last executing test programs: 7m35.117879485s ago: executing program 32 (id=1963): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb8a0a63cdec5908060001080006040002aaaaaaeaaabbac1414bbaaaaaaaaaabbac1414bb"], 0x0) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) 7m1.42274653s ago: executing program 33 (id=2198): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_CPUID2(r2, 0xc008ae91, &(0x7f0000000240)) 5m46.998248977s ago: executing program 1 (id=4943): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket(0x2d, 0x2, 0x0) connect$qrtr(r1, &(0x7f0000000300)={0x2d, 0x1, 0x4001}, 0xc) 5m46.997376223s ago: executing program 1 (id=4946): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f000012d000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00005a4000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x970, 0x1f680, 0x1, 0x39c}) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) io_uring_enter(r0, 0x12a, 0x14, 0x17, 0x0, 0x0) 5m46.807673738s ago: executing program 1 (id=4950): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x20008844) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0) 5m46.807537546s ago: executing program 1 (id=4951): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x201, 0x4000003e, r0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8}) 5m46.727793404s ago: executing program 1 (id=4952): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, r0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x7, r1, 0x0, &(0x7f0000000000/0x800000)=nil, 0x800000, 0x1020000}) 5m46.578004291s ago: executing program 1 (id=4953): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000000001010400000000141a000002000010240001801400018008000100e000000108000200e00000010c00028005000100000000001800028014000180080001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a1b000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x11, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0300"], 0x122}}, 0x0) 5m46.551817673s ago: executing program 34 (id=4953): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000000001010400000000141a000002000010240001801400018008000100e000000108000200e00000010c00028005000100000000001800028014000180080001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a1b000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x11, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0300"], 0x122}}, 0x0) 5m32.766758516s ago: executing program 6 (id=5183): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) syz_genetlink_get_family_id$ieee802154(0x0, r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x50, r1, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_SHORT_ADDR={0x6}]}, 0x50}, 0x4, 0x700000000000000}, 0x0) 5m32.741876479s ago: executing program 6 (id=5184): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x24, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xb, 0x4}, {}, {0x7, 0x300}}}, 0x24}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58) r1 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e000000013"], 0xe0}}, 0x0) 5m32.459005227s ago: executing program 6 (id=5197): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xd3f, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_TTL={0x5, 0x43, 0x3}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x20040054) 5m32.306996659s ago: executing program 6 (id=5201): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000)=0xa0, 0x4) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) symlinkat(&(0x7f0000000200)='./file0/file0\x00', r0, &(0x7f0000000240)='./file0\x00') 5m32.286241573s ago: executing program 6 (id=5204): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) recvfrom(r1, &(0x7f00000023c0)=""/231, 0xe7, 0x20, 0x0, 0x0) 5m31.965892656s ago: executing program 6 (id=5207): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x176e}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x1a, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x200, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xa, 0xfff1}, {0x2, 0x9}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4040004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 5m31.876021265s ago: executing program 35 (id=5207): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x176e}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x1a, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x200, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xa, 0xfff1}, {0x2, 0x9}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4040004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4m1.866268319s ago: executing program 4 (id=6578): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x400000001, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e23, 0x27bf, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xa}}, 0x3}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='[', 0x1, 0xc0, 0x0, 0x0) 4m1.806229627s ago: executing program 4 (id=6579): open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x2) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}) read$FUSE(r0, &(0x7f0000004280)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000180)={0x50, 0x0, r1, {0x7, 0x2b, 0xfffffffd, 0x3008c00c, 0x0, 0xfffe, 0x6, 0xfffffffe, 0x0, 0x0, 0x1, 0x100}}, 0x50) close(r0) chown(&(0x7f0000000100)='./file0\x00', 0x0, r2) 4m1.805903465s ago: executing program 4 (id=6581): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0xc0049364, &(0x7f0000000180)) 4m1.6958803s ago: executing program 4 (id=6584): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x18f887, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x1005848, 0x0) 4m1.645855665s ago: executing program 4 (id=6586): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xffffffffffffffff) fcntl$lock(0xffffffffffffffff, 0x7, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4m0.686095938s ago: executing program 4 (id=6599): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', 0x0}) r3 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x5c, r3, 0x1, 0x70bd27, 0x25dfdc06, {}, [{{0x8, 0x1, r4}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}]}}]}, 0x5c}, 0x1, 0x400000000000000}, 0x0) 4m0.537368486s ago: executing program 36 (id=6599): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', 0x0}) r3 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x5c, r3, 0x1, 0x70bd27, 0x25dfdc06, {}, [{{0x8, 0x1, r4}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}]}}]}, 0x5c}, 0x1, 0x400000000000000}, 0x0) 3m58.096143306s ago: executing program 5 (id=6628): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r2, &(0x7f0000000040)=[{&(0x7f0000000000)='4', 0x1}], 0x1) sendmsg$nl_generic(r2, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80c0}, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3) 3m58.045174574s ago: executing program 5 (id=6629): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0xfe, 0x7fff0006}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa8203, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x20004, r1, 0x2}) r4 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r3}) close_range(r0, 0xffffffffffffffff, 0x0) 3m58.045031085s ago: executing program 5 (id=6630): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x81, 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x11, r0, 0x0) 3m57.956186427s ago: executing program 5 (id=6631): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x18f887, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) 3m57.894772396s ago: executing program 5 (id=6632): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000180)={0x3b}, 0x8) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e21, @loopback}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7010fddbdf2505000000080009000200000008000c00a80a0000060001000500000008000b"], 0x3c}}, 0x20000034) 3m57.075391966s ago: executing program 5 (id=6641): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x101700) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000080)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240), 0x400000000a0a01, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x39, 0x9}}, 0x20) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r2, 0xc0844123, &(0x7f00000001c0)) ioctl$SNDCTL_DSP_GETOSPACE(r1, 0x8010500c, &(0x7f00000000c0)) 3m57.008550584s ago: executing program 37 (id=6641): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x101700) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000080)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240), 0x400000000a0a01, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x39, 0x9}}, 0x20) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r2, 0xc0844123, &(0x7f00000001c0)) ioctl$SNDCTL_DSP_GETOSPACE(r1, 0x8010500c, &(0x7f00000000c0)) 3m21.271462228s ago: executing program 8 (id=7171): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) add_key$keyring(&(0x7f0000000540), 0x0, 0x0, 0x0, 0xffffffffffffffff) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1, 0x1) syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @random="18c45d9979c9", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0xfffe, 0x0, 0x8000, {[@timestamp={0x8, 0xa, 0xf4b}]}}}}}}}, 0x0) 3m21.095805575s ago: executing program 8 (id=7173): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001311ff00000000000000000000000000000000ff0200000003000000000000e9ffff004f194e20"], 0x4b) 3m20.906314903s ago: executing program 8 (id=7177): sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000003700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) sendmsg$NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0x64, r0, 0x100, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0xe, 0x5b}}}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0xb}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xd}, @NL80211_ATTR_TSID={0x5, 0xd2, 0x7}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x64}, 0x1, 0x0, 0x0, 0x8410}, 0x4000) socket$l2tp6(0xa, 0x2, 0x73) socket$nl_route(0x10, 0x3, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04300900c9"], 0x6) 3m20.890945928s ago: executing program 8 (id=7179): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x18f887, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) 3m20.828848544s ago: executing program 8 (id=7183): openat$sndseq(0xffffff9c, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b40000001300000200000000fbdbdf257f000001000000000000000000000000fe8000000400000000000000000000aa00000004000000000a006080"], 0xb4}, 0x1, 0x0, 0x0, 0x80}, 0x4051) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000020000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80c0}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001300e9990500000000000000fc000000000000000000000000000000fc00000000000000000000000000000000000000000000000a0030"], 0xb8}}, 0x4000) 3m20.474009433s ago: executing program 8 (id=7189): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x301142, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x118) close(r1) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) write$cgroup_devices(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="1bd4000c"], 0xffdd) 3m20.422771238s ago: executing program 38 (id=7189): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x301142, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x118) close(r1) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) write$cgroup_devices(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="1bd4000c"], 0xffdd) 2m21.601637139s ago: executing program 0 (id=8077): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000005c0)=ANY=[@ANYBLOB], 0xea) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000040)={0x808, 0x3, 0xca0, 0xfffa}, 0x8) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000280)='0', 0xfffd, 0x4000854, &(0x7f0000000300)={0xa, 0x4e21, 0xbe7, @loopback, 0x800000c0}, 0x1c) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, 0x0, 0x0) 2m21.459402576s ago: executing program 0 (id=8083): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x440}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}}, 0x0) 2m21.295147739s ago: executing program 0 (id=8088): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) close(r0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt(r1, 0x84, 0x80, &(0x7f00000002c0)="1400000009000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c) sendto$inet6(r1, &(0x7f00000004c0)="b0", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x7, @loopback, 0x4}, 0x1c) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000500)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x38}}}}, 0x84) 2m21.176837202s ago: executing program 0 (id=8092): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) unshare(0x60400) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000002380)={0x2020}, 0x2020) 2m21.11244723s ago: executing program 0 (id=8095): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x58, 0x10, 0x439, 0x20, 0x0, {0x0, 0x0, 0x0, r2, 0x9801, 0x1303}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @sit={{0x8}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_TTL={0x5, 0x4, 0xbd}, @IFLA_IPTUN_ENCAP_SPORT={0x6, 0x11, 0x4e21}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @rand_addr=0x64010101}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x29}, @IFLA_IPTUN_LINK={0x8, 0x1, r3}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000841}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0) 2m20.644922678s ago: executing program 0 (id=8103): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) r1 = socket$netlink(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000400)={{{@in=@broadcast, @in=@multicast2, 0x4e21, 0x0, 0x4e22, 0x3c, 0xa, 0x0, 0x1a0, 0x3b}, {0x7c80, 0x0, 0x8, 0x3, 0x7, 0x6, 0x2}, {0x7fff, 0x8, 0x2, 0x1ff}, 0x6, 0x6e6bbe, 0x2, 0x0, 0x2, 0x2}, {{@in=@private=0xa010101, 0x4d6, 0xff}, 0xa, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x3506, 0x2, 0x0, 0xd, 0xfe000000}}, 0xe8) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000003c0)={@remote, r2}, 0x14) 2m20.538730037s ago: executing program 39 (id=8103): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) r1 = socket$netlink(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000400)={{{@in=@broadcast, @in=@multicast2, 0x4e21, 0x0, 0x4e22, 0x3c, 0xa, 0x0, 0x1a0, 0x3b}, {0x7c80, 0x0, 0x8, 0x3, 0x7, 0x6, 0x2}, {0x7fff, 0x8, 0x2, 0x1ff}, 0x6, 0x6e6bbe, 0x2, 0x0, 0x2, 0x2}, {{@in=@private=0xa010101, 0x4d6, 0xff}, 0xa, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x3506, 0x2, 0x0, 0xd, 0xfe000000}}, 0xe8) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000003c0)={@remote, r2}, 0x14) 1.377897076s ago: executing program 9 (id=10189): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f000000d040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x34, r0, 0x8de13c6b70ae92c3, 0x41003, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xe}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xf0}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x0) 1.311279085s ago: executing program 9 (id=10194): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000140)={0x7, 0x8, 0xfa00, {r1, 0x6}}, 0x12) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r1, 0x4734}}, 0x10) 1.310932736s ago: executing program 7 (id=10195): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) syz_emit_ethernet(0x2bc, &(0x7f00000000c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x286, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x88, 0x0, 0x0, 0x6, '\x00', @private1, [{0x5, 0xd, "52811c8f7eefb435b3fcbd906282e8dcc4436572645e443db860c149c04bcefadad96545eeae73819162fe2099e06d52c1e95acc597cfea679351e8fe58afb31e3076c9074c81020a1aec96e31fde771cad6784b75ad75a7e23b50a17c6f7a4197df2c7a32b4e6d48ac88c"}, {0x19, 0x8, "16198027b1d7011df55036b41e693daaa3a374e951a3bd1e7a794eb3d4a4aea35967f1f412c3f66dc291723df062329c1eef10de42e5015e82a0a0fcfbb4dc10031b"}, {0x18, 0x37, "be8710294e59f15d4c63f6829dca5824eeae3d02d8947e4c100b7f2b32db3829b7e492041d93727160156bdeb52a69b04ffbb4aac676b2052586b57e05a8b79ad201730c303f34fbdeed19bd59cda00cf05f9b6d4047a34cecce02dcd769ab2e1b3160e079819b839aa48c4ac2b32b7ac8c202846b611418f4ba0e972a363c56ffd5ebc56e041489762f1372647c92bb68f2276a293b992a12dc650584c72d4ba37cedf842ef9ed51b88432caef7779126c604194e7f019f18146b14df48860f0e492f6b4a5708e43cb03093ef52ea8072d8b87be7200fbc0384fdda08bcacba17be3c04e1091b7ebc487da1720cea1c3720cfaaac5c909bc48244c2ed60693056112b2eba41301d7b88a354dc461e7df02c1eeaa6787990cd001062d8ba3ee4080b9257cbf64022c3ca83a1e5561e341807d0f37f5957062a521fd6794d360d1a514d9889439e1d7a6ca6d8ac6a2e8e5ba147c14ea88bd73abac7d07ea2af76ad8bf3e7004086da0c3e14e1353412550dcaa2698e0bfb5b2fad724dce6f89de47b033f9a6fe2fd881af4d113be14c536f23a87830d506f3390837685c1293f96b4be927d57bbcb5b991cb193b38c4ebdb05ffd6d50733044780e6"}]}}}}}}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, 0x400, 0x4, 0x0, 0x3d, 0x0, 'syz1\x00', 0x0}) 1.252594087s ago: executing program 7 (id=10198): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000240)={0x1, 0x0, [{0x4b564d00, 0x0, 0xfff}]}) 1.252466304s ago: executing program 9 (id=10199): r0 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=r2, @ANYBLOB="46b309e5000000001c00128009000100626f6e64"], 0x3c}, 0x1, 0x0, 0x0, 0x690}, 0x20048040) getsockname$packet(r0, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x4) sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x66) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=@newlink={0x50, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x300, 0x17e05}, [@IFLA_MASTER={0x8, 0xa, r6}, @IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x4000, 0x640}}}}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0x3}, {0x4, 0x9}}}, 0x24}}, 0x0) 1.252338395s ago: executing program 7 (id=10201): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x129381) ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000002600)={0x0, 0x2, "5a77bd318786aeb879ca62cdab2a02fa56018600f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d67f7e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da601003ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e6e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f600"}) close_range(r0, 0xffffffffffffffff, 0x0) 1.201988979s ago: executing program 7 (id=10204): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeffffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d00030000000080000000000000000000000700000000000000080000000000400005000000000000000204"], 0x78) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ioctl$SNDCTL_SEQ_SYNC(r0, 0x5101) 1.092166519s ago: executing program 9 (id=10207): r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x4d, &(0x7f0000000040)=0x7, 0x4) recvmmsg(r0, &(0x7f0000004bc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001d40)=""/129, 0x81}, 0x8}], 0x1, 0x40010032, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c89000c2c0120010000000000000000000000000001fe8000000000000000000000000000aaff"], 0x0) 575.336917ms ago: executing program 2 (id=10223): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha224)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x80000) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) socket(0x2c, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000180), &(0x7f0000000080)=@tcp6, 0x1}, 0x20) r2 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'wlan1\x00', 0x0}) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 550.965756ms ago: executing program 2 (id=10224): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="14000000040000000400"], 0x50) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0xe5, 0x4) socket$inet6_sctp(0xa, 0x1, 0x84) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) r1 = socket$kcm(0x21, 0x2, 0x2) ptrace(0x11, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x5, 0x7fff7ffc}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000180)={0x0, 0x3, r1, 0x5}) unshare(0x6a040000) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e22, 0xd, @loopback, 0x6}, 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, &(0x7f00000000c0)=0x1, 0x4) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000500)=ANY=[], 0x258) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0xfffc, @none, 0xfff, 0x1}, 0xe) r4 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e, 0x2, 0x1}, 0x18, 0x0) landlock_restrict_self(r4, 0xe) r5 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r5, 0x29, 0xc8, &(0x7f0000000340), 0x4) setsockopt$MRT6_FLUSH(r5, 0x29, 0xd1, &(0x7f0000000080)=0x2, 0x4) gettid() pipe(&(0x7f0000000040)) unshare(0x24020400) pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x1f, 0xfffffffffffffffe, 0x7, 0x0, 0x7, 0x4, 0xfffffffffffffffc, 0xfffffffffffffffc}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) unshare(0x10020f80) 459.433065ms ago: executing program 3 (id=10228): syz_open_dev$sg(&(0x7f00000001c0), 0x508d48d4, 0x40902) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@mpls_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_TTL_PROPAGATE={0x5, 0x1a, 0xdd}]}, 0x24}}, 0x0) syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=[@dstopts_2292={{0xb8, 0x29, 0x4, {0x4, 0x13, '\x00', [@calipso={0x7, 0x8, {0x1, 0x0, 0x9, 0x9f}}, @generic={0xfe, 0x64, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989"}, @generic={0x80, 0x12, "09e12e5f0b6bdcf72f2ec7008a15fa88b025"}, @calipso={0x7, 0x8, {0x1, 0x0, 0x7a, 0x8001}}, @pad1, @ra={0x5, 0x2, 0xbf4}, @generic={0x93, 0x6, "e80ee304ecb7"}]}}}, @hopopts_2292={{0x88, 0x29, 0x36, {0x3b, 0xd, '\x00', [@pad1, @enc_lim={0x4, 0x1, 0x7}, @padn, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}, @enc_lim={0x4, 0x1, 0x8}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0x3, 0xc, 0x6c, 0x8, [0x2, 0xfffffffffffffff7, 0x6, 0x7fff, 0x6, 0x7]}}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @padn]}}}, @hopopts={{0x78, 0x29, 0x36, {0x5e, 0xb, '\x00', [@pad1, @pad1, @padn, @calipso={0x7, 0x28, {0x3, 0x8, 0x0, 0xfff, [0x2, 0x966, 0x1, 0x1]}}, @calipso={0x7, 0x10, {0x0, 0x2, 0x7, 0x6, [0x7fff]}}, @generic={0x8}, @calipso={0x7, 0x10, {0x3, 0x2, 0x3, 0x7, [0x8000]}}, @generic={0x1, 0x3, "2bdb86"}]}}}], 0x1b8}}], 0x1, 0x810) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 382.900062ms ago: executing program 3 (id=10229): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000440)={@local, 0x1}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7cb, &(0x7f0000000100)={0x0, 0x0, 0x8}) 382.783744ms ago: executing program 3 (id=10230): writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000300)}], 0x1) r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x2}) ioctl$VIDIOC_REQBUFS(r0, 0xc0585609, &(0x7f0000000280)={0x0, 0xa}) 310.898461ms ago: executing program 3 (id=10231): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'wlan1\x00', 0x0}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) close_range(r1, 0xffffffffffffffff, 0x0) 310.738433ms ago: executing program 7 (id=10232): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha224)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x80000) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) socket(0x2c, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) r1 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'wlan1\x00', 0x0}) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 310.641547ms ago: executing program 3 (id=10233): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4) mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x10000, 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f0000000080)={{}, {0x1, 0x4}, [{}], {0x4, 0x5}, [], {}, {0x20, 0x5}}, 0x2c, 0x3) lsetxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f00000005c0)={{}, {}, [], {0x4, 0x4}, [], {0x10, 0x3}, {0x20, 0x3}}, 0x24, 0x1) 304.061095ms ago: executing program 2 (id=10234): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x4b564d02, 0x0, 0x20000000000000b}]}) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{}]}) 303.801383ms ago: executing program 7 (id=10235): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0xb9) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', 0x175a978679bbbe1d, 0x80a0a1240160183d) umount2(&(0x7f00000001c0)='./file0\x00', 0x1) chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xee01) 211.739666ms ago: executing program 9 (id=10236): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680)) syz_open_dev$MSR(&(0x7f0000000040), 0x4, 0x0) flock(0xffffffffffffffff, 0x6) socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x3e, &(0x7f0000000080)={@local, @local, @val={@val={0x88a8, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @generic={0x0, 0x6, '\x00', 0x0, 0x1, 0x1, @dev={0xfe, 0x80, '\x00', 0x18}, @dev}}}}, 0x0) r0 = open(0x0, 0x100000, 0x0) flock(r0, 0x6) fchdir(0xffffffffffffffff) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f0000000040)={0x10, 0x0, 0xfffffffd, 0x1}, 0xc) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x4000000000, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000700)=@newsa={0x19c, 0x16, 0x633, 0x0, 0x80000000, {{@in=@empty, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x16}, {@in=@multicast2, 0x4d2, 0x32}, @in6=@loopback, {0x0, 0x8000}, {0x5, 0xffffffffffffffff, 0x0, 0x5}, {0x4, 0x2, 0x3dce6aa0}, 0x6, 0x2, 0x0, 0x4, 0x18, 0x19}, [@policy={0xac, 0x7, {{@in=@loopback, @in=@remote, 0x4e25, 0x9, 0x4e23, 0xe, 0xa, 0xc0, 0x20, 0x3a}, {0x1, 0x3, 0x1, 0xfa, 0x9, 0xd2f, 0x3c, 0x8000}, {0x8, 0x81, 0x9, 0x40}, 0x4, 0x6e6bb2, 0x1, 0x1, 0x0, 0x3}}]}, 0x19c}}, 0x40004) 92.442756ms ago: executing program 2 (id=10237): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x800, 0x0, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x80000) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) 50.546043ms ago: executing program 2 (id=10238): r0 = syz_open_dev$media(&(0x7f0000000040), 0x7fdffffe, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f00000000c0)=0xffffffffffffffff) r2 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000000)={0xf010000, 0x0, 0x0, r1, 0x0, 0x0}) ioctl$MEDIA_REQUEST_IOC_QUEUE(r1, 0x7c80, 0x0) 1.230768ms ago: executing program 3 (id=10239): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ad56b6c58206007e4af65430442b25b36f0000000054c7be", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, 0x0, 0x300, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x5}}}}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20001040}, 0x800) 199.804µs ago: executing program 9 (id=10240): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) listen(r0, 0x3) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) accept4(r0, 0x0, 0x0, 0x800) 0s ago: executing program 2 (id=10241): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000400)={0x44, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x51}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) kernel console output (not intermixed with test programs): sb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 448.194616][T22861] usb 12-1: config 0 has no interfaces? [ 448.197105][T22861] usb 12-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 448.200609][T22861] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.209505][T22861] usb 12-1: config 0 descriptor?? [ 448.418282][T22861] usb 12-1: string descriptor 0 read error: -71 [ 448.444276][T22861] usb 12-1: USB disconnect, device number 14 [ 448.740092][T26246] fuse: fd is not a fuse device [ 449.967937][T26274] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 450.150763][T26316] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8398'. [ 450.154719][T26316] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8398'. [ 450.737646][T26331] netlink: 'syz.3.8403': attribute type 4 has an invalid length. [ 451.191525][ T40] audit: type=1400 audit(1777559451.637:1760): avc: denied { read } for pid=26335 comm="syz.2.8406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 451.300265][T26343] orangefs_devreq_open: device cannot be opened in blocking mode [ 452.043865][T26368] netlink: 8 bytes leftover after parsing attributes in process `syz.9.8414'. [ 452.048460][T26368] netlink: 8 bytes leftover after parsing attributes in process `syz.9.8414'. [ 452.372665][T26392] netlink: 276 bytes leftover after parsing attributes in process `syz.9.8420'. [ 452.677792][T26403] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 453.017959][ T50] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 453.081009][T26419] orangefs_devreq_open: device cannot be opened in blocking mode [ 453.177434][ T50] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 453.181506][ T50] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 453.185006][ T50] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.190156][T26422] mtd partition "" doesn't have enough space: 0x20003 < 0x2001f, disabled [ 453.192198][ T50] usb 7-1: config 0 descriptor?? [ 453.246597][T26422] ftl_cs: FTL header not found. [ 453.430983][ T50] usbhid 7-1:0.0: can't add hid device: -71 [ 453.433030][ T50] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 453.438056][ T50] usb 7-1: USB disconnect, device number 8 [ 453.736949][T26445] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0) [ 453.812997][T26451] fuse: fd is not a fuse device [ 453.885543][ T50] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 453.943089][ T40] audit: type=1400 audit(1777559454.387:1761): avc: denied { rename } for pid=26448 comm="syz.7.8448" name="file0" dev="9p" ino=72876197 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 454.035744][ T50] usb 7-1: Using ep0 maxpacket: 32 [ 454.038686][ T50] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 454.042354][ T50] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 454.048093][ T50] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.059719][ T50] usb 7-1: config 0 descriptor?? [ 454.069644][ T50] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 454.088245][ T50] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 454.525715][ T50] usb 7-1: USB disconnect, device number 9 [ 454.532038][ T50] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 455.774464][T26474] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 455.817351][T26515] fuse: fd is not a fuse device [ 455.987882][ T40] audit: type=1400 audit(1777559456.427:1762): avc: denied { read append } for pid=26528 comm="syz.7.8472" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 455.990348][T26529] virtio-pci 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 456.000204][ T40] audit: type=1400 audit(1777559456.437:1763): avc: denied { open } for pid=26528 comm="syz.7.8472" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 456.025223][T26529] macsec1: entered promiscuous mode [ 456.027627][T26529] macsec1: entered allmulticast mode [ 456.315956][T26553] fuse: fd is not a fuse device [ 456.351888][T26558] virtio-pci 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 456.370721][T26558] macsec1: entered promiscuous mode [ 456.372408][T26558] macsec1: entered allmulticast mode [ 457.152916][T26580] netlink: 8 bytes leftover after parsing attributes in process `syz.9.8495'. [ 457.156763][T26580] netlink: 8 bytes leftover after parsing attributes in process `syz.9.8495'. [ 457.694188][T26615] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8507'. [ 458.400472][T26637] overlayfs: failed to clone upperpath [ 458.742799][T26643] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8518'. [ 458.749887][T26643] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8518'. [ 458.847652][ T40] audit: type=1400 audit(1777559459.297:1764): avc: denied { map } for pid=26644 comm="syz.7.8520" path="socket:[106521]" dev="sockfs" ino=106521 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 458.857348][ T40] audit: type=1400 audit(1777559459.297:1765): avc: denied { accept } for pid=26644 comm="syz.7.8520" path="socket:[106521]" dev="sockfs" ino=106521 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 458.910752][T26650] input: syz1 as /devices/virtual/input/input28 [ 459.159196][T26663] 0xfffffffffffffffd-0x000000020000 : "" [ 459.163318][T26663] mtd: partition "" is out of reach -- disabled [ 459.187976][T26663] ftl_cs: FTL header not found. [ 459.327873][T26675] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8531'. [ 459.361880][T26675] bond3: entered promiscuous mode [ 459.364294][T26675] bond3: entered allmulticast mode [ 459.500820][T26688] fuse: fd is not a fuse device [ 459.539676][ T40] audit: type=1400 audit(1777559459.987:1766): avc: denied { listen } for pid=26672 comm="syz.2.8530" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 459.553100][ T40] audit: type=1400 audit(1777559459.997:1767): avc: denied { accept } for pid=26672 comm="syz.2.8530" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 459.819133][T26706] fuse: fd is not a fuse device [ 459.895768][T26712] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8545'. [ 459.902940][T26712] ip6gre4: entered promiscuous mode [ 459.904844][T26712] ip6gre4: entered allmulticast mode [ 459.947071][T26712] netlink: 'syz.3.8545': attribute type 6 has an invalid length. [ 459.949736][T26712] netlink: 72 bytes leftover after parsing attributes in process `syz.3.8545'. [ 459.999322][T26715] overlayfs: failed to clone upperpath [ 460.091846][T26721] netlink: 'syz.3.8549': attribute type 10 has an invalid length. [ 460.370294][ T40] audit: type=1400 audit(1777559460.817:1768): avc: denied { write } for pid=26734 comm="syz.2.8556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 460.795666][ T29] usb 12-1: new high-speed USB device number 15 using dummy_hcd [ 460.830248][T26774] netlink: 276 bytes leftover after parsing attributes in process `syz.3.8568'. [ 460.878683][T26782] netlink: 'syz.3.8570': attribute type 1 has an invalid length. [ 460.898735][T26782] 8021q: adding VLAN 0 to HW filter on device bond10 [ 460.917229][T26782] bond10: entered allmulticast mode [ 460.917491][ T40] audit: type=1400 audit(1777559461.367:1769): avc: denied { checkpoint_restore } for pid=26784 comm="syz.2.8571" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 460.953660][ T29] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 460.962325][ T29] usb 12-1: config 0 has no interfaces? [ 460.969457][ T29] usb 12-1: New USB device found, idVendor=0763, idProduct=2003, bcdDevice= 0.40 [ 460.972795][ T29] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.976278][ T29] usb 12-1: Product: syz [ 460.977649][ T29] usb 12-1: Manufacturer: syz [ 460.979450][ T29] usb 12-1: SerialNumber: syz [ 460.984180][ T29] usb 12-1: config 0 descriptor?? [ 461.264899][ T29] usb 12-1: USB disconnect, device number 15 [ 461.467090][ T40] audit: type=1400 audit(1777559461.917:1770): avc: denied { call } for pid=26815 comm="syz.9.8584" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 461.517159][T26821] binder: 26818:26821 ioctl c0306201 200000000640 returned -22 [ 461.524288][ T40] audit: type=1804 audit(1777559461.967:1771): pid=26822 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.8587" name="file0" dev="tmpfs" ino=13623 res=1 errno=0 [ 462.220660][T26865] tipc: Started in network mode [ 462.222823][T26865] tipc: Node identity 92174452c21, cluster identity 4711 [ 462.229830][T26865] tipc: Enabled bearer , priority 0 [ 462.240122][T26865] syzkaller0: MTU too low for tipc bearer [ 462.242571][T26865] tipc: Disabling bearer [ 462.383910][ T40] audit: type=1800 audit(1777559462.827:1772): pid=26829 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.9.8588" name="/" dev="fuse" ino=4 res=0 errno=0 [ 462.421588][T26868] 0x00000000c682-0x00010000c681 : "" [ 462.424011][T26868] mtd: partition "" extends beyond the end of device "mtdram test device" -- size truncated to 0x1397e [ 462.435188][T26868] ftl_cs: FTL header corrupt! [ 462.645702][T22861] usb 12-1: new high-speed USB device number 16 using dummy_hcd [ 462.801491][T22861] usb 12-1: config 1 has an invalid interface number: 7 but max is 0 [ 462.805145][T22861] usb 12-1: config 1 has no interface number 0 [ 462.809220][T22861] usb 12-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 462.814008][T22861] usb 12-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 462.820379][T22861] usb 12-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.826305][T22861] usb 12-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 462.829779][T22861] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 462.832546][T22861] usb 12-1: Product: syz [ 462.834336][T22861] usb 12-1: Manufacturer: syz [ 462.835965][T22861] usb 12-1: SerialNumber: syz [ 462.841374][T26870] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 462.861791][T26897] fuse: root generation should be zero [ 463.052342][T26870] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 463.102757][T26916] netlink: 'syz.2.8624': attribute type 19 has an invalid length. [ 463.272499][T22861] usb 12-1: Incompatible driver and firmware versions [ 463.311664][T26918] kvm: emulating exchange as write [ 463.455991][ T40] audit: type=1400 audit(1777559463.897:1773): avc: denied { create } for pid=26920 comm="syz.2.8626" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 463.482805][T22861] usb 12-1: USB disconnect, device number 16 [ 463.677788][T26925] fuse: fd is not a fuse device [ 464.276078][ T5872] usb 14-1: new high-speed USB device number 10 using dummy_hcd [ 464.457960][ T5872] usb 14-1: Using ep0 maxpacket: 32 [ 464.463527][ T5872] usb 14-1: config index 0 descriptor too short (expected 29220, got 36) [ 464.477454][ T5872] usb 14-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 464.491897][ T5872] usb 14-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 464.500319][ T5872] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 464.504314][ T5872] usb 14-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 464.509077][ T5872] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 464.521552][ T5872] usb 14-1: config 0 descriptor?? [ 464.750335][T14793] usb 14-1: USB disconnect, device number 10 [ 465.140043][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 465.140060][ T40] audit: type=1400 audit(1777559465.587:1775): avc: denied { listen } for pid=26967 comm="syz.3.8646" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 465.175885][T26973] fuse: fd is not a fuse device [ 465.387147][T26982] fuse: fd is not a fuse device [ 465.450476][ T40] audit: type=1400 audit(1777559465.897:1776): avc: denied { read } for pid=26989 comm="syz.9.8654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 465.688791][ T40] audit: type=1400 audit(1777559466.137:1777): avc: denied { append } for pid=27005 comm="syz.7.8662" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 466.215069][T27023] input: syz1 as /devices/virtual/input/input29 [ 467.055647][T22944] usb 14-1: new high-speed USB device number 11 using dummy_hcd [ 467.209829][T22944] usb 14-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 467.213204][T22944] usb 14-1: config 0 has no interfaces? [ 467.219798][T22944] usb 14-1: New USB device found, idVendor=0763, idProduct=2003, bcdDevice= 0.40 [ 467.223548][T22944] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.227167][T22944] usb 14-1: Product: syz [ 467.229948][T22944] usb 14-1: Manufacturer: syz [ 467.230227][ T40] audit: type=1400 audit(1777559467.677:1778): avc: denied { lock } for pid=27041 comm="syz.2.8676" path="/131/file0/cpuset.effective_cpus" dev="9p" ino=72876231 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 467.231807][T22944] usb 14-1: SerialNumber: syz [ 467.246843][T22944] usb 14-1: config 0 descriptor?? [ 467.468414][ T2317] usb 14-1: USB disconnect, device number 11 [ 467.912944][T27069] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8687'. [ 467.918077][T27069] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8687'. [ 468.124184][T27074] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 468.193895][T27085] overlayfs: failed to clone upperpath [ 468.428827][ T40] audit: type=1326 audit(1777559468.877:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27095 comm="syz.3.8699" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f912dd9cdd9 code=0x0 [ 470.617841][T27145] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8717'. [ 470.621744][T27145] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8717'. [ 470.751271][ T40] audit: type=1800 audit(1777559471.197:1780): pid=27152 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.9.8720" name="bus" dev="overlay" ino=1172 res=0 errno=0 [ 471.643086][T27168] fuse: fd is not a fuse device [ 471.736261][T27176] netlink: 28 bytes leftover after parsing attributes in process `syz.9.8731'. [ 473.171104][T27210] overlayfs: failed to clone upperpath [ 473.532033][T27236] : renamed from bond0 (while UP) [ 473.687966][T27247] netlink: 9 bytes leftover after parsing attributes in process `syz.2.8757'. [ 473.691959][T27247] gretap0: entered promiscuous mode [ 473.702632][T27247] netlink: 5 bytes leftover after parsing attributes in process `syz.2.8757'. [ 473.707427][T27247] 0{X: renamed from gretap0 [ 473.710680][T27247] 0{X: left promiscuous mode [ 473.712642][T27247] 0{X: entered allmulticast mode [ 473.716296][T27247] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 473.969529][T27252] fuse: fd is not a fuse device [ 473.988530][T27254] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8760'. [ 473.994889][T27254] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 474.001826][T27254] iommufd_mock iommufd_mock1: Adding to iommu group 10 [ 474.012199][T27256] fuse: fd is not a fuse device [ 474.234205][T27274] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8768'. [ 474.251711][T27276] fuse: fd is not a fuse device [ 474.305219][T27279] overlayfs: failed to clone upperpath [ 474.389134][T27287] fuse: fd is not a fuse device [ 474.875601][ T5810] usb 12-1: new high-speed USB device number 17 using dummy_hcd [ 474.886445][T27320] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 474.889821][T27320] batadv_slave_0: entered promiscuous mode [ 474.975033][ T40] audit: type=1400 audit(1777559475.417:1781): avc: denied { bind } for pid=27322 comm="syz.2.8787" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 474.983778][ T40] audit: type=1400 audit(1777559475.427:1782): avc: denied { listen } for pid=27322 comm="syz.2.8787" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 475.025577][ T5810] usb 12-1: Using ep0 maxpacket: 8 [ 475.031908][ T5810] usb 12-1: config 179 has an invalid interface number: 65 but max is 0 [ 475.035057][ T5810] usb 12-1: config 179 has no interface number 0 [ 475.038253][ T5810] usb 12-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 475.043100][ T5810] usb 12-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 475.047987][ T5810] usb 12-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 475.052166][ T5810] usb 12-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 475.058510][ T5810] usb 12-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 475.064184][ T5810] usb 12-1: config 179 interface 65 has no altsetting 0 [ 475.067816][ T5810] usb 12-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 475.071780][ T5810] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.118661][ T5810] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:179.65/input/input30 [ 475.167038][ T5123] input input30: unable to receive magic message: -110 [ 475.187603][ T5123] input input30: unable to receive magic message: -32 [ 475.207976][ T5123] input input30: unable to receive magic message: -32 [ 475.228785][ T5123] input input30: unable to receive magic message: -32 [ 475.232436][ T5123] input input30: unable to receive magic message: -32 [ 475.286549][T27305] input input30: unable to receive magic message: -32 [ 475.298588][ T5872] usb 12-1: USB disconnect, device number 17 [ 475.298671][ C0] xpad 12-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 475.713956][T27334] fuse: fd is not a fuse device [ 475.940054][T27344] fuse: fd is not a fuse device [ 476.055574][T27351] bond1: option mode: unable to set because the bond device has slaves [ 476.107791][T27351] bond1: (slave veth15): speed changed to 0 on port 2 [ 476.111922][T27351] bond1: (slave veth15): Enslaving as a backup interface with a down link [ 476.116344][T27354] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8799'. [ 476.133603][T27354] bond1: entered promiscuous mode [ 476.141524][T27354] veth11: entered promiscuous mode [ 476.148001][T27354] veth15: entered promiscuous mode [ 476.154334][T27354] bond1: entered allmulticast mode [ 476.157175][T27354] veth11: entered allmulticast mode [ 476.159930][T27354] veth15: entered allmulticast mode [ 476.163147][T27354] 8021q: adding VLAN 0 to HW filter on device bond1 [ 476.666513][T27385] netlink: 'syz.7.8810': attribute type 1 has an invalid length. [ 476.913598][T27393] Set syz0 is full, maxelem 0 reached [ 476.980104][T27395] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 477.026234][T27401] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 477.042494][T27406] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8819'. [ 477.046661][T27406] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8819'. [ 477.238632][T27423] fuse: fd is not a fuse device [ 477.283869][T27428] fuse: fd is not a fuse device [ 477.359740][T27434] netlink: 'syz.9.8832': attribute type 12 has an invalid length. [ 477.546637][ T40] audit: type=1400 audit(1777559477.997:1783): avc: denied { setopt } for pid=27443 comm="syz.7.8835" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 477.554872][ T40] audit: type=1400 audit(1777559477.997:1784): avc: denied { accept } for pid=27443 comm="syz.7.8835" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 478.293401][T27455] netlink: 830 bytes leftover after parsing attributes in process `syz.3.8839'. [ 478.537562][T27478] netlink: 'syz.9.8845': attribute type 3 has an invalid length. [ 478.541108][T27478] netlink: 'syz.9.8845': attribute type 3 has an invalid length. [ 478.694440][T27488] vlan0: entered allmulticast mode [ 478.697568][T27488] vlan1: entered allmulticast mode [ 478.699816][T27488] veth0_vlan: entered allmulticast mode [ 478.744819][T27494] bridge0: port 3(syz_tun) entered blocking state [ 478.748269][T27494] bridge0: port 3(syz_tun) entered disabled state [ 478.752729][T27494] syz_tun: entered allmulticast mode [ 478.757223][T27494] syz_tun: entered promiscuous mode [ 478.771363][T27490] netlink: 52 bytes leftover after parsing attributes in process `syz.3.8850'. [ 478.775061][T27490] netlink: 76 bytes leftover after parsing attributes in process `syz.3.8850'. [ 478.778450][T27490] netlink: 52 bytes leftover after parsing attributes in process `syz.3.8850'. [ 479.720338][T27558] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8874'. [ 480.059949][T27564] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 480.187537][ T40] audit: type=1804 audit(1777559486.629:1785): pid=27571 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.8878" name="/newroot/174/file0" dev="tmpfs" ino=1000 res=1 errno=0 [ 480.196940][T27571] ref_ctr increment failed for inode: 0x3e8 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88803f640000 [ 480.206612][T27570] uprobe: syz.2.8878:27570 failed to unregister, leaking uprobe [ 480.272651][T27576] netlink: 'syz.2.8880': attribute type 1 has an invalid length. [ 480.299334][T27576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 480.319852][ T40] audit: type=1400 audit(1777559486.759:1786): avc: denied { create } for pid=27575 comm="syz.2.8880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 480.333003][ T40] audit: type=1400 audit(1777559486.769:1787): avc: denied { write } for pid=27575 comm="syz.2.8880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 480.488340][T27582] fuse: fd is not a fuse device [ 480.635676][ T5810] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 480.796229][ T5810] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 480.799595][ T5810] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 480.802956][ T5810] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 480.806651][ T5810] usb 7-1: config 0 interface 0 has no altsetting 0 [ 480.809727][ T5810] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 480.812700][ T5810] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 480.816362][ T5810] usb 7-1: config 0 interface 0 has no altsetting 0 [ 480.819255][ T5810] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 480.822428][ T5810] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 480.827571][ T5810] usb 7-1: config 0 interface 0 has no altsetting 0 [ 480.831440][ T5810] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 480.835179][ T5810] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 480.840631][ T5810] usb 7-1: config 0 interface 0 has no altsetting 0 [ 480.844792][ T5810] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 480.848740][ T5810] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 480.853106][ T5810] usb 7-1: config 0 interface 0 has no altsetting 0 [ 480.857112][ T5810] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 480.861033][ T5810] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 480.865982][ T5810] usb 7-1: config 0 interface 0 has no altsetting 0 [ 480.869786][ T5810] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 480.872927][ T5810] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 480.877274][ T5810] usb 7-1: config 0 interface 0 has no altsetting 0 [ 480.880249][ T5810] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 480.883663][ T5810] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 480.887963][ T5810] usb 7-1: config 0 interface 0 has no altsetting 0 [ 480.893057][ T5810] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 480.897587][ T5810] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 480.901375][ T5810] usb 7-1: Product: syz [ 480.903117][ T5810] usb 7-1: Manufacturer: syz [ 480.905152][ T5810] usb 7-1: SerialNumber: syz [ 480.910923][ T5810] usb 7-1: config 0 descriptor?? [ 480.919386][ T5810] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 480.929495][T27591] netlink: 830 bytes leftover after parsing attributes in process `syz.7.8883'. [ 480.974913][T27596] netlink: 64 bytes leftover after parsing attributes in process `syz.7.8887'. [ 481.057382][ T40] audit: type=1800 audit(1777559487.499:1788): pid=27600 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.7.8889" name="file1" dev="overlay" ino=4321 res=0 errno=0 [ 481.131999][T27605] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 481.208161][ T40] audit: type=1400 audit(1777559487.639:1789): avc: denied { unmount } for pid=17664 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 481.244643][T27612] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8894'. [ 481.245209][ C0] usb 7-1: yurex_control_callback - control failed: -71 [ 481.256476][ T5810] usb 7-1: USB disconnect, device number 10 [ 481.260301][T27607] yurex 7-1:0.0: yurex_write - failed to send bulk msg, error -19 [ 481.263227][ T5810] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 481.376536][T27618] kvm: pic: non byte read [ 481.379207][T27618] kvm: pic: non byte read [ 481.381955][T27618] kvm: pic: non byte read [ 481.384580][T27618] kvm: pic: non byte read [ 481.387546][T27618] kvm: pic: level sensitive irq not supported [ 481.387779][T27618] kvm: pic: non byte read [ 481.392606][T27618] kvm: pic: non byte read [ 481.396270][T27618] kvm: pic: non byte read [ 481.400132][T27618] kvm: pic: non byte read [ 481.403672][T27618] kvm: pic: non byte read [ 481.408462][T27618] kvm: pic: non byte read [ 481.413867][T27618] kvm: pic: single mode not supported [ 481.413882][T27618] kvm: pic: level sensitive irq not supported [ 481.420861][T27618] kvm: pic: single mode not supported [ 481.425151][T27618] kvm: pic: single mode not supported [ 481.429263][T27618] kvm: pic: level sensitive irq not supported [ 481.433336][T27618] kvm: pic: single mode not supported [ 481.439043][T27618] kvm: pic: single mode not supported [ 481.442988][T27618] kvm: pic: level sensitive irq not supported [ 481.449747][T27618] kvm: pic: single mode not supported [ 481.452384][T27618] kvm: pic: level sensitive irq not supported [ 481.456237][T27618] kvm: pic: single mode not supported [ 481.458855][T27618] kvm: pic: level sensitive irq not supported [ 481.462660][T27618] kvm: pic: single mode not supported [ 481.470401][T27618] kvm: pic: level sensitive irq not supported [ 481.481095][T27618] kvm: pic: single mode not supported [ 481.483694][T27618] kvm: pic: level sensitive irq not supported [ 481.487681][T27618] kvm: pic: single mode not supported [ 481.494608][T27618] kvm: pic: level sensitive irq not supported [ 481.872343][T27627] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 481.939465][T27632] netlink: 'syz.9.8901': attribute type 1 has an invalid length. [ 482.012246][T27632] 8021q: adding VLAN 0 to HW filter on device bond3 [ 482.017873][T27632] bond2: (slave bond3): making interface the new active one [ 482.022070][T27632] bond2: (slave bond3): Enslaving as an active interface with an up link [ 482.050599][T27640] bond2: (slave gretap1): Enslaving as a backup interface with an up link [ 482.070310][T27632] netlink: 28 bytes leftover after parsing attributes in process `syz.9.8901'. [ 482.133610][T27639] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.136717][T27639] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.279016][T27639] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 482.466844][T27632] 8021q: adding VLAN 0 to HW filter on device bond2 [ 482.480695][ T165] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.493278][ T165] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.503207][ T165] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.511534][ T165] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.604577][T27664] netlink: 'syz.9.8911': attribute type 1 has an invalid length. [ 482.632056][T27664] 8021q: adding VLAN 0 to HW filter on device bond4 [ 482.683425][T27664] bond4: (slave veth9): Enslaving as an active interface with a down link [ 482.713419][T27664] vlan0: entered allmulticast mode [ 482.717045][T27664] bond4: entered allmulticast mode [ 482.719976][T27664] bond4: (slave vlan0): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 482.772933][ T40] audit: type=1400 audit(1777559489.209:1790): avc: denied { read } for pid=27659 comm="syz.3.8909" path="socket:[112967]" dev="sockfs" ino=112967 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 482.868726][ T40] audit: type=1400 audit(1777559489.309:1791): avc: denied { transfer } for pid=27674 comm="syz.2.8914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 483.327065][T27682] overlayfs: failed to clone upperpath [ 483.392368][T27684] fuse: fd is not a fuse device [ 484.338872][T27713] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8930'. [ 484.342070][T27713] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8930'. [ 484.428203][T27718] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8932'. [ 484.600923][T27728] overlayfs: failed to clone upperpath [ 484.650126][T27730] tipc: Cannot configure node identity twice [ 484.696733][T27734] fuse: fd is not a fuse device [ 484.858085][T27741] orangefs_devreq_write_iter: total:0: must be at least:8240: [ 484.970825][ T40] audit: type=1326 audit(1777559491.409:1792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27749 comm="syz.9.8946" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbeaf9cdd9 code=0x0 [ 485.132519][T27755] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8947'. [ 485.191630][T27755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8947'. [ 485.291521][T27757] bond1: entered allmulticast mode [ 485.314244][T27757] ip6gretap1: entered promiscuous mode [ 485.319572][T27757] ip6gretap1: entered allmulticast mode [ 485.322519][T27757] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 485.387991][T27760] tipc: Cannot configure node identity twice [ 485.829186][T27778] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 485.832531][T27778] overlayfs: failed to set xattr on upper [ 485.835246][T27778] overlayfs: ...falling back to redirect_dir=nofollow. [ 485.839095][T27780] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8956'. [ 485.842250][T27778] overlayfs: ...falling back to index=off. [ 485.855494][T27778] overlayfs: ...falling back to uuid=null. [ 485.881439][T27778] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 485.917421][T27780] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8956'. [ 485.921473][T27780] netlink: 2 bytes leftover after parsing attributes in process `syz.2.8956'. [ 486.161082][T27797] netlink: 36 bytes leftover after parsing attributes in process `syz.7.8964'. [ 486.379268][ T40] audit: type=1804 audit(1777559492.819:1793): pid=27816 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.8973" name="file0" dev="tmpfs" ino=14328 res=1 errno=0 [ 486.540142][T27825] [ 486.925047][T27845] xt_hashlimit: size too large, truncated to 1048576 [ 487.071647][T27852] bond5: entered allmulticast mode [ 487.087210][T27852] ip6gretap1: entered promiscuous mode [ 487.092045][T27852] ip6gretap1: entered allmulticast mode [ 487.094211][T27852] bond5: (slave ip6gretap1): Enslaving as an active interface with an up link [ 487.119370][T27863] fuse: fd is not a fuse device [ 487.158336][T27855] md: could not open device unknown-block(68,0). [ 487.165669][T27855] md: md_import_device returned -6 [ 487.170150][T27868] fuse: fd is not a fuse device [ 487.219721][T27871] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8996'. [ 487.354402][T27882] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 487.357351][T27882] overlayfs: failed to set xattr on upper [ 487.359688][T27882] overlayfs: ...falling back to redirect_dir=nofollow. [ 487.362482][T27882] overlayfs: ...falling back to index=off. [ 487.364868][T27882] overlayfs: ...falling back to uuid=null. [ 487.371138][T27882] overlayfs: cleanup of 'bus/work' failed (-13) [ 487.374474][T27882] overlayfs: failed to create directory ./bus/work (errno: 17); mounting read-only [ 487.378712][T27882] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 487.382877][T27882] overlayfs: failed to get uuid (/file0, err=-95); falling back to uuid=null. [ 487.411329][T27886] fuse: fd is not a fuse device [ 487.511735][T27895] fuse: fd is not a fuse device [ 488.456691][T27904] binder_alloc: 27903: binder_alloc_buf size 4294967080 failed, no address space [ 488.484474][T27904] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 490.493323][T27927] __nla_validate_parse: 2 callbacks suppressed [ 490.493335][T27927] netlink: 12 bytes leftover after parsing attributes in process `syz.9.9017'. [ 490.599906][T27934] netlink: 'syz.2.9019': attribute type 1 has an invalid length. [ 490.738904][T27941] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9021'. [ 490.741872][T27941] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9021'. [ 490.921074][T27959] binder: 27957:27959 ioctl c0306201 200000000080 returned -14 [ 490.927807][T27959] binder: 27957:27959 ioctl c0306201 2000000003c0 returned -14 [ 491.060389][ T40] audit: type=1400 audit(1777559497.499:1794): avc: denied { cmd } for pid=27969 comm="syz.2.9032" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=io_uring permissive=1 [ 491.113415][T27975] netlink: 'syz.2.9034': attribute type 1 has an invalid length. [ 491.211983][T27975] 8021q: adding VLAN 0 to HW filter on device bond2 [ 491.234903][T27981] 8021q: adding VLAN 0 to HW filter on device bond2 [ 491.239502][T27981] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 491.245267][T27981] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 491.273361][T27985] gretap0: entered promiscuous mode [ 491.280382][T27985] bond2: (slave gretap0): making interface the new active one [ 491.287812][T27985] bond2: (slave gretap0): Enslaving as an active interface with an up link [ 491.474901][ T103] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 491.480375][ T103] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.481958][T27993] kvm: Disabled LAPIC found during irq injection [ 491.519795][T28000] netlink: 2028 bytes leftover after parsing attributes in process `syz.7.9043'. [ 491.527023][T28000] netlink: 20 bytes leftover after parsing attributes in process `syz.7.9043'. [ 491.639421][ T103] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 491.644052][ T103] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.677223][T28006] binder_alloc: 28005: pid 28005 spamming oneway? 1 buffers allocated for a total size of 5184 [ 491.788507][ T103] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 491.796028][ T103] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.893571][ T103] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 491.898465][ T103] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.752919][ T103] bridge_slave_1: left allmulticast mode [ 492.761970][ T103] bridge_slave_1: left promiscuous mode [ 492.764512][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.790109][ T103] bridge_slave_0: left allmulticast mode [ 492.792140][ T103] bridge_slave_0: left promiscuous mode [ 492.794565][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.021369][ T103] bond1 (unregistering): (slave ip6erspan0): Releasing active interface [ 493.163118][T28049] overlayfs: failed to clone upperpath [ 493.304450][ T103] bond3 (unregistering): (slave bridge1): Releasing backup interface [ 493.307706][ T103] bridge1 (unregistering): left promiscuous mode [ 493.440628][ T103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 493.445893][ T103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 493.450517][ T103] bond0 (unregistering): Released all slaves [ 493.456981][ T103] bond1 (unregistering): Released all slaves [ 493.475139][ T103] bond2 (unregistering): Released all slaves [ 493.510838][ T103] bond3 (unregistering): Released all slaves [ 493.542321][ T5440] 8021q: adding VLAN 0 to HW filter on device eth2 [ 493.550441][T28069] binder: 28068:28069 ioctl c0306201 200000000640 returned -22 [ 494.007790][ T103] hsr_slave_0: left promiscuous mode [ 494.010890][ T103] hsr_slave_1: left promiscuous mode [ 494.013471][ T103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 494.018755][ T103] batadv0: mtu less than device minimum [ 494.024105][ T103] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 494.030376][ T103] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 494.034390][ T103] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 494.038977][ T103] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 494.048906][ T103] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 494.054552][ T103] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 494.060046][ T103] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 494.065523][ T103] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 494.070900][ T103] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 494.087028][ T103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 494.092954][ T103] batman_adv: batadv0: Interface deactivated: dummy0 [ 494.096075][ T103] batman_adv: batadv0: Removing interface: dummy0 [ 494.109364][ T103] veth1_macvtap: left promiscuous mode [ 494.111312][ T103] veth0_macvtap: left promiscuous mode [ 494.113197][ T103] veth1_vlan: left promiscuous mode [ 494.114977][ T103] veth0_vlan: left promiscuous mode [ 494.362878][T28125] overlayfs: failed to clone upperpath [ 494.380891][ T103] team0 (unregistering): Port device team_slave_1 removed [ 494.396983][ T103] team0 (unregistering): Port device team_slave_0 removed [ 494.410741][T28128] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9083'. [ 494.522455][ T5440] 8021q: adding VLAN 0 to HW filter on device eth3 [ 494.659161][T28144] netlink: 12 bytes leftover after parsing attributes in process `syz.9.9088'. [ 494.928636][ T5440] 8021q: adding VLAN 0 to HW filter on device eth4 [ 495.112723][T28184] netlink: 28 bytes leftover after parsing attributes in process `syz.9.9098'. [ 495.116364][T28184] netlink: 8 bytes leftover after parsing attributes in process `syz.9.9098'. [ 495.273480][ T5440] 8021q: adding VLAN 0 to HW filter on device eth5 [ 495.472223][ T40] audit: type=1400 audit(1777559501.909:1795): avc: denied { write } for pid=28204 comm="syz.2.9103" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 496.362702][T28230] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 496.389039][T28228] netlink: 14 bytes leftover after parsing attributes in process `syz.2.9110'. [ 496.985742][T22944] usb 12-1: new low-speed USB device number 18 using dummy_hcd [ 497.126840][T28259] netlink: 'syz.9.9122': attribute type 1 has an invalid length. [ 497.138161][T22944] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 497.144470][T22944] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 497.149815][T28259] 8021q: adding VLAN 0 to HW filter on device bond6 [ 497.152476][T22944] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 497.157766][T22944] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 497.162243][T22944] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 497.168826][T22944] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 497.171850][T22944] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 497.176542][T22944] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 497.179323][T28259] bond6: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 497.181277][T22944] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 497.189517][T22944] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 497.189684][T28259] bond6: entered allmulticast mode [ 497.195336][T22944] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 497.203000][T22944] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 497.207786][T22944] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 497.212433][T22944] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 497.217283][T22944] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 497.224663][T28259] bond6: (slave ip6gretap2): Enslaving as an active interface with an up link [ 497.224909][T22944] usb 12-1: string descriptor 0 read error: -22 [ 497.231941][T22944] usb 12-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 497.235799][T22944] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.247190][T22944] adutux 12-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 497.261069][T28262] netlink: 'syz.3.9123': attribute type 1 has an invalid length. [ 497.293657][T28262] 8021q: adding VLAN 0 to HW filter on device bond11 [ 497.359199][T28271] syzkaller0: entered promiscuous mode [ 497.361631][T28271] syzkaller0: entered allmulticast mode [ 497.530519][T28282] netlink: 'syz.2.9132': attribute type 6 has an invalid length. [ 497.534042][T28282] netlink: 'syz.2.9132': attribute type 4 has an invalid length. [ 497.536874][T28282] netlink: 17 bytes leftover after parsing attributes in process `syz.2.9132'. [ 497.544278][T28284] overlayfs: failed to clone upperpath [ 497.561051][T22944] usb 12-1: USB disconnect, device number 18 [ 497.681658][T28294] netlink: 'syz.3.9137': attribute type 1 has an invalid length. [ 497.694651][T28294] 8021q: adding VLAN 0 to HW filter on device bond12 [ 497.735010][T28294] bond12: (slave veth19): Enslaving as an active interface with a down link [ 497.745225][T28294] bond12: (slave dummy0): making interface the new active one [ 497.749041][T28294] dummy0: entered promiscuous mode [ 497.752904][T28294] bond12: (slave dummy0): Enslaving as an active interface with an up link [ 497.758320][T28294] netlink: 14 bytes leftover after parsing attributes in process `syz.3.9137'. [ 497.768765][T28294] bond12: (slave dummy0): Releasing active interface [ 497.771096][T28294] dummy0 (unregistering): left promiscuous mode [ 497.887311][T28298] syzkaller0: entered promiscuous mode [ 497.889674][T28298] syzkaller0: entered allmulticast mode [ 498.110594][T28314] fuse: fd is not a fuse device [ 498.167338][T28318] fuse: fd is not a fuse device [ 498.239120][T28327] netlink: 24 bytes leftover after parsing attributes in process `syz.9.9149'. [ 498.289670][T28327] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=28327 comm=syz.9.9149 [ 498.615911][ T5741] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 498.625329][ T5741] CPU: 1 UID: 0 PID: 5741 Comm: kworker/u33:7 Tainted: G L syzkaller #0 PREEMPT(full) [ 498.625363][ T5741] Tainted: [L]=SOFTLOCKUP [ 498.625371][ T5741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 498.625383][ T5741] Workqueue: hci1 hci_rx_work [ 498.625459][ T5741] Call Trace: [ 498.625468][ T5741] [ 498.625478][ T5741] dump_stack_lvl+0x100/0x190 [ 498.625506][ T5741] sysfs_warn_dup.cold+0x1c/0x28 [ 498.625585][ T5741] sysfs_create_dir_ns+0x24b/0x2b0 [ 498.625665][ T5741] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 498.625688][ T5741] ? find_held_lock+0x2b/0x80 [ 498.625707][ T5741] ? kobject_add_internal+0x25f/0x930 [ 498.625766][ T5741] ? kobject_add_internal+0x25f/0x930 [ 498.625831][ T5741] ? do_raw_spin_unlock+0x145/0x1e0 [ 498.625864][ T5741] kobject_add_internal+0x2c8/0x930 [ 498.625929][ T5741] kobject_add+0x16a/0x1e0 [ 498.625993][ T5741] ? __pfx_kobject_add+0x10/0x10 [ 498.626019][ T5741] ? class_to_subsys+0x10f/0x150 [ 498.626095][ T5741] ? kobject_put+0xb9/0x640 [ 498.626120][ T5741] ? _raw_spin_unlock+0x28/0x50 [ 498.626184][ T5741] device_add+0x294/0x1950 [ 498.626208][ T5741] ? __pfx_dev_set_name+0x10/0x10 [ 498.626234][ T5741] ? __pfx_device_add+0x10/0x10 [ 498.626291][ T5741] ? mgmt_send_event_skb+0x2fb/0x460 [ 498.626321][ T5741] hci_conn_add_sysfs+0x1a3/0x260 [ 498.626378][ T5741] le_conn_complete_evt+0x11eb/0x1f60 [ 498.626407][ T5741] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 498.626471][ T5741] hci_le_conn_complete_evt+0x23c/0x3a0 [ 498.626494][ T5741] ? skb_pull_data+0x15f/0x1e0 [ 498.626554][ T5741] hci_le_meta_evt+0x34a/0x5f0 [ 498.626578][ T5741] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 498.626605][ T5741] hci_event_packet+0x51c/0xcd0 [ 498.626656][ T5741] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 498.626680][ T5741] ? __pfx_hci_event_packet+0x10/0x10 [ 498.626740][ T5741] ? kcov_remote_start+0x374/0x660 [ 498.626765][ T5741] ? lockdep_hardirqs_on+0x78/0x100 [ 498.626827][ T5741] hci_rx_work+0x451/0xfc0 [ 498.626855][ T5741] process_one_work+0xa0e/0x1980 [ 498.626925][ T5741] ? __pfx_process_one_work+0x10/0x10 [ 498.626995][ T5741] ? __pfx_hci_rx_work+0x10/0x10 [ 498.627053][ T5741] worker_thread+0x5ef/0xe50 [ 498.627095][ T5741] ? __pfx_worker_thread+0x10/0x10 [ 498.627158][ T5741] ? kthread+0x13a/0x450 [ 498.627180][ T5741] ? __pfx_worker_thread+0x10/0x10 [ 498.627238][ T5741] kthread+0x370/0x450 [ 498.627262][ T5741] ? __pfx_kthread+0x10/0x10 [ 498.627318][ T5741] ret_from_fork+0x72b/0xd50 [ 498.627378][ T5741] ? __pfx_ret_from_fork+0x10/0x10 [ 498.627406][ T5741] ? __switch_to+0x800/0x1100 [ 498.627466][ T5741] ? __pfx_kthread+0x10/0x10 [ 498.627492][ T5741] ret_from_fork_asm+0x1a/0x30 [ 498.627568][ T5741] [ 498.707492][T28352] netlink: 24 bytes leftover after parsing attributes in process `syz.9.9157'. [ 498.716660][ T5741] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 498.751045][ T5741] Bluetooth: hci1: failed to register connection device [ 498.759453][T28352] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=28352 comm=syz.9.9157 [ 499.548447][T28368] overlayfs: failed to clone upperpath [ 499.785945][T28376] xt_hashlimit: size too large, truncated to 1048576 [ 499.840420][T28379] alle: renamed from bridge_slave_0 [ 499.903090][T28381] netlink: 40 bytes leftover after parsing attributes in process `syz.9.9168'. [ 499.917005][T28381] bond7: peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms [ 499.929201][T28381] netlink: 40 bytes leftover after parsing attributes in process `syz.9.9168'. [ 499.932152][T28381] bond7: peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms [ 500.226330][ T54] usb 14-1: new high-speed USB device number 12 using dummy_hcd [ 500.376088][ T54] usb 14-1: Using ep0 maxpacket: 32 [ 500.380716][ T54] usb 14-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 500.385260][ T54] usb 14-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 500.390462][ T54] usb 14-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 500.395135][ T54] usb 14-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 500.402759][ T54] usb 14-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 500.406977][ T54] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.410438][ T54] usb 14-1: Product: syz [ 500.412277][ T54] usb 14-1: Manufacturer: syz [ 500.414306][ T54] usb 14-1: SerialNumber: syz [ 500.428542][ C1] imon 14-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 500.441316][ T54] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:155.0/input/input31 [ 500.645502][ T54] imon 14-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 500.650215][ T54] (id 0x00) [ 500.725495][ T54] rc_core: IR keymap rc-imon-pad not found [ 500.729755][ T54] Registered IR keymap rc-empty [ 500.733726][ T54] imon 14-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 500.741479][ T54] imon 14-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 500.744884][ T40] audit: type=1400 audit(1777559507.179:1796): avc: denied { node_bind } for pid=28402 comm="syz.2.9175" saddr=224.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 500.820507][T28405] ubi: refuse attaching mtd1 - zero erasesize flash is not supported [ 500.859099][ T54] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:155.0/rc/rc0 [ 500.864181][ T54] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:155.0/rc/rc0/input32 [ 500.869742][ T54] imon 14-1:155.0: iMON device (15c2:ffdc, intf0) on usb<14:12> initialized [ 500.940956][T28407] tipc: Failed to remove unknown binding: 66,0,0/0:30167612/30167614 [ 500.946376][T28407] tipc: Failed to remove unknown binding: 66,0,0/0:30167612/30167613 [ 500.949838][T28407] tipc: Failed to remove unknown binding: 66,0,0/0:30167612/30167614 [ 500.952402][T28407] tipc: Failed to remove unknown binding: 66,0,0/0:30167612/30167613 [ 501.034632][T28384] imon:vfd_write: invalid payload size [ 501.043583][ T34] usb 14-1: USB disconnect, device number 12 [ 501.498150][T28427] 8021q: adding VLAN 0 to HW filter on device bond4 [ 501.528654][T28427] bond4: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 501.590356][T28430] netlink: 'syz.7.9187': attribute type 1 has an invalid length. [ 501.605778][ T12] net_ratelimit: 10 callbacks suppressed [ 501.605790][ T12] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 501.611139][T28430] bond5: entered promiscuous mode [ 501.618253][T28430] 8021q: adding VLAN 0 to HW filter on device bond5 [ 501.649419][T28430] bond5: (slave bridge6): making interface the new active one [ 501.652593][T28430] bridge6: entered promiscuous mode [ 501.657230][T28430] bridge6: left promiscuous mode [ 501.736013][ T60] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 501.942256][T28442] x_tables: ip_tables: osf match: only valid for protocol 6 [ 502.506058][T28454] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000 [ 502.593157][T28460] netlink: 24 bytes leftover after parsing attributes in process `syz.9.9198'. [ 502.681792][T28460] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=28460 comm=syz.9.9198 [ 502.781802][T28469] binder: 28468:28469 ioctl c018620b 0 returned -14 [ 503.119156][T28491] tmpfs: Bad value for 'nr_blocks' [ 503.252923][T28487] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 503.275161][T28487] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 503.666716][ T165] netdevsim netdevsim7 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 503.672564][ T165] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.682070][ T165] netdevsim netdevsim7 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 503.697086][ T165] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.736159][T28501] bond0: entered promiscuous mode [ 503.738355][T28501] bond_slave_0: entered promiscuous mode [ 503.743514][T28501] bond_slave_1: entered promiscuous mode [ 503.749269][T28501] batadv0: entered promiscuous mode [ 503.755131][T28501] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 503.764236][T28505] netlink: 'syz.7.9214': attribute type 1 has an invalid length. [ 503.764417][T28501] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 503.785739][T28501] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 503.792860][T28501] bond0: left promiscuous mode [ 503.794539][T28501] bond_slave_0: left promiscuous mode [ 503.796521][T28501] bond_slave_1: left promiscuous mode [ 503.799882][T28501] batadv0: left promiscuous mode [ 503.809350][ T165] netdevsim netdevsim7 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 503.812730][ T165] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.817963][ T165] netdevsim netdevsim7 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 503.820999][ T165] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.842001][T28505] 8021q: adding VLAN 0 to HW filter on device bond6 [ 503.852371][T28510] vlan0: entered allmulticast mode [ 503.854476][T28510] macsec0: entered allmulticast mode [ 503.864939][T28510] bond6: (slave vlan0): Error -34 calling dev_set_mtu [ 504.070288][T28520] fuse: fd is not a fuse device [ 504.087953][T28494] infiniband sy1: set down [ 504.090749][T28494] infiniband sy1: added bond0 [ 504.107891][T28494] smbdirect: ib_dev[sy1]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000 [ 504.112736][T28494] smbdirect: ib_dev[sy1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32 [ 504.118718][T28494] smbdirect: ib_dev[sy1]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005 [ 504.143405][T28494] RDS/IB: sy1: added [ 504.148192][T28494] smc: adding ib device sy1 with port count 1 [ 504.150491][T28494] smc: ib device sy1 port 1 has no pnetid [ 505.204154][ T40] audit: type=1400 audit(1777559511.639:1797): avc: denied { mount } for pid=28553 comm="syz.2.9228" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 505.485497][T22861] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 505.645529][T22861] usb 7-1: Using ep0 maxpacket: 16 [ 505.656918][T22861] usb 7-1: config 0 has no interfaces? [ 505.663227][T22861] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 505.666535][T22861] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.669748][T22861] usb 7-1: Product: syz [ 505.671128][T22861] usb 7-1: Manufacturer: syz [ 505.672604][T22861] usb 7-1: SerialNumber: syz [ 505.685379][T22861] usb 7-1: config 0 descriptor?? [ 505.719314][T28562] syzkaller1: entered promiscuous mode [ 505.721130][T28562] syzkaller1: entered allmulticast mode [ 506.687522][T28593] binder: 28591:28593 ioctl c0306201 200000000280 returned -14 [ 506.775269][ T40] audit: type=1400 audit(1777559513.209:1798): avc: denied { watch } for pid=28597 comm="syz.9.9239" path="/308/bus/bus" dev="overlay" ino=1698 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 508.217881][ T24] usb 7-1: USB disconnect, device number 11 [ 508.706818][T28625] xt_hashlimit: size too large, truncated to 1048576 [ 509.685200][T28645] fuse: fd is not a fuse device [ 510.912144][T28647] netdevsim netdevsim3 netdevsim0 (unregistering): left allmulticast mode [ 511.130601][T28670] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 511.706097][T28674] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 511.970531][T28689] fuse: fd is not a fuse device [ 512.106168][ T843] usb 7-1: new full-speed USB device number 12 using dummy_hcd [ 512.278407][ T843] usb 7-1: config 0 has no interfaces? [ 512.282199][ T843] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 512.287571][ T843] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 512.291201][ T843] usb 7-1: Product: syz [ 512.292709][ T843] usb 7-1: Manufacturer: syz [ 512.294243][ T843] usb 7-1: SerialNumber: syz [ 512.304439][ T843] usb 7-1: config 0 descriptor?? [ 512.554060][ T843] usb 7-1: USB disconnect, device number 12 [ 513.210609][T28722] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9286'. [ 513.403329][T28734] ubi31: attaching mtd0 [ 513.450417][T28734] ubi31 error: ubi_attach_mtd_dev: bad VID header (2) or data offsets (66) [ 513.626285][T28743] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9294'. [ 513.695202][T28743] bond3: entered promiscuous mode [ 513.698199][T28743] bond3: entered allmulticast mode [ 514.240431][T28765] netlink: 16 bytes leftover after parsing attributes in process `syz.9.9302'. [ 514.385920][T28777] netlink: 24 bytes leftover after parsing attributes in process `syz.9.9307'. [ 514.504791][T28777] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=28777 comm=syz.9.9307 [ 514.609179][T28786] fuse: fd is not a fuse device [ 514.805104][T28792] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000 [ 515.850645][T28824] fuse: fd is not a fuse device [ 515.866104][T28825] bond0: entered promiscuous mode [ 515.879024][T28825] batadv0: entered promiscuous mode [ 515.882491][T28825] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 515.887408][T28825] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 515.898309][T28825] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 515.999191][T28825] bond0: left promiscuous mode [ 515.999892][T28819] rdma_rxe: rxe_newlink: failed to add bond0 [ 516.004990][T28825] batadv0: left promiscuous mode [ 516.030867][T28827] netlink: 76 bytes leftover after parsing attributes in process `syz.7.9324'. [ 516.097438][ T40] audit: type=1804 audit(1777559522.539:1799): pid=28839 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.7.9327" name="file0" dev="tmpfs" ino=4864 res=1 errno=0 [ 516.106478][T28839] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -11243, delta: 1 [ 516.116248][T28839] ref_ctr increment failed for inode: 0x1300 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88801b8d1880 [ 516.135722][T28839] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -11243, delta: -1 [ 516.142557][T28839] ref_ctr decrement failed for inode: 0x1300 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88801b8d1880 [ 516.147651][T28839] uprobe: syz.7.9327:28839 failed to unregister, leaking uprobe [ 517.336506][T28881] fuse: fd is not a fuse device [ 517.641648][T28893] bridge_slave_1: left allmulticast mode [ 517.643885][T28893] bridge_slave_1: left promiscuous mode [ 517.646455][T28893] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.653250][T28893] x9: left allmulticast mode [ 517.654807][T28893] x9: left promiscuous mode [ 517.657146][T28893] bridge0: port 1(1x9) entered disabled state [ 517.780754][T28899] netlink: 24 bytes leftover after parsing attributes in process `syz.7.9349'. [ 518.213547][T28916] overlayfs: failed to clone upperpath [ 518.285848][T28921] fuse: fd is not a fuse device [ 518.384266][ T40] audit: type=1400 audit(1777559524.819:1800): avc: denied { mounton } for pid=28913 comm="syz.9.9356" path="/334/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 519.917322][T28940] kvm: pic: single mode not supported [ 519.919539][T28940] kvm: pic: single mode not supported [ 519.922948][T28940] kvm: pic: level sensitive irq not supported [ 520.088010][T28944] netlink: 20 bytes leftover after parsing attributes in process `syz.7.9368'. [ 520.993079][T28973] netlink: 'syz.2.9377': attribute type 1 has an invalid length. [ 521.007247][T28973] 8021q: adding VLAN 0 to HW filter on device bond4 [ 521.040760][T28973] bond4: (slave gretap2): making interface the new active one [ 521.044231][T28973] bond4: (slave gretap2): Enslaving as an active interface with an up link [ 521.450791][T28983] fuse: fd is not a fuse device [ 521.551015][T28981] overlayfs: missing 'lowerdir' [ 522.259161][ T40] audit: type=1800 audit(1777559528.699:1801): pid=28984 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.9.9380" name="/" dev="fuse" ino=4 res=0 errno=0 [ 522.419945][ T40] audit: type=1804 audit(1777559528.849:1802): pid=29019 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.9.9392" name="bus" dev="ramfs" ino=122278 res=1 errno=0 [ 522.450607][ T40] audit: type=1804 audit(1777559528.859:1803): pid=29019 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.9.9392" name="bus" dev="ramfs" ino=122278 res=1 errno=0 [ 523.397032][T29047] fuse: fd is not a fuse device [ 523.679233][T29057] syz_tun: entered allmulticast mode [ 524.454545][T29055] syz_tun: left allmulticast mode [ 524.459193][T29068] syzkaller0: entered promiscuous mode [ 524.468236][T29068] syzkaller0: entered allmulticast mode [ 524.642801][T29074] syzkaller1: entered promiscuous mode [ 524.645228][T29074] syzkaller1: entered allmulticast mode [ 524.990959][T29094] ip6t_REJECT: ECHOREPLY is not supported [ 525.082887][T29100] netlink: 12 bytes leftover after parsing attributes in process `syz.7.9420'. [ 525.139686][T29100] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9420'. [ 525.140384][T29103] syzkaller0: entered promiscuous mode [ 525.143689][T29100] netlink: 24 bytes leftover after parsing attributes in process `syz.7.9420'. [ 525.145899][T29103] syzkaller0: entered allmulticast mode [ 525.184620][T29100] veth11: entered allmulticast mode [ 525.195833][T29100] bond7: (slave veth11): Enslaving as an active interface with an up link [ 525.403387][T29122] overlayfs: failed to clone upperpath [ 525.548358][T29132] 8021q: adding VLAN 0 to HW filter on device ipvlan0 [ 525.621855][T29137] tipc: Started in network mode [ 525.624147][T29137] tipc: Node identity be4105bb04c5, cluster identity 4711 [ 525.627930][T29137] tipc: Enabled bearer , priority 0 [ 525.653785][T29133] syzkaller0: entered promiscuous mode [ 525.656929][T29133] syzkaller0: entered allmulticast mode [ 525.659529][T29133] tipc: Resetting bearer [ 525.683819][T29131] tipc: Resetting bearer [ 528.464535][T29131] tipc: Disabling bearer [ 528.489406][ T34] tipc: Node number set to 3129214395 [ 528.580398][T29174] netlink: 'syz.7.9444': attribute type 29 has an invalid length. [ 528.587340][T29174] netlink: 'syz.7.9444': attribute type 29 has an invalid length. [ 528.591481][T29174] netlink: 'syz.7.9444': attribute type 32 has an invalid length. [ 528.594141][T29174] netlink: 500 bytes leftover after parsing attributes in process `syz.7.9444'. [ 528.664700][T29183] syzkaller0: entered promiscuous mode [ 528.673921][T29183] syzkaller0: entered allmulticast mode [ 528.840173][T29191] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9451'. [ 528.970605][T29191] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=29191 comm=syz.2.9451 [ 529.264236][T29205] overlayfs: failed to clone upperpath [ 529.302936][T28353] Bluetooth: hci2: command 0x0406 tx timeout [ 529.605935][T29215] syzkaller0: entered promiscuous mode [ 529.607804][T29215] syzkaller0: entered allmulticast mode [ 529.759931][T29217] bond7: (slave veth0_to_bond): Releasing active interface [ 529.774597][T29217] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 529.791121][T29217] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 529.795140][T29217] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 529.820082][T29217] team0: Mode changed to "loadbalance" [ 529.868623][T29222] fuse: fd is not a fuse device [ 529.934300][T29228] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9463'. [ 529.981303][T29233] netlink: 24 bytes leftover after parsing attributes in process `syz.9.9464'. [ 529.993365][T29228] 8021q: adding VLAN 0 to HW filter on device bond5 [ 530.040024][T29234] macvlan2: entered promiscuous mode [ 530.042351][T29234] macvlan2: entered allmulticast mode [ 530.045242][T29234] bond5: entered promiscuous mode [ 530.048585][T29234] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 530.053020][T29234] bond5: left promiscuous mode [ 530.057757][T29228] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9463'. [ 530.090661][T29228] bond5: (slave bridge2): Enslaving as an active interface with an up link [ 530.094746][T29233] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=29233 comm=syz.9.9464 [ 530.202278][T29250] netlink: 'syz.9.9468': attribute type 27 has an invalid length. [ 530.226392][T29250] mac80211_hwsim hwsim34 wlan1: left allmulticast mode [ 530.260455][ T40] audit: type=1400 audit(1777559536.699:1804): avc: denied { getopt } for pid=29249 comm="syz.9.9468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 530.272481][T29250] bond5: left allmulticast mode [ 530.274455][T29250] ip6gretap1: left allmulticast mode [ 530.280761][T29250] ip6gretap1: left promiscuous mode [ 530.294580][T29250] bond6: left allmulticast mode [ 530.322792][T29253] bridge0: port 3(syz_tun) entered blocking state [ 530.325728][T29253] bridge0: port 3(syz_tun) entered forwarding state [ 530.332534][T29253] 8021q: adding VLAN 0 to HW filter on device bond0 [ 530.337023][T29253] 8021q: adding VLAN 0 to HW filter on device team0 [ 530.348313][T29253] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 530.373549][T29253] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 530.379004][T29253] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 530.386939][T29253] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 530.391395][T29253] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 530.397424][T29253] veth1_vlan: left promiscuous mode [ 530.401003][T29253] veth0_vlan: left promiscuous mode [ 530.404173][T29253] veth0_vlan: entered promiscuous mode [ 530.408400][T29253] veth1_vlan: entered promiscuous mode [ 530.414877][T29253] veth1_macvtap: left promiscuous mode [ 530.418700][T29253] veth0_macvtap: left promiscuous mode [ 530.421979][T29253] veth0_macvtap: entered promiscuous mode [ 530.425358][T29253] veth1_macvtap: entered promiscuous mode [ 530.435357][T29253] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 530.439559][T29253] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 530.448450][T29253] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 530.452614][T29253] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 530.467872][T29253] 8021q: adding VLAN 0 to HW filter on device bond1 [ 530.474441][T29253] 8021q: adding VLAN 0 to HW filter on device bond2 [ 530.478674][T29253] 8021q: adding VLAN 0 to HW filter on device bond3 [ 530.483508][T29253] 8021q: adding VLAN 0 to HW filter on device bond4 [ 530.491608][T29253] 8021q: adding VLAN 0 to HW filter on device bond5 [ 530.498350][T16461] bond6: (slave ip6gretap2): link status down again after 0 ms [ 530.505959][T29253] 8021q: adding VLAN 0 to HW filter on device bond6 [ 530.519165][T29253] 8021q: adding VLAN 0 to HW filter on device bond7 [ 530.531648][ T1200] bridge0: port 1(alle) entered blocking state [ 530.534399][ T1200] bridge0: port 1(alle) entered forwarding state [ 530.540069][ T1200] bridge0: port 2(bridge_slave_1) entered blocking state [ 530.543174][ T1200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 530.586646][ T165] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.595103][ T165] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.613057][ T165] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.621798][ T165] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.639624][ T103] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 530.659615][ T165] bond4: (slave veth9): link status definitely up, 10000 Mbps full duplex [ 530.677329][ T165] bond4: (slave veth9): making interface the new active one [ 530.680328][ T165] veth9: entered allmulticast mode [ 530.693098][ T165] bond4: active interface up! [ 530.702134][ T1200] bond1: (slave veth7): link status definitely up, 10000 Mbps full duplex [ 530.709152][ T1200] bond1: (slave veth7): making interface the new active one [ 530.721503][ T1200] bond1: active interface up! [ 530.765655][ T103] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 530.790339][T29272] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9476'. [ 530.805609][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 530.825993][ T12] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 530.832231][ T12] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 530.847703][T29272] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=29272 comm=syz.3.9476 [ 530.919653][T29275] netlink: 24 bytes leftover after parsing attributes in process `syz.7.9477'. [ 530.956188][ T1200] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 530.959415][ T1200] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 530.973551][T29275] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=29275 comm=syz.7.9477 [ 531.066185][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 531.476421][T29291] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9483'. [ 531.619425][ T40] audit: type=1400 audit(1777559538.059:1805): avc: denied { watch watch_reads } for pid=29305 comm="syz.7.9488" path="/946/file0" dev="tmpfs" ino=5183 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 531.933516][T29325] syzkaller0: entered promiscuous mode [ 531.935763][T29325] syzkaller0: entered allmulticast mode [ 532.008022][ T40] audit: type=1400 audit(1777559538.449:1806): avc: denied { create } for pid=29326 comm="syz.3.9496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 532.101091][T29331] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1500) ! [ 532.108183][T29333] fuse: fd is not a fuse device [ 532.111528][T29331] syzkaller0: entered promiscuous mode [ 532.113475][T29331] syzkaller0: entered allmulticast mode [ 532.300809][T29337] b^: renamed from lo [ 532.555623][T28498] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 532.578251][T29347] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9504'. [ 532.715564][T28498] usb 7-1: Using ep0 maxpacket: 16 [ 532.719376][T28498] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 532.727421][T28498] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 532.737791][T28498] usb 7-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=cf.10 [ 532.741681][T28498] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.744932][T28498] usb 7-1: Product: syz [ 532.746761][T28498] usb 7-1: Manufacturer: syz [ 532.748737][T28498] usb 7-1: SerialNumber: syz [ 532.753815][T28498] usb 7-1: config 0 descriptor?? [ 532.962142][T28498] usb 7-1: USB disconnect, device number 13 [ 533.348504][T29356] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=42 sclass=netlink_tcpdiag_socket pid=29356 comm=syz.7.9513 [ 533.424483][ T40] audit: type=1326 audit(1777559539.859:1807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29357 comm="syz.3.9506" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f912dd9cdd9 code=0x0 [ 533.486625][T29364] netlink: 12 bytes leftover after parsing attributes in process `syz.7.9508'. [ 533.513606][T29364] bond8: entered promiscuous mode [ 533.515346][T29364] bond8: entered allmulticast mode [ 533.945779][ T24] usb 14-1: new high-speed USB device number 13 using dummy_hcd [ 534.101585][ T24] usb 14-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 534.107439][ T24] usb 14-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 534.113082][ T24] usb 14-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 534.117956][ T24] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 534.124083][ T24] usb 14-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 534.128201][ T24] usb 14-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 534.131749][ T24] usb 14-1: Product: syz [ 534.133760][ T24] usb 14-1: Manufacturer: syz [ 534.142466][ T24] cdc_wdm 14-1:1.0: skipping garbage [ 534.144908][ T24] cdc_wdm 14-1:1.0: skipping garbage [ 534.148968][ T24] cdc_wdm 14-1:1.0: cdc-wdm0: USB WDM device [ 534.151391][ T24] cdc_wdm 14-1:1.0: Unknown control protocol [ 534.795631][T26964] net_ratelimit: 66 callbacks suppressed [ 534.795651][T26964] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 534.796212][T29400] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9528'. [ 534.801613][T26964] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 534.837487][T29400] vlan3: entered allmulticast mode [ 534.839822][T29400] bridge3: entered allmulticast mode [ 534.848471][T29400] bridge3: port 1(erspan0) entered blocking state [ 534.851477][T29400] bridge3: port 1(erspan0) entered disabled state [ 534.854456][T29400] erspan0: entered allmulticast mode [ 534.858528][T29400] erspan0: entered promiscuous mode [ 534.918553][ T12] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 534.923227][ T12] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 535.035951][ T103] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 535.038502][ T103] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 535.145600][T26964] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 535.148184][T26964] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 535.255660][ T12] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 535.258558][ T12] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 535.443333][T29415] netlink: 12 bytes leftover after parsing attributes in process `syz.7.9526'. [ 535.635564][T17181] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 535.644158][T29424] fuse: fd is not a fuse device [ 535.795509][T17181] usb 7-1: Using ep0 maxpacket: 16 [ 535.801644][T17181] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 535.807198][T17181] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 535.810153][T17181] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.812670][T17181] usb 7-1: Product: syz [ 535.814240][T17181] usb 7-1: Manufacturer: syz [ 535.816025][T17181] usb 7-1: SerialNumber: syz [ 535.820084][T17181] usb 7-1: config 0 descriptor?? [ 535.824533][T17181] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 535.828028][T17181] em28xx 7-1:0.0: DVB interface 0 found: bulk [ 536.434349][T17181] em28xx 7-1:0.0: unknown em28xx chip ID (0) [ 536.672708][T29442] netlink: 'syz.7.9535': attribute type 1 has an invalid length. [ 536.690556][T29442] bond9: entered promiscuous mode [ 536.693136][T29442] 8021q: adding VLAN 0 to HW filter on device bond9 [ 536.710436][ T24] usb 14-1: USB disconnect, device number 13 [ 536.722684][T29442] bond9: (slave bridge6): making interface the new active one [ 536.726265][T29442] bridge6: entered promiscuous mode [ 536.730750][T29442] bond9: (slave bridge6): Enslaving as an active interface with an up link [ 536.878302][T17181] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 536.883341][T17181] em28xx 7-1:0.0: board has no eeprom [ 537.127955][T29413] em28xx 7-1:0.0: read from i2c device at 0xc failed with unknown error (status=65) [ 537.385523][T17181] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 537.388900][T17181] em28xx 7-1:0.0: dvb set to bulk mode. [ 537.391553][ T34] em28xx 7-1:0.0: Binding DVB extension [ 537.398691][T17181] usb 7-1: USB disconnect, device number 14 [ 537.401994][T17181] em28xx 7-1:0.0: Disconnecting em28xx [ 537.463385][ T34] em28xx 7-1:0.0: Registering input extension [ 537.467490][T17181] em28xx 7-1:0.0: Closing input extension [ 537.535164][T17181] em28xx 7-1:0.0: Freeing device [ 537.829685][T29499] fuse: fd is not a fuse device [ 537.899775][T29502] erspan0: left allmulticast mode [ 537.901971][T29502] erspan0: left promiscuous mode [ 537.904518][T29502] bridge3: port 1(erspan0) entered disabled state [ 537.914074][T29502] bridge_slave_0: left allmulticast mode [ 537.918583][T29502] bridge_slave_0: left promiscuous mode [ 537.921253][T29502] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.927153][T29502] bridge_slave_1: left allmulticast mode [ 537.929758][T29502] bridge_slave_1: left promiscuous mode [ 537.932451][T29502] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.953333][ T40] audit: type=1400 audit(1777559544.389:1808): avc: denied { map } for pid=29503 comm="syz.3.9555" path="socket:[121818]" dev="sockfs" ino=121818 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 537.966108][T29502] : (slave bond_slave_0): Releasing backup interface [ 537.970529][T29504] fuse: fd is not a fuse device [ 537.978169][T29502] : (slave bond_slave_1): Releasing backup interface [ 537.985823][T29502] team0: Port device team_slave_0 removed [ 537.993254][T29502] team0: Port device team_slave_1 removed [ 537.997053][T29502] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 538.002833][T29502] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 538.010643][T29505] team0: Mode changed to "activebackup" [ 538.232413][T29522] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9560'. [ 538.254617][T29522] 8021q: adding VLAN 0 to HW filter on device bond6 [ 538.281752][T29522] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9560'. [ 538.287867][T29522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9560'. [ 538.296065][T29522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 538.316078][T29522] bond6: (slave bond0): Enslaving as an active interface with an up link [ 538.321511][T29522] netlink: 'syz.2.9560': attribute type 10 has an invalid length. [ 538.351560][T29522] : (slave bridge0): Enslaving as an active interface with an up link [ 538.388790][T29525] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1500) ! [ 538.396167][T29525] syzkaller0: entered promiscuous mode [ 538.398311][T29525] syzkaller0: entered allmulticast mode [ 538.558521][T29533] fuse: fd is not a fuse device [ 538.617300][T29538] netlink: 'syz.9.9567': attribute type 13 has an invalid length. [ 538.691221][T29538] netlink: 4 bytes leftover after parsing attributes in process `syz.9.9567'. [ 538.839406][T29547] syzkaller0: entered promiscuous mode [ 538.841804][T29547] syzkaller0: entered allmulticast mode [ 539.000003][T29550] syzkaller0: entered promiscuous mode [ 539.001980][T29550] syzkaller0: entered allmulticast mode [ 539.117285][T29552] syzkaller0: entered promiscuous mode [ 539.119643][T29552] syzkaller0: entered allmulticast mode [ 539.126510][T29554] fuse: fd is not a fuse device [ 539.209193][T29560] netlink: 'syz.3.9576': attribute type 1 has an invalid length. [ 539.231207][T29560] bond13: entered promiscuous mode [ 539.233601][T29560] 8021q: adding VLAN 0 to HW filter on device bond13 [ 539.251333][T29560] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9576'. [ 539.254532][T29560] bond13: entered allmulticast mode [ 539.269052][T29560] bond13: (slave bridge11): making interface the new active one [ 539.275330][T29560] bridge11: entered promiscuous mode [ 539.277715][T29560] bridge11: entered allmulticast mode [ 539.280947][T29560] bond13: (slave bridge11): Enslaving as an active interface with an up link [ 539.382706][T29570] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9580'. [ 539.417547][T29573] fuse: fd is not a fuse device [ 539.508399][T29570] veth23: entered allmulticast mode [ 539.576140][T29570] bond14: (slave veth23): Enslaving as an active interface with an up link [ 539.620154][T29578] bond14 (unregistering): (slave veth23): Releasing backup interface [ 539.625666][T29578] bond14 (unregistering): Released all slaves [ 539.637560][T29580] syzkaller0: entered promiscuous mode [ 539.640119][T29580] syzkaller0: entered allmulticast mode [ 539.808488][T29597] xt_hashlimit: size too large, truncated to 1048576 [ 539.852832][T29602] netlink: 'syz.7.9596': attribute type 1 has an invalid length. [ 539.867907][T29602] 8021q: adding VLAN 0 to HW filter on device bond10 [ 539.884191][T29602] vlan0: entered allmulticast mode [ 539.885651][T16465] net_ratelimit: 91 callbacks suppressed [ 539.885663][T16465] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 539.886167][T29602] bond10: entered allmulticast mode [ 539.892139][T16465] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 539.907998][T29602] bond10: (slave geneve2): making interface the new active one [ 539.911234][T29602] geneve2: entered allmulticast mode [ 539.917871][T29602] bond10: (slave geneve2): Enslaving as an active interface with an up link [ 539.922065][T16465] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.925947][T16465] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.928968][T16465] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.931922][T16465] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.971508][T29606] syzkaller0: entered promiscuous mode [ 539.973688][T29606] syzkaller0: entered allmulticast mode [ 539.979446][T29610] fuse: fd is not a fuse device [ 540.005662][T16465] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 540.015644][T28499] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 540.025880][ T12] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 540.029677][ T12] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 540.127702][T29620] lo: Caught tx_queue_len zero misconfig [ 540.140885][ T12] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 540.155583][ T103] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 540.159136][ T103] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 540.165690][T28499] usb 7-1: Using ep0 maxpacket: 32 [ 540.169560][T28499] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 540.173233][T28499] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 540.180054][T28499] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 540.185296][T28499] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 540.190150][T28499] usb 7-1: config 0 interface 0 has no altsetting 0 [ 540.193764][T28499] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 540.197124][T28499] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 540.199977][T28499] usb 7-1: Product: syz [ 540.201366][T28499] usb 7-1: Manufacturer: syz [ 540.202965][T28499] usb 7-1: SerialNumber: syz [ 540.207306][T28499] usb 7-1: config 0 descriptor?? [ 540.211729][T28499] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 540.217111][T28499] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 540.266031][T16465] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 540.269468][T16465] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 540.603243][T29626] fuse: fd is not a fuse device [ 540.723222][T29594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 540.728675][T29594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 540.757264][T29625] fuse: fd is not a fuse device [ 540.848529][T29639] vlan1: entered promiscuous mode [ 540.850738][T29639] hsr0: entered promiscuous mode [ 540.852898][T29639] vlan1: entered allmulticast mode [ 540.855090][T29639] hsr0: entered allmulticast mode [ 540.858951][T29639] hsr_slave_0: entered allmulticast mode [ 540.861454][T29639] hsr_slave_1: entered allmulticast mode [ 541.101830][T29647] syzkaller0: entered promiscuous mode [ 541.104118][T29647] syzkaller0: entered allmulticast mode [ 541.610782][T29669] orangefs_devreq_write_iter: userspace claims version42, minimum version required: 20903. [ 541.644920][T29671] tipc: Enabling of bearer rejected, failed to enable media [ 541.744581][T29682] netlink: 12 bytes leftover after parsing attributes in process `syz.9.9616'. [ 542.049413][ T40] audit: type=1400 audit(2000000000.000:1809): avc: denied { execute } for pid=29690 comm="syz.3.9619" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=124489 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 544.965875][ T13] net_ratelimit: 83 callbacks suppressed [ 544.965911][ T13] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 544.970888][ T13] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 545.085607][ T13] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 545.088920][ T13] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 545.195695][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 545.198584][ T165] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 545.315715][ T12] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 545.318645][ T12] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 545.425740][ T13] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 545.428342][ T13] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 545.536447][T29621] ldusb 7-1:0.0: Couldn't submit HID_REQ_SET_REPORT -110 [ 545.557049][ T5579] usb 7-1: USB disconnect, device number 15 [ 545.574897][ T5579] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 546.300312][T29735] Invalid option length (1048180) for dns_resolver key [ 547.937351][T29767] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9639'. [ 547.962739][T29769] tipc: Enabling of bearer rejected, failed to enable media [ 548.033256][T29773] netlink: 'syz.3.9641': attribute type 1 has an invalid length. [ 548.083109][T29773] bond14: (slave vxcan3): The slave device specified does not support setting the MAC address [ 548.087194][T29773] bond14: (slave vxcan3): Error -95 calling set_mac_address [ 548.145268][T29778] bond14: (slave gretap2): making interface the new active one [ 548.150574][T29778] bond14: (slave gretap2): Enslaving as an active interface with an up link [ 548.183533][T29773] macvlan2: entered promiscuous mode [ 548.186283][T29773] macvlan2: entered allmulticast mode [ 548.188995][T29773] bond14: entered promiscuous mode [ 548.190750][T29773] gretap2: entered promiscuous mode [ 548.197025][T29773] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 548.201509][T29773] bond14: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap2 [ 548.208869][T29773] bond14: left promiscuous mode [ 548.210484][T29773] gretap2: left promiscuous mode [ 548.341140][T29785] netlink: 4 bytes leftover after parsing attributes in process `syz.9.9645'. [ 548.348308][T29785] bridge0: port 3(syz_tun) entered disabled state [ 548.388711][T29785] syz_tun (unregistering): left allmulticast mode [ 548.391288][T29785] syz_tun (unregistering): left promiscuous mode [ 548.393441][T29785] bridge0: port 3(syz_tun) entered disabled state [ 548.464905][T29793] syzkaller0: entered promiscuous mode [ 548.474601][T29793] syzkaller0: entered allmulticast mode [ 548.756432][T29816] netlink: 12 bytes leftover after parsing attributes in process `syz.7.9652'. [ 548.779240][T29816] bond11: entered promiscuous mode [ 548.780924][T29816] bond11: entered allmulticast mode [ 548.821388][T29816] veth15: entered allmulticast mode [ 548.826007][T29816] veth15: entered promiscuous mode [ 548.828201][T29816] bond11: (slave veth15): Enslaving as an active interface with an up link [ 548.858254][T29816] bond11 (unregistering): (slave veth15): Releasing backup interface [ 548.862646][T29816] veth15: left promiscuous mode [ 548.868831][T29816] bond11 (unregistering): Released all slaves [ 549.105764][ T24] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 549.256099][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 549.262816][ T24] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 549.268789][ T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 549.277297][ T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 549.285508][ T24] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 549.295580][ T24] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 549.299740][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.339861][ T40] audit: type=1800 audit(2000000007.279:1810): pid=29842 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.9.9658" name="nullb0" dev="tmpfs" ino=2171 res=0 errno=0 [ 549.450716][T29846] IPVS: Error connecting to the multicast addr [ 549.525683][ T24] usb 7-1: usb_control_msg returned -71 [ 549.528056][ T24] usbtmc 7-1:16.0: can't read capabilities [ 549.546064][ T24] usb 7-1: USB disconnect, device number 16 [ 549.575912][T29855] netlink: 4 bytes leftover after parsing attributes in process `syz.9.9660'. [ 550.066177][ T46] net_ratelimit: 80 callbacks suppressed [ 550.066221][ T46] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 550.071320][ T46] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 550.185704][T16461] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 550.189020][T16461] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 550.308061][ T60] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 550.311231][ T60] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 550.416306][T29894] netlink: 164 bytes leftover after parsing attributes in process `syz.7.9678'. [ 550.420481][ T1163] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 550.437382][ T1163] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 550.546348][ T103] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 550.551420][ T103] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 551.093566][T29915] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 551.517483][T29941] netlink: 20 bytes leftover after parsing attributes in process `syz.7.9693'. [ 551.526688][T29941] netlink: 20 bytes leftover after parsing attributes in process `syz.7.9693'. [ 551.526719][ T60] netdevsim netdevsim7 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 551.533121][ T60] netdevsim netdevsim7 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 551.538325][ T60] netdevsim netdevsim7 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 551.541121][ T60] netdevsim netdevsim7 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 551.542269][T29941] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9693'. [ 551.545576][T29939] syzkaller0: entered promiscuous mode [ 551.549404][T29939] syzkaller0: entered allmulticast mode [ 551.560052][T29941] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9693'. [ 551.707390][T29955] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9698'. [ 551.726981][T29955] bond7: entered promiscuous mode [ 551.729088][T29955] bond7: entered allmulticast mode [ 551.766869][T29955] veth11: entered allmulticast mode [ 551.771523][T29955] veth11: entered promiscuous mode [ 551.774139][T29955] bond7: (slave veth11): Enslaving as an active interface with an up link [ 552.146577][T29969] kvm: kvm [29968]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000 [ 552.174224][T29969] kvm: kvm [29968]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x100000000 [ 552.190571][T29969] kvm: kvm [29968]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 552.194475][T29969] kvm: kvm [29968]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 552.573514][T29986] bond15: entered promiscuous mode [ 552.576327][T29986] bond15: entered allmulticast mode [ 552.614082][T29986] veth25: entered allmulticast mode [ 552.950565][T29999] syz_tun: entered allmulticast mode [ 552.954821][T29999] __nla_validate_parse: 1 callbacks suppressed [ 552.954836][T29999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9711'. [ 552.996246][T29999] syz_tun (unregistering): left allmulticast mode [ 553.148617][T30007] syz_tun: entered allmulticast mode [ 553.160774][T30007] dvmrp8: entered allmulticast mode [ 553.924761][T30003] syz_tun: left allmulticast mode [ 554.102344][T30058] netlink: 'syz.3.9731': attribute type 1 has an invalid length. [ 554.118294][T30058] 8021q: adding VLAN 0 to HW filter on device bond16 [ 554.148692][T30058] bond16: (slave geneve4): making interface the new active one [ 554.155046][T30058] bond16: (slave geneve4): Enslaving as an active interface with an up link [ 554.159079][ T60] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.165278][ T60] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.171321][ T165] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.187639][ T165] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.228431][T30074] tipc: Enabling of bearer rejected, failed to enable media [ 554.338882][T30091] netlink: 'syz.7.9742': attribute type 1 has an invalid length. [ 554.356576][T30091] 8021q: adding VLAN 0 to HW filter on device bond11 [ 554.371449][T30091] bond11: (slave gretap1): making interface the new active one [ 554.377734][T30091] bond11: (slave gretap1): Enslaving as an active interface with an up link [ 554.382375][T30091] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=30091 comm=syz.7.9742 [ 554.609930][T30111] tipc: Enabling of bearer rejected, failed to enable media [ 554.895599][ T62] Bluetooth: hci1: command 0x0406 tx timeout [ 555.145642][ T1200] net_ratelimit: 84 callbacks suppressed [ 555.145656][ T1200] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 555.174493][ T1200] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 555.285806][ T46] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 555.288380][ T46] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 555.331193][T30140] netlink: 12 bytes leftover after parsing attributes in process `syz.7.9759'. [ 555.388433][T30140] 8021q: adding VLAN 0 to HW filter on device bond12 [ 555.389621][T30147] netlink: 'syz.9.9761': attribute type 1 has an invalid length. [ 555.407219][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 555.435640][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 555.450614][T30140] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=30140 comm=syz.7.9759 [ 555.459977][ T46] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 555.490532][T30147] 8021q: adding VLAN 0 to HW filter on device bond8 [ 555.494875][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 555.515566][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 555.543334][T30150] bond8: (slave geneve2): making interface the new active one [ 555.545916][ T103] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 555.559232][T30150] bond8: (slave geneve2): Enslaving as an active interface with an up link [ 555.579204][ T40] audit: type=1400 audit(2000000013.519:1811): avc: denied { create } for pid=30152 comm="syz.7.9762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 555.718407][T30162] tipc: Enabling of bearer rejected, failed to enable media [ 555.760696][T30167] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9766'. [ 555.801812][T30167] bond8: entered promiscuous mode [ 555.803497][T30167] bond8: entered allmulticast mode [ 555.839540][T30167] veth13: entered allmulticast mode [ 555.844366][T30167] bond8 (unregistering): Released all slaves [ 555.940165][T30180] netlink: 76 bytes leftover after parsing attributes in process `syz.9.9768'. [ 556.000609][T30187] netlink: 'syz.7.9772': attribute type 1 has an invalid length. [ 556.038398][T30187] 8021q: adding VLAN 0 to HW filter on device bond13 [ 556.068394][T30187] bond13: (slave geneve3): making interface the new active one [ 556.069215][T30187] bond13: (slave geneve3): Enslaving as an active interface with an up link [ 556.377967][T30207] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 556.381847][T30207] tipc: Enabled bearer , priority 0 [ 556.395239][T30206] tipc: Disabling bearer [ 556.860451][T30247] lo speed is unknown, defaulting to 1000 [ 556.885646][T30247] lo speed is unknown, defaulting to 1000 [ 556.888079][T30247] lo speed is unknown, defaulting to 1000 [ 556.890596][T30247] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 556.895227][T30247] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 556.904142][T30247] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 557.024229][T30256] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9790'. [ 557.032291][T30247] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 557.124461][T30247] lo speed is unknown, defaulting to 1000 [ 557.138351][T30247] lo speed is unknown, defaulting to 1000 [ 557.155966][T30262] netlink: 'syz.3.9793': attribute type 1 has an invalid length. [ 557.159051][T30247] lo speed is unknown, defaulting to 1000 [ 557.159752][T30247] lo speed is unknown, defaulting to 1000 [ 557.179610][T30262] 8021q: adding VLAN 0 to HW filter on device bond17 [ 557.186751][T30247] lo speed is unknown, defaulting to 1000 [ 557.194596][T30247] lo speed is unknown, defaulting to 1000 [ 557.202593][T30247] lo speed is unknown, defaulting to 1000 [ 557.630453][ T40] audit: type=1400 audit(2000000015.569:1812): avc: denied { watch } for pid=30283 comm="syz.2.9801" path="/373/file0" dev="9p" ino=72876185 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 557.639742][ T40] audit: type=1400 audit(2000000015.579:1813): avc: denied { create } for pid=30283 comm="syz.2.9801" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 557.678898][ T40] audit: type=1800 audit(2000000015.619:1814): pid=30286 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.9802" name="file0" dev="tmpfs" ino=15809 res=0 errno=0 [ 557.733074][T30286] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 557.877856][ T40] audit: type=1400 audit(2000000015.819:1815): avc: denied { nlmsg_write } for pid=30294 comm="syz.7.9806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 557.883043][T30295] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=30295 comm=syz.7.9806 [ 558.081987][T30300] netlink: 76 bytes leftover after parsing attributes in process `syz.7.9808'. [ 558.264421][T30317] netlink: 'syz.7.9811': attribute type 1 has an invalid length. [ 558.275733][ T24] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 558.295762][T30317] 8021q: adding VLAN 0 to HW filter on device bond14 [ 558.425916][ T24] usb 7-1: Using ep0 maxpacket: 16 [ 558.431567][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 558.439412][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 558.442674][ T24] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 558.446050][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.451103][ T24] usb 7-1: config 0 descriptor?? [ 558.567038][ T40] audit: type=1400 audit(2000000016.509:1816): avc: denied { create } for pid=30344 comm="syz.7.9822" name="file5" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 558.588034][ T40] audit: type=1400 audit(2000000016.529:1817): avc: denied { unlink } for pid=17664 comm="syz-executor" name="file5" dev="tmpfs" ino=5689 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 558.765597][T30354] netlink: 12 bytes leftover after parsing attributes in process `syz.7.9824'. [ 558.788721][T30354] bond15: entered promiscuous mode [ 558.790436][T30354] bond15: entered allmulticast mode [ 558.837315][T30354] veth17: entered allmulticast mode [ 558.846525][T30354] bond15 (unregistering): Released all slaves [ 558.998970][T30306] siw: device registration error -23 [ 559.010252][ T24] usbhid 7-1:0.0: can't add hid device: -71 [ 559.017536][ T24] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 559.028035][ T24] usb 7-1: USB disconnect, device number 17 [ 559.149667][T30367] syz_tun: entered allmulticast mode [ 559.152196][T30367] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9828'. [ 559.168239][T30367] syz_tun (unregistering): left allmulticast mode [ 559.174460][T30367] bond1: (slave syz_tun): Removing an active aggregator [ 559.181503][T30367] bond1: (slave syz_tun): Releasing backup interface [ 559.322425][T30376] tipc: Enabling of bearer rejected, failed to enable media [ 559.564239][T30391] lo speed is unknown, defaulting to 1000 [ 559.663065][T30419] netlink: 'syz.2.9847': attribute type 1 has an invalid length. [ 559.670683][T30422] netlink: 164 bytes leftover after parsing attributes in process `syz.7.9848'. [ 559.675905][T30419] 8021q: adding VLAN 0 to HW filter on device bond8 [ 559.696633][T30419] bond8: (slave geneve2): making interface the new active one [ 559.703041][T30419] bond8: (slave geneve2): Enslaving as an active interface with an up link [ 559.706754][ T1200] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.710390][T30414] tipc: Enabling of bearer rejected, failed to enable media [ 559.713889][T16465] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.718764][T16465] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.740832][T30426] Bluetooth: hci3: Opcode 0x0401 failed: -22 [ 559.753280][T16465] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.852326][T30445] netlink: 'syz.7.9857': attribute type 10 has an invalid length. [ 559.864667][T30434] netlink: 20 bytes leftover after parsing attributes in process `syz.9.9854'. [ 559.868053][T30434] netlink: 4 bytes leftover after parsing attributes in process `syz.9.9854'. [ 559.926026][T30455] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 559.929162][T30455] tipc: Enabled bearer , priority 0 [ 559.932502][T30455] syzkaller0: entered promiscuous mode [ 559.934489][T30455] syzkaller0: entered allmulticast mode [ 559.947214][T30455] tipc: Resetting bearer [ 559.951570][T30454] tipc: Resetting bearer [ 559.954112][ T40] audit: type=1800 audit(2000000017.889:1818): pid=30458 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.7.9863" name="file0" dev="tmpfs" ino=5802 res=0 errno=0 [ 559.975051][T30454] tipc: Disabling bearer [ 560.022353][T30458] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 560.076102][T30464] netlink: 12 bytes leftover after parsing attributes in process `syz.7.9865'. [ 560.111170][T30464] bond15: entered promiscuous mode [ 560.112878][T30464] bond15: entered allmulticast mode [ 560.118440][T30465] ipvlan1: entered promiscuous mode [ 560.120195][T30465] ipvlan1: entered allmulticast mode [ 560.123118][T30465] veth0_vlan: entered allmulticast mode [ 560.148395][T30464] veth19: entered allmulticast mode [ 560.163910][T30464] bond15 (unregistering): Released all slaves [ 560.166249][ T12] net_ratelimit: 87 callbacks suppressed [ 560.166259][ T12] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 560.176783][T30473] netlink: 164 bytes leftover after parsing attributes in process `syz.2.9870'. [ 560.185551][ T1200] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 560.188710][ T1200] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 560.231492][T30477] 8021q: adding VLAN 0 to HW filter on device  [ 560.237162][T30477] 8021q: adding VLAN 0 to HW filter on device team0 [ 560.241550][T30477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 560.266659][T30477] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 560.270612][T30477] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 560.283213][T30477] veth1_vlan: left promiscuous mode [ 560.288919][T30477] veth0_vlan: left promiscuous mode [ 560.291676][T30477] veth0_vlan: entered promiscuous mode [ 560.295796][T30477] veth1_vlan: entered promiscuous mode [ 560.303739][T30477] veth1_macvtap: left promiscuous mode [ 560.306084][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 560.309545][T30477] veth0_macvtap: left promiscuous mode [ 560.312498][T30477] veth0_macvtap: entered promiscuous mode [ 560.316898][T30477] veth1_macvtap: entered promiscuous mode [ 560.326073][T30477] 8021q: adding VLAN 0 to HW filter on device bond1 [ 560.331071][T30477] 8021q: adding VLAN 0 to HW filter on device bond2 [ 560.335080][T30477] 8021q: adding VLAN 0 to HW filter on device bond3 [ 560.338148][ T60] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 560.342124][T30477] 8021q: adding VLAN 0 to HW filter on device eth0 [ 560.346801][T30477] 8021q: adding VLAN 0 to HW filter on device eth1 [ 560.349823][T30477] 8021q: adding VLAN 0 to HW filter on device eth2 [ 560.352789][T30477] 8021q: adding VLAN 0 to HW filter on device eth3 [ 560.356535][T30477] batadv0: entered promiscuous mode [ 560.362136][T30477] 8021q: adding VLAN 0 to HW filter on device macsec1 [ 560.365575][T16461] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 560.370417][T30488] netlink: 'syz.7.9877': attribute type 1 has an invalid length. [ 560.371453][T30477] 8021q: adding VLAN 0 to HW filter on device bond7 [ 560.379268][T28498] gretap2: entered promiscuous mode [ 560.385566][ T46] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 560.406434][T16465] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 560.429541][T16461] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 560.451657][T30488] 8021q: adding VLAN 0 to HW filter on device bond15 [ 560.456624][ T46] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 560.499278][T30502] netlink: 28 bytes leftover after parsing attributes in process `syz.7.9882'. [ 560.567289][T30512] netlink: 'syz.7.9888': attribute type 33 has an invalid length. [ 560.570669][T30512] netlink: 152 bytes leftover after parsing attributes in process `syz.7.9888'. [ 560.612441][T30518] netlink: 'syz.2.9890': attribute type 21 has an invalid length. [ 560.651984][T30521] netlink: 'syz.7.9892': attribute type 1 has an invalid length. [ 560.691463][T30521] 8021q: adding VLAN 0 to HW filter on device bond16 [ 560.793645][T30536] bond17: entered promiscuous mode [ 560.796456][T30536] bond17: entered allmulticast mode [ 560.804924][T30536] bond17 (unregistering): Released all slaves [ 560.944232][T30552] netlink: 'syz.7.9905': attribute type 1 has an invalid length. [ 560.966767][T30558] random: crng reseeded on system resumption [ 560.986804][T30552] 8021q: adding VLAN 0 to HW filter on device bond17 [ 561.049805][T30568] lo: entered allmulticast mode [ 561.212718][T30593] random: crng reseeded on system resumption [ 561.257834][ T40] audit: type=1400 audit(2000000019.199:1819): avc: denied { ioctl } for pid=30597 comm="syz.7.9919" path="socket:[128337]" dev="sockfs" ino=128337 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 561.283580][T30604] syz_tun: entered allmulticast mode [ 561.308555][T30604] syz_tun (unregistering): left allmulticast mode [ 561.365591][T30609] tipc: Enabling of bearer rejected, failed to enable media [ 561.484312][T30633] netlink: 'syz.7.9930': attribute type 1 has an invalid length. [ 561.525183][T30641] netlink: 'syz.2.9931': attribute type 10 has an invalid length. [ 561.535723][T30633] 8021q: adding VLAN 0 to HW filter on device bond18 [ 561.595944][T30637] veth27: entered allmulticast mode [ 561.633740][ T40] audit: type=1400 audit(2000000019.569:1820): avc: denied { read append } for pid=30643 comm="syz.2.9934" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 561.728763][T30649] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 561.732641][T30649] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 561.778346][T30649] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 561.780477][T30649] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 561.795116][T30649] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 561.806188][T30644] lo speed is unknown, defaulting to 1000 [ 561.861134][T30667] netlink: 'syz.7.9944': attribute type 1 has an invalid length. [ 561.890283][T30667] 8021q: adding VLAN 0 to HW filter on device bond19 [ 561.918690][ T40] audit: type=1800 audit(2000000019.849:1821): pid=30673 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.9947" name="file0" dev="tmpfs" ino=16017 res=0 errno=0 [ 561.944259][T30673] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 562.229479][T30711] bond9: entered promiscuous mode [ 562.231199][T30711] bond9: entered allmulticast mode [ 562.292817][T30711] veth21: entered allmulticast mode [ 562.463958][T30739] 8021q: adding VLAN 0 to HW filter on device bond10 [ 562.509120][ T40] audit: type=1400 audit(2000000020.439:1822): avc: denied { write } for pid=30741 comm="syz.2.9973" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 562.541863][T30717] lo speed is unknown, defaulting to 1000 [ 562.640061][T30756] bond18: entered promiscuous mode [ 562.641853][T30756] bond18: entered allmulticast mode [ 562.684235][T30756] veth27: entered allmulticast mode [ 562.718698][T30767] lo: entered allmulticast mode [ 562.900450][ T40] audit: type=1800 audit(2000000020.829:1823): pid=30788 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.7.9992" name="file0" dev="tmpfs" ino=5964 res=0 errno=0 [ 562.904912][T30782] veth15: entered allmulticast mode [ 562.935322][T30788] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 563.015311][ T40] audit: type=1800 audit(2000000020.949:1824): pid=30798 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.9995" name="file0" dev="tmpfs" ino=16098 res=0 errno=0 [ 563.040881][T30798] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 563.098265][T30805] __nla_validate_parse: 12 callbacks suppressed [ 563.098285][T30805] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9997'. [ 563.140690][T30805] bond9: entered promiscuous mode [ 563.143019][T30805] bond9: entered allmulticast mode [ 563.182597][T30805] veth15: entered allmulticast mode [ 563.308570][T30827] tipc: Enabling of bearer rejected, failed to enable media [ 563.424285][T30851] veth1_vlan: Device is already in use. [ 563.515591][T30864] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10014'. [ 563.582363][T30864] veth27: entered allmulticast mode [ 563.775795][T28353] Bluetooth: hci2: command 0x0406 tx timeout [ 563.782935][T30900] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10024'. [ 563.856086][T28353] Bluetooth: hci1: command 0x0406 tx timeout [ 563.859175][T30906] 8021q: adding VLAN 0 to HW filter on device bond10 [ 563.864411][T30909] tipc: Cannot configure node identity twice [ 563.960018][ T40] audit: type=1400 audit(2000000021.899:1825): avc: denied { setopt } for pid=30921 comm="syz.9.10035" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 563.987352][T30927] netlink: 164 bytes leftover after parsing attributes in process `syz.7.10038'. [ 564.073147][T30935] 8021q: adding VLAN 0 to HW filter on device bond11 [ 564.094589][T30942] syzkaller0: entered promiscuous mode [ 564.103205][T30942] syzkaller0: entered allmulticast mode [ 564.298581][ T40] audit: type=1800 audit(2000000022.239:1826): pid=30971 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.9.10053" name="file0" dev="tmpfs" ino=2535 res=0 errno=0 [ 564.327425][T30971] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 564.567830][T31004] 8021q: adding VLAN 0 to HW filter on device bond12 [ 564.581019][ T40] audit: type=1800 audit(2000000022.519:1827): pid=31008 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.10064" name="file0" dev="tmpfs" ino=16175 res=0 errno=0 [ 564.598265][T31008] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 564.652910][ T40] audit: type=1800 audit(2000000022.589:1828): pid=31013 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.7.10067" name="file0" dev="tmpfs" ino=6055 res=0 errno=0 [ 564.684857][T31013] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 565.105331][T31074] random: crng reseeded on system resumption [ 565.153482][T31074] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 565.197420][ T12] net_ratelimit: 101 callbacks suppressed [ 565.197444][ T12] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 565.213792][ T12] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 565.325524][T16465] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 565.330997][T16465] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 565.404579][T31113] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 565.448036][T16461] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 565.453051][T16461] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 565.527804][T31133] validate_nla: 4 callbacks suppressed [ 565.527820][T31133] netlink: 'syz.9.10105': attribute type 1 has an invalid length. [ 565.559151][T31133] 8021q: adding VLAN 0 to HW filter on device bond13 [ 565.575789][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 565.600133][T31143] xt_hashlimit: size too large, truncated to 1048576 [ 565.605938][T16461] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 565.610635][T31137] syzkaller0: entered promiscuous mode [ 565.612491][T31137] syzkaller0: entered allmulticast mode [ 565.625891][T16461] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 565.645666][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 565.738642][T31153] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 565.857071][T28353] Bluetooth: hci2: command 0x0406 tx timeout [ 565.936619][T28353] Bluetooth: hci1: command 0x0406 tx timeout [ 566.180685][T31166] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10116'. [ 568.022386][T28353] Bluetooth: hci1: command 0x0406 tx timeout [ 568.394769][T31166] workqueue: Failed to create a rescuer kthread for wq "bond19": -EINTR [ 568.428367][T31167] veth27: entered allmulticast mode [ 568.482285][T31175] random: crng reseeded on system resumption [ 568.499101][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 568.499117][ T40] audit: type=1800 audit(2000000026.439:1833): pid=31175 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.10118" name="file0" dev="tmpfs" ino=2376 res=0 errno=0 [ 568.524702][T31175] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 568.573261][T31181] tipc: Enabled bearer , priority 10 [ 568.593302][ T40] audit: type=1400 audit(2000000026.529:1834): avc: denied { connect } for pid=31187 comm="syz.3.10124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 568.610494][ T40] audit: type=1400 audit(2000000026.529:1835): avc: denied { read } for pid=31187 comm="syz.3.10124" path="socket:[127897]" dev="sockfs" ino=127897 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 568.634921][T31193] netlink: 4 bytes leftover after parsing attributes in process `syz.7.10123'. [ 568.942138][T31246] netlink: 12 bytes leftover after parsing attributes in process `syz.9.10149'. [ 568.964260][T31246] bond14: entered promiscuous mode [ 568.968953][T31246] bond14: entered allmulticast mode [ 569.009283][T31246] veth21: entered allmulticast mode [ 569.185194][T31274] tipc: Enabling of bearer rejected, failed to enable media [ 569.207998][T31276] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10156'. [ 569.268158][T31283] netlink: 164 bytes leftover after parsing attributes in process `syz.3.10160'. [ 569.360365][ T40] audit: type=1800 audit(2000000027.299:1836): pid=31290 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.10164" name="file0" dev="tmpfs" ino=16316 res=0 errno=0 [ 569.382378][T31290] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 569.527454][T31308] netlink: 164 bytes leftover after parsing attributes in process `syz.9.10169'. [ 569.852587][T31342] netlink: 164 bytes leftover after parsing attributes in process `syz.3.10188'. [ 569.923709][T31351] netlink: 48 bytes leftover after parsing attributes in process `syz.3.10192'. [ 570.028713][T31364] veth21: entered allmulticast mode [ 570.080121][ T40] audit: type=1326 audit(2000000028.019:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31374 comm="syz.7.10204" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6cea79cdd9 code=0x0 [ 570.234667][T31393] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10210'. [ 570.269164][T31393] veth27: entered allmulticast mode [ 570.306428][ T12] net_ratelimit: 161 callbacks suppressed [ 570.306446][ T12] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 570.313789][ T12] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 570.370125][ T40] audit: type=1800 audit(2000000028.309:1838): pid=31402 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.10214" name="file0" dev="tmpfs" ino=16403 res=0 errno=0 [ 570.400664][T31402] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 570.425934][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 570.435527][ T165] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 570.516096][ T40] audit: type=1800 audit(2000000028.459:1839): pid=31414 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.10217" name="file0" dev="tmpfs" ino=16414 res=0 errno=0 [ 570.529572][T31414] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 570.545830][ T165] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 570.575590][ T46] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 570.578347][ T46] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 570.607248][T31416] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10218'. [ 570.637605][T31424] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10222'. [ 570.648974][T31424] bond19: entered promiscuous mode [ 570.650716][T31424] bond19: entered allmulticast mode [ 570.672096][T31424] veth27: entered allmulticast mode [ 570.685218][T31424] veth27: entered promiscuous mode [ 570.687567][T31424] bond19: (slave veth27): Enslaving as an active interface with an up link [ 570.697765][T16461] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 570.704886][T16461] bond6: (slave ip6gretap2): failed to get link speed/duplex [ 570.812006][T31431] lo speed is unknown, defaulting to 1000 [ 570.818531][ T12] bond6: (slave ip6gretap2): link status up, enabling it in 0 ms [ 570.849315][T31436] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 570.855643][T31436] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 571.308987][T31471] ------------[ cut here ]------------ [ 571.314393][T31471] !chanctx_conf [ 571.314407][T31471] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x5c5/0x730, CPU#3: syz.2.10241/31471 [ 571.320998][T31471] Modules linked in: [ 571.323729][T31471] CPU: 3 UID: 0 PID: 31471 Comm: syz.2.10241 Tainted: G L syzkaller #0 PREEMPT(full) [ 571.328025][T31471] Tainted: [L]=SOFTLOCKUP [ 571.330016][T31471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 571.333165][T31471] RIP: 0010:rate_control_rate_init+0x5c5/0x730 [ 571.335176][T31471] Code: 48 8d 35 00 00 00 00 e8 59 96 e3 f6 e8 54 ee ec f6 e9 20 fe ff ff e8 7a aa 07 f7 90 0f 0b 90 e9 12 fe ff ff e8 6c aa 07 f7 90 <0f> 0b 90 eb b1 e8 61 aa 07 f7 e8 ac f6 eb f6 31 ff 89 c3 89 c6 e8 [ 571.341533][T31471] RSP: 0018:ffffc900200e7200 EFLAGS: 00010283 [ 571.343476][T31471] RAX: 0000000000000734 RBX: ffff888035e34000 RCX: ffffc900282a7000 [ 571.346627][T31471] RDX: 0000000000080000 RSI: ffffffff8b00e134 RDI: ffff8880320a2500 [ 571.349127][T31471] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 571.351921][T31471] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880398b15e0 [ 571.354882][T31471] R13: ffff888044650f20 R14: ffff888038e00000 R15: 0000000000000000 [ 571.357434][T31471] FS: 00007fdfedde96c0(0000) GS:ffff8880d6679000(0000) knlGS:0000000000000000 [ 571.360204][T31471] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 571.362264][T31471] CR2: 0000200000001080 CR3: 000000004ae89000 CR4: 0000000000352ef0 [ 571.364925][T31471] DR0: 00000000000000cc DR1: 0000000000000004 DR2: 0000000080000001 [ 571.367626][T31471] DR3: 0000000000007ffe DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 571.370090][T31471] Call Trace: [ 571.371129][T31471] [ 571.372181][T31471] rate_control_rate_init_all_links+0x76/0x1f0 [ 571.374356][T31471] sta_apply_auth_flags.isra.0+0x4aa/0x500 [ 571.376342][T31471] sta_apply_parameters+0x1234/0x2090 [ 571.378493][T31471] ? __sta_info_alloc+0x1146/0x1cd0 [ 571.380824][T31471] ieee80211_add_station+0x3ff/0x760 [ 571.383142][T31471] nl80211_new_station+0x14a9/0x20f0 [ 571.386396][T31471] ? __pfx_nl80211_new_station+0x10/0x10 [ 571.388974][T31471] ? nl80211_pre_doit+0x19a/0xae0 [ 571.391113][T31471] genl_family_rcv_msg_doit+0x214/0x300 [ 571.393373][T31471] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 571.396295][T31471] ? bpf_lsm_capable+0x9/0x10 [ 571.399446][T31471] ? security_capable+0x80/0x260 [ 571.401629][T31471] ? ns_capable+0xd2/0xf0 [ 571.403099][T31471] genl_rcv_msg+0x560/0x800 [ 571.405532][T31471] ? __pfx_genl_rcv_msg+0x10/0x10 [ 571.408260][T31471] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 571.410560][T31471] ? __pfx_nl80211_new_station+0x10/0x10 [ 571.412882][T31471] ? __pfx_nl80211_post_doit+0x10/0x10 [ 571.415164][T31471] netlink_rcv_skb+0x159/0x420 [ 571.417240][T31471] ? __pfx_genl_rcv_msg+0x10/0x10 [ 571.419365][T31471] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 571.421572][T31471] ? netlink_deliver_tap+0x1ae/0xcc0 [ 571.423716][T31471] genl_rcv+0x28/0x40 [ 571.427445][T31471] netlink_unicast+0x585/0x850 [ 571.428958][T31471] ? __pfx_netlink_unicast+0x10/0x10 [ 571.430699][T31471] netlink_sendmsg+0x8b0/0xda0 [ 571.432350][T31471] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.434080][T31471] ? __might_fault+0x90/0x140 [ 571.436118][T31471] ____sys_sendmsg+0x9e1/0xb70 [ 571.438103][T31471] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.440312][T31471] ? __pfx_____sys_sendmsg+0x10/0x10 [ 571.442582][T31471] ? __pfx_futex_wake_mark+0x10/0x10 [ 571.444818][T31471] ___sys_sendmsg+0x190/0x1e0 [ 571.446955][T31471] ? __pfx____sys_sendmsg+0x10/0x10 [ 571.449282][T31471] __sys_sendmsg+0x170/0x220 [ 571.451243][T31471] ? __pfx___sys_sendmsg+0x10/0x10 [ 571.453389][T31471] ? __x64_sys_futex+0x34f/0x4d0 [ 571.455779][T31471] ? rcu_is_watching+0x12/0xc0 [ 571.458003][T31471] do_syscall_64+0x10b/0xf80 [ 571.459959][T31471] ? clear_bhb_loop+0x40/0x90 [ 571.462022][T31471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.464636][T31471] RIP: 0033:0x7fdfecf9cdd9 [ 571.466655][T31471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 571.473463][T31471] RSP: 002b:00007fdfedde9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 571.476223][T31471] RAX: ffffffffffffffda RBX: 00007fdfed215fa0 RCX: 00007fdfecf9cdd9 [ 571.478774][T31471] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 571.481322][T31471] RBP: 00007fdfed032d69 R08: 0000000000000000 R09: 0000000000000000 [ 571.483876][T31471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 571.487204][T31471] R13: 00007fdfed216038 R14: 00007fdfed215fa0 R15: 00007ffda8d71588 [ 571.490452][T31471] [ 571.491756][T31471] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 571.494828][T31471] CPU: 3 UID: 0 PID: 31471 Comm: syz.2.10241 Tainted: G L syzkaller #0 PREEMPT(full) [ 571.499495][T31471] Tainted: [L]=SOFTLOCKUP [ 571.501346][T31471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 571.505552][T31471] Call Trace: [ 571.507009][T31471] [ 571.508295][T31471] dump_stack_lvl+0x100/0x190 [ 571.510323][T31471] vpanic+0x552/0x970 [ 571.512008][T31471] ? __pfx_vpanic+0x10/0x10 [ 571.513653][T31471] panic+0xd1/0xe0 [ 571.515132][T31471] ? __pfx_panic+0x10/0x10 [ 571.516992][T31471] check_panic_on_warn.cold+0x19/0x34 [ 571.519422][T31471] ? rate_control_rate_init+0x5c5/0x730 [ 571.521769][T31471] __warn.cold+0x191/0x328 [ 571.523624][T31471] __report_bug+0x296/0x3d0 [ 571.525594][T31471] ? rate_control_rate_init+0x5c5/0x730 [ 571.527975][T31471] ? __pfx___report_bug+0x10/0x10 [ 571.530141][T31471] ? kasan_save_track+0x14/0x30 [ 571.531886][T31471] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 571.533962][T31471] ? ieee80211_add_station+0x5f1/0x760 [ 571.536210][T31471] ? nl80211_new_station+0x14a9/0x20f0 [ 571.538456][T31471] ? genl_family_rcv_msg_doit+0x214/0x300 [ 571.540817][T31471] ? netlink_rcv_skb+0x159/0x420 [ 571.542884][T31471] ? netlink_unicast+0x585/0x850 [ 571.544947][T31471] ? netlink_sendmsg+0x8b0/0xda0 [ 571.547074][T31471] ? ____sys_sendmsg+0x9e1/0xb70 [ 571.549110][T31471] ? rate_control_rate_init+0x5c5/0x730 [ 571.551422][T31471] report_bug+0xb2/0x220 [ 571.553187][T31471] ? rate_control_rate_init+0x5c5/0x730 [ 571.555435][T31471] handle_bug+0x16a/0x2a0 [ 571.557160][T31471] exc_invalid_op+0x17/0x50 [ 571.559076][T31471] asm_exc_invalid_op+0x1a/0x20 [ 571.561084][T31471] RIP: 0010:rate_control_rate_init+0x5c5/0x730 [ 571.563718][T31471] Code: 48 8d 35 00 00 00 00 e8 59 96 e3 f6 e8 54 ee ec f6 e9 20 fe ff ff e8 7a aa 07 f7 90 0f 0b 90 e9 12 fe ff ff e8 6c aa 07 f7 90 <0f> 0b 90 eb b1 e8 61 aa 07 f7 e8 ac f6 eb f6 31 ff 89 c3 89 c6 e8 [ 571.571746][T31471] RSP: 0018:ffffc900200e7200 EFLAGS: 00010283 [ 571.574227][T31471] RAX: 0000000000000734 RBX: ffff888035e34000 RCX: ffffc900282a7000 [ 571.577528][T31471] RDX: 0000000000080000 RSI: ffffffff8b00e134 RDI: ffff8880320a2500 [ 571.580649][T31471] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 571.583660][T31471] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880398b15e0 [ 571.586983][T31471] R13: ffff888044650f20 R14: ffff888038e00000 R15: 0000000000000000 [ 571.590203][T31471] ? rate_control_rate_init+0x5c4/0x730 [ 571.592517][T31471] rate_control_rate_init_all_links+0x76/0x1f0 [ 571.595138][T31471] sta_apply_auth_flags.isra.0+0x4aa/0x500 [ 571.597666][T31471] sta_apply_parameters+0x1234/0x2090 [ 571.599939][T31471] ? __sta_info_alloc+0x1146/0x1cd0 [ 571.602187][T31471] ieee80211_add_station+0x3ff/0x760 [ 571.604417][T31471] nl80211_new_station+0x14a9/0x20f0 [ 571.606715][T31471] ? __pfx_nl80211_new_station+0x10/0x10 [ 571.608799][T31471] ? nl80211_pre_doit+0x19a/0xae0 [ 571.610423][T31471] genl_family_rcv_msg_doit+0x214/0x300 [ 571.612466][T31471] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 571.614631][T31471] ? bpf_lsm_capable+0x9/0x10 [ 571.616420][T31471] ? security_capable+0x80/0x260 [ 571.617923][T31471] ? ns_capable+0xd2/0xf0 [ 571.619191][T31471] genl_rcv_msg+0x560/0x800 [ 571.620479][T31471] ? __pfx_genl_rcv_msg+0x10/0x10 [ 571.621947][T31471] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 571.623463][T31471] ? __pfx_nl80211_new_station+0x10/0x10 [ 571.625084][T31471] ? __pfx_nl80211_post_doit+0x10/0x10 [ 571.626755][T31471] netlink_rcv_skb+0x159/0x420 [ 571.628261][T31471] ? __pfx_genl_rcv_msg+0x10/0x10 [ 571.629895][T31471] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 571.631767][T31471] ? netlink_deliver_tap+0x1ae/0xcc0 [ 571.633472][T31471] genl_rcv+0x28/0x40 [ 571.634919][T31471] netlink_unicast+0x585/0x850 [ 571.636448][T31471] ? __pfx_netlink_unicast+0x10/0x10 [ 571.638135][T31471] netlink_sendmsg+0x8b0/0xda0 [ 571.639656][T31471] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.641241][T31471] ? __might_fault+0x90/0x140 [ 571.642975][T31471] ____sys_sendmsg+0x9e1/0xb70 [ 571.644528][T31471] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.646207][T31471] ? __pfx_____sys_sendmsg+0x10/0x10 [ 571.647891][T31471] ? __pfx_futex_wake_mark+0x10/0x10 [ 571.649589][T31471] ___sys_sendmsg+0x190/0x1e0 [ 571.651104][T31471] ? __pfx____sys_sendmsg+0x10/0x10 [ 571.652831][T31471] __sys_sendmsg+0x170/0x220 [ 571.654498][T31471] ? __pfx___sys_sendmsg+0x10/0x10 [ 571.656252][T31471] ? __x64_sys_futex+0x34f/0x4d0 [ 571.657906][T31471] ? rcu_is_watching+0x12/0xc0 [ 571.659469][T31471] do_syscall_64+0x10b/0xf80 [ 571.660936][T31471] ? clear_bhb_loop+0x40/0x90 [ 571.662455][T31471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.664276][T31471] RIP: 0033:0x7fdfecf9cdd9 [ 571.665927][T31471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 571.672037][T31471] RSP: 002b:00007fdfedde9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 571.674842][T31471] RAX: ffffffffffffffda RBX: 00007fdfed215fa0 RCX: 00007fdfecf9cdd9 [ 571.677363][T31471] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 571.679859][T31471] RBP: 00007fdfed032d69 R08: 0000000000000000 R09: 0000000000000000 [ 571.682331][T31471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 571.684844][T31471] R13: 00007fdfed216038 R14: 00007fdfed215fa0 R15: 00007ffda8d71588 [ 571.687359][T31471] [ 571.689024][T31471] Kernel Offset: disabled [ 571.690392][T31471] Rebooting in 86400 seconds..