last executing test programs: 1m14.449434771s ago: executing program 3 (id=474): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), r0) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x78, r2, 0x300, 0x70bd2a, 0x25dfdbff, {}, [@L2TP_ATTR_IFNAME={0x14, 0x8, 'veth1_to_bond\x00'}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x8}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x2}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @ipv4={'\x00', '\xff\xff', @loopback}}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_RECV_TIMEOUT={0xc}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x3}]}, 0x78}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x1c, r1, 0x301, 0x70bd28, 0x0, {0x34}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x1c, r1, 0x301, 0x70bd28, 0x0, {0x34}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 1m14.444544648s ago: executing program 3 (id=478): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0xb0, &(0x7f00000004c0)=[@in={0x2, 0x4e22, @multicast2}, @in6={0xa, 0x4e23, 0x3, @rand_addr=' \x01\x00', 0x2}, @in={0x2, 0x5e20, @rand_addr=0x64010101}, @in6={0xa, 0x4e22, 0xb, @loopback, 0x72af}, @in6={0xa, 0x4e21, 0x7, @mcast1, 0xffffffff}, @in={0x2, 0x4e23, @local}, @in6={0xa, 0x4e23, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, 0xfffff98d}, @in={0x2, 0x4e21, @multicast2}]}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000140), 0x5, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r4, &(0x7f0000000000)="180c4552", 0x4) write$binfmt_misc(r4, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000400)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000000207, 0x0, 0x0, 0x2, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000200f97a640d35a7386700", "28094cf00000000000004ad54afac11d875397bd3c5240f45f819e01177d2d458dd4992861ac000000000000000000080000000000000000001900", "90be8b1c55080021000c547d03d8a0f4bd00", [0x0, 0x9]}}) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x17, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="7b87f20f"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) recvfrom$llc(r4, &(0x7f0000000580)=""/239, 0xef, 0x10340, &(0x7f0000000680)={0x1a, 0x118, 0x2, 0x8, 0x8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}}, 0x10) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000000c0), 0x4) 1m13.680016757s ago: executing program 3 (id=490): r0 = syz_open_dev$sg(&(0x7f0000000000), 0xc, 0x4000) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000040)) ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000080)={0x0, 0xffff}) r1 = syz_open_dev$rtc(&(0x7f00000000c0), 0x2, 0x40) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000100)={{{@in=@private, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@initdev}}, &(0x7f0000000200)=0xe8) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, {r2, 0xee00}}, './file0\x00'}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000300)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0], 0x8, 0x0, 0xdededede}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000440)={&(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x2, 0x4, 0x8}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r3, 0xc01064ab, &(0x7f0000000480)={0x8, r9, r16}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1, r14}) r18 = openat$zero(0xffffffffffffff9c, &(0x7f0000000580), 0x10301, 0x0) r19 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r3) sendmsg$NL80211_CMD_STOP_AP(r18, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x14, r19, 0x200, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}, [""]}, 0x14}}, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r18, 0xc05064a7, &(0x7f0000000b00)={&(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000007c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000a80)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000ac0)=[0x0, 0x0], 0xa, 0x5, 0x7, 0x0, r16}) ioctl$DRM_IOCTL_MODE_ATOMIC(r18, 0xc03864bc, &(0x7f0000000c00)={0x200, 0x4, &(0x7f0000000700)=[r13, r12, r17, r6], &(0x7f0000000740)=[0x8, 0x800], &(0x7f0000000b80)=[r10, r21, r13, r11], &(0x7f0000000bc0)=[0x0, 0xff], 0x0, 0x5}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000cc0)={{{@in=@initdev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@loopback}}, &(0x7f0000000dc0)=0xe8) r23 = getegid() setxattr$system_posix_acl(&(0x7f0000000c40)='./file0\x00', &(0x7f0000000c80)='system.posix_acl_access\x00', &(0x7f0000000e00)={{}, {0x1, 0x1}, [{0x2, 0xd, r22}], {0x4, 0x5}, [{0x8, 0x1, r4}, {0x8, 0x1, r4}, {0x8, 0xc984eee19c96cbf9, r23}], {0x10, 0x1}, {0x20, 0x1}}, 0x44, 0x3) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r18, 0xc00c642d, &(0x7f0000000e80)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r18, 0xc01064ab, &(0x7f0000000ec0)={0x9, r20, r15}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000f40)={&(0x7f0000000f00)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r24, 0xc02064b9, &(0x7f0000001080)={&(0x7f0000001000)=[0x0, 0x0], &(0x7f0000001040)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x2, r5, 0xe0e0e0e0}) ioctl$DRM_IOCTL_MODE_ATOMIC(r18, 0xc03864bc, &(0x7f0000001140)={0x1, 0x1, &(0x7f0000000f80)=[r25], &(0x7f0000000fc0)=[0x3, 0x4, 0x4, 0x3, 0x20000], &(0x7f00000010c0)=[r8, r26, r6, r7], &(0x7f0000001100), 0x0, 0x8}) r27 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000001180)={0x0, 0xbe4}, &(0x7f00000011c0)=0x8) setsockopt$inet_sctp_SCTP_ASSOCINFO(r27, 0x84, 0x1, &(0x7f0000001200)={r28, 0x3, 0x1, 0xc, 0x4, 0x1ff}, 0x14) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, &(0x7f0000001240)={{0x7, 0x4, 0x9, 0x9, 'syz1\x00', 0x7}, 0x1, [0x100000001, 0x1, 0x5, 0xb, 0x1, 0x5, 0x2, 0x3, 0x8, 0x80, 0xff, 0xa688, 0x8000, 0x5, 0x1, 0xb474, 0x5aa, 0x0, 0x3, 0x9, 0xded, 0x0, 0x5, 0x0, 0x4, 0x9, 0x5, 0x6, 0x8, 0x6, 0x8000000000000001, 0xaa9f, 0xffffffffffffffff, 0x1, 0x4, 0xfffffffffffffffe, 0x7, 0x1ff, 0x9, 0x4, 0x7, 0x33ad, 0x4, 0x80000001, 0x8, 0x8, 0x40, 0x8, 0xb, 0x42f27bd5, 0x54d, 0x6, 0x7, 0x1, 0x6, 0xfff, 0x1, 0x8, 0x8, 0x1a, 0x5, 0x8000000000000001, 0x70bb, 0x9, 0x4, 0x1, 0x5, 0x9, 0x2, 0x6b, 0x5, 0x4, 0x140c, 0x1885, 0x5, 0x6b3, 0xffff, 0xffffffffffff2acc, 0xbf, 0x0, 0x38000, 0x2, 0xa, 0x94c, 0x7, 0xfffffffffffffad3, 0x8, 0xef, 0x8, 0x948, 0x3, 0x6, 0x815d, 0x0, 0x71, 0xf99, 0x7, 0x5b3, 0x8, 0x72d, 0x0, 0x6, 0x9, 0x380000000, 0x2ac, 0x100000000, 0x0, 0x40, 0x3, 0xfffffffffffffff9, 0x4, 0x3, 0x0, 0x610, 0x77a, 0x64d6, 0x8dbd, 0x40000000000, 0x2, 0x8, 0x34dbcdfa, 0x4, 0x8be, 0x6, 0x80000000, 0xea4d, 0x2, 0xf69]}) renameat2(r3, &(0x7f0000001740)='./file0\x00', r18, &(0x7f0000001780)='./file0\x00', 0x4) r29 = openat$panthor(0xffffffffffffff9c, &(0x7f00000017c0), 0x2, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r29, 0xc00c642d, &(0x7f0000001840)) 1m13.581589119s ago: executing program 3 (id=492): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) socket$kcm(0x10, 0x2, 0x0) 1m13.58110249s ago: executing program 3 (id=493): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r0, &(0x7f0000001600), 0x0}, 0x20) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @dev={0xac, 0x14, 0x14, 0xff}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) (async) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r0, &(0x7f0000001600), 0x0}, 0x20) (async) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @dev={0xac, 0x14, 0x14, 0xff}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) (async) 1m13.22125722s ago: executing program 3 (id=501): r0 = socket$inet_icmp(0x2, 0x2, 0x1) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb10000a8880086dd4803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) socket$inet(0x2, 0x2, 0x0) (async) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x9, @empty}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) (async) r5 = open(&(0x7f0000000140)='./bus\x00', 0x143bc2, 0x190) (async) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'macvtap0\x00'}) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r7, {0xd, 0xa}, {0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x2, 0x0, 0x2}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc(aes),sha256)\x00'}, 0x58) (async) close_range(r5, 0xffffffffffffffff, 0x0) 1m13.171346234s ago: executing program 32 (id=501): r0 = socket$inet_icmp(0x2, 0x2, 0x1) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb10000a8880086dd4803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) socket$inet(0x2, 0x2, 0x0) (async) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x9, @empty}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) (async) r5 = open(&(0x7f0000000140)='./bus\x00', 0x143bc2, 0x190) (async) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'macvtap0\x00'}) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r7, {0xd, 0xa}, {0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x2, 0x0, 0x2}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc(aes),sha256)\x00'}, 0x58) (async) close_range(r5, 0xffffffffffffffff, 0x0) 5.310807167s ago: executing program 4 (id=1742): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000002900010127bd7000fcdbdf2502000000df3ecdea1ee5cd42b5a6f063737f308fc5fe2513577b6b0e7cc9fcda560b816d1a7528a4f070097ec19fc256829e2598717567dca62cb6ae84dad869c1a069ad9f9de9ebd50b17349b4bb7a30ad36dfa38326d92b0c40a6a1bf67e30c9a911b45d27491c6cda6820ee29e8f1fc3bdb2733"], 0x14}, 0x1, 0x0, 0x0, 0x60082}, 0x880) r0 = socket$kcm(0x2b, 0x1, 0x0) r1 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r1, &(0x7f00000007c0)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000080)="92", 0x1}], 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="2400000000000000840000000700000044140823e000000200000002e00000010000100000000000dc00000000000000000000000700000094040000863900000001000cb2ffb69602013567ffcb060f19367d2b99bdc0f59e428bc33a050a3660f2bb77c7045b050a31efe0215e235d56060495ae0144243471ac14142700000006ac1414bb00000001ac1414bb0000ffff0a01010200000009009404010000866000000000000c253d78b48f9458beb62d0102000d3bf9f2dbdddfea00b260f00503db010436b20603c70109e35e3ab5244a640709675e60e1799f870512e123b12c8654130f6a1f80f526064d12061127d9c9821b1bfe4b42fcb33e2e2d2594040000000000001400000000000000000000000200000022a20000000000001400000000000000000000000200000005000000000000001c"], 0x158}, 0x40) setsockopt$sock_attach_bpf(r1, 0x1, 0xd, &(0x7f0000000200), 0x2f) close(r0) 5.212150713s ago: executing program 4 (id=1746): syz_open_dev$loop(&(0x7f0000000880), 0x7, 0x8101) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fe9000/0x2000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ff0000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x1c79, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 5.211783985s ago: executing program 4 (id=1749): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r2, 0x4020aed2, &(0x7f0000000000)={0x30000, 0x600000, 0x8}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) bind$unix(r3, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmsg$unix(r3, &(0x7f00000000c0)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x303de1f53b11ae}, 0x20008840) setsockopt$SO_TIMESTAMP(r3, 0x1, 0x1d, &(0x7f0000000080)=0x7, 0x4) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f00000001c0)=0x44fb, 0x4) recvmmsg(r3, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/57, 0x39}, 0x8}], 0x3ffffffffffff2e, 0x1000400000de, 0x0) 4.210429247s ago: executing program 1 (id=1757): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000200)={0x203, 0xa, 0x2}) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000180)={0x5, 0xa, 0x2, 0x0, 0x81}) 4.210322221s ago: executing program 1 (id=1758): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000180)=0x200) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) write$dsp(r0, &(0x7f0000000200), 0x0) write$dsp(r0, &(0x7f0000000080)="cd", 0x1) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) 3.772182962s ago: executing program 4 (id=1759): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000005c0)=@broute={'broute\x00', 0x20, 0x3, 0x14e, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000040], 0x0, 0x0, &(0x7f0000000040)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x1, [{0x9, 0xf, 0x201, 'syz_tun\x00', 'ip6erspan0\x00', 'veth1_to_batadv\x00', 'pim6reg1\x00', @random="d26b1a0be1c4", [0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty, [0xff, 0x0, 0xff], 0x6e, 0x6e, 0xbe, [], [], @common=@LED={'LED\x00', 0x28, {{'syz1\x00', 0x1, 0x367, {0xfffffffffffffff7}}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1c6) 3.7071315s ago: executing program 4 (id=1760): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0xfffffffc, 0x2, 0x2}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x1, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000200000000000000000000095be41b1c537589def6de049841244c70a595f2734e6dba6649b1c921296493dca89862dcb2e5011dd092823b391471775fa665942c0af1e7773b0a636efe95be1f1720bfeba3402cac322337349d6716a95a03ddc7e6266079c08925c8390805a48be314f2f5166373c72838a94f594fe9887483fedec56b17c41f3877b854beedd2b40a9846b7773ff8d5c661f2168564111c635f84a4fac"], &(0x7f0000001400)='syzkaller\x00'}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0x104, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32, 0x8, 0xfffffffffffffe53, 0x0}}, 0xd) syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) pipe(&(0x7f0000000040)) close(0x3) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$int_in(r2, 0x5452, &(0x7f0000000100)=0x8e50) io_setup(0x3ff, &(0x7f0000000500)) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000022c0)=@newtfilter={0x90, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x40, 0x9, 0x6, 0x0, 0x7}}, @TCA_DEF_DATA={0xa, 0x3, 'basic\x00'}]}, {0xffffffffffffffdd}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x90}}, 0x0) 3.227021295s ago: executing program 1 (id=1764): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000002900010127bd7000fcdbdf2502000000df3ecdea1ee5cd42b5a6f063737f308fc5fe2513577b6b0e7cc9fcda560b816d1a7528a4f070097ec19fc256829e2598717567dca62cb6ae84dad869c1a069ad9f9de9ebd50b17349b4bb7a30ad36dfa38326d92b0c40a6a1bf67e30c9a911b45d27491c6cda6820ee29e8f1fc3bdb2733"], 0x14}, 0x1, 0x0, 0x0, 0x60082}, 0x880) r0 = socket$kcm(0x2b, 0x1, 0x0) r1 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r1, &(0x7f00000007c0)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000080)="92", 0x1}], 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="2400000000000000840000000700000044140823e000000200000002e00000010000100000000000dc00000000000000000000000700000094040000863900000001000cb2ffb69602013567ffcb060f19367d2b99bdc0f59e428bc33a050a3660f2bb77c7045b050a31efe0215e235d56060495ae0144243471ac14142700000006ac1414bb00000001ac1414bb0000ffff0a01010200000009009404010000866000000000000c253d78b48f9458beb62d0102000d3bf9f2dbdddfea00b260f00503db010436b20603c70109e35e3ab5244a640709675e60e1799f870512e123b12c8654130f6a1f80f526064d12061127d9c9821b1bfe4b42fcb33e2e2d2594040000000000001400000000000000000000000200000022a20000000000001400000000000000000000000200000005000000000000001c"], 0x158}, 0x40) setsockopt$sock_attach_bpf(r1, 0x1, 0xd, &(0x7f0000000200), 0x2f) close(r0) 3.226661673s ago: executing program 1 (id=1765): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'caif0\x00', 0x400}) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000240)=ANY=[], 0xfdef) 2.350757539s ago: executing program 2 (id=1769): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3}) 2.350579673s ago: executing program 2 (id=1770): r0 = socket(0x40000000015, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x80108907, 0x0) 2.276359736s ago: executing program 2 (id=1771): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="3c020000190001000000000001000000fe8800000000000000000000000001010000000000000000000000000000000100000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084010500ac1414aa000000000000000000000000000000003300000000000000fc0100000000000000000000000000000000000000000000000000000000000040000000fe8000000000000000000000000000bb000000003300000000000000fe80000000000000000000000000000000000000030000000000000000000000000000007f000001000000000000000000000000000000006c00000000000000fc0200000000000000000000000000010000000000000000000000000000000000000000fe8000000000000000000000000000aa0000000033"], 0x23c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 2.276197889s ago: executing program 2 (id=1772): r0 = socket(0x10, 0x803, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000100), 0xfffffffffffffffc, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3}) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000180)=@mmap={0x1, 0x1, 0x4, 0x8, 0x81, {0x0, 0x0}, {0x4, 0x8, 0x0, 0x5, 0x29, 0x9, "0adb3f09"}, 0x5, 0x1, {}, 0x4}) getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000020", @ANYRES32=r3, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000100", @ANYRES32=r2, @ANYBLOB="14000600fe8000000000000000000000000000aa1400070000000000000000000000000000bb"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x10) 1.865610166s ago: executing program 0 (id=1775): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0x40405514, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0xfffffffffffffe00, 0x1, 0x0, 0x0, 0x0, 0x1000000, 0x8, 0x0, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x100000001, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x40, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0xc, 0x2, 0x0, 0x22820adc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) 1.865269057s ago: executing program 0 (id=1776): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r0 = epoll_create1(0x80000) r1 = socket$nl_audit(0x10, 0x3, 0x9) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xfffffffffffffee6}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24040045) r2 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xce}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}, {&(0x7f0000000100)}], 0x2) io_uring_enter(r2, 0x2219, 0xcf74, 0x16, 0x0, 0x0) bind$can_raw(0xffffffffffffffff, &(0x7f0000000000), 0x10) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x410000, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0x4}) 1.745281173s ago: executing program 0 (id=1777): bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000640)={r0, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0xa) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)="5c00000015006b0300224ed86e6c1d0002117ea6e070d6064e22000300000001250002000f00000017d34460bc24eab556a705251e6182949a00003d3b48dfd8cdbf9767b4fa51f62a64c9f4060046d88037e786a6d0a5d700000017", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 1.6314098s ago: executing program 0 (id=1778): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) quotactl$Q_GETQUOTA(0xffffffff80000701, &(0x7f0000000100)=@nullb, 0xffffffffffffffff, 0x0) 1.631269573s ago: executing program 0 (id=1779): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1, 0x0, {0x2, 0x0, 0x4}, 0x2}, 0x18) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) sendmsg$can_j1939(r2, &(0x7f00000004c0)={&(0x7f0000000000)={0x1d, r1, 0x3, {0x0, 0x1, 0x1}, 0xfe}, 0x18, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x10) 1.528143198s ago: executing program 2 (id=1780): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040), 0x13f, 0x3}}, 0x20) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000500)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 1.526347753s ago: executing program 1 (id=1781): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) ftruncate(r1, 0x1000006) add_key$user(0x0, 0x0, &(0x7f00000002c0)="de", 0x1, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, &(0x7f0000000140)=@secondary) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x0, 0x0, 0x1000000}) syz_usb_connect(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="120100004106cd40cd060f011bd5000a00010902"], 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000580)=0x1) 343.540182ms ago: executing program 4 (id=1782): r0 = gettid() r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0) read$FUSE(r1, &(0x7f0000001b40)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x205c) timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000240)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r5, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x1000000) mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0xffffffff) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100"}) ioctl$SW_SYNC_IOC_INC(r7, 0x40045701, &(0x7f0000000a40)=0xffffffff) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x94, 0x7fff0000}]}) close_range(r8, r8, 0x2) syz_io_uring_setup(0x49a, &(0x7f0000000140)={0x0, 0x79af, 0x3380, 0x1, 0x400250}, 0x0, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1f, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000380)=ANY=[@ANYRES16, @ANYRESDEC=r2, @ANYRESDEC=r0, @ANYRESDEC=r3, @ANYRESOCT=r4, @ANYRES16=r2, @ANYRESDEC=r7, @ANYBLOB="a3b98e8984566b4237083bdecc55b5011fcc140caa5eb5747c317cb30cbfcace7b04767a0cca3be2e52ccfbb123a6b4976b675fcffcd7291c2ca6e3ed6e3f1bda501abafa0ae28587b2955dbfc7af6c46696fb8314fb7a3e035a9aba08ece45c4179fee13445c471c2bcb28553c6401e8cfe5ec8a97ae77ecc9757b509374da2747f7148eff0ba0c64d4963433c9535076be654f97f6993066b570466eff54", @ANYRES8=r0, @ANYRESHEX=r6]) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$SNDRV_TIMER_IOCTL_CREATE(r9, 0xc02054a5, &(0x7f0000000180)={0x100, r6, 'id1\x00'}) read$FUSE(r6, &(0x7f000000c380)={0x2020}, 0x2020) read$FUSE(r6, &(0x7f00000021c0)={0x2020}, 0x2020) 192.399837ms ago: executing program 0 (id=1783): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f00000003c0)="0f326635004000000f300f00d636808a0d0001ba4300b80b00eb66b88c5000000f23d02a3ff866352000000e0f23f80f01c30f789deb32660f3a21cf220f2bb00058660f1bde", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) futex(&(0x7f0000000080), 0x5, 0x0, 0x0, 0x0, 0x14fffffd) ioctl$KVM_RUN(r5, 0xae80, 0x0) 80.361858ms ago: executing program 1 (id=1784): unshare(0x40050300) r0 = socket$rds(0x15, 0x5, 0x0) unshare(0x20000) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000f2303920422c021240850102030109022400010000100009040c0202c17f0c00090502020002020000090582020002"], 0x0) syz_usb_control_io$lan78xx(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000340)={0x0, 0x30, 0x1, 'D'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$rtl8150(r1, 0x0, 0x0) syz_usb_control_io$rtl8150(r1, 0x0, &(0x7f0000000900)={0x2c, &(0x7f0000000800)={0x0, 0x16, 0x1, "dc"}, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$media(&(0x7f0000000000), 0x6, 0x28800) 0s ago: executing program 2 (id=1785): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000005c0)=@generic={&(0x7f0000000580)='./bus\x00', 0x0, 0x8}, 0x18) r2 = openat$vsock(0xffffffffffffff9c, 0x0, 0x2c0c2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0) r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x1, 0x9, 0x2020, 0x0, 0xd, 0x0, 0x1, 0x6}}) syz_genetlink_get_family_id$batadv(0x0, r2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f40)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x8000002) socketpair$unix(0x1, 0x1, 0x0, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501) ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0xa1, &(0x7f0000000040)={0x2, 0x3, 0x5}, 0x8, 0x0, 0x20008, 0x0, 0x0, 0x0, 0x0}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a09040000a0b80000000002000002400004803c0001800dffee00696d6d656469617465000000280002801c000280180002800900020073797a320000000008000180fffffffc08000140000000000900010073797a30000000000900020073797a32000000001400000011000100"/146], 0x94}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000002000000000f40600000a14000000020a01"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094) prlimit64(0x0, 0x0, 0x0, &(0x7f0000000180)) pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r7, 0x5761, &(0x7f0000000040)=ANY=[@ANYBLOB="01"]) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r7, 0x5760, 0x10) close_range(r6, r7, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) waitid(0x2, 0x0, 0x0, 0x1000000, &(0x7f0000000600)) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002640)=ANY=[@ANYBLOB="24000000200099dd554d7000ffdbdf250200"/36], 0x24}}, 0x8800) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x37) sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000007c0)=ANY=[@ANYBLOB="3c000000b9a16bb877fa0110136978d0da198dc6fdadaa3881d1b6d161753099045c98f6bb08f38773e762420b85f2a94195a1c6fb75e704f8b04012df222475c9afa68a78452d5543055fc25b1c04c92a49bb69b38b1e6b8f2baf0e481b23308f13d39ff39f2a4d19e76da4dc63145e3a5fe7cda7e0006adb650c51b342ae6ec336a69e5dbfa7ae00"/152, @ANYRES32=0x0, @ANYBLOB="01980000031300001c00128009000100eefc6970000083000c00028008000300e00000015c413394c2cd647ccea14a0fa72abaaded37e53e987e722424214f79ed6432be46dbbcbf8bc3039a065672f4ee30391d00354aa7727effd6729f5b4cfa4ddad99c3d18c68f74fe0f158d69cbef835a330ca5854f41ba77f3b5450f98c72737c868cc3b929338f6e38c990f91e7af0a792c702a6908aae6cd064de44cbdda467cb76d23c4ddda1ccc523078a5cf3b97b368919c8bffab6c21662faa542eddbc52a9963696570173853e58d258ccf3671c154d50050173be7fb6d72e9ffad569c483ed1c3e"], 0x3c}, 0x1, 0x0, 0x0, 0xc4c0}, 0x0) kernel console output (not intermixed with test programs): ] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.501763][ T7268] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.581753][ T7285] dlm: non-version read from control device 0 [ 85.686576][ T7288] vlan3: entered allmulticast mode [ 85.688846][ T7288] bridge4: entered allmulticast mode [ 85.700193][ T7288] bridge4: port 1(erspan0) entered blocking state [ 85.704177][ T7288] bridge4: port 1(erspan0) entered disabled state [ 85.705708][ T7298] binder: BINDER_SET_CONTEXT_MGR already set [ 85.714348][ T7288] erspan0: entered allmulticast mode [ 85.717302][ T7298] binder: 7297:7298 ioctl 4018620d 200000004a80 returned -16 [ 85.724558][ T7288] erspan0: entered promiscuous mode [ 85.727383][ T7288] bridge4: port 1(erspan0) entered blocking state [ 85.730113][ T7288] bridge4: port 1(erspan0) entered forwarding state [ 85.744063][ T7298] syzkaller0: entered promiscuous mode [ 85.746567][ T7298] syzkaller0: entered allmulticast mode [ 85.902231][ T7301] bridge0: entered promiscuous mode [ 85.903951][ T7301] bridge0: entered allmulticast mode [ 85.911271][ T7301] team0: Port device bridge0 added [ 86.499484][ T7318] tmpfs: Bad value for 'mpol' [ 86.534328][ T7320] veth0_to_bond: entered allmulticast mode [ 86.544530][ T7323] netlink: 'syz.1.370': attribute type 20 has an invalid length. [ 86.562240][ T7325] JFS: discard option not supported on device [ 86.565206][ T7325] Mount JFS Failure: -5 [ 86.617804][ T7327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 86.644680][ T7327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 86.707680][ T7340] sp0: Synchronizing with TNC [ 86.715219][ T7339] [U] [ 86.742519][ T7342] fuse: Unknown parameter '0x0000000000000003' [ 86.760257][ T5952] Bluetooth: hci3: command 0x0405 tx timeout [ 87.151000][ T7364] 8021q: adding VLAN 0 to HW filter on device bond3 [ 87.169704][ T7364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.188075][ T7364] bond3: (slave bond0): making interface the new active one [ 87.201910][ T7364] bond3: (slave bond0): Enslaving as an active interface with an up link [ 87.214096][ T7370] netlink: 'syz.3.383': attribute type 4 has an invalid length. [ 87.223331][ T7370] .`: renamed from bond0 (while UP) [ 87.313296][ T13] bond3: (slave .`): link status definitely down, disabling slave [ 87.322063][ T13] bond3: now running without any active interface! [ 87.366057][ T7388] sp0: Synchronizing with TNC [ 87.376165][ T7387] [U] [ 87.471826][ T7394] autofs4:pid:7394:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a) [ 87.590476][ T7409] atomic_op ffff888059376998 conn xmit_atomic 0000000000000000 [ 87.772158][ T7425] sp0: Synchronizing with TNC [ 87.779032][ T7423] [U] [ 87.923538][ T7434] __nla_validate_parse: 18 callbacks suppressed [ 87.923607][ T7434] netlink: 8 bytes leftover after parsing attributes in process `syz.3.408'. [ 87.993156][ T7437] fuse: Unknown parameter '0x0000000000000003' [ 88.009695][ T7439] netlink: 'syz.1.410': attribute type 2 has an invalid length. [ 88.016711][ T7439] netlink: 4 bytes leftover after parsing attributes in process `syz.1.410'. [ 88.023357][ T7439] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7439 comm=syz.1.410 [ 88.028240][ T7439] xt_socket: unknown flags 0x48 [ 88.273416][ T7456] netlink: 16 bytes leftover after parsing attributes in process `syz.1.417'. [ 88.288105][ T7456] sp0: Synchronizing with TNC [ 88.301931][ T10] cfg80211: failed to load regulatory.db [ 88.309517][ T7455] [U] [ 88.513829][ T7469] netlink: 20 bytes leftover after parsing attributes in process `syz.1.418'. [ 88.517403][ T40] kauditd_printk_skb: 26 callbacks suppressed [ 88.517468][ T40] audit: type=1400 audit(2000000002.826:422): avc: denied { getopt } for pid=7446 comm="syz.2.413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 88.577627][ T40] audit: type=1400 audit(2000000002.891:423): avc: denied { relabelfrom } for pid=7463 comm="syz.1.418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 88.584015][ T40] audit: type=1400 audit(2000000002.891:424): avc: denied { relabelto } for pid=7463 comm="syz.1.418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 88.693441][ T40] audit: type=1400 audit(2000000002.985:425): avc: denied { setopt } for pid=7474 comm="syz.3.420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 88.907463][ T40] audit: type=1400 audit(2000000003.191:426): avc: denied { setopt } for pid=7477 comm="syz.0.421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 88.914293][ T40] audit: type=1400 audit(2000000003.200:427): avc: denied { nlmsg_read } for pid=7477 comm="syz.0.421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 88.961850][ T5295] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 88.980410][ T40] audit: type=1400 audit(2000000003.256:428): avc: denied { append } for pid=7481 comm="syz.0.423" name="btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 88.988523][ T40] audit: type=1400 audit(2000000003.265:429): avc: denied { create } for pid=7481 comm="syz.0.423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 88.994832][ T40] audit: type=1400 audit(2000000003.265:430): avc: denied { bind } for pid=7481 comm="syz.0.423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 89.029423][ T7484] CUSE: info not properly terminated [ 89.122761][ T5295] usb 8-1: Using ep0 maxpacket: 8 [ 89.128283][ T5295] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 89.130927][ T5295] usb 8-1: config 0 has no interface number 0 [ 89.132993][ T5295] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 80, changing to 10 [ 89.136495][ T5295] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 89.139412][ T5295] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.147396][ T5295] usb 8-1: config 0 descriptor?? [ 89.156009][ T5295] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 89.256234][ T7491] capability: warning: `syz.0.425' uses deprecated v2 capabilities in a way that may be insecure [ 89.494537][ T7501] fuse: Unknown parameter '0x0000000000000003' [ 89.731892][ T7511] netlink: 'syz.2.431': attribute type 63 has an invalid length. [ 89.734574][ T7511] netlink: 5 bytes leftover after parsing attributes in process `syz.2.431'. [ 89.737889][ T7511] gretap0: entered allmulticast mode [ 89.748839][ T7511] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 89.813949][ T7517] netlink: 20 bytes leftover after parsing attributes in process `syz.2.433'. [ 89.870633][ T7520] netlink: 12 bytes leftover after parsing attributes in process `syz.2.434'. [ 89.898515][ T40] audit: type=1400 audit(2000000004.117:431): avc: denied { firmware_load } for pid=7519 comm="syz.2.434" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 90.245818][ T7537] netlink: 20 bytes leftover after parsing attributes in process `syz.2.440'. [ 90.252265][ T7535] netlink: 'syz.0.439': attribute type 7 has an invalid length. [ 90.262294][ T7537] netlink: 20 bytes leftover after parsing attributes in process `syz.2.440'. [ 90.408588][ T7547] netlink: 24 bytes leftover after parsing attributes in process `syz.2.443'. [ 90.458534][ T7550] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7550 comm=syz.0.444 [ 90.513954][ T7555] sp0: Synchronizing with TNC [ 90.545690][ T7554] [U] [ 90.859825][ T7582] fuse: Unknown parameter '0x0000000000000003' [ 90.866147][ T7584] Cannot find add_set index 0 as target [ 90.989266][ T7593] sp0: Synchronizing with TNC [ 90.996704][ T7592] [U] [ 91.226104][ T7604] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 91.738150][ T7620] sp0: Synchronizing with TNC [ 91.755012][ T7619] [U] [ 91.814931][ T6012] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 91.882020][ T7624] tmpfs: Bad value for 'mpol' [ 91.902113][ T39] usb 8-1: USB disconnect, device number 4 [ 91.976734][ T6012] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 91.980382][ T6012] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 91.984013][ T6012] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 91.992493][ T6012] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 91.999848][ T6012] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 92.003403][ T6012] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.017887][ T6012] usb 5-1: config 0 descriptor?? [ 92.020502][ T7618] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 92.034882][ T7644] fuse: Unknown parameter '0x0000000000000003' [ 92.056856][ T7640] loop5: detected capacity change from 0 to 7 [ 92.059069][ T7646] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 92.062933][ T7640] Dev loop5: unable to read RDB block 7 [ 92.065800][ T7640] loop5: unable to read partition table [ 92.068398][ T7640] loop5: partition table beyond EOD, truncated [ 92.070966][ T7640] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 92.713344][ T6012] usbhid 5-1:0.0: can't add hid device: -71 [ 92.715330][ T6012] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 92.723948][ T6012] usb 5-1: USB disconnect, device number 4 [ 92.910605][ T7682] netlink: 'syz.1.491': attribute type 1 has an invalid length. [ 93.014297][ T7687] bridge6: entered promiscuous mode [ 93.016082][ T7687] bridge6: entered allmulticast mode [ 93.052810][ T7696] erofs (device loop2): cannot find valid erofs superblock [ 93.240553][ T59] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.339397][ T59] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.358712][ T5952] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.365627][ T5952] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.369520][ T5952] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.375361][ T5952] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.384033][ T5952] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.448980][ T59] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.506282][ T39] IPVS: starting estimator thread 0... [ 93.514160][ T7725] xt_hashlimit: max too large, truncated to 1048576 [ 93.520924][ T7725] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 93.553140][ T59] netdevsim netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.603739][ T7723] IPVS: using max 46 ests per chain, 110400 per kthread [ 93.638758][ T7717] chnl_net:caif_netlink_parms(): no params data found [ 93.756009][ T7717] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.758378][ T7717] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.763254][ T7717] bridge_slave_0: entered allmulticast mode [ 93.767124][ T7717] bridge_slave_0: entered promiscuous mode [ 93.774653][ T7717] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.777382][ T7717] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.779713][ T7717] bridge_slave_1: entered allmulticast mode [ 93.783403][ T7717] bridge_slave_1: entered promiscuous mode [ 93.814027][ T7717] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.833605][ T7717] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.840289][ T7747] trusted_key: syz.1.511 sent an empty control message without MSG_MORE. [ 93.883866][ T59] bridge_slave_1: left promiscuous mode [ 93.887031][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.892517][ T59] bridge_slave_0: left allmulticast mode [ 93.894315][ T59] bridge_slave_0: left promiscuous mode [ 93.897070][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.924999][ T59] bridge_slave_1: left allmulticast mode [ 93.926939][ T59] dvmrp8: left allmulticast mode [ 93.987096][ T7715] syz.0.503 (7715): drop_caches: 2 [ 94.213412][ T7759] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7759 comm=syz.0.514 [ 94.218528][ T7759] __nla_validate_parse: 8 callbacks suppressed [ 94.218539][ T7759] netlink: 68 bytes leftover after parsing attributes in process `syz.0.514'. [ 94.227338][ T40] kauditd_printk_skb: 12 callbacks suppressed [ 94.227347][ T40] audit: type=1400 audit(2000000008.169:444): avc: denied { write } for pid=7758 comm="syz.0.514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 94.707689][ T59] bond3 (unregistering): (slave .`): Releasing active interface [ 94.716987][ T59] .` (unregistering): (slave bond_slave_0): Releasing backup interface [ 94.726977][ T59] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 94.731280][ T59] .` (unregistering): Released all slaves [ 94.738725][ T59] bond1 (unregistering): Released all slaves [ 94.747085][ T59] bond2 (unregistering): Released all slaves [ 94.754235][ T59] bond3 (unregistering): Released all slaves [ 94.762262][ T7717] team0: Port device team_slave_0 added [ 94.769069][ T7754] bond0: entered promiscuous mode [ 94.770725][ T7754] bond_slave_0: entered promiscuous mode [ 94.772650][ T7754] bond_slave_1: entered promiscuous mode [ 94.775273][ T7754] batadv0: entered promiscuous mode [ 94.777508][ T7754] batadv0: left promiscuous mode [ 94.779482][ T7754] bond0: left promiscuous mode [ 94.781007][ T7754] bond_slave_0: left promiscuous mode [ 94.783384][ T7754] bond_slave_1: left promiscuous mode [ 94.806934][ T7755] bond0: entered promiscuous mode [ 94.811267][ T7755] bond_slave_0: entered promiscuous mode [ 94.813200][ T7755] bond_slave_1: entered promiscuous mode [ 94.815937][ T7755] batadv0: entered promiscuous mode [ 94.824358][ T7755] batadv0: left promiscuous mode [ 94.826512][ T7755] bond0: left promiscuous mode [ 94.828634][ T7755] bond_slave_0: left promiscuous mode [ 94.831023][ T7755] bond_slave_1: left promiscuous mode [ 94.859672][ T7717] team0: Port device team_slave_1 added [ 94.943085][ T7717] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.947363][ T7717] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.959263][ T7717] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.963768][ T7717] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.965887][ T7717] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.974959][ T7717] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.976414][ T7800] ipt_REJECT: TCP_RESET invalid for non-tcp [ 94.997537][ T7717] hsr_slave_0: entered promiscuous mode [ 94.999923][ T7717] hsr_slave_1: entered promiscuous mode [ 95.002006][ T7717] debugfs: 'hsr0' already exists in 'hsr' [ 95.004160][ T7717] Cannot create hsr debugfs directory [ 95.114891][ T40] audit: type=1400 audit(2000000009.002:445): avc: denied { create } for pid=7825 comm="syz.2.517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 95.114924][ T5649] 8021q: adding VLAN 0 to HW filter on device eth2 [ 95.147727][ T40] audit: type=1400 audit(2000000009.030:446): avc: denied { getopt } for pid=7825 comm="syz.2.517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 95.203216][ T59] hsr_slave_0: left promiscuous mode [ 95.207515][ T59] hsr_slave_1: left promiscuous mode [ 95.209643][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 95.212403][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 95.220965][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 95.223261][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 95.226838][ T7836] overlay: filesystem on ./file0 is read-only [ 95.229798][ T40] audit: type=1400 audit(2000000009.105:447): avc: denied { mounton } for pid=7835 comm="syz.1.520" path="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 95.245473][ T59] veth1_macvtap: left promiscuous mode [ 95.248556][ T59] veth0_macvtap: left promiscuous mode [ 95.251824][ T59] veth1_vlan: left promiscuous mode [ 95.254151][ T59] veth0_vlan: left promiscuous mode [ 95.410469][ T59] team0 (unregistering): Port device team_slave_1 removed [ 95.425233][ T59] team0 (unregistering): Port device team_slave_0 removed [ 95.444666][ T7846] fuse: Unknown parameter 'fd0x0000000000000003' [ 95.552176][ T7717] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.555365][ T5952] Bluetooth: hci2: command tx timeout [ 95.565917][ T7717] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 95.568409][ T7854] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 95.572367][ T7717] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.583523][ T7717] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 95.587742][ T7717] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.611380][ T40] audit: type=1400 audit(2000000009.470:448): avc: denied { create } for pid=7858 comm="syz.1.525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 95.611744][ T7717] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 95.620321][ T7717] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.622113][ T40] audit: type=1400 audit(2000000009.479:449): avc: denied { bind } for pid=7858 comm="syz.1.525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 95.626340][ T7859] binder: 7858:7859 unknown command 0 [ 95.628930][ T40] audit: type=1400 audit(2000000009.479:450): avc: denied { listen } for pid=7858 comm="syz.1.525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 95.631507][ T7859] binder: 7858:7859 ioctl c0306201 200000000080 returned -22 [ 95.638131][ T40] audit: type=1400 audit(2000000009.479:451): avc: denied { connect } for pid=7858 comm="syz.1.525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 95.650468][ T7717] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 95.659786][ T5649] 8021q: adding VLAN 0 to HW filter on device eth3 [ 95.692367][ T40] audit: type=1400 audit(2000000009.535:452): avc: denied { call } for pid=7858 comm="syz.1.525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 95.749381][ T7717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.775188][ T7717] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.789646][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.792342][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.807898][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.810182][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.830396][ T7717] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 95.834666][ T7717] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.840535][ T7876] netlink: 36 bytes leftover after parsing attributes in process `syz.1.528'. [ 95.851736][ T7876] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2306 sclass=netlink_route_socket pid=7876 comm=syz.1.528 [ 95.898035][ T5649] 8021q: adding VLAN 0 to HW filter on device eth4 [ 95.968699][ T59] IPVS: stop unused estimator thread 0... [ 95.992852][ T7717] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.008579][ T40] audit: type=1400 audit(2000000009.835:453): avc: denied { remove_name } for pid=7885 comm="syz.1.530" name="file0" dev="9p" ino=81264765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 96.084283][ T5649] 8021q: adding VLAN 0 to HW filter on device eth5 [ 96.148154][ T7717] veth0_vlan: entered promiscuous mode [ 96.154217][ T7717] veth1_vlan: entered promiscuous mode [ 96.170920][ T7717] veth0_macvtap: entered promiscuous mode [ 96.175208][ T7717] veth1_macvtap: entered promiscuous mode [ 96.184713][ T7717] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.194828][ T7717] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.202895][ T186] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.210047][ T186] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.216133][ T186] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.220706][ T186] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.294873][ T186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.297476][ T186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.324464][ T186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.327812][ T186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.415880][ T7914] netlink: 16 bytes leftover after parsing attributes in process `syz.1.533'. [ 96.424528][ T7914] sp0: Synchronizing with TNC [ 96.430174][ T7912] [U] [ 96.583972][ T7933] fuse: Unknown parameter 'fd0x0000000000000003' [ 96.751222][ T7952] usb 2-1: USB disconnect, device number 2 [ 96.944294][ T7963] netlink: 24 bytes leftover after parsing attributes in process `syz.2.547'. [ 97.008237][ T5295] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 97.063139][ T7966] netlink: 'syz.2.548': attribute type 1 has an invalid length. [ 97.065623][ T7966] netlink: 'syz.2.548': attribute type 1 has an invalid length. [ 97.121339][ T7970] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 97.125783][ T7970] program syz.2.549 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 97.188894][ T5295] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 97.192598][ T5295] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 97.196917][ T5295] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 97.201134][ T5295] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 97.205006][ T5295] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 97.209917][ T5295] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 97.212899][ T5295] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 97.215354][ T5295] usb 5-1: Product: syz [ 97.216665][ T5295] usb 5-1: Manufacturer: syz [ 97.222256][ T5295] cdc_wdm 5-1:1.0: skipping garbage [ 97.223917][ T5295] cdc_wdm 5-1:1.0: skipping garbage [ 97.229252][ T5295] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 97.231275][ T5295] cdc_wdm 5-1:1.0: Unknown control protocol [ 97.283084][ T7973] netlink: 12 bytes leftover after parsing attributes in process `syz.2.550'. [ 97.331802][ T7975] netlink: 72 bytes leftover after parsing attributes in process `syz.2.551'. [ 97.446475][ T39] usb 5-1: USB disconnect, device number 5 [ 97.480379][ T7949] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=7949 comm=syz.0.543 [ 97.535699][ T7991] xt_CONNSECMARK: invalid mode: 0 [ 97.583124][ T7996] netlink: 'syz.4.557': attribute type 12 has an invalid length. [ 97.610069][ T7999] dlm: no locking on control device [ 97.788545][ T5952] Bluetooth: hci2: command tx timeout [ 97.948571][ T5295] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 98.133346][ T5295] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 98.137543][ T5295] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 98.141299][ T5295] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 98.144768][ T5295] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 98.149084][ T5295] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 98.152343][ T5295] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.156736][ T5295] usb 9-1: config 0 descriptor?? [ 98.158935][ T8001] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 98.734091][ T8022] fuse: Unknown parameter 'fd0x0000000000000003' [ 98.855348][ T5295] usbhid 9-1:0.0: can't add hid device: -71 [ 98.857667][ T5295] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 98.864074][ T5295] usb 9-1: USB disconnect, device number 2 [ 99.095629][ T8026] ptrace attach of "/syz-executor exec"[8028] was attempted by "/syz-executor exec"[8026] [ 99.134981][ T8037] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 99.444602][ T39] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 99.453713][ T8065] netlink: 16 bytes leftover after parsing attributes in process `syz.2.577'. [ 99.462064][ T8065] sp0: Synchronizing with TNC [ 99.470916][ T8064] [U] [ 99.505368][ T8072] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 99.618012][ T40] kauditd_printk_skb: 12 callbacks suppressed [ 99.618065][ T40] audit: type=1326 audit(2000000013.222:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8079 comm="syz.2.581" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe9ae39c819 code=0x0 [ 99.629927][ T39] usb 6-1: Using ep0 maxpacket: 8 [ 99.633727][ T39] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.638164][ T39] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.642432][ T39] usb 6-1: config 0 interface 0 has no altsetting 0 [ 99.645280][ T39] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 99.649607][ T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.657353][ T39] usb 6-1: config 0 descriptor?? [ 99.666555][ T8084] netlink: 36 bytes leftover after parsing attributes in process `syz.0.583'. [ 99.667055][ T8085] netlink: 36 bytes leftover after parsing attributes in process `syz.0.583'. [ 99.706894][ T40] audit: type=1326 audit(2000000013.297:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8090 comm="syz.0.584" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56e619c819 code=0x0 [ 99.733151][ T8088] netlink: 'syz.4.582': attribute type 29 has an invalid length. [ 99.735697][ T8088] netlink: 'syz.4.582': attribute type 3 has an invalid length. [ 99.738237][ T8088] netlink: 76 bytes leftover after parsing attributes in process `syz.4.582'. [ 99.802027][ T8094] tipc: Started in network mode [ 99.803678][ T8094] tipc: Node identity 3ad142c43483, cluster identity 4711 [ 99.806067][ T8094] tipc: Enabled bearer , priority 0 [ 99.809454][ T8094] syzkaller0: entered promiscuous mode [ 99.811240][ T8094] syzkaller0: entered allmulticast mode [ 99.842548][ T8094] tipc: Resetting bearer [ 99.851466][ T8093] tipc: Resetting bearer [ 99.860604][ T8093] tipc: Disabling bearer [ 99.880757][ T8097] syz.0.584 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 99.991850][ T8101] pim6reg9: entered allmulticast mode [ 100.000317][ T5952] Bluetooth: hci2: command tx timeout [ 100.035121][ T40] audit: type=1400 audit(2000000013.606:468): avc: denied { ioctl } for pid=8103 comm="syz.4.587" path="socket:[20944]" dev="sockfs" ino=20944 ioctlcmd=0x89fb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 100.124228][ T39] usbhid 6-1:0.0: can't add hid device: -71 [ 100.126719][ T39] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 100.132805][ T39] usb 6-1: USB disconnect, device number 3 [ 100.234112][ T8113] netlink: 'syz.4.590': attribute type 39 has an invalid length. [ 100.757956][ T40] audit: type=1400 audit(2000000014.280:469): avc: denied { append } for pid=8124 comm="syz.0.594" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 100.762456][ T8126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.594'. [ 100.781603][ T39] usb 7-1: new full-speed USB device number 4 using dummy_hcd [ 100.843044][ T8132] MPI: mpi too large (16392 bits) [ 100.845356][ T8132] netlink: 8 bytes leftover after parsing attributes in process `syz.0.596'. [ 100.859012][ T8128] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.595'. [ 100.862344][ T8128] bridge_slave_1: default FDB implementation only supports local addresses [ 100.943196][ T39] usb 7-1: config 0 has no interfaces? [ 100.944897][ T39] usb 7-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 100.947965][ T39] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.953155][ T39] usb 7-1: config 0 descriptor?? [ 101.168556][ T8157] netlink: 8 bytes leftover after parsing attributes in process `syz.0.605'. [ 101.171616][ T8157] netlink: 24 bytes leftover after parsing attributes in process `syz.0.605'. [ 101.176148][ T40] audit: type=1400 audit(2000000014.673:470): avc: denied { getopt } for pid=8156 comm="syz.0.605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 101.179334][ T8157] IPv6: NLM_F_CREATE should be specified when creating new route [ 101.187413][ T40] audit: type=1400 audit(2000000014.692:471): avc: denied { block_suspend } for pid=8156 comm="syz.0.605" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 101.349328][ T40] audit: type=1804 audit(2000000014.841:472): pid=8162 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.607" name="file1" dev="ramfs" ino=21964 res=1 errno=0 [ 101.356208][ T40] audit: type=1400 audit(2000000014.841:473): avc: denied { execute } for pid=8161 comm="syz.0.607" path="/file1" dev="ramfs" ino=21964 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 101.392652][ T8170] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8170 comm=syz.0.610 [ 101.392741][ T8118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.404117][ T8118] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.515218][ T5295] usb 7-1: USB disconnect, device number 4 [ 101.517371][ T40] audit: type=1400 audit(2000000014.991:474): avc: denied { setattr } for pid=8174 comm="syz.4.611" name="/" dev="9p" ino=81264759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 101.598501][ T8177] netlink: 'syz.0.613': attribute type 3 has an invalid length. [ 101.601142][ T8177] netlink: 64 bytes leftover after parsing attributes in process `syz.0.613'. [ 101.767999][ T8185] mkiss: ax0: crc mode is auto. [ 101.781865][ T40] audit: type=1400 audit(2000000015.244:475): avc: denied { lock } for pid=8188 comm="syz.4.612" path="socket:[19102]" dev="sockfs" ino=19102 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 102.234326][ T5952] Bluetooth: hci2: command tx timeout [ 102.310468][ T186] wlan1: Trigger new scan to find an IBSS to join [ 102.360014][ T8235] openvswitch: netlink: Flow actions attr not present in new flow. [ 102.465922][ T8241] SELinux: failed to load policy [ 102.486085][ T8245] netlink: 'syz.2.630': attribute type 1 has an invalid length. [ 102.497829][ T8245] bond2: entered promiscuous mode [ 102.499612][ T8245] bond2: entered allmulticast mode [ 102.502062][ T8245] 8021q: adding VLAN 0 to HW filter on device bond2 [ 102.525974][ T8237] erspan1: entered allmulticast mode [ 102.529635][ T8237] bond2: (slave erspan1): making interface the new active one [ 102.532868][ T8237] erspan1: entered promiscuous mode [ 102.536639][ T8237] bond2: (slave erspan1): Enslaving as an active interface with an up link [ 102.658800][ T8251] fuse: Unknown parameter '0x0000000000000003' [ 102.740409][ T8254] netlink: 'syz.4.635': attribute type 1 has an invalid length. [ 102.742934][ T8254] netlink: 'syz.4.635': attribute type 4 has an invalid length. [ 102.745284][ T8254] netlink: 224 bytes leftover after parsing attributes in process `syz.4.635'. [ 102.846825][ T8262] netlink: 'syz.1.638': attribute type 64 has an invalid length. [ 102.849605][ T8263] faux_driver vgem: [drm] Unknown color mode 135165; guessing buffer size. [ 102.852731][ T8262] netlink: 'syz.1.638': attribute type 4 has an invalid length. [ 102.893798][ T8269] Bluetooth: hci4: Frame reassembly failed (-84) [ 103.363380][ T8274] binder: 8272:8274 ioctl 81009431 200000000280 returned -22 [ 103.632905][ T8278] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 104.029117][ T39] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 104.202974][ T39] usb 5-1: config 1 interface 0 altsetting 5 endpoint 0x82 is Bulk; changing to Interrupt [ 104.206475][ T39] usb 5-1: config 1 interface 0 altsetting 5 endpoint 0x3 is Bulk; changing to Interrupt [ 104.210898][ T39] usb 5-1: config 1 interface 0 has no altsetting 0 [ 104.216767][ T39] usb 5-1: string descriptor 0 read error: -22 [ 104.219274][ T39] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 104.222765][ T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.227875][ T8283] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 104.230689][ T8283] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 104.236468][ T39] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 104.323403][ T8290] netlink: 'syz.2.647': attribute type 10 has an invalid length. [ 104.326455][ T8290] team0: entered promiscuous mode [ 104.328738][ T8290] team_slave_0: entered promiscuous mode [ 104.331366][ T8290] team_slave_1: entered promiscuous mode [ 104.333553][ T8290] team0: entered allmulticast mode [ 104.335192][ T8290] team_slave_0: entered allmulticast mode [ 104.337009][ T8290] team_slave_1: entered allmulticast mode [ 104.341388][ T8290] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.344389][ T8290] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 104.397003][ T8292] Bluetooth: MGMT ver 1.23 [ 104.466488][ T8294] vlan2: entered allmulticast mode [ 104.469019][ T8294] bond0: entered allmulticast mode [ 104.471265][ T8294] bond_slave_0: entered allmulticast mode [ 104.473698][ T8294] bond_slave_1: entered allmulticast mode [ 104.517843][ T39] usb 5-1: USB disconnect, device number 6 [ 104.841092][ T5668] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 105.001451][ T5668] usb 9-1: Using ep0 maxpacket: 8 [ 105.007406][ T5668] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.012241][ T5668] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.016490][ T5668] usb 9-1: config 0 interface 0 has no altsetting 0 [ 105.019483][ T5668] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 105.023571][ T5668] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.029462][ T5668] usb 9-1: config 0 descriptor?? [ 105.131117][ T5952] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 105.133172][ T5296] Bluetooth: hci4: command 0x1003 tx timeout [ 105.469067][ T5668] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 105.472583][ T5668] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 105.478779][ T5668] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 105.483357][ T5668] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 105.483818][ T59] wlan1: Trigger new scan to find an IBSS to join [ 105.491878][ T5668] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 105.498348][ T5668] mcp2221 0003:04D8:00DD.0002: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 105.525192][ T8328] befs: (nullb0): No write support. Marking filesystem read-only [ 105.531473][ T8328] befs: (nullb0): invalid magic header [ 105.678475][ T8300] i2c i2c-2: unsupported multi-msg i2c transaction [ 105.692088][ T8340] 9pnet_fd: Insufficient options for proto=fd [ 105.725091][ T8341] __nla_validate_parse: 4 callbacks suppressed [ 105.725110][ T8341] netlink: 8 bytes leftover after parsing attributes in process `syz.1.663'. [ 105.736180][ T8341] netlink: 'syz.1.663': attribute type 30 has an invalid length. [ 105.739345][ T8341] netlink: 12 bytes leftover after parsing attributes in process `syz.1.663'. [ 105.760506][ T39] usb 9-1: USB disconnect, device number 3 [ 105.769606][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 105.769618][ T40] audit: type=1400 audit(2000000018.968:484): avc: denied { setopt } for pid=8339 comm="syz.1.663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 105.781530][ T40] audit: type=1400 audit(2000000018.968:485): avc: denied { write } for pid=8339 comm="syz.1.663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 105.787779][ T40] audit: type=1400 audit(2000000018.978:486): avc: denied { read } for pid=8339 comm="syz.1.663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 105.794049][ T8351] netlink: 8 bytes leftover after parsing attributes in process `syz.0.665'. [ 105.794669][ T40] audit: type=1400 audit(2000000018.978:487): avc: denied { accept } for pid=8339 comm="syz.1.663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 105.891015][ T40] audit: type=1400 audit(2000000019.090:488): avc: denied { accept } for pid=8360 comm="syz.4.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 105.922592][ T8363] vlan2: entered allmulticast mode [ 105.925550][ T8363] bond0: entered allmulticast mode [ 105.927884][ T8363] bond_slave_0: entered allmulticast mode [ 105.931099][ T8363] bond_slave_1: entered allmulticast mode [ 105.949981][ T40] audit: type=1400 audit(2000000019.137:489): avc: denied { mount } for pid=8364 comm="syz.4.670" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 105.977741][ T40] audit: type=1400 audit(2000000019.165:490): avc: denied { unmount } for pid=7717 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 106.337162][ T5295] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 106.497406][ T5295] usb 9-1: Using ep0 maxpacket: 8 [ 106.500609][ T5295] usb 9-1: config 179 has an invalid interface number: 65 but max is 0 [ 106.503615][ T5295] usb 9-1: config 179 has no interface number 0 [ 106.507637][ T5295] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 106.511335][ T5295] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 106.515179][ T5295] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 106.518511][ T5295] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 106.522992][ T5295] usb 9-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 106.528164][ T5295] usb 9-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 106.531465][ T5295] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.541622][ T8376] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 106.665940][ T8394] netlink: 'syz.0.678': attribute type 4 has an invalid length. [ 106.698937][ T8397] netlink: 'syz.1.681': attribute type 10 has an invalid length. [ 106.718059][ T8397] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 106.723036][ T8389] netlink: 'syz.0.678': attribute type 4 has an invalid length. [ 106.800094][ T5295] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:179.65/input/input6 [ 106.802700][ T8404] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=42000 sclass=netlink_route_socket pid=8404 comm=syz.0.683 [ 106.812555][ T40] audit: type=1400 audit(2000000019.951:491): avc: denied { read } for pid=5330 comm="acpid" name="js0" dev="devtmpfs" ino=2955 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 106.813361][ T8404] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=42000 sclass=netlink_route_socket pid=8404 comm=syz.0.683 [ 106.835865][ T40] audit: type=1400 audit(2000000019.951:492): avc: denied { open } for pid=5330 comm="acpid" path="/dev/input/js0" dev="devtmpfs" ino=2955 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 106.847157][ T40] audit: type=1400 audit(2000000019.951:493): avc: denied { ioctl } for pid=5330 comm="acpid" path="/dev/input/js0" dev="devtmpfs" ino=2955 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 106.865591][ T8406] netlink: 16 bytes leftover after parsing attributes in process `syz.2.684'. [ 106.905087][ T8406] sp0: Synchronizing with TNC [ 106.921092][ T8405] [U] [ 106.965839][ T8414] sch_tbf: burst 19920 is lower than device lo mtu (65550) ! [ 106.983411][ T8414] netlink: 8 bytes leftover after parsing attributes in process `syz.1.687'. [ 107.021394][ C0] xpad 9-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 107.021403][ T6022] usb 9-1: USB disconnect, device number 4 [ 107.023994][ C0] xpad 9-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 107.192853][ T8425] [U]  [ 107.194587][ T8425] [U] + [ 107.196032][ T8425] [U] $܁P~ƊQrAe`G-Rij笨mA)߀No4gV;uQ` [ 107.200069][ T8425] [U] Wg-u]}FyȘeƮ)>,>f}a&\msOHn'Ä=#$Ǧ&g C.,jP^{"Oiňo;pʪ6qwS_{CWfs+R~qu›ŸNn! [ 107.207496][ T8425] [U] Zph5Laӝ8H [ 107.209444][ T8425] [U] V)*Gr [ 107.211058][ T8425] [U] g©MD9i^g[&TXd}y^#"Z&|JiYDX~reGiUMNkqGJcӔ0 r088D<U0P9=>ȪU[ƒuW9jl"hZG+EĖ#LY`z2 [ 107.218409][ T8425] [U] }{_S|j\ptژ1b-S4!{9C5->M [ 107.221626][ T8425] [U] UXBH,~nmIM/a [ 107.224164][ T8425] [U] VS6e^ SHk"(*:$}<^YD?rnHEX#X3Ys6 [ 107.227411][ T8425] [U] [ 107.228867][ T8425] [U] 71D%}7G\4'Kp7U,"^|-B g&@bWRY [ 107.232597][ T8425] [U] p~ [ 107.234100][ T8425] [U] hQVOK) ƵZ>uY`XԶޖQtBhvMdR/%F8`yǥY䦈Fؾx@-d֛ 0ʩz;D")tRgiL()d6"BnBf?ӛ,ѧ`'Lq 6t2t@F@p6v]t4NξyRΓvP':J۫ۆE*̣];M4TqB_5pM [ 107.253612][ T8425] [U] _mֱ9KU""^s6rP [ 107.255902][ T8425] [U] ¥U[m j0zOoF|:! /$@RH(Η1K@ǚ/w4|xJ3: [ 107.274462][ T8425] [U] V :p\U 5V"cd:nb3Ob,%ǯe j9>\rCˉiVE<\7;娍+ȏ"IƔ/6FNhgw~xcWö}H6TI؆6aA耹C1v]ba9xT  [ 107.282172][ T8425] [U] ۼuJD⠙("wZ[(s1yXNׯtAc/piǎj Ѕ#{0`y,Hp+̄j54?@պNa^!4^3" [ 107.287966][ T8425] [U] I\xezW80ܚPfzqi^@O [ 107.290520][ T8425] [U] gڑ/P+ؒb=pYY1gJd!xKTa;PaoFlu 8:!VD G\zwi=)m)o!Җ>08jͻ*( sLQ@0KeVszKP?e/K MRlya?'EtU{R]ֈS$9Ou(ŀ~le/I8# a ?,#p;R{4Hw"X{\\ .KV2$Ēΐ܀6< [ 107.334311][ T8425] [U] q Oulv~-_8?O6$z«eAO_NO/C .byrˋ<[DxҿWWX [ 107.338320][ T8425] [U] ܲ|9$n`i(RǿDtA4o/̈́eV2Bln| :KYW&;l1; [ 107.341222][ T8425] [U] ;JO6P [ 107.691771][ T8438] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8438 comm=syz.0.693 [ 108.020297][ T8423] [U] q1n#G4Y›rMnUf[Xi^='ډz;:Q7,E [ 108.068214][ T8448] netlink: 8 bytes leftover after parsing attributes in process `syz.4.696'. [ 108.073387][ T8449] netlink: 'syz.2.695': attribute type 13 has an invalid length. [ 108.084421][ T8449] gretap0: refused to change device tx_queue_len [ 108.090181][ T8449] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 108.133642][ T8455] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 108.136323][ T8453] netlink: 16 bytes leftover after parsing attributes in process `syz.4.697'. [ 108.160105][ T8453] sp0: Synchronizing with TNC [ 108.172974][ T8452] [U] [ 108.241898][ T8473] netlink: 84 bytes leftover after parsing attributes in process `syz.2.702'. [ 108.267882][ T8475] netlink: 92 bytes leftover after parsing attributes in process `syz.0.704'. [ 108.427711][ T5952] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 108.479614][ T8502] netlink: 12 bytes leftover after parsing attributes in process `syz.0.710'. [ 108.627078][ T8516] sp0: Synchronizing with TNC [ 108.644647][ T8515] [U] [ 108.720275][ T1154] wlan1: Trigger new scan to find an IBSS to join [ 108.773702][ T6023] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 108.814386][ T8538] loop5: detected capacity change from 0 to 7 [ 108.824455][ C3] blk_print_req_error: 157 callbacks suppressed [ 108.824480][ C3] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 108.830890][ C3] buffer_io_error: 169 callbacks suppressed [ 108.830906][ C3] Buffer I/O error on dev loop5, logical block 0, async page read [ 108.839441][ C3] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 108.843430][ C3] Buffer I/O error on dev loop5, logical block 0, async page read [ 108.847199][ C3] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 108.852750][ C3] Buffer I/O error on dev loop5, logical block 0, async page read [ 108.857225][ C3] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 108.861027][ C3] Buffer I/O error on dev loop5, logical block 0, async page read [ 108.865183][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 108.868991][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 108.875382][ C3] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 108.879054][ C3] Buffer I/O error on dev loop5, logical block 0, async page read [ 108.883132][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 108.887097][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 108.890704][ T8538] ldm_validate_partition_table(): Disk read failed. [ 108.895324][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 108.899276][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 108.905722][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 108.909413][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 108.912954][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 108.916854][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 108.921127][ T8538] Dev loop5: unable to read RDB block 0 [ 108.925304][ T8538] loop5: unable to read partition table [ 108.925653][ T8545] : entered promiscuous mode [ 108.927540][ T8538] loop5: partition table beyond EOD, truncated [ 108.931845][ T8538] loop_reread_partitions: partition scan of loop5 (Wý* %4FLQk݊5) failed (rc=-5) [ 108.948757][ T6023] usb 5-1: config index 0 descriptor too short (expected 28277, got 36) [ 108.954683][ T6023] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 108.967820][ T6023] usb 5-1: config 0 has no interfaces? [ 108.970555][ T6023] usb 5-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 108.979625][ T6023] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.985700][ T8538] ldm_validate_partition_table(): Disk read failed. [ 108.990195][ T8538] Dev loop5: unable to read RDB block 0 [ 108.991010][ T6023] usb 5-1: config 0 descriptor?? [ 108.992898][ T8538] loop5: unable to read partition table [ 108.996185][ T8538] loop5: partition table beyond EOD, truncated [ 109.162895][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0c [ 109.165784][ T5952] Bluetooth: Wrong link type (-22) [ 109.167571][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 109.171564][ T5952] Bluetooth: Wrong link type (-22) [ 109.175142][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 109.177249][ T5952] Bluetooth: Wrong link type (-22) [ 109.178845][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 109.180995][ T5952] Bluetooth: Wrong link type (-22) [ 109.223750][ T6023] usb 5-1: USB disconnect, device number 7 [ 109.263025][ T8560] sg_write: data in/out 722875369/141 bytes for SCSI command 0x33-- guessing data in; [ 109.263025][ T8560] program syz.1.727 not setting count and/or reply_len properly [ 109.605183][ T5952] Bluetooth: hci3: link tx timeout [ 109.607295][ T5952] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.726387][ T796] wlan1: Creating new IBSS network, BSSID 9a:1b:37:a7:c6:c4 [ 109.780394][ T8567] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 109.788377][ T8567] CIFS mount error: No usable UNC path provided in device string! [ 109.788377][ T8567] [ 109.792138][ T8567] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 109.977460][ T8583] netdevsim netdevsim2 : renamed from netdevsim0 [ 110.045547][ T8589] nbd: must specify a device to reconfigure [ 110.048894][ T8590] netlink: 'syz.0.737': attribute type 2 has an invalid length. [ 110.338692][ T8613] Cannot find add_set index 0 as target [ 110.530765][ T8630] sp0: Synchronizing with TNC [ 110.534217][ T8632] kvm: kvm [8631]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x40000007) = 0x4 [ 110.546239][ T8625] [U] [ 110.552828][ T8634] (syz.2.754,8634,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 110.559496][ T8634] (syz.2.754,8634,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 110.569696][ T8634] fuse: Unknown parameter '@HC۔B t0x0000000000000003' [ 110.636489][ T8637] program syz.1.753 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 110.844756][ T8648] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pid=8648 comm=syz.4.757 [ 111.221412][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 111.221425][ T40] audit: type=1400 audit(2000000024.078:507): avc: denied { bind } for pid=8668 comm="syz.4.764" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 111.232331][ T8669] tipc: MTU too low for tipc bearer [ 111.290432][ T40] audit: type=1400 audit(2000000024.143:508): avc: denied { ioctl } for pid=8672 comm="syz.0.763" path="socket:[23735]" dev="sockfs" ino=23735 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 111.330285][ T40] audit: type=1400 audit(2000000024.181:509): avc: denied { write } for pid=8672 comm="syz.0.763" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 111.371282][ T8683] netlink: 'syz.0.766': attribute type 1 has an invalid length. [ 111.375842][ T8683] __nla_validate_parse: 6 callbacks suppressed [ 111.375853][ T8683] netlink: 244 bytes leftover after parsing attributes in process `syz.0.766'. [ 111.386622][ T8683] netlink: 8 bytes leftover after parsing attributes in process `syz.0.766'. [ 111.596675][ T40] audit: type=1400 audit(2000000024.433:510): avc: denied { setattr } for pid=8690 comm="syz.1.769" name="NETLINK" dev="sockfs" ino=22993 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 111.606154][ T8698] trusted_key: encrypted_key: keylen parameter is missing [ 111.798814][ T5296] Bluetooth: hci3: command 0x0405 tx timeout [ 112.881209][ T8717] netlink: 8 bytes leftover after parsing attributes in process `syz.4.778'. [ 112.894245][ T8716] netlink: 8 bytes leftover after parsing attributes in process `syz.2.777'. [ 112.897708][ T40] audit: type=1400 audit(2000000025.640:511): avc: denied { create } for pid=8719 comm="syz.1.779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 112.906754][ T40] audit: type=1400 audit(2000000025.650:512): avc: denied { ioctl } for pid=8719 comm="syz.1.779" path="socket:[24717]" dev="sockfs" ino=24717 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 112.957575][ T40] audit: type=1326 audit(2000000025.697:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8727 comm="syz.2.780" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe9ae39c819 code=0x0 [ 113.042106][ T8734] netlink: 28 bytes leftover after parsing attributes in process `syz.4.782'. [ 113.212241][ T40] audit: type=1400 audit(2000000025.940:514): avc: denied { execute } for pid=8733 comm="syz.4.782" path="/selinux/policy" dev="selinuxfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=file permissive=1 [ 113.252587][ T40] audit: type=1400 audit(2000000025.977:515): avc: denied { read } for pid=8741 comm="syz.1.784" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 113.260528][ T40] audit: type=1400 audit(2000000025.977:516): avc: denied { open } for pid=8741 comm="syz.1.784" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 113.287233][ T8744] netlink: 32 bytes leftover after parsing attributes in process `syz.1.785'. [ 113.497377][ T8760] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 113.666473][ T8769] netlink: 'syz.4.793': attribute type 12 has an invalid length. [ 113.673978][ T8769] bridge2: entered promiscuous mode [ 113.675777][ T8769] bridge2: entered allmulticast mode [ 113.725678][ T8772] netlink: 4 bytes leftover after parsing attributes in process `syz.4.794'. [ 113.825925][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0c [ 113.829063][ T5952] Bluetooth: Wrong link type (-22) [ 113.831845][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 113.833977][ T5952] Bluetooth: Wrong link type (-22) [ 113.836977][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 113.839705][ T5952] Bluetooth: Wrong link type (-22) [ 113.841585][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 113.843549][ T5952] Bluetooth: Wrong link type (-22) [ 113.884201][ T8777] xt_hashlimit: size too large, truncated to 1048576 [ 113.930910][ T8783] netlink: 36 bytes leftover after parsing attributes in process `syz.0.798'. [ 113.936149][ T8785] sg_write: data in/out 722875369/141 bytes for SCSI command 0x33-- guessing data in; [ 113.936149][ T8785] program syz.4.795 not setting count and/or reply_len properly [ 114.040976][ T8794] kernel read not supported for file /policy (pid: 8794 comm: syz.0.801) [ 114.083017][ T8796] netlink: 20 bytes leftover after parsing attributes in process `syz.1.802'. [ 114.087254][ T8796] netlink: 28 bytes leftover after parsing attributes in process `syz.1.802'. [ 114.094186][ T8796] random: crng reseeded on system resumption [ 114.146561][ T8799] fuse: Bad value for 'fd' [ 114.354229][ T8819] bridge0: left promiscuous mode [ 114.359334][ T8819] team0: Port device bridge0 removed [ 114.418724][ T8822] binder: 8821:8822 ioctl c00c620f 200000000100 returned -22 [ 114.714803][ T8830] overlay: filesystem on ./bus not supported as upperdir [ 114.726552][ T5992] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 114.878242][ T8841] bond1: option xmit_hash_policy: invalid value (6) [ 114.881775][ T8841] bond1 (unregistering): Released all slaves [ 114.888503][ T5992] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 114.892379][ T5992] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 114.896047][ T5992] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 114.902754][ T5992] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 114.906921][ T5992] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 114.911165][ T5992] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.918225][ T5992] usb 6-1: config 0 descriptor?? [ 114.921256][ T8822] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 115.034280][ T8852] F2FS-fs: Conflicting test_dummy_encryption options [ 115.038356][ T8852] 9pnet_virtio: no channels available for device syz [ 115.047012][ T8854] nbd: illegal input index -2146435068 [ 115.091796][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0c [ 115.095236][ T5952] Bluetooth: Wrong link type (-22) [ 115.096920][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 115.098992][ T5952] Bluetooth: Wrong link type (-22) [ 115.103663][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 115.105785][ T5952] Bluetooth: Wrong link type (-22) [ 115.107631][ T5952] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 115.110356][ T5952] Bluetooth: Wrong link type (-22) [ 115.112275][ T5952] Bluetooth: hci1: link tx timeout [ 115.114248][ T5952] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 115.128674][ T8866] openvswitch: netlink: Missing key (keys=40, expected=80) [ 115.201724][ T8871] sg_write: data in/out 722875369/141 bytes for SCSI command 0x33-- guessing data in; [ 115.201724][ T8871] program syz.0.822 not setting count and/or reply_len properly [ 115.361400][ T5992] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 115.363844][ T5992] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 115.366224][ T5992] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 115.369589][ T5992] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 115.372547][ T5992] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 115.375719][ T5992] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 115.379269][ T5992] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 115.382558][ T5992] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 115.385757][ T5992] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 115.388990][ T5992] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 115.415988][ T5992] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 115.725953][ T50] usb 6-1: USB disconnect, device number 4 [ 116.475733][ T8912] binder: 8905:8912 ioctl c0306201 0 returned -14 [ 116.629459][ T40] kauditd_printk_skb: 18 callbacks suppressed [ 116.629480][ T40] audit: type=1400 audit(2000000029.140:535): avc: denied { create } for pid=8917 comm="syz.1.837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 116.641612][ T40] audit: type=1400 audit(2000000029.140:536): avc: denied { write } for pid=8917 comm="syz.1.837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 116.644393][ T8918] bond1: ARP target 9.0.0.0 is already present [ 116.653329][ T8918] bond1: option arp_ip_target: invalid value (9) [ 116.657587][ T8918] bond1 (unregistering): Released all slaves [ 117.044556][ T39] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 117.127475][ T40] audit: type=1400 audit(2000000029.599:537): avc: denied { bind } for pid=8935 comm="syz.4.842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 117.137986][ T40] audit: type=1400 audit(2000000029.599:538): avc: denied { name_bind } for pid=8935 comm="syz.4.842" src=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 117.145013][ T40] audit: type=1400 audit(2000000029.599:539): avc: denied { node_bind } for pid=8935 comm="syz.4.842" src=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 117.174971][ T8936] usb usb3: usbfs: process 8936 (syz.4.842) did not claim interface 0 before use [ 117.178933][ T8936] netlink: 'syz.4.842': attribute type 5 has an invalid length. [ 117.182634][ T8936] netlink: 'syz.4.842': attribute type 5 has an invalid length. [ 117.222620][ T8946] __nla_validate_parse: 7 callbacks suppressed [ 117.222640][ T8946] netlink: 12 bytes leftover after parsing attributes in process `syz.0.845'. [ 117.226012][ T8947] netlink: 72 bytes leftover after parsing attributes in process `syz.4.846'. [ 117.228854][ T8946] netlink: 16 bytes leftover after parsing attributes in process `syz.0.845'. [ 117.236069][ T39] usb 6-1: Using ep0 maxpacket: 32 [ 117.241517][ T39] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 117.244709][ T39] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 117.254486][ T39] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 117.257617][ T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 117.268206][ T8949] netlink: 'syz.0.847': attribute type 16 has an invalid length. [ 117.268871][ T39] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 117.271760][ T5296] Bluetooth: hci1: command 0x0406 tx timeout [ 117.275619][ T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 117.281779][ T39] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 117.282542][ T8949] netlink: 'syz.0.847': attribute type 17 has an invalid length. [ 117.286061][ T39] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 117.294897][ T39] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 117.318201][ T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.327983][ T39] usb 6-1: config 0 descriptor?? [ 117.336307][ T40] audit: type=1400 audit(2000000029.795:540): avc: denied { ioctl } for pid=8952 comm="syz.2.849" path="socket:[23983]" dev="sockfs" ino=23983 ioctlcmd=0x4943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 117.360093][ T40] audit: type=1400 audit(2000000029.823:541): avc: denied { listen } for pid=8948 comm="syz.0.847" lport=48071 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 117.369575][ T40] audit: type=1400 audit(2000000029.823:542): avc: denied { accept } for pid=8948 comm="syz.0.847" lport=48071 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 117.376585][ T40] audit: type=1400 audit(2000000029.833:543): avc: denied { getopt } for pid=8948 comm="syz.0.847" lport=48071 faddr=fc00::1 fport=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 117.383787][ T40] audit: type=1400 audit(2000000029.833:544): avc: denied { read } for pid=8948 comm="syz.0.847" dev="nsfs" ino=4026532885 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 117.553998][ T39] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 117.572771][ T8973] dlm: no locking on control device [ 117.657275][ T8982] can0: slcan on ttynull. [ 117.769932][ T39] usb 6-1: USB disconnect, device number 5 [ 117.789002][ T8981] can0 (unregistered): slcan off ttynull. [ 117.794809][ T39] usblp0: removed [ 117.818310][ T8993] xt_CT: No such helper "snmp_trap" [ 118.023250][ T9003] ucma_write: process 716 (syz.2.860) changed security contexts after opening file descriptor, this is not allowed. [ 118.179952][ T9020] usb usb9: usbfs: process 9020 (syz.4.863) did not claim interface 4 before use [ 118.187366][ T9020] netlink: 36 bytes leftover after parsing attributes in process `syz.4.863'. [ 118.190432][ T9020] netlink: 16 bytes leftover after parsing attributes in process `syz.4.863'. [ 118.193256][ T9020] netlink: 36 bytes leftover after parsing attributes in process `syz.4.863'. [ 118.197859][ T9020] netlink: 52 bytes leftover after parsing attributes in process `syz.4.863'. [ 118.370082][ T9034] netlink: 4 bytes leftover after parsing attributes in process `syz.2.869'. [ 118.370668][ T9035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.869'. [ 118.374313][ T9034] openvswitch: netlink: Missing key (keys=c0, expected=200000) [ 118.377735][ T9035] openvswitch: netlink: Missing key (keys=c0, expected=200000) [ 118.576177][ T9048] can: request_module (can-proto-0) failed. [ 118.576735][ T9049] can: request_module (can-proto-0) failed. [ 118.617803][ T9033] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 118.743335][ T9063] vlan3: entered promiscuous mode [ 118.743354][ T9063] bridge0: entered promiscuous mode [ 118.869305][ T9067] fuse: Bad value for 'fd' [ 118.897920][ T9072] ip6t_REJECT: ECHOREPLY is not supported [ 119.554482][ T9059] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 119.557845][ T9059] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 119.573108][ T9059] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 119.576277][ T9059] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 119.580586][ T9059] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 119.586207][ T9059] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 119.588457][ T9059] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 119.633488][ T9059] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 119.637077][ T9059] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 119.649972][ T9059] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 119.762756][ T9094] netlink: 'syz.0.884': attribute type 1 has an invalid length. [ 119.785097][ T9094] bond64: entered promiscuous mode [ 119.787764][ T9094] 8021q: adding VLAN 0 to HW filter on device bond64 [ 119.838663][ T9094] bond64: (slave bridge2): making interface the new active one [ 119.841827][ T9094] bridge2: entered promiscuous mode [ 119.845742][ T9094] bond64: (slave bridge2): Enslaving as an active interface with an up link [ 120.541579][ T9152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.892'. [ 120.563576][ T9152] ip6gretap0: entered promiscuous mode [ 120.568921][ T9152] macsec1: entered promiscuous mode [ 120.571938][ T9152] macsec1: entered allmulticast mode [ 120.574275][ T9152] ip6gretap0: entered allmulticast mode [ 120.587670][ T9152] ip6gretap0: left allmulticast mode [ 120.590273][ T9152] ip6gretap0: left promiscuous mode [ 120.787625][ T9176] kvm: user requested TSC rate below hardware speed [ 120.993388][ T5952] Bluetooth: hci0: command 0x0c1a tx timeout [ 121.279916][ T9200] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 121.541443][ T9213] kAFS: unable to lookup cell '1' [ 121.617955][ T5952] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 121.714320][ T5952] Bluetooth: hci1: command 0x0406 tx timeout [ 121.777353][ T9227] Invalid ELF header type: 0 != 1 [ 121.788569][ T9227] syzkaller0: entered promiscuous mode [ 121.792130][ T9227] syzkaller0: entered allmulticast mode [ 121.806465][ T5952] Bluetooth: hci3: command 0x0405 tx timeout [ 121.806577][ T5296] Bluetooth: hci2: command 0x0c1a tx timeout [ 121.921938][ T9235] netlink: 'syz.4.911': attribute type 10 has an invalid length. [ 121.944312][ T9235] netlink: 'syz.4.911': attribute type 10 has an invalid length. [ 121.945733][ T9231] sp0: Synchronizing with TNC [ 121.961472][ T9230] [U] [ 121.997454][ T9240] fuse: Bad value for 'user_id' [ 121.999054][ T9240] fuse: Bad value for 'user_id' [ 122.177346][ T5952] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 122.228649][ T40] kauditd_printk_skb: 12 callbacks suppressed [ 122.228670][ T40] audit: type=1400 audit(2000000034.381:557): avc: denied { read } for pid=9249 comm="syz.1.916" path="socket:[25161]" dev="sockfs" ino=25161 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 122.229377][ T5952] Bluetooth: hci0: unexpected event 0x0e length: 299 > 260 [ 122.241335][ T5952] Bluetooth: hci0: unexpected cc 0x0c14 length: 296 > 249 [ 122.253440][ T5952] Bluetooth: hci0: unexpected event for opcode 0x0c14 [ 122.292824][ T40] audit: type=1400 audit(2000000034.437:558): avc: denied { map } for pid=9253 comm="syz.1.917" path="/dev/loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 122.340253][ T9256] netlink: 'syz.1.918': attribute type 1 has an invalid length. [ 122.340769][ T40] audit: type=1400 audit(2000000034.474:559): avc: denied { create } for pid=9255 comm="syz.1.918" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 122.377498][ T57] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 122.391346][ T40] audit: type=1400 audit(2000000034.531:560): avc: denied { bind } for pid=9257 comm="syz.0.919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 122.400203][ T40] audit: type=1400 audit(2000000034.531:561): avc: denied { listen } for pid=9257 comm="syz.0.919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 122.537721][ T57] usb 7-1: Using ep0 maxpacket: 8 [ 122.542781][ T9271] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/loop1": -EINTR [ 122.544326][ T57] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 122.551882][ T57] usb 7-1: config 0 has no interface number 0 [ 122.554224][ T57] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 122.557758][ T57] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 122.566554][ T57] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 122.577442][ T57] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 122.582535][ T57] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 122.585413][ T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.594400][ T57] usb 7-1: config 0 descriptor?? [ 122.607742][ T57] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 122.671023][ T9284] __nla_validate_parse: 3 callbacks suppressed [ 122.671039][ T9284] netlink: 5 bytes leftover after parsing attributes in process `syz.0.925'. [ 122.676312][ T9284] openvswitch: netlink: IP tunnel attribute has 1026 unknown bytes. [ 122.680160][ T9284] netlink: 4 bytes leftover after parsing attributes in process `syz.0.925'. [ 122.683398][ T9284] openvswitch: netlink: Flow actions attr not present in new flow. [ 122.823376][ T50] usb 7-1: USB disconnect, device number 5 [ 122.825385][ C1] ldusb 7-1:0.55: usb_submit_urb failed (-19) [ 122.835693][ T50] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 122.938756][ T40] audit: type=1400 audit(2000000035.036:562): avc: denied { bind } for pid=9288 comm="syz.0.926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 123.120880][ T40] audit: type=1400 audit(2000000035.214:563): avc: denied { read } for pid=9311 comm="syz.0.932" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 123.216275][ T9323] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 123.269007][ T9326] netlink: 16 bytes leftover after parsing attributes in process `syz.0.937'. [ 123.276924][ T9326] sp0: Synchronizing with TNC [ 123.300106][ T9324] [U] [ 123.418428][ T9328] hpfs: hpfs_map_sector(): read error [ 123.474507][ T9330] mac80211_hwsim hwsim2 syzkaller0: entered promiscuous mode [ 123.477006][ T9330] mac80211_hwsim hwsim2 syzkaller0: entered allmulticast mode [ 123.520582][ T10] libceph: connect (1)[c::]:6789 error -101 [ 123.523894][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 123.531982][ T10] libceph: connect (1)[c::]:6789 error -101 [ 123.534143][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 123.547584][ T50] libceph: connect (1)[c::]:6789 error -101 [ 123.550311][ T50] libceph: mon0 (1)[c::]:6789 connect error [ 123.564679][ T50] libceph: connect (1)[c::]:6789 error -101 [ 123.567589][ T50] libceph: mon0 (1)[c::]:6789 connect error [ 123.810789][ T10] libceph: connect (1)[c::]:6789 error -101 [ 123.812922][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 123.857511][ T50] libceph: connect (1)[c::]:6789 error -101 [ 123.860609][ T50] libceph: mon0 (1)[c::]:6789 connect error [ 123.937398][ T5952] Bluetooth: hci1: command 0x0406 tx timeout [ 124.022645][ T5952] Bluetooth: hci2: command 0x0c1a tx timeout [ 124.033283][ T5952] Bluetooth: hci3: command 0x0405 tx timeout [ 124.354311][ T10] libceph: connect (1)[c::]:6789 error -101 [ 124.356694][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 124.411093][ T50] libceph: connect (1)[c::]:6789 error -101 [ 124.413875][ T50] libceph: mon0 (1)[c::]:6789 connect error [ 124.452883][ T9334] ceph: No mds server is up or the cluster is laggy [ 124.454807][ T9330] ceph: No mds server is up or the cluster is laggy [ 124.587967][ T40] audit: type=1400 audit(2000000036.571:564): avc: denied { setopt } for pid=9359 comm="syz.1.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 125.555252][ T9387] netlink: 32 bytes leftover after parsing attributes in process `syz.4.954'. [ 125.564409][ T9387] netlink: 32 bytes leftover after parsing attributes in process `syz.4.954'. [ 125.660308][ T9399] netlink: 8 bytes leftover after parsing attributes in process `syz.1.957'. [ 125.830297][ T9407] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2873694525 (367832899200 ns) > initial count (344709999744 ns). Using initial count to start timer. [ 125.915421][ T9417] netlink: 16 bytes leftover after parsing attributes in process `syz.0.964'. [ 125.935740][ T9417] sp0: Synchronizing with TNC [ 125.938876][ T9419] netlink: 40 bytes leftover after parsing attributes in process `syz.4.965'. [ 125.953247][ T9416] [U] [ 126.044401][ T9428] i2c i2c-1: Frontend requested software zigzag, but didn't set the frequency step size [ 126.048575][ T9427] comedi comedi1: aio_aio12_8: I/O port conflict (0xc,32) [ 126.051634][ T40] audit: type=1400 audit(2000000037.946:565): avc: denied { map } for pid=9424 comm="syz.1.967" path="/dev/video0" dev="devtmpfs" ino=955 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 126.069092][ T40] audit: type=1400 audit(2000000037.965:566): avc: denied { setattr } for pid=9424 comm="syz.1.967" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 126.089314][ T9427] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 126.092923][ T9427] IPv6: NLM_F_CREATE should be set when creating new route [ 126.173615][ T9430] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 126.255936][ T5952] Bluetooth: hci2: command 0x0c1a tx timeout [ 126.352931][ T9439] 9pnet_virtio: no channels available for device /dev/nullb0 [ 126.539076][ T9461] netlink: 4 bytes leftover after parsing attributes in process `syz.0.982'. [ 126.589408][ T5952] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 126.592436][ T5952] Bluetooth: hci0: Injecting HCI hardware error event [ 126.597674][ T5296] Bluetooth: hci0: hardware error 0x00 [ 127.057931][ T9466] netlink: 12 bytes leftover after parsing attributes in process `syz.1.983'. [ 127.171390][ T9466] nvme_fabrics: missing parameter 'transport=%s' [ 127.177348][ T9466] nvme_fabrics: missing parameter 'nqn=%s' [ 127.260349][ T9480] netlink: 'syz.1.986': attribute type 11 has an invalid length. [ 127.456213][ T9353] netlink: 'syz.2.943': attribute type 29 has an invalid length. [ 127.463563][ T9352] netlink: 'syz.2.943': attribute type 29 has an invalid length. [ 127.472658][ T9485] netlink: 'syz.1.987': attribute type 39 has an invalid length. [ 127.474401][ T9353] netlink: 'syz.2.943': attribute type 29 has an invalid length. [ 127.478054][ T9487] netlink: 'syz.1.987': attribute type 39 has an invalid length. [ 127.497370][ T9487] bond0: (slave syz_tun): Releasing backup interface [ 128.328733][ T9501] __nla_validate_parse: 3 callbacks suppressed [ 128.328759][ T9501] netlink: 16 bytes leftover after parsing attributes in process `syz.1.993'. [ 128.345351][ T9501] sp0: Synchronizing with TNC [ 128.411695][ T9500] [U] [ 128.429066][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 128.429081][ T40] audit: type=1400 audit(2000000040.183:568): avc: denied { remount } for pid=9502 comm="syz.4.994" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 128.469017][ T5952] Bluetooth: hci2: command 0x0c1a tx timeout [ 128.632105][ T40] audit: type=1400 audit(2000000040.370:569): avc: denied { read write } for pid=9518 comm="syz.4.998" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 128.649557][ T40] audit: type=1800 audit(2000000040.379:570): pid=9494 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.990" name="/" dev="fuse" ino=4 res=0 errno=0 [ 128.660292][ T40] audit: type=1400 audit(2000000040.379:571): avc: denied { ioctl open } for pid=9518 comm="syz.4.998" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 128.757657][ T9525] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0) [ 128.770117][ T9525] SELinux: failed to load policy [ 128.785708][ T40] audit: type=1400 audit(2000000040.510:572): avc: denied { bind } for pid=9524 comm="syz.2.1001" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 128.796131][ T9528] netlink: 16 bytes leftover after parsing attributes in process `syz.4.999'. [ 128.809925][ T5296] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 128.982898][ T9541] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1006'. [ 128.996821][ T9541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1006'. [ 129.004318][ T9541] vlan4: entered allmulticast mode [ 129.006124][ T9541] bond0: entered allmulticast mode [ 129.007842][ T9541] bond_slave_0: entered allmulticast mode [ 129.009799][ T9541] bond_slave_1: entered allmulticast mode [ 129.276994][ T40] audit: type=1400 audit(2000000040.969:573): avc: denied { setopt } for pid=9460 comm="syz.0.982" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 129.504064][ T9560] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 129.550850][ T9564] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1014'. [ 129.939285][ T40] audit: type=1400 audit(2000000041.586:574): avc: denied { listen } for pid=9580 comm="syz.4.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 129.955767][ T40] audit: type=1400 audit(2000000041.586:575): avc: denied { accept } for pid=9580 comm="syz.4.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 129.964983][ T9578] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1019'. [ 129.987087][ T9578] hsr_slave_1 (unregistering): left promiscuous mode [ 130.096201][ T40] audit: type=1400 audit(2000000041.736:576): avc: denied { listen } for pid=9590 comm="syz.2.1021" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 130.126823][ T9578] tmpfs: Bad value for 'mpol' [ 130.129369][ T9584] tmpfs: Bad value for 'mpol' [ 130.261895][ T40] audit: type=1400 audit(2000000041.886:577): avc: denied { setopt } for pid=9607 comm="syz.4.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 130.349129][ T5296] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 130.481384][ T9627] o2cb: This node has not been configured. [ 130.483352][ T9627] o2cb: Cluster check failed. Fix errors before retrying. [ 130.485580][ T9627] (syz.4.1031,9627,2):user_dlm_register:674 ERROR: status = -22 [ 130.489657][ T9627] (syz.4.1031,9627,2):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 130.505720][ T9627] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1031'. [ 130.512514][ T9627] gretap0: entered promiscuous mode [ 130.517999][ T9630] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1031'. [ 130.520081][ T9627] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1031'. [ 130.522725][ T9630] 0{X: renamed from gretap0 [ 130.528495][ T9630] 0{X: left promiscuous mode [ 130.532232][ T9630] 0{X: entered allmulticast mode [ 130.536725][ T9630] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 130.546073][ T9627] 1{X: renamed from 30{X (while UP) [ 130.551102][ T9627] A link change request failed with some changes committed already. Interface 31{X may have been left with an inconsistent configuration, please check. [ 130.706214][ T9648] nbd: must specify a device to reconfigure [ 130.840380][ T9652] sctp: [Deprecated]: syz.2.1037 (pid 9652) Use of int in max_burst socket option. [ 130.840380][ T9652] Use struct sctp_assoc_value instead [ 131.009291][ T9654] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1038'. [ 132.040065][ T9705] tipc: Started in network mode [ 132.042792][ T9705] tipc: Node identity e24641e9d94e, cluster identity 3865 [ 132.046316][ T9705] tipc: Enabled bearer , priority 0 [ 132.074856][ T9703] syzkaller0: entered promiscuous mode [ 132.077253][ T9703] syzkaller0: entered allmulticast mode [ 132.133522][ T9703] tipc: Resetting bearer [ 132.213288][ T9702] tipc: Resetting bearer [ 132.233413][ T9712] netlink: 'syz.4.1055': attribute type 63 has an invalid length. [ 132.234662][ T9702] tipc: Disabling bearer [ 132.243750][ T9712] A link change request failed with some changes committed already. Interface 31{X may have been left with an inconsistent configuration, please check. [ 132.319122][ T9714] delete_channel: no stack [ 132.584545][ T9728] misc userio: No port type given on /dev/userio [ 133.312258][ T9747] sp0: Synchronizing with TNC [ 133.336663][ T9746] [U] [ 133.621163][ T9756] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1543 sclass=netlink_route_socket pid=9756 comm=syz.2.1067 [ 133.707758][ T9762] netlink: 'syz.1.1070': attribute type 21 has an invalid length. [ 133.710349][ T9762] __nla_validate_parse: 4 callbacks suppressed [ 133.710358][ T9762] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1070'. [ 133.721658][ T9764] IPv6: sit1: Disabled Multicast RS [ 133.725680][ T9762] netlink: 'syz.1.1070': attribute type 4 has an invalid length. [ 133.728656][ T9762] netlink: 'syz.1.1070': attribute type 5 has an invalid length. [ 133.731680][ T9762] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1070'. [ 133.958303][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 133.958317][ T40] audit: type=1400 audit(2000000045.348:585): avc: denied { mounton } for pid=9778 comm="syz.1.1077" path="/260/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 134.028243][ T9783] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1077'. [ 134.204450][ T40] audit: type=1800 audit(2000000045.582:586): pid=9750 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.1065" name="/" dev="fuse" ino=4 res=0 errno=0 [ 134.253875][ T40] audit: type=1400 audit(2000000045.629:587): avc: denied { accept } for pid=9793 comm="syz.0.1080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 134.260930][ T40] audit: type=1400 audit(2000000045.629:588): avc: denied { write } for pid=9793 comm="syz.0.1080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 134.363261][ T9752] ceph: No mds server is up or the cluster is laggy [ 134.382366][ T9800] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1082'. [ 134.436663][ T40] audit: type=1400 audit(2000000045.798:589): avc: denied { append } for pid=9801 comm="syz.0.1083" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 134.500899][ T9808] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1085'. [ 134.511461][ T9808] sp0: Synchronizing with TNC [ 134.520607][ T9807] [U] [ 134.637384][ T40] audit: type=1400 audit(2000000045.985:590): avc: denied { ioctl } for pid=9809 comm="syz.0.1086" path="socket:[29067]" dev="sockfs" ino=29067 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 134.637780][ T9810] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1086'. [ 134.737662][ T5296] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 134.778608][ T9823] netlink: 'syz.4.1090': attribute type 10 has an invalid length. [ 134.781599][ T9823] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1090'. [ 134.793546][ T9823] team0: entered promiscuous mode [ 134.798547][ T9823] team_slave_0: entered promiscuous mode [ 134.801265][ T9823] team_slave_1: entered promiscuous mode [ 134.803868][ T9823] team0: entered allmulticast mode [ 134.806435][ T9823] team_slave_0: entered allmulticast mode [ 134.808531][ T9823] team_slave_1: entered allmulticast mode [ 134.811065][ T9823] bridge0: port 3(team0) entered blocking state [ 134.813321][ T9823] bridge0: port 3(team0) entered disabled state [ 134.818325][ T9823] bridge0: port 3(team0) entered blocking state [ 134.820407][ T9823] bridge0: port 3(team0) entered forwarding state [ 134.840043][ T40] audit: type=1400 audit(2000000046.181:591): avc: denied { mounton } for pid=9827 comm="syz.0.1092" path="/274/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 134.849207][ T40] audit: type=1400 audit(2000000046.181:592): avc: denied { mount } for pid=9827 comm="syz.0.1092" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 134.872560][ T40] audit: type=1400 audit(2000000046.209:593): avc: denied { unmount } for pid=5940 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 134.918345][ T9840] netlink: 71 bytes leftover after parsing attributes in process `syz.1.1095'. [ 134.941580][ T9837] bond2: Removing last ns target with arp_interval on [ 134.986124][ T5296] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 134.988971][ T40] audit: type=1400 audit(2000000046.312:594): avc: denied { shutdown } for pid=9849 comm="syz.0.1099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 135.032471][ T9856] program syz.1.1100 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 135.033690][ T9855] openvswitch: netlink: IP tunnel dst address not specified [ 135.036191][ T9856] tmpfs: Bad value for 'mpol' [ 135.044521][ T9855] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1102'. [ 135.100133][ T9867] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1105'. [ 135.110023][ T9867] sp0: Synchronizing with TNC [ 135.123068][ T9866] [U] [ 135.250135][ T9879] netlink: 'syz.0.1106': attribute type 39 has an invalid length. [ 135.354866][ T5296] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 135.426787][ T9897] SELinux: Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped). [ 135.467862][ T9900] sp0: Synchronizing with TNC [ 135.472028][ T9900] [U] [ 135.514808][ T9903] ip6tnl2: entered promiscuous mode [ 135.644665][ T9909] sp0: Synchronizing with TNC [ 135.644698][ T9907] 5gQ[: renamed from lo (while UP) [ 135.664293][ T9908] [U] [ 135.748191][ T9916] ip6t_REJECT: ECHOREPLY is not supported [ 135.770839][ T5296] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 135.941325][ T9936] SELinux: Context system_u:object_r:textrel_shlib_t:s0 is not valid (left unmapped). [ 136.098213][ T5296] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 136.124951][ T9948] sp0: Synchronizing with TNC [ 136.134035][ T9947] [U] [ 136.135932][ T9952] MPI: mpi too large (16392 bits) [ 136.150960][ T9952] team0: left promiscuous mode [ 136.153792][ T9952] team_slave_0: left promiscuous mode [ 136.156402][ T9952] team_slave_1: left promiscuous mode [ 136.159132][ T9952] bridge0: port 3(team0) entered disabled state [ 136.169305][ T9952] team0: Cannot enslave team device to itself [ 136.194336][ T9956] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 136.211751][ T9956] qnx6: unable to set blocksize [ 136.430167][ T5296] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 136.523847][ T9984] batadv_slave_1: entered promiscuous mode [ 136.572548][ T9980] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 136.576997][ T9980] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 136.579532][ T9980] bond0 (unregistering): Released all slaves [ 136.619539][ T9983] batadv_slave_1: left promiscuous mode [ 137.039850][ T5296] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 137.298620][T10017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.309920][T10017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.595360][T10019] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 1im]7(a H] [ 137.692151][T10019] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 137.695294][T10019] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 137.698643][T10020] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(14) [ 137.701523][T10020] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 137.709209][T10020] vhci_hcd vhci_hcd.0: Device attached [ 137.709419][T10019] vhci_hcd vhci_hcd.0: Device attached [ 137.715423][T10028] vhci_hcd: connection closed [ 137.717742][T10029] vhci_hcd: connection closed [ 137.728436][ T59] vhci_hcd vhci_hcd.2: stop threads [ 137.736650][ T59] vhci_hcd vhci_hcd.2: release socket [ 137.738800][ T59] vhci_hcd vhci_hcd.2: disconnect device [ 137.742915][ T59] vhci_hcd vhci_hcd.2: stop threads [ 137.745488][ T59] vhci_hcd vhci_hcd.2: release socket [ 137.748234][ T59] vhci_hcd vhci_hcd.2: disconnect device [ 137.844504][T10036] netlink: 'syz.4.1156': attribute type 1 has an invalid length. [ 137.847886][T10036] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR [ 138.542391][T10063] syzkaller0: entered promiscuous mode [ 138.551408][T10063] syzkaller0: entered allmulticast mode [ 138.651748][T10069] CUSE: unknown device info "<5\z0z,~XY+A}sF'%:Ij!@QmߑRGQq 6*5p)x?," [ 138.670305][T10069] CUSE: unknown device info "&b%ZW)3\my " [ 138.674639][T10069] CUSE: unknown device info "ҭSmMi_0˱ݯ;q]{i79{0Եt~>VZ\.9OCU&qmsfkc"" [ 138.680442][T10069] CUSE: DEVNAME unspecified [ 140.068441][T10098] dns_resolver: Unsupported server list version (0) [ 140.076848][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 140.076868][ T40] audit: type=1400 audit(2000000051.075:622): avc: denied { ioctl } for pid=10097 comm="syz.4.1175" path="socket:[29353]" dev="sockfs" ino=29353 ioctlcmd=0x89e7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 140.089449][ T40] audit: type=1400 audit(2000000051.075:623): avc: denied { mounton } for pid=10097 comm="syz.4.1175" path="/172/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 140.160520][T10102] __nla_validate_parse: 9 callbacks suppressed [ 140.160535][T10102] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1176'. [ 140.356952][ T40] audit: type=1400 audit(2000000051.337:624): avc: denied { accept } for pid=10111 comm="syz.2.1179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 140.483150][T10119] sp0: Synchronizing with TNC [ 140.651604][T10124] [U] [ 140.909355][T10156] binder: 10155:10156 ioctl 5416 200000000140 returned -22 [ 141.141632][ T5952] Bluetooth: hci1: Malformed Event: 0x13 [ 141.209555][ T40] audit: type=1400 audit(2000000052.142:625): avc: denied { write } for pid=10173 comm="syz.0.1198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 141.315126][T10178] fuse: fd is not a fuse device [ 141.374062][T10182] xt_time: unknown flags 0xf4 [ 141.778950][ T40] audit: type=1400 audit(2000000052.666:626): avc: denied { name_connect } for pid=10191 comm="syz.0.1203" dest=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 142.224983][T10210] ceph: No source [ 142.230654][T10210] : renamed from lo [ 142.261944][T10212] vim2m vim2m.0: vidioc_s_fmt queue busy [ 142.309300][T10215] netlink: 'syz.1.1212': attribute type 21 has an invalid length. [ 142.312479][T10215] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1212'. [ 142.364413][ T40] audit: type=1400 audit(2000000053.218:627): avc: denied { read } for pid=10219 comm="syz.1.1214" path="socket:[31113]" dev="sockfs" ino=31113 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 142.601922][ T40] audit: type=1400 audit(2000000053.443:628): avc: denied { remount } for pid=10229 comm="syz.1.1217" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 142.608563][T10230] tracefs: Bad value for 'mode' [ 142.610566][T10231] tracefs: Bad value for 'mode' [ 142.613783][T10231] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 142.616908][T10230] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 142.783326][T10238] cgroup: none used incorrectly [ 142.809303][T10240] xt_hashlimit: max too large, truncated to 1048576 [ 142.812423][T10240] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 142.816446][T10240] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1220'. [ 142.905275][T10242] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2567 sclass=netlink_route_socket pid=10242 comm=syz.0.1221 [ 142.961997][T10246] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1222'. [ 142.966136][T10247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1222'. [ 143.015424][ T1425] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.343416][T10279] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1230'. [ 143.347407][T10279] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1230'. [ 143.368479][T10275] nbd1: detected capacity change from 0 to 63 [ 143.378496][ T5952] block nbd1: Receive control failed (result -104) [ 143.435993][T10287] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1232'. [ 143.460256][T10281] bond65: option downdelay: invalid value (18446744073709551615) [ 143.466240][T10281] bond65: option downdelay: allowed values 0 - 2147483647 [ 143.476816][T10281] bond65 (unregistering): Released all slaves [ 143.751443][ T40] audit: type=1400 audit(2000000054.519:629): avc: denied { mount } for pid=10293 comm="syz.0.1235" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 143.763401][ T40] audit: type=1400 audit(2000000054.519:630): avc: denied { unmount } for pid=10293 comm="syz.0.1235" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 143.884558][ T5952] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 143.974191][T10306] usb usb9: usbfs: process 10306 (syz.2.1240) did not claim interface 10 before use [ 144.242201][T10324] NILFS (nullb0): couldn't find nilfs on the device [ 144.246772][T10324] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1245'. [ 144.277173][T10326] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1243'. [ 144.894847][T10369] IPVS: length: 120 != 24 [ 145.055730][ T40] audit: type=1400 audit(2000000055.736:631): avc: denied { ioctl } for pid=10374 comm="syz.4.1260" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0xaecc scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 145.068125][T10375] netlink: 'syz.4.1260': attribute type 1 has an invalid length. [ 145.071611][T10375] netlink: 'syz.4.1260': attribute type 1 has an invalid length. [ 145.181773][T10386] openvswitch: netlink: Message has 5 unknown bytes. [ 145.260753][ T50] IPVS: starting estimator thread 0... [ 145.308953][T10394] macsec2: entered promiscuous mode [ 145.314857][T10394] macsec2: entered allmulticast mode [ 145.351951][T10391] IPVS: using max 46 ests per chain, 110400 per kthread [ 145.427117][T10398] overlay: filesystem on ./bus not supported as upperdir [ 145.434079][T10398] overlay: filesystem on ./bus not supported as upperdir [ 145.438584][T10398] overlay: filesystem on ./bus not supported as upperdir [ 145.459816][T10398] overlayfs: failed to resolve './file1': -2 [ 145.465116][T10398] overlayfs: failed to resolve './file1': -2 [ 145.468940][T10398] overlayfs: failed to resolve './file1': -2 [ 145.472477][T10398] overlayfs: failed to resolve './file1': -2 [ 145.473975][T10398] overlayfs: failed to resolve './file1': -2 [ 145.477673][T10398] overlayfs: failed to resolve './file1': -2 [ 145.479100][T10398] overlayfs: failed to resolve './file1': -2 [ 145.499155][T10402] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10402 comm=syz.2.1268 [ 145.607913][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 145.607928][ T40] audit: type=1400 audit(2000000056.250:633): avc: denied { write } for pid=10404 comm="syz.0.1269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 145.636956][T10409] IPVS: set_ctl: invalid protocol: 44 255.255.255.255:20003 [ 145.674222][ T40] audit: type=1400 audit(2000000056.316:634): avc: denied { getopt } for pid=10404 comm="syz.0.1269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 145.690157][T10413] UHID_CREATE from different security context by process 979 (syz.2.1272), this is not allowed. [ 145.694468][ T40] audit: type=1400 audit(2000000056.316:635): avc: denied { read write } for pid=10412 comm="syz.2.1272" name="uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 145.694498][ T40] audit: type=1400 audit(2000000056.316:636): avc: denied { open } for pid=10412 comm="syz.2.1272" path="/dev/uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 145.723783][T10418] __nla_validate_parse: 6 callbacks suppressed [ 145.723802][T10418] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1273'. [ 145.733149][ T40] audit: type=1400 audit(2000000056.372:637): avc: denied { setattr } for pid=10417 comm="syz.1.1273" name="tty1" dev="devtmpfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1 [ 145.785316][T10425] netlink: 'syz.4.1276': attribute type 1 has an invalid length. [ 145.829663][T10425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.858899][T10425] vlan2: entered allmulticast mode [ 145.860656][T10425] bond0: entered allmulticast mode [ 145.880553][T10425] bond0: (slave geneve2): making interface the new active one [ 145.883025][T10425] geneve2: entered allmulticast mode [ 145.887049][T10425] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 145.928901][ T5668] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 146.016600][ T40] audit: type=1400 audit(2000000056.643:638): avc: denied { ioctl } for pid=10440 comm="syz.1.1279" path="socket:[29663]" dev="sockfs" ino=29663 ioctlcmd=0x8981 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 146.032176][ T40] audit: type=1400 audit(2000000056.653:639): avc: denied { write } for pid=10442 comm="syz.2.1281" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 146.079606][ T40] audit: type=1400 audit(2000000056.700:640): avc: denied { create } for pid=10444 comm="syz.1.1282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 146.097358][ T5668] usb 5-1: Using ep0 maxpacket: 8 [ 146.099613][ T5668] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 146.099649][ T5668] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 146.099690][ T5668] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 146.099717][ T5668] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 146.099743][ T5668] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 146.099864][ T5668] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 146.099894][ T5668] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 146.099922][ T5668] usb 5-1: config 168 interface 0 has no altsetting 0 [ 146.101892][ T5668] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 146.101922][ T5668] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 146.101954][ T5668] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 146.101980][ T5668] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 146.102004][ T5668] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 146.102029][ T5668] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 146.102053][ T5668] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 146.102078][ T5668] usb 5-1: config 168 interface 0 has no altsetting 0 [ 146.106412][ T5668] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 146.106449][ T5668] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 146.106485][ T5668] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 146.106511][ T5668] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 146.106537][ T5668] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 146.106566][ T5668] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 146.106593][ T5668] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 146.106620][ T5668] usb 5-1: config 168 interface 0 has no altsetting 0 [ 146.112025][ T5668] usb 5-1: string descriptor 0 read error: -22 [ 146.142671][T10448] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1283'. [ 146.147538][ T5668] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 146.229422][ T5668] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.241579][ T5668] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 146.276897][T10448] sp0: Synchronizing with TNC [ 146.289670][T10447] [U] [ 146.519462][ T40] audit: type=1400 audit(2000000057.111:641): avc: denied { connect } for pid=10464 comm="syz.1.1289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 146.550017][T10471] vivid-007: ================= START STATUS ================= [ 146.554782][T10471] vivid-007: Enable Output Cropping: true [ 146.558215][T10471] vivid-007: Enable Output Composing: true [ 146.562659][T10471] vivid-007: Enable Output Scaler: true [ 146.565231][T10471] vivid-007: Tx RGB Quantization Range: Automatic [ 146.571379][T10471] vivid-007: Transmit Mode: HDMI [ 146.573581][T10471] vivid-007: Hotplug Present: 0x00000000 [ 146.576043][T10471] vivid-007: RxSense Present: 0x00000000 [ 146.578413][T10471] vivid-007: EDID Present: 0x00000000 [ 146.581278][T10471] vivid-007: ================== END STATUS ================== [ 146.635732][ T50] usb 5-1: USB disconnect, device number 8 [ 146.852572][ T40] audit: type=1400 audit(2000000057.420:642): avc: denied { checkpoint_restore } for pid=10500 comm="syz.4.1299" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 147.116345][T10522] netlink: 'syz.0.1305': attribute type 10 has an invalid length. [ 147.119582][T10522] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1305'. [ 147.195141][T10524] ref_ctr_offset mismatch. inode: 0x664 offset: 0x0 ref_ctr_offset(old): 0x16 ref_ctr_offset(new): 0x0 [ 147.256859][T10537] fuse: Unknown parameter '0x0000000000000003' [ 147.280088][T10537] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma? [ 147.304404][T10537] overlayfs: failed to resolve './file1': -2 [ 147.340523][T10539] veth0_to_bridge: vlans aren't supported yet for dev_uc|mc_add() [ 147.506229][T10551] bond3: option xmit_hash_policy: invalid value (6) [ 147.512345][T10551] bond3 (unregistering): Released all slaves [ 147.545324][T10557] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1315'. [ 147.548836][T10557] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1315'. [ 147.750608][ T5296] Bluetooth: hci3: command 0x0405 tx timeout [ 147.820406][T10574] kvm: requested 18438 ns i8254 timer period limited to 200000 ns [ 147.824708][T10574] kvm: requested 103085 ns i8254 timer period limited to 200000 ns [ 147.828339][T10574] kvm: requested 82133 ns i8254 timer period limited to 200000 ns [ 147.887779][T10574] kvm: requested 18438 ns i8254 timer period limited to 200000 ns [ 147.891304][T10574] kvm: requested 183542 ns i8254 timer period limited to 200000 ns [ 147.895219][T10574] kvm: requested 113142 ns i8254 timer period limited to 200000 ns [ 147.905876][ T50] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 148.088047][ T50] usb 9-1: Using ep0 maxpacket: 32 [ 148.094276][ T50] usb 9-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 148.100474][ T50] usb 9-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 148.108984][ T50] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 148.119507][ T50] usb 9-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 148.126136][ T50] usb 9-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 148.130054][ T50] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.133090][ T50] usb 9-1: Product: syz [ 148.134433][ T50] usb 9-1: Manufacturer: syz [ 148.135924][ T50] usb 9-1: SerialNumber: syz [ 148.159957][ C1] imon 9-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 148.174681][ T50] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/input/input11 [ 148.382106][T10600] netlink: 23 bytes leftover after parsing attributes in process `syz.1.1331'. [ 148.386893][ T50] imon 9-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 148.389018][ T50] (id 0x00) [ 148.452442][ T50] rc_core: IR keymap rc-imon-pad not found [ 148.454840][ T50] Registered IR keymap rc-empty [ 148.456482][ T50] imon 9-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 148.459705][ T50] imon 9-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 148.543046][T10617] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1340'. [ 148.617399][ T50] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0 [ 148.629487][ T50] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0/input12 [ 148.647728][ T50] imon 9-1:155.0: iMON device (15c2:ffdc, intf0) on usb<9:5> initialized [ 148.805466][T10567] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1542 sclass=netlink_route_socket pid=10567 comm=syz.4.1319 [ 148.820792][ T6012] usb 9-1: USB disconnect, device number 5 [ 149.034327][T10644] C: renamed from team_slave_0 (while UP) [ 149.061182][T10646] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1353'. [ 149.069764][T10644] netlink: 'syz.1.1352': attribute type 8 has an invalid length. [ 149.073864][T10646] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1353'. [ 149.080575][T10644] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 149.162504][T10650] netlink: 'syz.1.1355': attribute type 29 has an invalid length. [ 149.169401][T10650] netlink: 'syz.1.1355': attribute type 29 has an invalid length. [ 149.572052][T10695] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 149.667162][T10705] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.676485][T10705] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 149.709553][T10710] openvswitch: netlink: IPv6 tunnel dst address is zero [ 149.733430][T10707] netlink: 'syz.4.1384': attribute type 29 has an invalid length. [ 149.736736][T10707] netlink: 'syz.4.1384': attribute type 29 has an invalid length. [ 149.739696][T10712] @0: renamed from bond_slave_1 [ 149.814190][T10720] netlink: 'syz.1.1386': attribute type 29 has an invalid length. [ 149.817472][T10715] netlink: 'syz.1.1386': attribute type 29 has an invalid length. [ 149.823604][T10715] netlink: 'syz.1.1386': attribute type 29 has an invalid length. [ 149.862547][T10724] netlink: 'syz.1.1389': attribute type 29 has an invalid length. [ 149.866297][T10724] netlink: 'syz.1.1389': attribute type 29 has an invalid length. [ 149.952816][T10734] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1394'. [ 150.119131][T10756] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.122318][T10756] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.235318][T10833] __nla_validate_parse: 5 callbacks suppressed [ 151.235364][T10833] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.1442'. [ 151.341751][T10845] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.1448'. [ 151.363462][T10848] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1449'. [ 151.727605][T10893] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 151.947848][T10917] netlink: zone id is out of range [ 151.949958][T10917] netlink: zone id is out of range [ 151.951732][T10917] netlink: get zone limit has 8 unknown bytes [ 152.295092][T10961] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1493'. [ 152.300106][T10961] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1493'. [ 152.387824][T10973] openvswitch: netlink: Message has 1 unknown bytes. [ 152.900007][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 152.900021][ T40] audit: type=1400 audit(2000000063.082:650): avc: denied { ioctl } for pid=11028 comm="syz.0.1525" path="time:[4026531834]" dev="nsfs" ino=4026531834 ioctlcmd=0xb708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 153.298880][T11074] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1546'. [ 153.302015][T11074] tc_dump_action: action bad kind [ 153.343234][T11078] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16) [ 153.346018][T11078] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 153.418113][T11081] syzkaller0: tun_chr_ioctl cmd 1074812118 [ 153.855975][T11137] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1576'. [ 153.871504][T11125] syzkaller0: entered promiscuous mode [ 153.874085][T11125] syzkaller0: entered allmulticast mode [ 155.085098][T11169] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1590'. [ 155.606608][T11145] validate_nla: 10 callbacks suppressed [ 155.606624][T11145] netlink: 'syz.1.1579': attribute type 29 has an invalid length. [ 155.619562][T11178] netlink: 'syz.0.1594': attribute type 29 has an invalid length. [ 155.625872][T11177] netlink: 'syz.0.1594': attribute type 29 has an invalid length. [ 155.628998][T11178] netlink: 'syz.0.1594': attribute type 29 has an invalid length. [ 155.866405][T11217] netlink: 'syz.1.1609': attribute type 29 has an invalid length. [ 155.873660][T11209] netlink: 'syz.1.1609': attribute type 29 has an invalid length. [ 155.877010][T11217] netlink: 'syz.1.1609': attribute type 29 has an invalid length. [ 156.085928][T11244] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1626'. [ 156.265822][T11253] netlink: 'syz.0.1629': attribute type 10 has an invalid length. [ 156.414217][T11259] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1632'. [ 156.852319][T11279] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1640'. [ 156.856199][T11279] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 156.881778][T11281] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1641'. [ 157.684045][T11276] netlink: 'syz.2.1638': attribute type 29 has an invalid length. [ 158.059923][T11313] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1654'. [ 158.244464][T11333] netlink: 'syz.4.1664': attribute type 25 has an invalid length. [ 158.361634][T11339] TCP: TCP_TX_DELAY enabled [ 158.823467][T11392] team0: Device veth0_vlan is up. Set it down before adding it as a team port [ 159.143747][T11434] netlink: 3936 bytes leftover after parsing attributes in process `syz.1.1710'. [ 159.148928][T11434] block nbd2: Unsupported socket: should be TCP or UNIX. [ 159.353016][T11459] The dccp option matching is deprecated and scheduled to be removed in 2027. [ 159.353016][T11459] Please contact the netfilter-devel mailing list or update your nftables rules. [ 159.494338][T11464] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1723'. [ 159.652964][T11474] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1728'. [ 160.981226][T11484] validate_nla: 7 callbacks suppressed [ 160.981246][T11484] netlink: 'syz.4.1733': attribute type 29 has an invalid length. [ 160.990060][T11484] netlink: 'syz.4.1733': attribute type 29 has an invalid length. [ 161.064786][T11493] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1737'. [ 161.925920][ T39] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 162.111934][ T39] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 162.118739][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 162.125759][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 162.132555][ T39] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 162.143503][ T39] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 162.148202][ T39] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 162.161086][ T39] usb 5-1: Manufacturer: syz [ 162.188077][ T39] usb 5-1: config 0 descriptor?? [ 162.653459][ T39] hid_parser_main: 5 callbacks suppressed [ 162.653545][ T39] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 162.673004][ T39] appleir 0003:05AC:8243.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 162.921204][ T57] usb 5-1: USB disconnect, device number 9 [ 162.941105][ T34] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 163.101401][ T34] usb 9-1: Using ep0 maxpacket: 32 [ 163.106106][ T34] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 163.112695][ T34] usb 9-1: config 0 has no interfaces? [ 163.118342][ T34] usb 9-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 163.122138][ T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.125305][ T34] usb 9-1: Product: syz [ 163.126671][ T34] usb 9-1: Manufacturer: syz [ 163.129889][ T34] usb 9-1: SerialNumber: syz [ 163.134285][ T34] usb 9-1: config 0 descriptor?? [ 164.829378][T11581] ip6gre1: entered promiscuous mode [ 164.831827][T11581] ip6gre1: entered allmulticast mode [ 165.174643][ T39] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 165.249500][ T6012] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 165.345516][ T39] usb 7-1: Using ep0 maxpacket: 8 [ 165.349958][ T39] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 165.355470][ T39] usb 7-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 165.359288][ T39] usb 7-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 165.362592][ T39] usb 7-1: Product: syz [ 165.364276][ T39] usb 7-1: Manufacturer: syz [ 165.366172][ T39] usb 7-1: SerialNumber: syz [ 165.432605][ T6012] usb 6-1: config index 0 descriptor too short (expected 24441, got 36) [ 165.436170][ T6012] usb 6-1: config 114 has too many interfaces: 116, using maximum allowed: 32 [ 165.439077][ T6012] usb 6-1: config 114 has an invalid descriptor of length 101, skipping remainder of the config [ 165.443478][ T6012] usb 6-1: config 114 has 0 interfaces, different from the descriptor's value: 116 [ 165.448287][ T6012] usb 6-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 165.451663][ T6012] usb 6-1: New USB device strings: Mfr=0, Product=10, SerialNumber=0 [ 165.454863][ T6012] usb 6-1: Product: syz [ 165.590151][ T39] usb 7-1: Invalid connection information received from device [ 165.686324][ T6012] usb 6-1: USB disconnect, device number 6 [ 165.809187][ T39] usb 7-1: USB disconnect, device number 6 [ 165.912404][ T10] usb 9-1: USB disconnect, device number 6 [ 166.155352][ C3] vcan0: j1939_tp_rxtimer: 0xffff888038a67400: rx timeout, send abort [ 166.162897][ C3] vcan0: j1939_xtp_rx_abort_one: 0xffff888038a67400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 166.171152][ T40] audit: type=1400 audit(2000000075.500:651): avc: denied { read } for pid=5327 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 166.179894][ T40] audit: type=1400 audit(2000000075.500:652): avc: denied { search } for pid=5327 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 166.188252][ T40] audit: type=1400 audit(2000000075.500:653): avc: denied { search } for pid=5327 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 166.196956][ T40] audit: type=1400 audit(2000000075.500:654): avc: denied { add_name } for pid=5327 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 166.205383][ T40] audit: type=1400 audit(2000000075.500:655): avc: denied { create } for pid=5327 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 166.213538][ T40] audit: type=1400 audit(2000000075.500:656): avc: denied { append open } for pid=5327 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 166.222575][ T40] audit: type=1400 audit(2000000075.500:657): avc: denied { getattr } for pid=5327 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 166.464307][T11608] ------------[ cut here ]------------ [ 166.466726][T11608] enable_ept && !allow_smaller_maxphyaddr [ 166.466735][T11608] WARNING: arch/x86/kvm/vmx/vmx.c:5335 at handle_exception_nmi+0xa6e/0x1bb0, CPU#3: syz.0.1783/11608 [ 166.473261][T11608] Modules linked in: [ 166.475343][T11608] CPU: 3 UID: 0 PID: 11608 Comm: syz.0.1783 Tainted: G L syzkaller #0 PREEMPT(full) [ 166.479178][T11608] Tainted: [L]=SOFTLOCKUP [ 166.480708][T11608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 166.484158][T11608] RIP: 0010:handle_exception_nmi+0xa6e/0x1bb0 [ 166.486327][T11608] Code: 08 84 d2 0f 85 fc 10 00 00 44 0f b6 2d 96 cc 3b 0f 31 ff 44 89 ee e8 a1 8c 69 00 45 84 ed 0f 85 b4 0e 00 00 e8 43 92 69 00 90 <0f> 0b 90 31 ff 44 89 e6 e8 e5 8c 69 00 45 85 e4 0f 85 7e 0b 00 00 [ 166.493767][T11608] RSP: 0018:ffffc9000e20f9d8 EFLAGS: 00010283 [ 166.496157][T11608] RAX: 000000000001a55d RBX: ffff88805b3729c0 RCX: ffffc90004702000 [ 166.499184][T11608] RDX: 0000000000080000 RSI: ffffffff819fd71d RDI: ffff8880575aca00 [ 166.502017][T11608] RBP: 000000000f6632eb R08: 0000000000000001 R09: 0000000000000000 [ 166.505046][T11608] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 166.508265][T11608] R13: 0000000000000000 R14: ffff88805ce6c000 R15: ffff88805b372a90 [ 166.511674][T11608] FS: 00007f56e6ff96c0(0000) GS:ffff8880d65ef000(0000) knlGS:0000000000000000 [ 166.514875][T11608] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 166.517404][T11608] CR2: 000000000f6632eb CR3: 000000005b3a9000 CR4: 0000000000352ef0 [ 166.520489][T11608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000036 [ 166.523762][T11608] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 166.526887][T11608] Call Trace: [ 166.528169][T11608] [ 166.529435][T11608] ? __pfx_handle_exception_nmi+0x10/0x10 [ 166.531686][T11608] vmx_handle_exit+0x84c/0x1f30 [ 166.533353][T11608] vcpu_run+0x34cf/0x5ca0 [ 166.534903][T11608] ? __pfx_vcpu_run+0x10/0x10 [ 166.536533][T11608] ? rcu_is_watching+0x12/0xc0 [ 166.538436][T11608] ? kvm_arch_vcpu_ioctl_run+0x5b6/0x1890 [ 166.540381][T11608] kvm_arch_vcpu_ioctl_run+0x5b6/0x1890 [ 166.543363][T11608] kvm_vcpu_ioctl+0x730/0x1720 [ 166.545046][T11608] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 166.546738][T11608] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 166.548751][T11608] ? do_vfs_ioctl+0x226/0x13e0 [ 166.550533][T11608] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 166.552282][T11608] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 166.555010][T11608] ? __fget_files+0x215/0x3d0 [ 166.556647][T11608] ? hook_file_ioctl_common+0x149/0x410 [ 166.558535][T11608] ? selinux_file_ioctl+0x13b/0x290 [ 166.560302][T11608] ? selinux_file_ioctl+0xb6/0x290 [ 166.562079][T11608] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 166.563941][T11608] __x64_sys_ioctl+0x18e/0x210 [ 166.565626][T11608] do_syscall_64+0x10b/0xf80 [ 166.567608][T11608] ? clear_bhb_loop+0x40/0x90 [ 166.569257][T11608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.571252][T11608] RIP: 0033:0x7f56e619c819 [ 166.572902][T11608] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 166.579424][T11608] RSP: 002b:00007f56e6ff9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 166.582438][T11608] RAX: ffffffffffffffda RBX: 00007f56e6415fa0 RCX: 00007f56e619c819 [ 166.585154][T11608] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 166.587896][T11608] RBP: 00007f56e6232c91 R08: 0000000000000000 R09: 0000000000000000 [ 166.590548][T11608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.593476][T11608] R13: 00007f56e6416038 R14: 00007f56e6415fa0 R15: 00007ffd3544d4b8 [ 166.596226][T11608] [ 166.597463][T11608] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 166.600176][T11608] CPU: 3 UID: 0 PID: 11608 Comm: syz.0.1783 Tainted: G L syzkaller #0 PREEMPT(full) [ 166.603936][T11608] Tainted: [L]=SOFTLOCKUP [ 166.605590][T11608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 166.609617][T11608] Call Trace: [ 166.610965][T11608] [ 166.612196][T11608] dump_stack_lvl+0x100/0x190 [ 166.614235][T11608] vpanic+0x552/0x970 [ 166.615895][T11608] ? __pfx_vpanic+0x10/0x10 [ 166.617797][T11608] panic+0xd1/0xe0 [ 166.619320][T11608] ? __pfx_panic+0x10/0x10 [ 166.621235][T11608] check_panic_on_warn.cold+0x19/0x34 [ 166.623440][T11608] ? handle_exception_nmi+0xa6e/0x1bb0 [ 166.625700][T11608] __warn.cold+0x191/0x328 [ 166.627532][T11608] __report_bug+0x296/0x3d0 [ 166.629569][T11608] ? handle_exception_nmi+0xa6e/0x1bb0 [ 166.631787][T11608] ? __pfx___report_bug+0x10/0x10 [ 166.633820][T11608] ? __pfx_skip_emulated_instruction+0x10/0x10 [ 166.636479][T11608] ? kvm_pmu_trigger_event.isra.0+0x789/0xc00 [ 166.638658][T11608] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 166.640710][T11608] ? handle_exception_nmi+0xa6e/0x1bb0 [ 166.642597][T11608] report_bug+0xb2/0x220 [ 166.644061][T11608] ? handle_exception_nmi+0xa6e/0x1bb0 [ 166.645923][T11608] handle_bug+0x16a/0x2a0 [ 166.647460][T11608] exc_invalid_op+0x17/0x50 [ 166.649116][T11608] asm_exc_invalid_op+0x1a/0x20 [ 166.650814][T11608] RIP: 0010:handle_exception_nmi+0xa6e/0x1bb0 [ 166.652872][T11608] Code: 08 84 d2 0f 85 fc 10 00 00 44 0f b6 2d 96 cc 3b 0f 31 ff 44 89 ee e8 a1 8c 69 00 45 84 ed 0f 85 b4 0e 00 00 e8 43 92 69 00 90 <0f> 0b 90 31 ff 44 89 e6 e8 e5 8c 69 00 45 85 e4 0f 85 7e 0b 00 00 [ 166.659351][T11608] RSP: 0018:ffffc9000e20f9d8 EFLAGS: 00010283 [ 166.661456][T11608] RAX: 000000000001a55d RBX: ffff88805b3729c0 RCX: ffffc90004702000 [ 166.664120][T11608] RDX: 0000000000080000 RSI: ffffffff819fd71d RDI: ffff8880575aca00 [ 166.666790][T11608] RBP: 000000000f6632eb R08: 0000000000000001 R09: 0000000000000000 [ 166.669699][T11608] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 166.672367][T11608] R13: 0000000000000000 R14: ffff88805ce6c000 R15: ffff88805b372a90 [ 166.674977][T11608] ? handle_exception_nmi+0xa6d/0x1bb0 [ 166.677002][T11608] ? handle_exception_nmi+0xa6d/0x1bb0 [ 166.679062][T11608] ? __pfx_handle_exception_nmi+0x10/0x10 [ 166.681154][T11608] vmx_handle_exit+0x84c/0x1f30 [ 166.683163][T11608] vcpu_run+0x34cf/0x5ca0 [ 166.684893][T11608] ? __pfx_vcpu_run+0x10/0x10 [ 166.686823][T11608] ? rcu_is_watching+0x12/0xc0 [ 166.688591][T11608] ? kvm_arch_vcpu_ioctl_run+0x5b6/0x1890 [ 166.690630][T11608] kvm_arch_vcpu_ioctl_run+0x5b6/0x1890 [ 166.692511][T11608] kvm_vcpu_ioctl+0x730/0x1720 [ 166.694121][T11608] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 166.695853][T11608] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 166.697927][T11608] ? do_vfs_ioctl+0x226/0x13e0 [ 166.699772][T11608] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 166.701560][T11608] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 166.703854][T11608] ? __fget_files+0x215/0x3d0 [ 166.705438][T11608] ? hook_file_ioctl_common+0x149/0x410 [ 166.707427][T11608] ? selinux_file_ioctl+0x13b/0x290 [ 166.709352][T11608] ? selinux_file_ioctl+0xb6/0x290 [ 166.711378][T11608] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 166.713251][T11608] __x64_sys_ioctl+0x18e/0x210 [ 166.715221][T11608] do_syscall_64+0x10b/0xf80 [ 166.717183][T11608] ? clear_bhb_loop+0x40/0x90 [ 166.719028][T11608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.721386][T11608] RIP: 0033:0x7f56e619c819 [ 166.723058][T11608] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 166.729989][T11608] RSP: 002b:00007f56e6ff9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 166.733200][T11608] RAX: ffffffffffffffda RBX: 00007f56e6415fa0 RCX: 00007f56e619c819 [ 166.736131][T11608] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 166.738837][T11608] RBP: 00007f56e6232c91 R08: 0000000000000000 R09: 0000000000000000 [ 166.741662][T11608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.744364][T11608] R13: 00007f56e6416038 R14: 00007f56e6415fa0 R15: 00007ffd3544d4b8 [ 166.747295][T11608] [ 166.749813][T11608] Kernel Offset: disabled [ 166.751689][T11608] Rebooting in 86400 seconds..