.679256][ T46] batman_adv: batadv0: Removing interface: macvtap1 [ 623.687015][ T46] batadv_slave_0: left promiscuous mode [ 623.688943][ T46] veth1_macvtap: left promiscuous mode [ 623.692785][ T46] veth0_macvtap: left promiscuous mode [ 623.694711][ T46] veth1_vlan: left promiscuous mode [ 623.696435][ T46] veth0_vlan: left promiscuous mode [ 623.869218][ T46] team0 (unregistering): Port device team_slave_1 removed [ 623.887960][ T46] team0 (unregistering): Port device team_slave_0 removed [ 623.968880][T20534] wg1 speed is unknown, defaulting to 1000 [ 624.051610][T20534] chnl_net:caif_netlink_parms(): no params data found [ 624.134928][T20534] bridge0: port 1(bridge_slave_0) entered blocking state [ 624.137527][T20534] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.142686][T20534] bridge_slave_0: entered allmulticast mode [ 624.146760][T20534] bridge_slave_0: entered promiscuous mode [ 624.151992][T20534] bridge0: port 2(bridge_slave_1) entered blocking state [ 624.155165][T20534] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.157537][T20534] bridge_slave_1: entered allmulticast mode [ 624.160374][T20534] bridge_slave_1: entered promiscuous mode [ 624.187852][T20534] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 624.194792][T20534] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 624.216436][T20534] team0: Port device team_slave_0 added [ 624.221956][T20534] team0: Port device team_slave_1 added [ 624.235760][T20534] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 624.238029][T20534] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 624.247788][T20534] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 624.252860][T20534] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 624.255678][T20534] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 624.265029][T20534] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 624.287818][T20534] hsr_slave_0: entered promiscuous mode [ 624.291109][T20534] hsr_slave_1: entered promiscuous mode [ 624.293877][T20534] debugfs: 'hsr0' already exists in 'hsr' [ 624.296392][T20534] Cannot create hsr debugfs directory [ 624.337758][T20556] tipc: Enabling of bearer rejected, already enabled [ 624.843117][T20534] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 624.848837][T20534] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 624.869646][T20534] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 624.888948][T20534] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 624.910269][T20585] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4944'. [ 624.957681][T20534] 8021q: adding VLAN 0 to HW filter on device bond0 [ 624.965877][T20534] 8021q: adding VLAN 0 to HW filter on device team0 [ 624.975909][ T90] bridge0: port 1(bridge_slave_0) entered blocking state [ 624.978869][ T90] bridge0: port 1(bridge_slave_0) entered forwarding state [ 624.990540][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 624.993665][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 625.123698][T20534] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 625.137962][T20618] tipc: Enabling of bearer rejected, already enabled [ 625.167957][ T40] audit: type=1400 audit(1774453015.858:648): avc: denied { cmd } for pid=20619 comm="syz.1.4954" path="socket:[76305]" dev="sockfs" ino=76305 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 625.170679][T20534] veth0_vlan: entered promiscuous mode [ 625.185338][T20534] veth1_vlan: entered promiscuous mode [ 625.209302][T20534] veth0_macvtap: entered promiscuous mode [ 625.214381][T20534] veth1_macvtap: entered promiscuous mode [ 625.226103][T20534] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 625.232485][T20534] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 625.244136][ T90] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.247412][ T90] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.252553][ T90] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.256239][ T90] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.312588][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 625.315095][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 625.341690][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 625.345065][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 625.386128][T20632] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4956'. [ 625.427855][T20634] syzkaller0: entered promiscuous mode [ 625.431278][T20634] syzkaller0: entered allmulticast mode [ 625.649644][T16280] Bluetooth: hci0: command tx timeout [ 626.064438][T20665] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=40 sclass=netlink_tcpdiag_socket pid=20665 comm=syz.1.4965 [ 626.301322][T20677] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4970'. [ 626.305366][T20677] openvswitch: netlink: Flow key attr not present in new flow. [ 626.314380][T20677] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4970'. [ 626.749600][T20682] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4972'. [ 626.754426][T20681] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4971'. [ 626.833296][T20692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4977'. [ 627.134328][T20709] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4982'. [ 627.162579][T20711] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4983'. [ 627.245589][T16280] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 627.247624][T16280] Bluetooth: Wrong link type (-22) [ 627.419250][T20724] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4990'. [ 627.536475][T20736] FAULT_INJECTION: forcing a failure. [ 627.536475][T20736] name failslab, interval 1, probability 0, space 0, times 1 [ 627.541336][T20736] CPU: 0 UID: 0 PID: 20736 Comm: syz.0.4995 Tainted: G L syzkaller #0 PREEMPT(full) [ 627.541357][T20736] Tainted: [L]=SOFTLOCKUP [ 627.541362][T20736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 627.541369][T20736] Call Trace: [ 627.541374][T20736] [ 627.541380][T20736] dump_stack_lvl+0x100/0x190 [ 627.541418][T20736] should_fail_ex.cold+0x5/0xa [ 627.541441][T20736] ? tomoyo_realpath_from_path+0xb6/0x690 [ 627.541478][T20736] should_failslab+0xc2/0x120 [ 627.541500][T20736] __kmalloc_noprof+0xe0/0x850 [ 627.541535][T20736] tomoyo_realpath_from_path+0xb6/0x690 [ 627.541566][T20736] tomoyo_path_number_perm+0x23c/0x580 [ 627.541587][T20736] ? tomoyo_path_number_perm+0x22e/0x580 [ 627.541610][T20736] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 627.541657][T20736] ? find_held_lock+0x2b/0x80 [ 627.541680][T20736] ? __fget_files+0x215/0x3d0 [ 627.541693][T20736] ? hook_file_ioctl_common+0x146/0x410 [ 627.541709][T20736] ? __fget_files+0x21f/0x3d0 [ 627.541725][T20736] security_file_ioctl+0xd3/0x230 [ 627.541744][T20736] __x64_sys_ioctl+0xb7/0x210 [ 627.541764][T20736] do_syscall_64+0x106/0xf80 [ 627.541789][T20736] ? clear_bhb_loop+0x40/0x90 [ 627.541804][T20736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 627.541818][T20736] RIP: 0033:0x7efd1339c799 [ 627.541830][T20736] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 627.541842][T20736] RSP: 002b:00007efd142b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 627.541854][T20736] RAX: ffffffffffffffda RBX: 00007efd13615fa0 RCX: 00007efd1339c799 [ 627.541862][T20736] RDX: 0000000000000000 RSI: 0000000080b06401 RDI: 0000000000000003 [ 627.541870][T20736] RBP: 00007efd142b1090 R08: 0000000000000000 R09: 0000000000000000 [ 627.541877][T20736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 627.541884][T20736] R13: 00007efd13616038 R14: 00007efd13615fa0 R15: 00007ffc78090578 [ 627.541900][T20736] [ 627.541906][T20736] ERROR: Out of memory at tomoyo_realpath_from_path. [ 627.669148][T16280] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 627.672966][T16280] Bluetooth: Wrong link type (-22) [ 627.707948][T20741] input: syz0 as /devices/virtual/input/input47 [ 627.733457][T16280] Bluetooth: hci0: command tx timeout [ 627.769227][T20743] input: syz0 as /devices/virtual/input/input48 [ 627.774343][T20743] FAULT_INJECTION: forcing a failure. [ 627.774343][T20743] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 627.781136][T20743] CPU: 0 UID: 0 PID: 20743 Comm: syz.0.4998 Tainted: G L syzkaller #0 PREEMPT(full) [ 627.781155][T20743] Tainted: [L]=SOFTLOCKUP [ 627.781159][T20743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 627.781166][T20743] Call Trace: [ 627.781170][T20743] [ 627.781175][T20743] dump_stack_lvl+0x100/0x190 [ 627.781199][T20743] should_fail_ex.cold+0x5/0xa [ 627.781215][T20743] _copy_from_user+0x2e/0xd0 [ 627.781227][T20743] input_event_from_user+0x123/0x310 [ 627.781246][T20743] ? __pfx_input_event_from_user+0x10/0x10 [ 627.781267][T20743] uinput_write+0xac8/0x10e0 [ 627.781281][T20743] ? avc_policy_seqno+0x9/0x20 [ 627.781293][T20743] ? __pfx_uinput_write+0x10/0x10 [ 627.781306][T20743] ? bpf_lsm_file_permission+0x9/0x10 [ 627.781324][T20743] ? security_file_permission+0x76/0x210 [ 627.781341][T20743] ? rw_verify_area+0xce/0x6d0 [ 627.781359][T20743] vfs_write+0x2aa/0x1070 [ 627.781369][T20743] ? __pfx_uinput_write+0x10/0x10 [ 627.781382][T20743] ? __pfx_vfs_write+0x10/0x10 [ 627.781391][T20743] ? find_held_lock+0x2b/0x80 [ 627.781406][T20743] ? __fget_files+0x215/0x3d0 [ 627.781418][T20743] ? __fget_files+0x215/0x3d0 [ 627.781432][T20743] ? __fget_files+0x21f/0x3d0 [ 627.781448][T20743] ksys_write+0x1f8/0x250 [ 627.781458][T20743] ? __pfx_ksys_write+0x10/0x10 [ 627.781472][T20743] do_syscall_64+0x106/0xf80 [ 627.781488][T20743] ? clear_bhb_loop+0x40/0x90 [ 627.781502][T20743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 627.781513][T20743] RIP: 0033:0x7efd1339c799 [ 627.781523][T20743] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 627.781534][T20743] RSP: 002b:00007efd142b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 627.781545][T20743] RAX: ffffffffffffffda RBX: 00007efd13615fa0 RCX: 00007efd1339c799 [ 627.781552][T20743] RDX: 000000000000045c RSI: 0000200000000a40 RDI: 0000000000000003 [ 627.781558][T20743] RBP: 00007efd142b1090 R08: 0000000000000000 R09: 0000000000000000 [ 627.781565][T20743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 627.781571][T20743] R13: 00007efd13616038 R14: 00007efd13615fa0 R15: 00007ffc78090578 [ 627.781585][T20743] [ 627.893646][T20747] input: syz0 as /devices/virtual/input/input49 [ 627.984923][T20751] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5002'. [ 627.995249][T20751] team0 (unregistering): Port device team_slave_0 removed [ 628.001489][T20751] team0 (unregistering): Port device team_slave_1 removed [ 628.410717][T20755] Option ''MO' to dns_resolver key: bad/missing value [ 628.755316][T20757] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5004'. [ 629.333411][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.570385][ T6015] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 629.731474][ T6015] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 629.735470][ T6015] usb 5-1: config 0 has no interfaces? [ 629.737600][ T6015] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 629.741190][ T6015] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.746991][ T6015] usb 5-1: config 0 descriptor?? [ 629.819496][T16280] Bluetooth: hci0: command tx timeout [ 630.008084][T20785] tipc: Enabling of bearer rejected, already enabled [ 630.357599][ T40] audit: type=1400 audit(1774453021.048:649): avc: denied { setopt } for pid=20804 comm="syz.3.5020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 630.421327][T20811] overlayfs: failed to clone upperpath [ 630.504229][T20816] ptrace attach of "/syz-executor exec"[20817] was attempted by "/syz-executor exec"[20816] [ 631.045801][T20839] tipc: Enabling of bearer rejected, already enabled [ 631.425634][T20841] IPv6: Can't replace route, no match found [ 631.889746][T16280] Bluetooth: hci0: command tx timeout [ 632.158865][T20878] __nla_validate_parse: 3 callbacks suppressed [ 632.158883][T20878] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5047'. [ 632.253671][T20884] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 632.257587][T20884] Cannot find set identified by id 3 to match [ 632.358848][ T6015] usb 5-1: USB disconnect, device number 6 [ 632.440643][T20893] overlayfs: failed to clone upperpath [ 632.491879][T20896] netlink: 'syz.2.5054': attribute type 1 has an invalid length. [ 632.495547][T20896] netlink: 56 bytes leftover after parsing attributes in process `syz.2.5054'. [ 632.500990][T20896] netlink: 'syz.2.5054': attribute type 3 has an invalid length. [ 632.507293][T20891] FAULT_INJECTION: forcing a failure. [ 632.507293][T20891] name failslab, interval 1, probability 0, space 0, times 0 [ 632.511777][T20891] CPU: 3 UID: 0 PID: 20891 Comm: syz.0.5052 Tainted: G L syzkaller #0 PREEMPT(full) [ 632.511797][T20891] Tainted: [L]=SOFTLOCKUP [ 632.511802][T20891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 632.511809][T20891] Call Trace: [ 632.511814][T20891] [ 632.511819][T20891] dump_stack_lvl+0x100/0x190 [ 632.511845][T20891] should_fail_ex.cold+0x5/0xa [ 632.511860][T20891] ? tomoyo_realpath_from_path+0xb6/0x690 [ 632.511878][T20891] should_failslab+0xc2/0x120 [ 632.511891][T20891] __kmalloc_noprof+0xe0/0x850 [ 632.511911][T20891] tomoyo_realpath_from_path+0xb6/0x690 [ 632.511932][T20891] tomoyo_path_number_perm+0x23c/0x580 [ 632.511947][T20891] ? tomoyo_path_number_perm+0x22e/0x580 [ 632.511962][T20891] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 632.511991][T20891] ? find_held_lock+0x2b/0x80 [ 632.512007][T20891] ? __fget_files+0x215/0x3d0 [ 632.512020][T20891] ? hook_file_ioctl_common+0x146/0x410 [ 632.512034][T20891] ? __fget_files+0x21f/0x3d0 [ 632.512049][T20891] security_file_ioctl+0xd3/0x230 [ 632.512066][T20891] __x64_sys_ioctl+0xb7/0x210 [ 632.512085][T20891] do_syscall_64+0x106/0xf80 [ 632.512101][T20891] ? clear_bhb_loop+0x40/0x90 [ 632.512116][T20891] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.512127][T20891] RIP: 0033:0x7efd1339c799 [ 632.512137][T20891] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 632.512149][T20891] RSP: 002b:00007efd142b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 632.512160][T20891] RAX: ffffffffffffffda RBX: 00007efd13615fa0 RCX: 00007efd1339c799 [ 632.512167][T20891] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000a [ 632.512174][T20891] RBP: 00007efd142b1090 R08: 0000000000000000 R09: 0000000000000000 [ 632.512181][T20891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 632.512188][T20891] R13: 00007efd13616038 R14: 00007efd13615fa0 R15: 00007ffc78090578 [ 632.512202][T20891] [ 632.512207][T20891] ERROR: Out of memory at tomoyo_realpath_from_path. [ 632.673158][T20891] kvm: kvm [20890]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xe962 [ 633.156198][ T5288] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 633.161145][ T5288] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 633.164798][ T5288] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 633.167923][ T5288] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 633.171857][ T5288] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 633.196516][T20964] wg1 speed is unknown, defaulting to 1000 [ 633.242399][ T40] audit: type=1400 audit(1774453023.938:650): avc: denied { bind } for pid=20972 comm="syz.3.5078" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 633.308137][T20981] overlayfs: failed to clone upperpath [ 633.348184][T20964] chnl_net:caif_netlink_parms(): no params data found [ 633.391687][T20990] FAULT_INJECTION: forcing a failure. [ 633.391687][T20990] name failslab, interval 1, probability 0, space 0, times 0 [ 633.395779][T20990] CPU: 2 UID: 0 PID: 20990 Comm: syz.0.5084 Tainted: G L syzkaller #0 PREEMPT(full) [ 633.395799][T20990] Tainted: [L]=SOFTLOCKUP [ 633.395803][T20990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 633.395810][T20990] Call Trace: [ 633.395815][T20990] [ 633.395820][T20990] dump_stack_lvl+0x100/0x190 [ 633.395851][T20990] should_fail_ex.cold+0x5/0xa [ 633.395867][T20990] should_failslab+0xc2/0x120 [ 633.395880][T20990] __kmalloc_cache_noprof+0x7a/0x6f0 [ 633.395894][T20990] ? alloc_pipe_info+0x10e/0x590 [ 633.395906][T20990] ? avc_has_perm+0x135/0x1e0 [ 633.395926][T20990] alloc_pipe_info+0x10e/0x590 [ 633.395939][T20990] splice_direct_to_actor+0x78f/0xa30 [ 633.395954][T20990] ? __pfx_direct_splice_actor+0x10/0x10 [ 633.395967][T20990] ? inode_has_perm+0x16d/0x1d0 [ 633.395980][T20990] ? file_has_perm+0x27b/0x350 [ 633.395993][T20990] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 633.396006][T20990] ? __pfx_file_has_perm+0x10/0x10 [ 633.396022][T20990] do_splice_direct+0x174/0x240 [ 633.396035][T20990] ? __pfx_do_splice_direct+0x10/0x10 [ 633.396048][T20990] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 633.396061][T20990] ? bpf_lsm_file_permission+0x9/0x10 [ 633.396079][T20990] ? security_file_permission+0x76/0x210 [ 633.396103][T20990] ? rw_verify_area+0xce/0x6d0 [ 633.396129][T20990] do_sendfile+0xadc/0xe20 [ 633.396161][T20990] ? __pfx_do_sendfile+0x10/0x10 [ 633.396188][T20990] ? __fget_files+0x21f/0x3d0 [ 633.396206][T20990] __x64_sys_sendfile64+0x1d8/0x220 [ 633.396219][T20990] ? ksys_write+0x1ac/0x250 [ 633.396229][T20990] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 633.396242][T20990] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 633.396258][T20990] ? syscall_user_dispatch+0x76/0x130 [ 633.396273][T20990] do_syscall_64+0x106/0xf80 [ 633.396295][T20990] ? clear_bhb_loop+0x40/0x90 [ 633.396309][T20990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.396320][T20990] RIP: 0033:0x7efd1339c799 [ 633.396331][T20990] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 633.396341][T20990] RSP: 002b:00007efd142b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 633.396352][T20990] RAX: ffffffffffffffda RBX: 00007efd13615fa0 RCX: 00007efd1339c799 [ 633.396360][T20990] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 633.396366][T20990] RBP: 00007efd142b1090 R08: 0000000000000000 R09: 0000000000000000 [ 633.396372][T20990] R10: 000080001d00c0d1 R11: 0000000000000246 R12: 0000000000000001 [ 633.396379][T20990] R13: 00007efd13616038 R14: 00007efd13615fa0 R15: 00007ffc78090578 [ 633.396392][T20990] [ 633.427216][T20964] bridge0: port 1(bridge_slave_0) entered blocking state [ 633.506428][T20964] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.509873][T20964] bridge_slave_0: entered allmulticast mode [ 633.513343][T20964] bridge_slave_0: entered promiscuous mode [ 633.518192][T20964] bridge0: port 2(bridge_slave_1) entered blocking state [ 633.521679][T20964] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.524784][T20964] bridge_slave_1: entered allmulticast mode [ 633.528585][T20964] bridge_slave_1: entered promiscuous mode [ 633.554586][T20964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 633.561278][T20964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 633.592180][T20964] team0: Port device team_slave_0 added [ 633.597118][T20964] team0: Port device team_slave_1 added [ 633.616171][T20964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 633.618530][T20964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 633.627567][T20964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 633.632111][T20964] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 633.634323][T20964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 633.643625][T20964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 633.671028][T20964] hsr_slave_0: entered promiscuous mode [ 633.673365][T20964] hsr_slave_1: entered promiscuous mode [ 633.675941][T20964] debugfs: 'hsr0' already exists in 'hsr' [ 633.677746][T20964] Cannot create hsr debugfs directory [ 633.687665][ T61] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.760428][ T61] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.820978][ T61] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.855796][T20997] sit1: entered allmulticast mode [ 633.916946][ T61] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.974531][T21004] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 634.005250][ T40] audit: type=1800 audit(1774453024.688:651): pid=21004 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.5089" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 634.077382][ T61] bridge_slave_1: left allmulticast mode [ 634.079502][ T61] bridge_slave_1: left promiscuous mode [ 634.082184][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.094897][ T61] bridge_slave_0: left allmulticast mode [ 634.096837][ T61] bridge_slave_0: left promiscuous mode [ 634.098926][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.282431][ T61] bond1 (unregistering): (slave bridge1): Releasing active interface [ 634.285656][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 634.287785][ T5288] Bluetooth: Wrong link type (-22) [ 634.343115][ T61] bond2 (unregistering): (slave bridge2): Releasing backup interface [ 634.346200][ T61] bridge2 (unregistering): left promiscuous mode [ 634.414393][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 634.418363][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 634.423419][ T61] bond0 (unregistering): Released all slaves [ 634.428637][ T61] bond1 (unregistering): Released all slaves [ 634.437297][ T61] bond2 (unregistering): Released all slaves [ 634.527533][T21036] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pid=21036 comm=syz.1.5097 [ 634.542828][ T61] tipc: Disabling bearer [ 634.551390][ T61] tipc: Left network mode [ 634.552162][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 634.554922][ T5288] Bluetooth: Wrong link type (-22) [ 634.617300][T21052] overlayfs: failed to clone upperpath [ 634.641972][ T61] IPVS: stopping master sync thread 14212 ... [ 634.952416][T21095] overlayfs: failed to clone upperpath [ 634.979670][T21098] netlink: 'syz.3.5112': attribute type 2 has an invalid length. [ 634.983097][T21098] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5112'. [ 634.997524][ T61] hsr_slave_0: left promiscuous mode [ 635.004214][ T61] hsr_slave_1: left promiscuous mode [ 635.007245][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 635.015397][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 635.019900][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 635.023100][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 635.035064][ T61] veth1_macvtap: left promiscuous mode [ 635.036923][ T61] veth0_macvtap: left promiscuous mode [ 635.038849][ T61] veth1_vlan: left promiscuous mode [ 635.042898][ T61] veth0_vlan: left promiscuous mode [ 635.167315][ T61] team0 (unregistering): Port device team_slave_1 removed [ 635.174860][ T61] team0 (unregistering): Port device team_slave_0 removed [ 635.249602][ T5288] Bluetooth: hci4: command tx timeout [ 635.274015][T20964] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 635.282398][T20964] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 635.288415][T20964] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 635.290264][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 635.293887][ T5288] Bluetooth: Wrong link type (-22) [ 635.299284][T20964] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 635.335988][T21125] tipc: Enabling of bearer rejected, already enabled [ 635.366097][T20964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 635.376705][T20964] 8021q: adding VLAN 0 to HW filter on device team0 [ 635.385736][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 635.388092][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 635.403398][ T397] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.405683][ T397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 635.424712][T21129] overlayfs: failed to clone upperpath [ 635.442737][T20964] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 635.508868][ T40] audit: type=1400 audit(1774453026.198:652): avc: denied { setopt } for pid=21133 comm="syz.1.5123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 635.592059][T20964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 635.614360][T20964] veth0_vlan: entered promiscuous mode [ 635.621883][T20964] veth1_vlan: entered promiscuous mode [ 635.638392][T20964] veth0_macvtap: entered promiscuous mode [ 635.647039][T20964] veth1_macvtap: entered promiscuous mode [ 635.655819][T20964] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 635.662094][T20964] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 635.672544][ T90] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.682465][ T90] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.685475][ T90] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.688261][ T90] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.693427][ T5288] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 635.696031][ T5288] Bluetooth: Wrong link type (-22) [ 635.727079][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 635.735699][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 635.766977][ T397] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 635.770143][ T397] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 635.860274][T21173] syzkaller0: entered promiscuous mode [ 635.861080][ T40] audit: type=1400 audit(1774453026.558:653): avc: denied { ioctl } for pid=21172 comm="syz.2.5132" path="socket:[76724]" dev="sockfs" ino=76724 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 635.862270][T21173] syzkaller0: entered allmulticast mode [ 635.968340][T21188] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5136'. [ 636.085684][T21206] netlink: 68 bytes leftover after parsing attributes in process `syz.3.5141'. [ 636.088831][T21207] netlink: 68 bytes leftover after parsing attributes in process `syz.3.5141'. [ 636.877027][ T40] audit: type=1400 audit(1774453027.568:654): avc: denied { write } for pid=21226 comm="syz.1.5146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 637.275063][T21261] FAULT_INJECTION: forcing a failure. [ 637.275063][T21261] name failslab, interval 1, probability 0, space 0, times 0 [ 637.281211][T21261] CPU: 1 UID: 0 PID: 21261 Comm: syz.2.5153 Tainted: G L syzkaller #0 PREEMPT(full) [ 637.281232][T21261] Tainted: [L]=SOFTLOCKUP [ 637.281236][T21261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 637.281243][T21261] Call Trace: [ 637.281248][T21261] [ 637.281252][T21261] dump_stack_lvl+0x100/0x190 [ 637.281276][T21261] should_fail_ex.cold+0x5/0xa [ 637.281291][T21261] should_failslab+0xc2/0x120 [ 637.281303][T21261] __kmalloc_cache_noprof+0x7a/0x6f0 [ 637.281318][T21261] ? snd_seq_port_connect+0x61/0x560 [ 637.281335][T21261] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 637.281351][T21261] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 637.281370][T21261] snd_seq_port_connect+0x61/0x560 [ 637.281387][T21261] ? _raw_read_unlock+0x28/0x50 [ 637.281402][T21261] ? check_subscription_permission.isra.0+0x146/0x240 [ 637.281422][T21261] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 637.281435][T21261] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 637.281452][T21261] call_seq_client_ctl+0xa3/0x130 [ 637.281470][T21261] snd_seq_kernel_client_ctl+0x77/0xd0 [ 637.281488][T21261] snd_seq_oss_midi_open+0x48b/0x6b0 [ 637.281503][T21261] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 637.281516][T21261] ? snd_seq_oss_midi_reset+0x11a/0x4c0 [ 637.281534][T21261] ? __mutex_lock+0x26a/0x1b90 [ 637.281553][T21261] snd_seq_oss_synth_reset+0x439/0x8e0 [ 637.281567][T21261] ? __pfx___mutex_lock+0x10/0x10 [ 637.281584][T21261] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 637.281600][T21261] ? __pfx___fsnotify_parent+0x10/0x10 [ 637.281617][T21261] ? __pfx_odev_release+0x10/0x10 [ 637.281635][T21261] snd_seq_oss_reset+0x73/0x290 [ 637.281646][T21261] ? __pfx_odev_release+0x10/0x10 [ 637.281664][T21261] snd_seq_oss_release+0x7c/0x180 [ 637.281675][T21261] ? __pfx_odev_release+0x10/0x10 [ 637.281692][T21261] odev_release+0x56/0xa0 [ 637.281709][T21261] __fput+0x3ff/0xb40 [ 637.281726][T21261] task_work_run+0x150/0x240 [ 637.281740][T21261] ? __pfx_task_work_run+0x10/0x10 [ 637.281764][T21261] exit_to_user_mode_loop+0x100/0x4a0 [ 637.281778][T21261] do_syscall_64+0x67c/0xf80 [ 637.281793][T21261] ? clear_bhb_loop+0x40/0x90 [ 637.281807][T21261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.281819][T21261] RIP: 0033:0x7f87a859c799 [ 637.281830][T21261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 637.281841][T21261] RSP: 002b:00007f87a9463028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 637.281854][T21261] RAX: 0000000000000000 RBX: 00007f87a8816090 RCX: 00007f87a859c799 [ 637.281861][T21261] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 637.281868][T21261] RBP: 00007f87a9463090 R08: 0000000000000000 R09: 0000000000000000 [ 637.281874][T21261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 637.281881][T21261] R13: 00007f87a8816128 R14: 00007f87a8816090 R15: 00007ffd86804d48 [ 637.281895][T21261] [ 637.329578][ T5288] Bluetooth: hci4: command tx timeout [ 637.409264][ T40] audit: type=1400 audit(1774453028.098:655): avc: denied { mount } for pid=21270 comm="syz.2.5157" name="/" dev="configfs" ino=1052 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 637.417611][ T40] audit: type=1400 audit(1774453028.108:656): avc: denied { search } for pid=21270 comm="syz.2.5157" name="/" dev="configfs" ino=1052 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 637.424994][ T40] audit: type=1400 audit(1774453028.108:657): avc: denied { setattr } for pid=21270 comm="syz.2.5157" name="/" dev="configfs" ino=1052 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 637.466455][T21276] netlink: 'syz.0.5159': attribute type 1 has an invalid length. [ 637.488790][T21276] 8021q: adding VLAN 0 to HW filter on device bond1 [ 637.498304][T21276] vlan2: entered allmulticast mode [ 637.501071][T21276] bond1: entered allmulticast mode [ 637.513575][T21276] bond1: (slave geneve2): making interface the new active one [ 637.516776][T21276] geneve2: entered allmulticast mode [ 637.523619][T21276] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 637.562958][T21285] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5161'. [ 637.935760][T21309] ------------[ cut here ]------------ [ 637.937714][T21309] enable_ept && !allow_smaller_maxphyaddr [ 637.937723][T21309] WARNING: arch/x86/kvm/vmx/vmx.c:5444 at handle_exception_nmi+0xa6e/0x1bb0, CPU#0: syz.2.5167/21309 [ 637.943800][T21309] Modules linked in: [ 637.945513][T21309] CPU: 0 UID: 0 PID: 21309 Comm: syz.2.5167 Tainted: G L syzkaller #0 PREEMPT(full) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 637.949288][T21309] Tainted: [L]=SOFTLOCKUP [ 637.951068][T21309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 637.954886][T21309] RIP: 0010:handle_exception_nmi+0xa6e/0x1bb0 [ 637.957206][T21309] Code: 08 84 d2 0f 85 fd 10 00 00 44 0f b6 2d 96 e3 39 0f 31 ff 44 89 ee e8 a1 2b 69 00 45 84 ed 0f 85 b5 0e 00 00 e8 43 31 69 00 90 <0f> 0b 90 31 ff 44 89 e6 e8 e5 2b 69 00 45 85 e4 0f 85 7f 0b 00 00 [ 637.964136][T21309] RSP: 0018:ffffc90003a7f9d8 EFLAGS: 00010287 [ 637.966444][T21309] RAX: 000000000001a55f RBX: ffff888026c58000 RCX: ffffc9002d0c7000 [ 637.969291][T21309] RDX: 0000000000080000 RSI: ffffffff819faffd RDI: ffff88802bbd0000 [ 637.972441][T21309] RBP: 000000000f6632eb R08: 0000000000000001 R09: 0000000000000000 [ 637.975638][T21309] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 637.979195][T21309] R13: 0000000000000000 R14: ffff8880373bb000 R15: ffff888026c580d8 [ 637.982800][T21309] FS: 00007f87a94846c0(0000) GS:ffff8880d633f000(0000) knlGS:0000000000000000 [ 637.986874][T21309] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 637.989976][T21309] CR2: 000000000f6632eb CR3: 000000005729b000 CR4: 0000000000352ef0 [ 637.993597][T21309] Call Trace: [ 637.995157][T21309] [ 637.996565][T21309] ? __pfx_handle_exception_nmi+0x10/0x10 [ 637.999130][T21309] vmx_handle_exit+0x84d/0x1f40 [ 638.001691][T21309] vcpu_run+0x34cf/0x5ca0 [ 638.003695][T21309] ? __pfx_vcpu_run+0x10/0x10 [ 638.005856][T21309] ? rcu_is_watching+0x12/0xc0 [ 638.008107][T21309] ? kvm_arch_vcpu_ioctl_run+0x565/0x1830 [ 638.010719][T21309] kvm_arch_vcpu_ioctl_run+0x565/0x1830 [ 638.013231][T21309] kvm_vcpu_ioctl+0x730/0x1730 [ 638.015430][T21309] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 638.017784][T21309] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 638.020613][T21309] ? do_vfs_ioctl+0x226/0x13e0 [ 638.022840][T21309] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 638.025136][T21309] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 638.028238][T21309] ? __fget_files+0x215/0x3d0 [ 638.030854][T21309] ? hook_file_ioctl_common+0x146/0x410 [ 638.033375][T21309] ? selinux_file_ioctl+0x139/0x290 [ 638.035752][T21309] ? selinux_file_ioctl+0xb4/0x290 [ 638.038090][T21309] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 638.040550][T21309] __x64_sys_ioctl+0x18e/0x210 [ 638.042826][T21309] do_syscall_64+0x106/0xf80 [ 638.045145][T21309] ? clear_bhb_loop+0x40/0x90 [ 638.047308][T21309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.050135][T21309] RIP: 0033:0x7f87a859c799 [ 638.052183][T21309] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 638.061342][T21309] RSP: 002b:00007f87a9484028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 638.065084][T21309] RAX: ffffffffffffffda RBX: 00007f87a8815fa0 RCX: 00007f87a859c799 [ 638.068841][T21309] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 638.072667][T21309] RBP: 00007f87a8632c99 R08: 0000000000000000 R09: 0000000000000000 [ 638.076285][T21309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 638.080217][T21309] R13: 00007f87a8816038 R14: 00007f87a8815fa0 R15: 00007ffd86804d48 [ 638.083898][T21309] [ 638.085346][T21309] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 638.088640][T21309] CPU: 0 UID: 0 PID: 21309 Comm: syz.2.5167 Tainted: G L syzkaller #0 PREEMPT(full) [ 638.093784][T21309] Tainted: [L]=SOFTLOCKUP [ 638.096377][T21309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 638.100921][T21309] Call Trace: [ 638.102601][T21309] [ 638.104054][T21309] dump_stack_lvl+0x100/0x190 [ 638.106346][T21309] vpanic+0x552/0x970 [ 638.108277][T21309] ? __pfx_vpanic+0x10/0x10 [ 638.110454][T21309] panic+0xd1/0xe0 [ 638.112532][T21309] ? __pfx_panic+0x10/0x10 [ 638.114661][T21309] check_panic_on_warn.cold+0x19/0x34 [ 638.117049][T21309] ? handle_exception_nmi+0xa6e/0x1bb0 [ 638.119649][T21309] __warn.cold+0x191/0x348 [ 638.121719][T21309] __report_bug+0x296/0x3d0 [ 638.123808][T21309] ? handle_exception_nmi+0xa6e/0x1bb0 [ 638.126320][T21309] ? __pfx___report_bug+0x10/0x10 [ 638.128610][T21309] ? __pfx_skip_emulated_instruction+0x10/0x10 [ 638.131403][T21309] ? kvm_pmu_trigger_event.isra.0+0x789/0xc00 [ 638.134144][T21309] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 638.136819][T21309] ? handle_exception_nmi+0xa6e/0x1bb0 [ 638.139346][T21309] report_bug+0xb2/0x220 [ 638.141313][T21309] ? handle_exception_nmi+0xa6e/0x1bb0 [ 638.143881][T21309] handle_bug+0x16a/0x2a0 [ 638.145984][T21309] exc_invalid_op+0x17/0x50 [ 638.148150][T21309] asm_exc_invalid_op+0x1a/0x20 [ 638.150462][T21309] RIP: 0010:handle_exception_nmi+0xa6e/0x1bb0 [ 638.153239][T21309] Code: 08 84 d2 0f 85 fd 10 00 00 44 0f b6 2d 96 e3 39 0f 31 ff 44 89 ee e8 a1 2b 69 00 45 84 ed 0f 85 b5 0e 00 00 e8 43 31 69 00 90 <0f> 0b 90 31 ff 44 89 e6 e8 e5 2b 69 00 45 85 e4 0f 85 7f 0b 00 00 [ 638.162179][T21309] RSP: 0018:ffffc90003a7f9d8 EFLAGS: 00010287 [ 638.165129][T21309] RAX: 000000000001a55f RBX: ffff888026c58000 RCX: ffffc9002d0c7000 [ 638.168692][T21309] RDX: 0000000000080000 RSI: ffffffff819faffd RDI: ffff88802bbd0000 [ 638.172270][T21309] RBP: 000000000f6632eb R08: 0000000000000001 R09: 0000000000000000 [ 638.175898][T21309] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 638.179566][T21309] R13: 0000000000000000 R14: ffff8880373bb000 R15: ffff888026c580d8 [ 638.183137][T21309] ? handle_exception_nmi+0xa6d/0x1bb0 [ 638.185695][T21309] ? handle_exception_nmi+0xa6d/0x1bb0 [ 638.188176][T21309] ? __pfx_handle_exception_nmi+0x10/0x10 [ 638.190761][T21309] vmx_handle_exit+0x84d/0x1f40 [ 638.192991][T21309] vcpu_run+0x34cf/0x5ca0 [ 638.195276][T21309] ? __pfx_vcpu_run+0x10/0x10 [ 638.197476][T21309] ? rcu_is_watching+0x12/0xc0 [ 638.199691][T21309] ? kvm_arch_vcpu_ioctl_run+0x565/0x1830 [ 638.202580][T21309] kvm_arch_vcpu_ioctl_run+0x565/0x1830 [ 638.205212][T21309] kvm_vcpu_ioctl+0x730/0x1730 [ 638.207465][T21309] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 638.209907][T21309] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 638.212640][T21309] ? do_vfs_ioctl+0x226/0x13e0 [ 638.214850][T21309] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 638.217137][T21309] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 638.220260][T21309] ? __fget_files+0x215/0x3d0 [ 638.222410][T21309] ? hook_file_ioctl_common+0x146/0x410 [ 638.224976][T21309] ? selinux_file_ioctl+0x139/0x290 [ 638.227474][T21309] ? selinux_file_ioctl+0xb4/0x290 [ 638.230038][T21309] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 638.232528][T21309] __x64_sys_ioctl+0x18e/0x210 [ 638.234737][T21309] do_syscall_64+0x106/0xf80 [ 638.236856][T21309] ? clear_bhb_loop+0x40/0x90 [ 638.239020][T21309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.241719][T21309] RIP: 0033:0x7f87a859c799 [ 638.243771][T21309] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 638.251938][T21309] RSP: 002b:00007f87a9484028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 638.254801][T21309] RAX: ffffffffffffffda RBX: 00007f87a8815fa0 RCX: 00007f87a859c799 [ 638.257521][T21309] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 638.260243][T21309] RBP: 00007f87a8632c99 R08: 0000000000000000 R09: 0000000000000000 [ 638.263019][T21309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 638.265727][T21309] R13: 00007f87a8816038 R14: 00007f87a8815fa0 R15: 00007ffd86804d48 [ 638.268476][T21309] [ 638.270216][T21309] Kernel Offset: disabled [ 638.271757][T21309] Rebooting in 86400 seconds..