last executing test programs: 15.402173692s ago: executing program 2 (id=904): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_INIT(r0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x18) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.kill\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r1, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 15.320784678s ago: executing program 2 (id=905): capset(0x0, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) r0 = syz_open_dev$video(0x0, 0x10001, 0x20400) ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f0000000000)={0x1, {0x0, 0x5, 0x2, 0x8}, {0x80000000, 0x480000, 0x9, 0xfffffffb}, {0x6, 0xffffffff}}) 15.320411627s ago: executing program 2 (id=906): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000140)={0x6, 'wg0\x00', {0x6}, 0x8}) r1 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e24, @empty}], 0x10) listen(r1, 0x100) sendmsg$inet_sctp(r1, &(0x7f0000001640)={&(0x7f0000000000)=@in={0x2, 0x4e24, @remote}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000040)=')', 0x1}], 0x1, 0x0, 0x0, 0x8000}, 0x20000000) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="5800000010000104000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="fab0817dbcb5f31a24001280110001006272696467655f736c617665000000000c00058005000a0000000000140003006272696467655f736c6176655f3000008e8e82a827095a71c2fe74e507269549291e8cf3beb75d4cdd43729057d4f01de762047af0d920d11213b7d89e8a98d610f330bbc4c817c2c72a0ae78cad09a483c96fe31018e3caafa73d925c077cf8507f4d89b333b099c9162787ee17224e567189632ff5564306a7fd10f747457f3f3ec9c6eb"], 0x58}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040) 14.461782345s ago: executing program 2 (id=916): r0 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0) r1 = socket$inet(0x2, 0x4000000805, 0x0) sendto$inet(r1, &(0x7f00000002c0)="eb", 0x1, 0x0, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f00000000c0)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r2, 0xc02064cc, &(0x7f0000000080)={r3, r3, 0x0, 0x0, 0x2}) r4 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000080)=@assoc_value={0x0}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000000)={r5, 0x1}, 0x8) r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000100)=0x80000) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x4a0, 0x0, 0x1170, 0x1170, 0x0, 0x1170, 0x3d0, 0x1398, 0x1398, 0x3d0, 0x1398, 0x3, 0x0, {[{{@ipv6={@remote, @private0={0xfc, 0x0, '\x00', 0x1}, [0xffffffff, 0xff000000, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0xffffff00], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x2e, 0x0, 0x0, 0x46}, 0x0, 0x2b8, 0x2e0, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x8, 0x7c7, 0x5d, 0x2, 0x4, 0x2, 0x99, 0x0, 0x80, 0x78}, {0x8000000000000001}}}, @common=@unspec=@conntrack1={{0xb8}, {{@ipv4=@loopback, [0x0, 0xff000000, 0xffffff00, 0xff], @ipv6=@private1, [0xffffff00, 0xff000000, 0xffffffff, 0xffffff00], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xffffff00], @ipv4=@local, [0xffffffff, 0xffffff00, 0xff000000, 0xffff00], 0x0, 0x8, 0x89, 0x4e22, 0x4e21, 0x4e23, 0x4e20, 0x100, 0x1240}, 0x81, 0x41}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x8, 0x3}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x500) ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000280)={0xe, 0x17, 0x2, {0x5, './bus'}}, 0xe) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r8 = syz_io_uring_setup(0x658d, &(0x7f0000000180)={0x0, 0x5fe6, 0x800, 0x2, 0x5, 0x0, r0}, &(0x7f00000000c0), &(0x7f0000000200)) dup(r4) syz_io_uring_setup(0x2fd, &(0x7f0000000100)={0x0, 0x83b5, 0x10000, 0x0, 0xde, 0x0, r8}, 0x0, 0x0) 14.329361943s ago: executing program 2 (id=917): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) chdir(&(0x7f0000000080)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, 0x0, r1, 0x1}) bind$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @local}, 0x10) setpgid(r0, r0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x44, r4, 0x1, 0x4, 0x1, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'wlan1\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xffe3}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) sendmsg$inet(r2, &(0x7f0000000d40)={0x0, 0x7000003, &(0x7f00000023c0)=[{&(0x7f0000000b40)='?', 0x1}, {0x0, 0x1}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x20001) setpgid(0x0, r0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x262) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x200010, 0x0) 14.250645576s ago: executing program 2 (id=918): r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x10100, 0x3, 0x16a}, &(0x7f0000002000)=0x0, &(0x7f0000000440)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x22}) io_uring_enter(r0, 0x48e9, 0xf2bb, 0x2, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r3, &(0x7f0000001e80)=@file={0x1, './file0\x00'}, 0x6e) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f00000000c0)=@raw={'raw\x00', 0x41, 0x3, 0x1c0, 0x0, 0x50020000, 0x0, 0x98, 0x0, 0x128, 0x1f0, 0x1f0, 0x128, 0x1f0, 0x3, 0x0, {[{{@ip={@remote, @multicast2, 0xff, 0x0, 'syzkaller0\x00', 'vlan1\x00', {}, {}, 0x6, 0x3, 0x35}, 0x0, 0x70, 0x98, 0x0, {0x0, 0xffffffffa0028000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x220) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x40d, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r7, 0xc060, 0x8}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_ISOLATED={0x5, 0x21, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20048041}, 0x894) 2.426747092s ago: executing program 1 (id=1050): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r3 = socket(0x15, 0x5, 0x0) getsockopt(r3, 0x200000000114, 0x2716, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x50, r1, 0x200, 0x70bd2a, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x60000}, 0x4010) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000003c0)={0x1a4, r1, 0x1, 0x0, 0x25dfdbfd, {{0x2}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xffffffff, 0x1}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8ea}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}], @NL80211_ATTR_FRAME={0x16a, 0x33, @auth={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {}, @device_b, @device_a, @initial, {0x5, 0x1}}, 0x1, 0x1, 0x10, @val={0x10, 0x1, 0xd}, [{0xdd, 0xdd, "3acbc8490b7f066d2eaec501b8b3b729562c8453463ea750afe35307a2ca4833f9f24b820f610e16386f4b0c3d856e86c28d4df122d260f96dfc5679a7908a30951aa7c1e6fca853d5a4a9a6b6f77590a6f67adf9cfeff41dcf863df81513fae87bbb642c22f58c7ba8e89367ba9bb967a3aaf0bef0f4ecbd1d9b68d40bc4de54e44e5be8bba611e4f4a9d46b354921c64e86a81037ff6121ad7eb760aac9dee51d1f23416c12eca048720ff78f46ded5c66bf3753fd4406fa3b93a6140ca0d2df23546f50b633207b64005c97445beaee51c9e32d8bbf9bfce4c5d3e2"}, {0xdd, 0x64, "d8bbb5c796b387a05e3ae47d6b2db8c634b6bbf66696cb5161e2085d39b7c6aae450e41993631be6280e82e0bacb25b4f7fd4686b7c2231d98052ba4caa950f86416e48b185daa5439b0fd10b555a404ceaecf654518a5d4bbef5858bce4e389e0fc62ca"}]}}]}, 0x1a4}}, 0x0) 2.426536043s ago: executing program 1 (id=1051): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x14, 0x16, 0xa01, 0x0, 0x0, {0xa, 0x0, 0x700}}, 0x14}}, 0x0) (async, rerun: 32) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (rerun: 32) write$nci(r1, &(0x7f0000000040)=@NCI_OP_CORE_CONN_CLOSE_RSP={0x0, 0x1, 0x2, 0x5, 0x8, 0x1}, 0x4) 1.680265118s ago: executing program 1 (id=1059): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x8001) r3 = getpgid(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000140)={0x2, r3}) sendmmsg$unix(r1, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="11", 0x1}], 0x1}}], 0x1, 0x20040001) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0xf5, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a300000000014000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000) 1.550667797s ago: executing program 1 (id=1061): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x4001) ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x400464d1, &(0x7f0000000400)=0x8) 1.55042803s ago: executing program 1 (id=1062): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) chdir(&(0x7f0000000080)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, 0x0, r1, 0x1}) bind$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @local}, 0x10) setpgid(0x0, r0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40800, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x200010, 0x0) 1.449527563s ago: executing program 1 (id=1063): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) write(0xffffffffffffffff, &(0x7f0000001280), 0x0) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYRESOCT=r3, @ANYRES16=r1, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r2, @ANYBLOB="04005b00060065"], 0x28}}, 0x240000c4) 1.259391508s ago: executing program 3 (id=1067): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'bond0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="48000000100001040000", @ANYRES32=0x0, @ANYBLOB="400d0000001200002800128008000100687372001c00028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r1], 0x48}, 0x1, 0x0, 0x0, 0x40010}, 0x4008044) 1.190382129s ago: executing program 3 (id=1068): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x9, &(0x7f0000000080)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @jmp={0x5, 0x0, 0x2, 0xa, 0x1, 0x0, 0xffffffffffffffff}, @map_idx={0x18, 0x7, 0x5, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xd}, @call={0x85, 0x0, 0x0, 0xd4}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x2}], &(0x7f0000000000)='GPL\x00'}, 0x94) 1.190238807s ago: executing program 3 (id=1069): prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f00000001c0)={0x1, 0x5, 0x1}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1c, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x8}}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x90) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_usbip_server_init(0x1) syz_usbip_server_init(0x2) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x101000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000400)={0x6, 0x0, {0x1, 0x1, 0x80000000, 0x0, 0xa}, 0xe}) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000200)=@name={0x1e, 0x2, 0x1, {{0x40, 0x1}, 0x2}}, 0x10) bind$tipc(r3, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x0, 0x2}}, 0x10) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r5 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2) r6 = dup(r5) read(r6, &(0x7f0000000040), 0x0) ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000000)={0xf0f046}) read$FUSE(r6, &(0x7f0000008180)={0x2020}, 0xfffffdfc) bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r3, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) bind$tipc(r3, 0x0, 0x0) symlink(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file1\x00') mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000240)=[@in6={0xa, 0x4e21, 0x10001, @local, 0x3c8e}, @in={0x2, 0x4e24, @private=0xa010102}, @in6={0xa, 0x4e21, 0x8, @mcast2}, @in6={0xa, 0x4e23, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7}, @in={0x2, 0x4e20, @rand_addr=0x64010100}], 0x74) 710.169758ms ago: executing program 0 (id=1070): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet_sctp(r1, &(0x7f0000004900)=[{&(0x7f00000000c0)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000100)="f4", 0x1}], 0x1, &(0x7f0000000000)=[@init={0x18, 0x84, 0x0, {0x80, 0x10, 0x1, 0x9}}, @dstaddrv4={0x18, 0x84, 0x7, @loopback}], 0x30}], 0x1, 0x40) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x300, 0xed}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @tracing, r2, 0x8, 0x0, 0xa0000, 0x10, &(0x7f0000000200), 0x92f5e}, 0x6d) 629.641571ms ago: executing program 0 (id=1071): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'batadv0\x00'}) r1 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000095"]) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000840), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000880)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x5c, r3, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_KEY={0x40, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "f33394f478f2a27c0645bc4d38b75d79"}, @NL802154_KEY_ATTR_ID={0x20, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x8}]}]}, 0x5c}}, 0x20000000) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="02002abd7000fddbdf251c0000000c00060003000000030000000c000600020000000200000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB="000000000100", @ANYRES32=r4, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4094) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x365802, 0x0) r9 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) ioctl$VIDIOC_QUERYMENU(r9, 0xc008561c, &(0x7f0000000000)={0x980914, 0x3, @value=0xd04}) write$RDMA_USER_CM_CMD_BIND(r8, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x8001, 0x38, {"f16b2400"}, 0x5, 0x2, 0x1ff}}}, 0x90) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r7, {0xce2}}, './file0\x00'}) ioctl$SIOCSIFMTU(r10, 0x8922, &(0x7f00000002c0)={'geneve1\x00', 0x5}) recvfrom$packet(r10, &(0x7f0000000340)=""/45, 0x2d, 0x12102, &(0x7f0000000180)={0x11, 0x5, r6, 0x1, 0xa, 0x6, @remote}, 0xfffffffffffffed4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007"], 0xcc}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20000000) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000009c0)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {}, {0xe, 0xffff}, {0x8, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x2404c000}, 0x0) ioctl$PPPOEIOCDFWD(r10, 0xb101, 0x0) sendmsg$NFULNL_MSG_CONFIG(r7, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000000104018300000000000000000a00000408000340000000010800044000000101"], 0x24}}, 0x10) 628.575908ms ago: executing program 3 (id=1072): r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000080)={0x1, @capture={0x0, 0x1, {0x7, 0xebf}, 0x6, 0xa}}) (fail_nth: 2) 538.585852ms ago: executing program 3 (id=1073): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000200)="0fc79f00800000640f79fd660f380a290f20d7c7442400da586a53c744240209c10000c7442406000000000f011424dbd2660f3882aa1ed90000f2f2f20faac4e1605d15ea2d9b5db900080000b877b98af2baf8b357790f30", 0x59}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 246.60951ms ago: executing program 3 (id=1074): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x80}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x4004000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) r1 = fsmount(0xffffffffffffffff, 0x1, 0x0) ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f00000000c0)={0x1, 0x71, &(0x7f0000000140)="21d3786c37f4ec2534854b7462067191872ed03c07eda7ba1af1257545e34a3bce9b317427538372802e95b07b2365db5d40b8145f8a3c4cb1e02e481c12128333a46e1a9c94c174d887ed03394c2beb8f649645b236828beaeced88e034345d737f69eb002c092f92abfd499cf8b9b903"}) r2 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r2, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @dev, @local, {[@noop, @generic={0x86, 0xd, "c045d45768dc37efa0fc58"}, @timestamp_prespec={0x44, 0xc, 0x0, 0x3, 0x0, [{@loopback}]}, @ssrr={0x89, 0xf, 0x0, [@empty, @broadcast, @broadcast]}, @timestamp_addr={0x44, 0x4c, 0x0, 0x1, 0x0, [{}, {@private}, {}, {@local}, {@loopback}, {@private}, {@multicast2}, {@broadcast}, {@broadcast}]}, @timestamp={0x44, 0x8, 0x0, 0x0, 0x0, [0x0]}]}}}}}}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000005c0)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x48001, 0x0) 229.895456ms ago: executing program 0 (id=1075): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4004044}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x3}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0x4a, &(0x7f00000004c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd6010104000140600fe0500000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5470000090780000"], 0x0) mount$9p_virtio(&(0x7f0000000040), &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x4, &(0x7f0000000000)={'trans=virtio,', {[{@noxattr}]}}) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') read$FUSE(r1, &(0x7f0000003480)={0x2020}, 0x2020) syz_emit_ethernet(0x32b, &(0x7f0000000540)={@remote, @multicast, @void, {@ipv4={0x800, @gre={{0x7, 0x4, 0x2, 0x34, 0x31d, 0x66, 0x0, 0x7, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x6, 0x2}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x65, 0x0, [0x400, 0x3], "3b3546954f44aef89c672758f0c71ebfa11ede46beb306665cd4cb9692cad9461d15530f7c033a62d5f47ae98de6be50a90155f9aa5ff4dae23d012a474bc2787d915cc964bbc7684b57db9cca510a8adaca08f42e5f25f27e0980a2e9e301f685d1a0ddbe"}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [0xb, 0x3ff, 0x4], "afd65fea066654ebdf00971b4a45fa879b2c17277999850ebce0acc0428792b4718cadb7a195f2d62422cb3b10139ece6f6ac289d640f7e9284c07dc19da4c1a240a3de9e4266a1fe0edcd8137de7a9bdbc33a60efe401a20ca6f12ae6713fd411d00dcf277d99657d6c77681b4aa4515a2c9d0a23dc89f0f829ed0852ec62c34d50a36fe52da3f1972c6f1d66a40b34bf498f72d463e2b3ee2144198be7bc5a3bf999629efe5196b7cd84c4290f5492f9713fadcb4c4e8d2e6f3f02f04605d945b8450864486c2fc23ae4a89f1044718f35027f3aa228b7c34eb765e131bae701526561565854e59f3591a8"}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [0x8000, 0x7], "92f58e5944f9d1c6c5058b422b33962beb492965a97af2308a898db3c59a5e33682f3f4460813e62906c6759bd7a465bfbc9b57293b813bde585e3ad64f2804c2ef93c47aa537bad851e62b8de7b76914830249c87fb16da96df1e0b520a2a22de691f93d32de39e4a728d81e3867da8bc7623975cbe7a39e3188c1101daa08d87d8de5986fb2bed914adab6ed5e6880b5bba4eb361cb7371a9c0fe4de3def5d2a537925b5"}, {0x8, 0x88be, 0x2, {{0x2, 0x1, 0x6, 0x2, 0x1, 0x3, 0x0, 0x1}, 0x1, {0x4}}}, {0x8, 0x22eb, 0x3, {{0x9, 0x2, 0x9, 0x0, 0x1, 0x3, 0x5, 0x3}, 0x2, {0xb224, 0x7, 0x0, 0x1b, 0x1, 0x0, 0x0, 0x1, 0x1}}}, {0x8, 0x6558, 0x2, "39d01c03251f409b2b4811f13789771eb9e0fd65d47805b05fc0905a8de90cf47aedecf4da80685d5b7d4cbf45d0617148c73fe7ccf69e75c2f74584eb8f38dfbf15e0d65bbf980fd61f4522787954ccde425fa86f5c49a94eda16e741d28ab6d4e0bb72614745129b88c39a13c98861a388252214975313ded770d3c33f9169d145a30b267ae104a78d0a68cc620deec50d42393dda217dd6688543467a072225ea2fdef82562e0189f6c085e279545d5d42636d8f982c92a"}}}}}}, &(0x7f0000000000)={0x1, 0x3, [0x9a6, 0x8b5, 0xe46, 0x124]}) syz_emit_ethernet(0x4e, &(0x7f0000000380)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x11, 0x0, 0x3, {[@sack_perm={0x4, 0x2}]}}}}}}}}, 0x0) 100.442791ms ago: executing program 0 (id=1076): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'bond0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000010400000000000000", @ANYRES32=0x0, @ANYBLOB="400d0000001200002800128008000100687372001c00028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r1], 0x48}, 0x1, 0x0, 0x0, 0x40010}, 0x4008044) 158.018µs ago: executing program 0 (id=1077): r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5668, &(0x7f0000000080)={0x1, @capture={0x0, 0x1, {0x7, 0xebf}, 0x6, 0xa}}) 0s ago: executing program 0 (id=1078): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x109040, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$TCFLSH(r0, 0x800455ca, 0x0) unshare(0x6a040000) socket$inet6(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) close(0x3) kernel console output (not intermixed with test programs): [ 63.780800][ T40] kauditd_printk_skb: 98 callbacks suppressed [ 63.780810][ T40] audit: type=1400 audit(1766308236.371:291): avc: denied { remount } for pid=6443 comm="syz.0.135" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 63.885709][ T6450] tipc: Started in network mode [ 63.887833][ T6450] tipc: Node identity 84e, cluster identity 4711 [ 63.890797][ T6450] tipc: Node number set to 2126 [ 64.265196][ T6456] XFS (nbd1): SB validate failed with error -5. [ 64.281599][ T40] audit: type=1400 audit(1766308236.871:292): avc: denied { create } for pid=6462 comm="syz.3.142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 64.299530][ T40] audit: type=1400 audit(1766308236.871:293): avc: denied { write } for pid=6462 comm="syz.3.142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 64.306992][ T40] audit: type=1400 audit(1766308236.871:294): avc: denied { nlmsg_write } for pid=6462 comm="syz.3.142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 64.322320][ T40] audit: type=1400 audit(1766308236.911:295): avc: denied { write } for pid=6465 comm="syz.1.144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 64.373343][ T34] IPVS: starting estimator thread 0... [ 64.378287][ T40] audit: type=1400 audit(1766308236.961:296): avc: denied { create } for pid=6469 comm="syz.3.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 64.428382][ T40] audit: type=1400 audit(1766308237.011:297): avc: denied { read } for pid=6467 comm="syz.2.143" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 64.436560][ T40] audit: type=1400 audit(1766308237.031:298): avc: denied { open } for pid=6467 comm="syz.2.143" path="/dev/ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 64.445498][ T40] audit: type=1400 audit(1766308237.041:299): avc: denied { open } for pid=6467 comm="syz.2.143" path="/dev/ptyq9" dev="devtmpfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 64.460110][ T6473] IPVS: using max 44 ests per chain, 105600 per kthread [ 64.463642][ T40] audit: type=1400 audit(1766308237.051:300): avc: denied { ioctl } for pid=6467 comm="syz.2.143" path="/dev/ptyq9" dev="devtmpfs" ino=136 ioctlcmd=0x540b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 64.517754][ T6486] IPv6: addrconf: prefix option has invalid lifetime [ 64.656741][ T6494] veth0_to_team: entered promiscuous mode [ 64.658799][ T6494] veth0_to_team: entered allmulticast mode [ 64.965913][ T6514] openvswitch: netlink: IP tunnel dst address not specified [ 64.968616][ T6514] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6514 comm=syz.3.160 [ 64.982719][ T6515] overlay: ./file0 is not a directory [ 64.986472][ T6515] overlay: ./file0 is not a directory [ 65.049923][ T6521] netlink: 'syz.1.164': attribute type 10 has an invalid length. [ 65.061121][ T6521] team0: Port device geneve0 added [ 65.171651][ T6537] netlink: 'syz.1.167': attribute type 1 has an invalid length. [ 65.185101][ T6537] netlink: 'syz.1.167': attribute type 2 has an invalid length. [ 65.370691][ T6552] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 65.458981][ T6554] bond0: entered promiscuous mode [ 65.460813][ T6554] bond_slave_0: entered promiscuous mode [ 65.462743][ T6554] bond_slave_1: entered promiscuous mode [ 65.465634][ T6554] batadv0: entered promiscuous mode [ 65.468042][ T6554] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 65.524819][ T6554] bond0: left promiscuous mode [ 65.526994][ T6554] bond_slave_0: left promiscuous mode [ 65.532928][ T6554] bond_slave_1: left promiscuous mode [ 65.536212][ T6554] batadv0: left promiscuous mode [ 65.979138][ T6587] (syz.1.187,6587,0):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 66.119575][ T24] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 66.187735][ T6598] loop5: detected capacity change from 0 to 7 [ 66.201089][ T5941] Dev loop5: unable to read RDB block 7 [ 66.202948][ T5941] loop5: unable to read partition table [ 66.204877][ T5941] loop5: partition table beyond EOD, truncated [ 66.216522][ T6598] Dev loop5: unable to read RDB block 7 [ 66.218770][ T6598] loop5: unable to read partition table [ 66.222269][ T6598] loop5: partition table beyond EOD, truncated [ 66.229529][ T6598] loop_reread_partitions: partition scan of loop5 (gCj̖P=!MX %`搘ȵ4FLQk݊5) failed (rc=-5) [ 66.279591][ T24] usb 8-1: Using ep0 maxpacket: 8 [ 66.282563][ T24] usb 8-1: config 0 has an invalid interface number: 186 but max is 0 [ 66.285131][ T24] usb 8-1: config 0 has no interface number 0 [ 66.287167][ T24] usb 8-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 66.290878][ T24] usb 8-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 66.294575][ T24] usb 8-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 66.298128][ T24] usb 8-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 66.304000][ T24] usb 8-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 66.306859][ T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.309617][ T24] usb 8-1: Product: syz [ 66.310949][ T24] usb 8-1: Manufacturer: syz [ 66.312474][ T24] usb 8-1: SerialNumber: syz [ 66.315270][ T24] usb 8-1: config 0 descriptor?? [ 66.375265][ T6606] random: crng reseeded on system resumption [ 66.466245][ T6613] nbd: must specify at least one socket [ 66.500946][ T6616] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=6616 comm=syz.0.198 [ 66.503747][ T6617] netlink: 'syz.1.199': attribute type 23 has an invalid length. [ 66.524533][ T24] iowarrior 8-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 66.822276][ T6020] usb 8-1: USB disconnect, device number 2 [ 66.878981][ T6641] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=6641 comm=syz.0.208 [ 67.029285][ T6654] __nla_validate_parse: 7 callbacks suppressed [ 67.029296][ T6654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.212'. [ 67.222243][ T6665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'. [ 67.233152][ T6665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'. [ 67.238770][ T6665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'. [ 67.244345][ T6665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'. [ 67.248948][ T6665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'. [ 67.253255][ T6665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'. [ 67.257860][ T6665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'. [ 67.263168][ T6665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'. [ 67.267165][ T6665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'. [ 67.271590][ T6670] overlayfs: overlapping lowerdir path [ 67.356017][ T6677] overlayfs: failed to set uuid (68/file0, err=-1); falling back to uuid=null. [ 67.359429][ T6677] overlayfs: failed to verify upper root origin [ 67.561702][ T6699] macvlan0: entered promiscuous mode [ 67.563684][ T6699] macvlan0: entered allmulticast mode [ 67.565488][ T6699] veth1_vlan: entered allmulticast mode [ 67.579315][ T6699] openvswitch: netlink: ERSPAN option length err (len 260, max 255). [ 67.579900][ T6701] netlink: 'syz.3.231': attribute type 2 has an invalid length. [ 67.585354][ T6701] netlink: 'syz.3.231': attribute type 1 has an invalid length. [ 67.672473][ T12] Bluetooth: (null): Too short H5 packet [ 67.675564][ T12] Bluetooth: (null): Invalid header checksum [ 67.692817][ T6709] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 67.699738][ T6715] netlink: 'syz.2.233': attribute type 29 has an invalid length. [ 67.729614][ T6715] netlink: 'syz.2.233': attribute type 29 has an invalid length. [ 67.735838][ T6715] gfs2: error -5 reading superblock [ 67.880671][ T6731] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=6731 comm=syz.3.240 [ 68.220883][ T6753] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=6753 comm=syz.3.249 [ 68.641579][ T6764] random: crng reseeded on system resumption [ 68.647117][ T6764] PM: hibernation: Image mismatch: memory size [ 68.680720][ T6766] 9p: Bad value for 'rfdno' [ 68.746604][ T6771] kernel profiling enabled (shift: 34) [ 68.749088][ T6771] profiling shift: 34 too large [ 68.881053][ T40] kauditd_printk_skb: 58 callbacks suppressed [ 68.881070][ T40] audit: type=1400 audit(1766308241.471:359): avc: denied { create } for pid=6783 comm="syz.2.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 68.892639][ T40] audit: type=1400 audit(1766308241.471:360): avc: denied { create } for pid=6783 comm="syz.2.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 68.949054][ T40] audit: type=1400 audit(1766308241.531:361): avc: denied { mount } for pid=6788 comm="syz.2.262" name="/" dev="ramfs" ino=11224 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 69.329583][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 69.332877][ T40] audit: type=1400 audit(1766308241.921:362): avc: denied { create } for pid=6811 comm="syz.2.270" name="blkio.bfq.dequeue" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 69.341813][ T40] audit: type=1400 audit(1766308241.921:363): avc: denied { append } for pid=6811 comm="syz.2.270" path="/61/file0/blkio.bfq.dequeue" dev="9p" ino=71827939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 69.430861][ T6814] mmap: syz.2.271 (6814) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 69.443031][ T6814] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1548 sclass=netlink_route_socket pid=6814 comm=syz.2.271 [ 69.504212][ T9] usb 6-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb [ 69.507081][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201 [ 69.509763][ T9] usb 6-1: Product: syz [ 69.511303][ T9] usb 6-1: Manufacturer: syz [ 69.512777][ T9] usb 6-1: SerialNumber: syz [ 69.516158][ T9] usb 6-1: config 0 descriptor?? [ 69.522055][ T9] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in warm state. [ 69.524679][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 69.531893][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 69.536070][ T9] dvbdev: DVB: registering new adapter (DigitalNow DVB-T Dual USB) [ 69.539202][ T9] usb 6-1: media controller created [ 69.550557][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 69.586514][ T6823] FAULT_INJECTION: forcing a failure. [ 69.586514][ T6823] name failslab, interval 1, probability 0, space 0, times 0 [ 69.595906][ T6823] CPU: 2 UID: 0 PID: 6823 Comm: syz.3.274 Tainted: G L syzkaller #0 PREEMPT(full) [ 69.595932][ T6823] Tainted: [L]=SOFTLOCKUP [ 69.595936][ T6823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.595945][ T6823] Call Trace: [ 69.595951][ T6823] [ 69.595957][ T6823] dump_stack_lvl+0x16c/0x1f0 [ 69.595982][ T6823] should_fail_ex+0x512/0x640 [ 69.596007][ T6823] should_failslab+0xc2/0x120 [ 69.596028][ T6823] kmem_cache_alloc_noprof+0x83/0x770 [ 69.596045][ T6823] ? dst_alloc+0x99/0x1a0 [ 69.596072][ T6823] ? dst_alloc+0x99/0x1a0 [ 69.596092][ T6823] dst_alloc+0x99/0x1a0 [ 69.596117][ T6823] rt_dst_alloc+0x35/0x3a0 [ 69.596139][ T6823] ip_route_output_key_hash_rcu+0x87a/0x28e0 [ 69.596163][ T6823] ip_route_output_key_hash+0x10f/0x2b0 [ 69.596178][ T6823] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 69.596206][ T6823] tcp_v4_connect+0x821/0x1c10 [ 69.596238][ T6823] ? __pfx_tcp_v4_connect+0x10/0x10 [ 69.596261][ T6823] ? __lock_acquire+0x436/0x2890 [ 69.596289][ T6823] __inet_stream_connect+0x915/0xf50 [ 69.596347][ T6823] ? __pfx___inet_stream_connect+0x10/0x10 [ 69.596370][ T6823] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 69.596397][ T6823] ? __local_bh_enable_ip+0xa4/0x120 [ 69.596422][ T6823] inet_stream_connect+0x57/0xa0 [ 69.596438][ T6823] kernel_connect+0x107/0x180 [ 69.596457][ T6823] ? __pfx_kernel_connect+0x10/0x10 [ 69.596486][ T6823] ? __local_bh_enable_ip+0xa4/0x120 [ 69.596511][ T6823] smc_connect+0x4c7/0x760 [ 69.596530][ T6823] ? __pfx_smc_connect+0x10/0x10 [ 69.596543][ T6823] __sys_connect_file+0x141/0x1a0 [ 69.596567][ T6823] __sys_connect+0x13b/0x160 [ 69.596588][ T6823] ? __pfx___sys_connect+0x10/0x10 [ 69.596619][ T6823] ? __pfx_ksys_write+0x10/0x10 [ 69.596643][ T6823] __x64_sys_connect+0x72/0xb0 [ 69.596663][ T6823] ? lockdep_hardirqs_on+0x7c/0x110 [ 69.596681][ T6823] do_syscall_64+0xcd/0xf80 [ 69.596703][ T6823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.596718][ T6823] RIP: 0033:0x7fd7ded8f7c9 [ 69.596730][ T6823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.596744][ T6823] RSP: 002b:00007fd7dfca2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 69.596758][ T6823] RAX: ffffffffffffffda RBX: 00007fd7defe5fa0 RCX: 00007fd7ded8f7c9 [ 69.596769][ T6823] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000003 [ 69.596777][ T6823] RBP: 00007fd7dfca2090 R08: 0000000000000000 R09: 0000000000000000 [ 69.596785][ T6823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 69.596794][ T6823] R13: 00007fd7defe6038 R14: 00007fd7defe5fa0 R15: 00007ffd417360d8 [ 69.596817][ T6823] [ 69.721629][ T6796] dvb-usb: bulk message failed: -22 (4/0) [ 69.721663][ T6796] cxusb: i2c read failed [ 69.748171][ T40] audit: type=1400 audit(1766308242.331:364): avc: denied { map } for pid=6795 comm="syz.1.265" path="socket:[13833]" dev="sockfs" ino=13833 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 69.748398][ T40] audit: type=1400 audit(1766308242.331:365): avc: denied { read write } for pid=6795 comm="syz.1.265" path="socket:[13833]" dev="sockfs" ino=13833 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 69.781339][ T9] cxusb: set interface failed [ 69.781349][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 69.806894][ T9] DVB: Unable to find symbol mt352_attach() [ 69.808886][ T9] dvb-usb: bulk message failed: -22 (5/0) [ 69.811274][ T9] zl10353_read_register: readreg error (reg=127, ret==-121) [ 69.813586][ T9] dvb-usb: no frontend was attached by 'DigitalNow DVB-T Dual USB' [ 69.879607][ T9] rc_core: IR keymap rc-dvico-mce not found [ 69.881649][ T9] Registered IR keymap rc-empty [ 69.884815][ T9] rc rc0: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.1/usb6/6-1/rc/rc0 [ 69.889385][ T9] input: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.1/usb6/6-1/rc/rc0/input8 [ 69.902029][ T40] audit: type=1400 audit(1766308242.491:366): avc: denied { read } for pid=5329 comm="acpid" name="event4" dev="devtmpfs" ino=2893 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 69.902343][ T9] dvb-usb: schedule remote query interval to 100 msecs. [ 69.913806][ T9] dvb-usb: DigitalNow DVB-T Dual USB successfully initialized and connected. [ 69.917203][ T40] audit: type=1400 audit(1766308242.501:367): avc: denied { open } for pid=5329 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2893 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 69.920633][ T9] usb 6-1: USB disconnect, device number 4 [ 69.930658][ T40] audit: type=1400 audit(1766308242.501:368): avc: denied { ioctl } for pid=5329 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2893 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 69.965681][ T9] dvb-usb: DigitalNow DVB-T Dual USB successfully deinitialized and disconnected. [ 70.173906][ T6844] tipc: Started in network mode [ 70.175521][ T6844] tipc: Node identity 84e, cluster identity 4711 [ 70.177500][ T6844] tipc: Node number set to 2126 [ 70.374718][ T6848] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=147456 (1179648 ns) > initial count (288 ns). Using initial count to start timer. [ 70.532565][ T6863] ipt_rpfilter: unknown options [ 70.559762][ T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 70.608759][ T6876] faux_driver vgem: [drm] Unknown color mode 3; guessing buffer size. [ 70.639621][ T6022] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 70.719654][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 70.723237][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 70.726837][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 70.730733][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 70.735165][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 70.739421][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 70.742297][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.789649][ T6022] usb 5-1: Using ep0 maxpacket: 16 [ 70.792572][ T6022] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 70.795330][ T6022] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 70.798597][ T6022] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 70.804816][ T6022] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 70.808574][ T6022] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.812198][ T6022] usb 5-1: Product: syz [ 70.814052][ T6022] usb 5-1: Manufacturer: syz [ 70.816005][ T6022] usb 5-1: SerialNumber: syz [ 70.948264][ T9] usb 6-1: GET_CAPABILITIES returned 0 [ 70.950333][ T9] usbtmc 6-1:16.0: can't read capabilities [ 71.151084][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.154737][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.158400][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.162150][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.165843][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.169530][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.173276][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.177491][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.181117][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.184487][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.189042][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.192853][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.196668][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.200353][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.203965][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 71.207602][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 71.213100][ T9] usb 6-1: USB disconnect, device number 5 [ 71.511592][ T6891] netlink: 'syz.2.296': attribute type 1 has an invalid length. [ 72.189927][ T64] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 72.193048][ T5295] Bluetooth: hci0: command 0x0c1a tx timeout [ 72.311376][ T6886] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 72.396640][ T6921] bridge1: entered promiscuous mode [ 72.479375][ T6924] sp0: Synchronizing with TNC [ 72.507654][ T6924] __nla_validate_parse: 26 callbacks suppressed [ 72.507668][ T6924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.304'. [ 72.525766][ T6924] bond0: entered promiscuous mode [ 72.527984][ T6924] bond_slave_0: entered promiscuous mode [ 72.530965][ T6924] bond_slave_1: entered promiscuous mode [ 72.534490][ T6924] batadv_slave_0: entered promiscuous mode [ 72.537076][ T6924] batadv_slave_0: left promiscuous mode [ 72.560834][ T6927] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 72.564260][ T6927] overlayfs: missing 'lowerdir' [ 72.566303][ T6924] bond0: left promiscuous mode [ 72.568292][ T6924] bond_slave_0: left promiscuous mode [ 72.571914][ T6924] bond_slave_1: left promiscuous mode [ 72.931617][ T6937] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 72.978749][ T6940] Driver unsupported XDP return value 0 on prog (id 39) dev N/A, expect packet loss! [ 73.022676][ T6949] netlink: 'syz.2.313': attribute type 3 has an invalid length. [ 73.026048][ T6949] netlink: 'syz.2.313': attribute type 1 has an invalid length. [ 73.032062][ T6949] netlink: 224 bytes leftover after parsing attributes in process `syz.2.313'. [ 73.039692][ T6949] NCSI netlink: No device for ifindex 0 [ 73.130029][ T6951] program syz.2.314 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 73.139173][ T6952] input: syz1 as /devices/virtual/input/input9 [ 73.221625][ T6952] Falling back ldisc for ttynull. [ 73.464636][ T6022] usb 5-1: 0:2 : does not exist [ 73.490973][ T6022] usb 5-1: USB disconnect, device number 3 [ 73.524817][ T6842] udevd[6842]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 73.709664][ T6979] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 73.712609][ T6979] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 73.722021][ T6979] vhci_hcd vhci_hcd.0: Device attached [ 73.765035][ T6981] vhci_hcd: unknown pdu 2 [ 73.767213][ T64] Bluetooth: hci1: Malformed LE Event: 0x1b [ 73.769023][ T12] vhci_hcd vhci_hcd.3: stop threads [ 73.780126][ T12] vhci_hcd vhci_hcd.3: release socket [ 73.782619][ T12] vhci_hcd vhci_hcd.3: disconnect device [ 73.841957][ T6989] overlayfs: unescaped trailing colons in lowerdir mount option. [ 73.911686][ T40] kauditd_printk_skb: 684 callbacks suppressed [ 73.911698][ T40] audit: type=1400 audit(1766308246.501:1053): avc: denied { map } for pid=6990 comm="syz.1.326" path="socket:[16510]" dev="sockfs" ino=16510 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 73.927443][ T6910] [U] `` [ 73.956372][ T40] audit: type=1400 audit(1766308246.541:1054): avc: denied { unmount } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 73.996171][ T6996] binder: 6995:6996 ioctl 50009402 0 returned -22 [ 74.003459][ T40] audit: type=1400 audit(1766308246.591:1055): avc: denied { mount } for pid=6995 comm="syz.0.327" name="/" dev="autofs" ino=14076 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 74.052591][ T40] audit: type=1400 audit(1766308246.641:1056): avc: denied { read } for pid=6995 comm="syz.0.327" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 74.064772][ T40] audit: type=1400 audit(1766308246.641:1057): avc: denied { open } for pid=6995 comm="syz.0.327" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 74.081611][ T40] audit: type=1400 audit(1766308246.641:1058): avc: denied { ioctl } for pid=6995 comm="syz.0.327" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x9378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 74.089606][ T40] audit: type=1400 audit(1766308246.641:1059): avc: denied { call } for pid=6995 comm="syz.0.327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 74.096190][ T40] audit: type=1400 audit(1766308246.661:1060): avc: denied { unmount } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 74.104601][ T40] audit: type=1400 audit(1766308246.681:1061): avc: denied { create } for pid=6997 comm="syz.1.329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 74.113254][ T40] audit: type=1400 audit(1766308246.681:1062): avc: denied { write } for pid=6997 comm="syz.1.329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 74.282098][ T7011] netlink: 12 bytes leftover after parsing attributes in process `syz.0.333'. [ 74.285048][ T7011] netlink: 'syz.0.333': attribute type 20 has an invalid length. [ 74.292900][ T3916] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.292921][ T7011] netlink: 12 bytes leftover after parsing attributes in process `syz.0.333'. [ 74.295813][ T3916] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.298514][ T7011] netlink: 'syz.0.333': attribute type 20 has an invalid length. [ 74.302481][ T3916] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.307712][ T3916] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.349778][ T6006] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 74.421297][ T7022] netlink: 64 bytes leftover after parsing attributes in process `syz.3.336'. [ 74.479568][ T6006] usb 6-1: device descriptor read/64, error -71 [ 74.505379][ T7027] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=7027 comm=syz.0.339 [ 74.698400][ T7043] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 74.700517][ T7043] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 74.704671][ T7043] vhci_hcd vhci_hcd.0: Device attached [ 74.729722][ T6006] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 74.840110][ T7044] vhci_hcd: connection closed [ 74.840366][ T1145] vhci_hcd vhci_hcd.0: stop threads [ 74.844529][ T1145] vhci_hcd vhci_hcd.0: release socket [ 74.848045][ T1145] vhci_hcd vhci_hcd.0: disconnect device [ 74.859822][ T6006] usb 6-1: device descriptor read/64, error -71 [ 74.890035][ T6000] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 74.970002][ T6006] usb usb6-port1: attempt power cycle [ 75.033683][ T7050] netlink: 'syz.3.347': attribute type 4 has an invalid length. [ 75.125857][ T7058] netlink: 'syz.3.349': attribute type 10 has an invalid length. [ 75.131069][ T7058] team0: Device ipvlan1 failed to register rx_handler [ 75.319634][ T6006] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 75.340274][ T6006] usb 6-1: device descriptor read/8, error -71 [ 75.379605][ T6022] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 75.529629][ T6022] usb 8-1: Using ep0 maxpacket: 8 [ 75.533412][ T6022] usb 8-1: config 179 has an invalid interface number: 65 but max is 0 [ 75.536879][ T6022] usb 8-1: config 179 has no interface number 0 [ 75.539735][ T6022] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 75.544366][ T6022] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 75.549016][ T6022] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 75.555201][ T6022] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 75.560069][ T6022] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 75.565599][ T6022] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 75.569835][ T6022] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.576945][ T7058] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 75.580458][ T6006] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 75.620351][ T6006] usb 6-1: device descriptor read/8, error -71 [ 75.622058][ T7066] tmpfs: Invalid uid '0x00000000ffffffff' [ 75.654117][ T7071] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 75.740621][ T6006] usb usb6-port1: unable to enumerate USB device [ 75.793516][ T6006] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:179.65/input/input10 [ 75.845497][ T6000] hid-generic 0005:0B57:FFFB.0002: item fetching failed at offset 0/1 [ 75.848850][ T6000] hid-generic 0005:0B57:FFFB.0002: probe with driver hid-generic failed with error -22 [ 75.937609][ T7084] ICMPv6: NA: 00:00:00:00:00:00 advertised our address fe80::aa on syz_tun! [ 75.992961][ T6006] usb 8-1: USB disconnect, device number 3 [ 75.994821][ C2] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 75.994842][ C2] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 76.192410][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.257033][ T7104] netlink: 8 bytes leftover after parsing attributes in process `syz.0.364'. [ 76.693902][ T7118] input: syz1 as /devices/virtual/input/input11 [ 76.701569][ T7118] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 76.786402][ T7126] use of bytesused == 0 is deprecated and will be removed in the future, [ 76.791453][ T7126] use the actual size instead. [ 76.821057][ T7132] sp0: Synchronizing with TNC [ 76.957341][ T7147] netlink: 12 bytes leftover after parsing attributes in process `syz.3.378'. [ 76.982562][ T7147] netlink: 'syz.3.378': attribute type 21 has an invalid length. [ 76.985794][ T7147] netlink: 128 bytes leftover after parsing attributes in process `syz.3.378'. [ 76.990434][ T7147] netlink: 'syz.3.378': attribute type 6 has an invalid length. [ 76.995136][ T7147] netlink: 3 bytes leftover after parsing attributes in process `syz.3.378'. [ 77.163664][ T7174] openvswitch: netlink: VXLAN extension 0 has unexpected len 2 expected 0 [ 77.295228][ T7194] cgroup: release_agent respecified [ 77.332936][ T7196] netlink: 32 bytes leftover after parsing attributes in process `syz.1.393'. [ 77.343853][ T7199] sg_write: data in/out 768/51 bytes for SCSI command 0x15-- guessing data in; [ 77.343853][ T7199] program syz.3.394 not setting count and/or reply_len properly [ 77.479954][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 77.706957][ T7236] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=7236 comm=syz.2.407 [ 77.773206][ T7247] overlayfs: failed to resolve './file0': -2 [ 77.841069][ T7251] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=7251 comm=syz.0.413 [ 77.899863][ T6223] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 77.938362][ T7264] devtmpfs: Cannot change global quota limit on remount [ 78.049569][ T6223] usb 8-1: Using ep0 maxpacket: 8 [ 78.053269][ T6223] usb 8-1: config 0 interface 0 has no altsetting 0 [ 78.056021][ T6223] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 78.059730][ T6223] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.066348][ T6223] usb 8-1: config 0 descriptor?? [ 78.120982][ T7272] /dev/sg0: Can't lookup blockdev [ 78.242885][ T7281] __nla_validate_parse: 5 callbacks suppressed [ 78.242898][ T7281] netlink: 12 bytes leftover after parsing attributes in process `syz.0.421'. [ 78.474652][ T6223] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 78.529802][ T7294] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 78.794493][ T7298] binder: 7295:7298 ioctl c0306201 2000000000c0 returned -22 [ 78.798062][ T7298] binder: 7295:7298 ioctl c0306201 200000000640 returned -22 [ 79.390132][ T6000] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.391678][ T40] kauditd_printk_skb: 34 callbacks suppressed [ 79.391691][ T40] audit: type=1400 audit(1766308251.981:1097): avc: denied { connect } for pid=7299 comm="syz.0.427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 79.404204][ T40] audit: type=1400 audit(1766308251.991:1098): avc: denied { ioctl } for pid=7299 comm="syz.0.427" path="socket:[15099]" dev="sockfs" ino=15099 ioctlcmd=0x745a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 79.443368][ T40] audit: type=1400 audit(1766308252.031:1099): avc: denied { append } for pid=7302 comm="syz.0.428" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 79.482308][ T7308] netlink: 4 bytes leftover after parsing attributes in process `syz.0.429'. [ 79.632620][ T7317] netlink: 20 bytes leftover after parsing attributes in process `syz.0.433'. [ 79.652271][ T40] audit: type=1400 audit(1766308252.241:1100): avc: denied { read } for pid=7312 comm="syz.1.432" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 79.660885][ T40] audit: type=1400 audit(1766308252.241:1101): avc: denied { open } for pid=7312 comm="syz.1.432" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 79.671863][ T40] audit: type=1400 audit(1766308252.241:1102): avc: denied { read write } for pid=7312 comm="syz.1.432" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 79.680348][ T40] audit: type=1400 audit(1766308252.241:1103): avc: denied { open } for pid=7312 comm="syz.1.432" path="/97/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 79.687351][ T40] audit: type=1400 audit(1766308252.261:1104): avc: denied { write } for pid=7312 comm="syz.1.432" name="file2" dev="tmpfs" ino=537 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 system_u:object_r:iptables_initrc_exec_t:s0 /usr[ 79.695351][ T40] audit: type=1400 audit(1766308252.261:1105): avc: denied { open } for pid=7312 comm="syz.1.432" path="/97/file2" dev="tmpfs" ino=537 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 /lib/telepathy/m[ 79.702907][ T40] audit: type=1400 audit(1766308252.261:1106): avc: denied { ioctl } for pid=7312 comm="syz.1.432" path="/97/file2" dev="tmpfs" ino=537 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 ission-control-5 00000000000000000005 ./file0/file0[ 79.737626][ T7323] binder: 7322:7323 ioctl c0306201 200000000640 returned -22 [ 80.190692][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.616393][ T7334] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 80.618463][ T7334] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 80.620565][ T6020] usb 8-1: USB disconnect, device number 4 [ 80.621992][ T7334] vhci_hcd vhci_hcd.0: Device attached [ 80.711797][ T7335] vhci_hcd: connection closed [ 80.712560][ T4182] vhci_hcd vhci_hcd.1: stop threads [ 80.716785][ T4182] vhci_hcd vhci_hcd.1: release socket [ 80.719133][ T4182] vhci_hcd vhci_hcd.1: disconnect device [ 80.816799][ T7346] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 80.819062][ T7348] KVM: debugfs: duplicate directory 7348-5 [ 80.825332][ T7346] FAT-fs (nullb0): bogus number of reserved sectors [ 80.828281][ T7346] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 80.991185][ T7352] netlink: 8 bytes leftover after parsing attributes in process `syz.2.445'. [ 81.033157][ T7354] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 81.083290][ T7362] program syz.2.449 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 81.087177][ T7362] ata1.00: invalid transfer count 0 [ 81.089161][ T7364] loop9: detected capacity change from 0 to 6 [ 81.093051][ T7366] SELinux: Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped). [ 81.094942][ T7364] Dev loop9: unable to read RDB block 6 [ 81.102233][ T7364] loop9: unable to read partition table [ 81.104124][ T7364] loop9: partition table beyond EOD, truncated [ 81.110350][ T7364] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 81.227067][ T7372] xt_recent: Unsupported userspace flags (000000b2) [ 81.239896][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.318890][ T7385] Cannot find set identified by id 65534 to match [ 81.352439][ T7389] FAULT_INJECTION: forcing a failure. [ 81.352439][ T7389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 81.353519][ T7385] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 81.358776][ T7389] CPU: 1 UID: 0 PID: 7389 Comm: syz.3.460 Tainted: G L syzkaller #0 PREEMPT(full) [ 81.358799][ T7389] Tainted: [L]=SOFTLOCKUP [ 81.358806][ T7389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.358815][ T7389] Call Trace: [ 81.358820][ T7389] [ 81.358826][ T7389] dump_stack_lvl+0x16c/0x1f0 [ 81.358869][ T7389] should_fail_ex+0x512/0x640 [ 81.358902][ T7389] _copy_from_user+0x2e/0xd0 [ 81.358927][ T7389] copy_msghdr_from_user+0x98/0x160 [ 81.358946][ T7389] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 81.358975][ T7389] ___sys_sendmsg+0xfe/0x1d0 [ 81.358993][ T7389] ? __pfx____sys_sendmsg+0x10/0x10 [ 81.359038][ T7389] __sys_sendmsg+0x16d/0x220 [ 81.359057][ T7389] ? __pfx___sys_sendmsg+0x10/0x10 [ 81.359089][ T7389] do_syscall_64+0xcd/0xf80 [ 81.359111][ T7389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.359129][ T7389] RIP: 0033:0x7fd7ded8f7c9 [ 81.359143][ T7389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.359156][ T7389] RSP: 002b:00007fd7dfca2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.359172][ T7389] RAX: ffffffffffffffda RBX: 00007fd7defe5fa0 RCX: 00007fd7ded8f7c9 [ 81.359182][ T7389] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004 [ 81.359190][ T7389] RBP: 00007fd7dfca2090 R08: 0000000000000000 R09: 0000000000000000 [ 81.359200][ T7389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.359209][ T7389] R13: 00007fd7defe6038 R14: 00007fd7defe5fa0 R15: 00007ffd417360d8 [ 81.359229][ T7389] [ 81.445226][ T7404] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 81.448010][ T7404] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 81.452764][ T7408] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=7408 comm=syz.1.466 [ 81.452924][ T7404] vhci_hcd vhci_hcd.0: Device attached [ 81.573946][ T7417] team0: Device xfrm1 is of different type [ 81.581467][ T7405] vhci_hcd: connection closed [ 81.583328][ T12] vhci_hcd vhci_hcd.3: stop threads [ 81.587620][ T12] vhci_hcd vhci_hcd.3: release socket [ 81.590259][ T12] vhci_hcd vhci_hcd.3: disconnect device [ 81.629567][ T34] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 81.716389][ T7429] netlink: 108 bytes leftover after parsing attributes in process `syz.2.473'. [ 81.721423][ T7429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.473'. [ 81.741025][ T7429] bond1: entered allmulticast mode [ 81.743510][ T7429] 8021q: adding VLAN 0 to HW filter on device bond1 [ 81.788445][ T7433] netlink: 256 bytes leftover after parsing attributes in process `syz.2.475'. [ 81.799829][ T6020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.990968][ T7462] netlink: 256 bytes leftover after parsing attributes in process `syz.1.487'. [ 82.148068][ T7484] netlink: 24 bytes leftover after parsing attributes in process `syz.3.493'. [ 82.238806][ T7493] trusted_key: syz.2.498 sent an empty control message without MSG_MORE. [ 82.243036][ T7493] netlink: 'syz.2.498': attribute type 1 has an invalid length. [ 82.254127][ T7493] bond2: entered promiscuous mode [ 82.256002][ T7493] 8021q: adding VLAN 0 to HW filter on device bond2 [ 82.270041][ T1335] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.275722][ T7493] 8021q: adding VLAN 0 to HW filter on device bond2 [ 82.278409][ T7493] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 82.288525][ T7493] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 82.294198][ T7493] bond2: (slave ip6gre1): making interface the new active one [ 82.296706][ T7493] ip6gre1: entered promiscuous mode [ 82.299276][ T7493] bond2: (slave ip6gre1): Enslaving as an active interface with an up link [ 82.309427][ T7493] netlink: 4 bytes leftover after parsing attributes in process `syz.2.498'. [ 82.369001][ T7493] bond2 (unregistering): (slave ip6gre1): Releasing backup interface [ 82.373649][ T7493] ip6gre1: left promiscuous mode [ 82.377583][ T7493] bond2 (unregistering): Released all slaves [ 82.797452][ T6021] libceph: connect (1)[c::]:6789 error -13 [ 82.800668][ T6021] libceph: mon0 (1)[c::]:6789 connect error [ 82.822939][ T1335] libceph: connect (1)[c::]:6789 error -13 [ 82.825012][ T1335] libceph: mon0 (1)[c::]:6789 connect error [ 82.930385][ T221] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 82.939565][ T221] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.063265][ T6021] libceph: connect (1)[c::]:6789 error -13 [ 83.065208][ T6021] libceph: mon0 (1)[c::]:6789 connect error [ 83.079935][ T1335] libceph: connect (1)[c::]:6789 error -13 [ 83.083309][ T1335] libceph: mon0 (1)[c::]:6789 connect error [ 83.309656][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.466071][ T7562] __nla_validate_parse: 1 callbacks suppressed [ 83.466084][ T7562] netlink: 20 bytes leftover after parsing attributes in process `syz.0.519'. [ 83.534224][ T7567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.520'. [ 83.580131][ T6021] libceph: connect (1)[c::]:6789 error -13 [ 83.582488][ T6021] libceph: mon0 (1)[c::]:6789 connect error [ 83.594341][ T7524] ceph: No mds server is up or the cluster is laggy [ 83.595192][ T7530] ceph: No mds server is up or the cluster is laggy [ 83.602244][ T34] libceph: connect (1)[c::]:6789 error -13 [ 83.605108][ T34] libceph: mon0 (1)[c::]:6789 connect error [ 83.879944][ T5706] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 84.003565][ T7583] netlink: 8 bytes leftover after parsing attributes in process `syz.1.525'. [ 84.280132][ T7599] netlink: 256 bytes leftover after parsing attributes in process `syz.3.529'. [ 84.280148][ T7601] netlink: 20 bytes leftover after parsing attributes in process `syz.1.527'. [ 84.343399][ T7605] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=7605 comm=syz.0.532 [ 84.350023][ T1335] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 84.399736][ T40] kauditd_printk_skb: 12626 callbacks suppressed [ 84.399747][ T40] audit: type=1326 audit(1766308256.991:13733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7511 comm="syz.2.503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f729338f7c9 code=0x7ff00000 [ 84.410102][ T40] audit: type=1326 audit(1766308256.991:13734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7511 comm="syz.2.503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f729338f7c9 code=0x7ff00000 [ 84.417314][ T40] audit: type=1326 audit(1766308256.991:13735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7511 comm="syz.2.503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f729338f7c9 code=0x7ff00000 [ 84.424919][ T40] audit: type=1326 audit(1766308256.991:13736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7511 comm="syz.2.503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f729338f7c9 code=0x7ff00000 [ 84.434279][ T40] audit: type=1326 audit(1766308256.991:13737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7511 comm="syz.2.503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f729338f7c9 code=0x7ff00000 [ 84.443792][ T40] audit: type=1326 audit(1766308256.991:13738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7511 comm="syz.2.503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f729338f7c9 code=0x7ff00000 [ 84.451620][ T40] audit: type=1326 audit(1766308256.991:13739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7511 comm="syz.2.503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f729338f7c9 code=0x7ff00000 system_u:object_r:iptables_initrc_exec_t:s0 /usr/lib/telepathy/mission-control-5 00000000000000000005 ./file0/file0[ 84.463235][ T40] audit: type=1326 audit(1766308256.991:13740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7511 comm="syz.2.503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f729338f7c9 code=0x7ff00000 [ 84.470783][ T40] audit: type=1326 audit(1766308256.991:13741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7511 comm="syz.2.503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f729338f7c9 code=0x7ff00000 [ 84.478871][ T40] audit: type=1326 audit(1766308256.991:13742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7511 comm="syz.2.503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f729338f7c9 code=0x7ff00000 [ 84.554130][ T7617] batadv_slave_1: entered promiscuous mode [ 84.557072][ T7616] batadv_slave_1: left promiscuous mode [ 84.829944][ T5706] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 84.943951][ T7656] befs: (nbd0): unable to read superblock [ 84.952235][ T7656] netlink: 12 bytes leftover after parsing attributes in process `syz.0.546'. [ 85.004023][ T7662] tipc: Enabling of bearer rejected, failed to enable media [ 85.150171][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 85.152935][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 85.254643][ T7688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.557'. [ 85.392966][ T6223] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 85.440336][ T7713] netlink: 256 bytes leftover after parsing attributes in process `syz.0.562'. [ 85.463796][ T7714] ip6gre2: entered promiscuous mode [ 85.465479][ T7714] ip6gre2: entered allmulticast mode [ 85.491592][ T7713] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.665186][ T7720] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 85.667567][ T7720] overlayfs: failed to set xattr on upper [ 85.669749][ T7720] overlayfs: ...falling back to redirect_dir=nofollow. [ 85.672096][ T7720] overlayfs: ...falling back to index=off. [ 85.677617][ T7720] overlayfs: ...falling back to uuid=null. [ 85.679779][ T7720] overlayfs: ...falling back to xino=off. [ 85.682255][ T7720] overlayfs: conflicting lowerdir path [ 85.772782][ T7730] netlink: 4 bytes leftover after parsing attributes in process `syz.2.567'. [ 85.810569][ T7733] netlink: 104 bytes leftover after parsing attributes in process `syz.2.569'. [ 85.914566][ T7741] netlink: 'syz.3.572': attribute type 12 has an invalid length. [ 86.232654][ T7752] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 86.260954][ T7761] netem: invalid attributes len -22 [ 86.265525][ T7757] lo speed is unknown, defaulting to 1000 [ 86.268799][ T7761] netem: change failed [ 86.273478][ T7757] lo speed is unknown, defaulting to 1000 [ 86.276569][ T7757] lo speed is unknown, defaulting to 1000 [ 86.336085][ T7769] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 86.338246][ T7769] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 86.341764][ T7769] vhci_hcd vhci_hcd.0: Device attached [ 86.348374][ T7773] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=7773 comm=syz.1.583 [ 86.392136][ T7757] infiniband sz1: set active [ 86.395548][ T6021] lo speed is unknown, defaulting to 1000 [ 86.397639][ T7757] infiniband sz1: added lo [ 86.401868][ T7757] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 86.404489][ T7757] infiniband sz1: Couldn't open port 1 [ 86.412855][ T7770] vhci_hcd: connection closed [ 86.413034][ T1145] vhci_hcd vhci_hcd.2: stop threads [ 86.416514][ T1145] vhci_hcd vhci_hcd.2: release socket [ 86.418406][ T1145] vhci_hcd vhci_hcd.2: disconnect device [ 86.424655][ T7757] RDS/IB: sz1: added [ 86.426173][ T7757] smc: adding ib device sz1 with port count 1 [ 86.428219][ T7757] smc: ib device sz1 port 1 has no pnetid [ 86.433025][ T6021] lo speed is unknown, defaulting to 1000 [ 86.433820][ T6223] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 86.436111][ T7757] lo speed is unknown, defaulting to 1000 [ 86.518784][ T7757] lo speed is unknown, defaulting to 1000 [ 86.522888][ T7781] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 86.602715][ T7757] lo speed is unknown, defaulting to 1000 [ 86.680858][ T7757] lo speed is unknown, defaulting to 1000 [ 86.980469][ T7804] netlink: 'syz.2.595': attribute type 2 has an invalid length. [ 86.981793][ T7805] pim6reg9: entered allmulticast mode [ 86.988935][ T7804] !: entered promiscuous mode [ 86.992476][ T7804] netlink: 'syz.2.595': attribute type 2 has an invalid length. [ 86.994875][ T7804] !: left promiscuous mode [ 87.071610][ T6022] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.104491][ T7804] netlink: 'syz.2.595': attribute type 30 has an invalid length. [ 87.141153][ T7814] netlink: 'syz.0.598': attribute type 1 has an invalid length. [ 87.284307][ T7823] netlink: 'syz.2.601': attribute type 4 has an invalid length. [ 87.463493][ T7839] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.469682][ T6223] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.549292][ T7846] fuse: Bad value for 'group_id' [ 87.551707][ T7846] fuse: Bad value for 'group_id' [ 87.808994][ T6022] IPVS: starting estimator thread 0... [ 87.811325][ T7867] IPVS: set_ctl: invalid protocol: 59 172.20.20.187:20004 [ 87.909906][ T7868] IPVS: using max 43 ests per chain, 103200 per kthread [ 87.944168][ T7876] overlay: Unknown parameter '/ [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 87.944168][ T7876] 0 [ 88.008840][ T7865] tipc: Started in network mode [ 88.010987][ T7865] tipc: Node identity 84e, cluster identity 4711 [ 88.013560][ T7865] tipc: Node number set to 2126 [ 88.112475][ T6021] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 88.190579][ T5706] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 88.271638][ T6021] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 88.275290][ T6021] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 88.280294][ T6021] usb 8-1: New USB device found, idVendor=13d8, idProduct=0010, bcdDevice=8f.72 [ 88.283129][ T6021] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.285681][ T6021] usb 8-1: Product: syz [ 88.287744][ T6021] usb 8-1: Manufacturer: syz [ 88.289255][ T6021] usb 8-1: SerialNumber: syz [ 88.292610][ T6021] usb 8-1: config 0 descriptor?? [ 88.430144][ T1143] wlan1: Trigger new scan to find an IBSS to join [ 88.500889][ T7872] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 88.507233][ T7898] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.512521][ T7898] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.534453][ T6021] usb 8-1: USB disconnect, device number 5 [ 88.613129][ T7903] netlink: 'syz.3.628': attribute type 1 has an invalid length. [ 88.647005][ T7903] 8021q: adding VLAN 0 to HW filter on device bond3 [ 88.664183][ T7903] bond3: (slave erspan1): making interface the new active one [ 88.668945][ T7903] bond3: (slave erspan1): Enslaving as an active interface with an up link [ 88.698665][ T7906] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 88.702652][ T7906] overlayfs: missing 'lowerdir' [ 88.937285][ T7924] __nla_validate_parse: 9 callbacks suppressed [ 88.937296][ T7924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.635'. [ 88.942330][ T7924] netlink: 4 bytes leftover after parsing attributes in process `syz.3.635'. [ 89.106650][ T7924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.635'. [ 89.119528][ T7924] netlink: 4 bytes leftover after parsing attributes in process `syz.3.635'. [ 89.181722][ T7939] lo speed is unknown, defaulting to 1000 [ 89.206725][ T7942] netlink: 4 bytes leftover after parsing attributes in process `syz.0.643'. [ 89.212523][ T7942] netlink: 4 bytes leftover after parsing attributes in process `syz.0.643'. [ 89.216260][ T7942] netlink: 4 bytes leftover after parsing attributes in process `syz.0.643'. [ 89.298873][ T7948] netlink: 4 bytes leftover after parsing attributes in process `syz.0.644'. [ 89.379762][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.413188][ T40] kauditd_printk_skb: 8829 callbacks suppressed [ 89.413205][ T40] audit: type=1400 audit(1766308262.001:22572): avc: denied { read append } for pid=7955 comm="syz.2.646" name="blkio.bfq.dequeue" dev="9p" ino=71827939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 89.416543][ T40] audit: type=1400 audit(1766308262.001:22573): avc: denied { open } for pid=7955 comm="syz.2.646" path="/132/file0/blkio.bfq.dequeue" dev="9p" ino=71827939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 89.426436][ T40] audit: type=1400 audit(1766308262.011:22574): avc: denied { write } for pid=7955 comm="syz.2.646" name="blkio.bfq.dequeue" dev="9p" ino=71827939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 89.481205][ T40] audit: type=1400 audit(1766308262.071:22575): avc: denied { unmount } for pid=5943 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 89.577990][ T7960] netlink: 12 bytes leftover after parsing attributes in process `syz.2.647'. [ 89.605868][ T40] audit: type=1400 audit(1766308262.191:22576): avc: denied { read write } for pid=7962 comm="syz.3.648" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 89.608840][ T7963] x_tables: duplicate underflow at hook 1 [ 89.619515][ T40] audit: type=1400 audit(1766308262.191:22577): avc: denied { open } for pid=7962 comm="syz.3.648" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 89.626837][ T40] audit: type=1400 audit(1766308262.201:22578): avc: denied { shutdown } for pid=7962 comm="syz.3.648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 89.631603][ T7966] random: crng reseeded on system resumption [ 89.638612][ T40] audit: type=1400 audit(1766308262.201:22579): avc: denied { read } for pid=7962 comm="syz.3.648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 89.647808][ T40] audit: type=1400 audit(1766308262.201:22580): avc: denied { read } for pid=7962 comm="syz.3.648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 89.654295][ T40] audit: type=1400 audit(1766308262.221:22581): avc: denied { read write } for pid=7965 comm="syz.2.649" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 89.689147][ T7967] 8021q: adding VLAN 0 to HW filter on device bond2 [ 89.693609][ T7966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.649'. [ 89.704839][ T7966] erspan0: entered promiscuous mode [ 89.897488][ T7981] netlink: 'syz.2.652': attribute type 10 has an invalid length. [ 90.150209][ T7988] block nbd0: server does not support multiple connections per device. [ 90.155965][ T7988] block nbd0: shutting down sockets [ 90.234313][ T7994] tmpfs: Unknown parameter 'i+{@W.' [ 90.599659][ T1335] net_ratelimit: 2 callbacks suppressed [ 90.599671][ T1335] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.608422][ T8039] netlink: 'syz.2.665': attribute type 8 has an invalid length. [ 90.832306][ T8044] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.836709][ T8044] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.840484][ T8044] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.843797][ T8044] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.847048][ T8044] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.851898][ T8044] netlink: 'syz.0.670': attribute type 4 has an invalid length. [ 91.550469][ T1143] wlan1: Trigger new scan to find an IBSS to join [ 91.704764][ T8075] bridge1: entered promiscuous mode [ 91.715949][ T8072] lo speed is unknown, defaulting to 1000 [ 91.750697][ T8075] 9pnet_virtio: no channels available for device 127.0.0.1 [ 91.839287][ T8085] JFS: discard option not supported on device [ 91.843846][ T8085] Mount JFS Failure: -5 [ 91.977912][ T8093] NILFS (nullb0): couldn't find nilfs on the device [ 92.065802][ T8099] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 92.354256][ T8109] Bluetooth: MGMT ver 1.23 [ 92.583634][ T8124] orangefs_devreq_write_iter: total:0: must be at least:8240: [ 92.591472][ T8124] xt_recent: hitcount (134217728) is larger than allowed maximum (65535) [ 92.688537][ T8129] lo speed is unknown, defaulting to 1000 [ 92.775258][ T8132] lo speed is unknown, defaulting to 1000 [ 93.298471][ T8142] openvswitch: netlink: IP tunnel attribute has 1026 unknown bytes. [ 93.393086][ T8151] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 93.395476][ T8151] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 93.398604][ T8151] vhci_hcd vhci_hcd.0: Device attached [ 93.408031][ T8152] usbip_core: unknown command [ 93.410680][ T8152] vhci_hcd: unknown pdu 520093696 [ 93.412783][ T8152] usbip_core: unknown command [ 93.414958][ T1145] vhci_hcd vhci_hcd.0: stop threads [ 93.422360][ T1145] vhci_hcd vhci_hcd.0: release socket [ 93.427064][ T1145] vhci_hcd vhci_hcd.0: disconnect device [ 94.033708][ T8205] netlink: set zone limit has 4 unknown bytes [ 94.038242][ T8205] netlink: zone id is out of range [ 94.085871][ T8211] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 94.088745][ T8211] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 94.095256][ T64] Bluetooth: hci1: unexpected cc 0x0c38 length: 101 > 2 [ 94.096069][ T8211] vhci_hcd vhci_hcd.0: Device attached [ 94.180503][ T8213] vhci_hcd: connection closed [ 94.181783][ T5063] vhci_hcd vhci_hcd.2: stop threads [ 94.186073][ T5063] vhci_hcd vhci_hcd.2: release socket [ 94.188379][ T5063] vhci_hcd vhci_hcd.2: disconnect device [ 94.431090][ T1144] wlan1: Creating new IBSS network, BSSID 1e:91:8c:9f:62:25 [ 94.708255][ T40] kauditd_printk_skb: 69 callbacks suppressed [ 94.708269][ T40] audit: type=1400 audit(1766308267.291:22651): avc: denied { mount } for pid=8232 comm="syz.2.733" name="/" dev="autofs" ino=23609 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 94.728708][ T40] audit: type=1400 audit(1766308267.311:22652): avc: denied { unmount } for pid=5943 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 94.811739][ T8250] __nla_validate_parse: 14 callbacks suppressed [ 94.811750][ T8250] netlink: 8 bytes leftover after parsing attributes in process `syz.1.738'. [ 94.878516][ T8239] netlink: 348 bytes leftover after parsing attributes in process `syz.2.734'. [ 94.972352][ T40] audit: type=1400 audit(1766308267.561:22653): avc: denied { ioctl } for pid=8264 comm="syz.1.740" path="socket:[23212]" dev="sockfs" ino=23212 ioctlcmd=0x8906 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 95.011358][ T8267] fuse: Unknown parameter 'v' [ 95.014985][ T40] audit: type=1400 audit(1766308267.601:22654): avc: denied { create } for pid=8266 comm="syz.0.741" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 95.024770][ T40] audit: type=1400 audit(1766308267.601:22655): avc: denied { read } for pid=8266 comm="syz.0.741" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 95.034530][ T40] audit: type=1400 audit(1766308267.601:22656): avc: denied { open } for pid=8266 comm="syz.0.741" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 95.046023][ T8271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.743'. [ 95.050717][ T8271] netlink: 12 bytes leftover after parsing attributes in process `syz.1.743'. [ 95.110223][ T40] audit: type=1400 audit(1766308267.701:22657): avc: denied { create } for pid=8274 comm="syz.2.744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 95.111830][ T8275] macvtap1: entered promiscuous mode [ 95.120831][ T8275] macvtap1: entered allmulticast mode [ 95.123322][ T8275] team0: Device macvtap1 is already an upper device of the team interface [ 95.248246][ T8279] binder: 8277:8279 ioctl 4004f506 200000000580 returned -22 [ 95.282845][ T40] audit: type=1400 audit(1766308267.871:22658): avc: denied { write } for pid=8282 comm="syz.2.747" name="card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 95.292976][ T40] audit: type=1400 audit(1766308267.871:22659): avc: denied { map } for pid=8282 comm="syz.2.747" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 95.303068][ T40] audit: type=1400 audit(1766308267.871:22660): avc: denied { execute } for pid=8282 comm="syz.2.747" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 95.402916][ T8289] tipc: Trying to set illegal importance in message [ 95.713377][ T8306] netlink: 12 bytes leftover after parsing attributes in process `syz.1.754'. [ 95.911555][ T8310] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=8310 comm=syz.1.756 [ 95.963370][ T8314] lo speed is unknown, defaulting to 1000 [ 96.495158][ T8349] overlayfs: failed to verify upper (171/file1, ino=937, err=-116) [ 96.497430][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.499263][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.505275][ T8349] overlayfs: failed to verify upper (171/file1, ino=937, err=-116) [ 96.507972][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.510564][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.516498][ T8349] overlayfs: failed to verify upper (171/file1, ino=937, err=-116) [ 96.518981][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.521918][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.527388][ T8349] overlayfs: failed to verify upper (171/file1, ino=937, err=-116) [ 96.530058][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.532259][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.539042][ T8349] overlayfs: failed to verify upper (171/file1, ino=937, err=-116) [ 96.542109][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.544322][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.550701][ T8349] overlayfs: failed to verify upper (171/file1, ino=937, err=-116) [ 96.553259][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.555509][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.563068][ T8349] overlayfs: failed to verify upper (171/file1, ino=937, err=-116) [ 96.566369][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.569052][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.577452][ T8349] overlayfs: failed to verify upper (171/file1, ino=937, err=-116) [ 96.580738][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.583323][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.591917][ T8349] overlayfs: failed to verify upper (171/file1, ino=937, err=-116) [ 96.594959][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.597579][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.606305][ T8349] overlayfs: failed to verify upper (171/file1, ino=937, err=-116) [ 96.609699][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.612428][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.620752][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.623508][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.632048][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.634861][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.643192][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.646066][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.656107][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.659145][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.667747][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.670582][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.676952][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.679157][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.685213][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.687327][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.690189][ T8351] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 96.693264][ T8351] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 96.698597][ T8351] vhci_hcd vhci_hcd.0: Device attached [ 96.701774][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.703946][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.709093][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.712197][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.718587][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.722290][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.727450][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.730025][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.738093][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.741280][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.749082][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.752278][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.760272][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.763249][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.772150][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.774617][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.783026][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.785943][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.791536][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.793789][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.802320][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.805220][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.812288][ T8352] vhci_hcd: connection closed [ 96.812465][ T5063] vhci_hcd vhci_hcd.3: stop threads [ 96.815934][ T5063] vhci_hcd vhci_hcd.3: release socket [ 96.816037][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.818871][ T5063] vhci_hcd vhci_hcd.3: disconnect device [ 96.823544][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.832414][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.835438][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.843413][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.846432][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.854824][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.857992][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.868508][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.871795][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.879718][ T6021] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 96.879801][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.884849][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.895125][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.897419][ T8356] lo speed is unknown, defaulting to 1000 [ 96.897926][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.908595][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.913667][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.921604][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.924422][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.934912][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.937731][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.945732][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.948686][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.956215][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.958964][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.966867][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.969661][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.975905][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.978527][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.985649][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.987821][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 96.994504][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 96.996861][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.005362][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.008300][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.023770][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.026698][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.036930][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.041024][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.048390][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.051765][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.067561][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.070788][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.091849][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.094771][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.101639][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.104386][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.110803][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.113124][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.119939][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.122790][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.146270][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.148607][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.157755][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.161944][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.172481][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.174786][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.180153][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.182328][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.191428][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.194031][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.201398][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.204220][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.224091][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.227786][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.243008][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.245688][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.252358][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.254985][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.263549][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.266357][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.274321][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.277482][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.288589][ T8349] overlayfs: failed to verify index dir 'upper' xattr [ 97.292090][ T8349] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.512321][ T8379] netlink: 12 bytes leftover after parsing attributes in process `syz.3.776'. [ 97.516173][ T8379] netlink: 'syz.3.776': attribute type 13 has an invalid length. [ 97.521304][ T8379] netlink: 12 bytes leftover after parsing attributes in process `syz.3.776'. [ 97.524958][ T8379] netlink: 'syz.3.776': attribute type 13 has an invalid length. [ 97.561277][ T8383] netlink: 24 bytes leftover after parsing attributes in process `syz.1.777'. [ 97.589868][ T8383] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8383 comm=syz.1.777 [ 97.598175][ T8385] lo speed is unknown, defaulting to 1000 [ 97.720929][ T8390] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.724373][ T8390] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.737937][ T8395] netlink: 'syz.2.781': attribute type 62 has an invalid length. [ 97.783755][ T8398] ALSA: mixer_oss: invalid OSS volume 'IGAgN' [ 97.786235][ T8398] ALSA: mixer_oss: invalid OSS volume 'IM' [ 98.017881][ T8390] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.025106][ T8390] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 98.398694][ T1144] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.407021][ T1144] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.421870][ T8410] netlink: 12 bytes leftover after parsing attributes in process `syz.0.786'. [ 98.427922][ T1144] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.433979][ T1144] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.474851][ T8416] netlink: 28 bytes leftover after parsing attributes in process `syz.1.788'. [ 98.503791][ T8416] netlink: 'syz.1.788': attribute type 2 has an invalid length. [ 98.592378][ T8426] No such timeout policy "syz1" [ 98.797248][ T8448] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 98.938915][ T8456] ieee802154 phy1 wpan1: encryption failed: -22 [ 98.946387][ T8456] xfrm1: entered promiscuous mode [ 98.948116][ T8456] xfrm1: entered allmulticast mode [ 99.010668][ T5706] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 99.048884][ T8459] random: crng reseeded on system resumption [ 99.165483][ T5706] usb 7-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb [ 99.168562][ T5706] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201 [ 99.178809][ T5706] usb 7-1: Product: syz [ 99.188908][ T5706] usb 7-1: Manufacturer: syz [ 99.190593][ T5706] usb 7-1: SerialNumber: syz [ 99.195176][ T8474] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 99.195418][ T5706] usb 7-1: config 0 descriptor?? [ 99.205211][ T5706] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in warm state. [ 99.207599][ T5706] dvb-usb: bulk message failed: -22 (2/0) [ 99.211898][ T5706] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 99.217576][ T5706] dvbdev: DVB: registering new adapter (DigitalNow DVB-T Dual USB) [ 99.220161][ T8474] kvm: pic: level sensitive irq not supported [ 99.223158][ T8474] picdev_read: 5 callbacks suppressed [ 99.223172][ T8474] kvm: pic: non byte read [ 99.224700][ T5706] usb 7-1: media controller created [ 99.227472][ T8474] kvm: pic: level sensitive irq not supported [ 99.228890][ T8481] Invalid source name [ 99.233011][ T8474] kvm: pic: non byte read [ 99.233981][ T8481] UBIFS error (pid: 8481): cannot open "ubifs", error -22 [ 99.236284][ T8474] kvm: pic: level sensitive irq not supported [ 99.238070][ T5706] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 99.240193][ T8474] kvm: pic: non byte read [ 99.249850][ T8474] kvm: pic: level sensitive irq not supported [ 99.250581][ T8474] kvm: pic: non byte read [ 99.257030][ T8474] kvm: pic: level sensitive irq not supported [ 99.258005][ T8474] kvm: pic: non byte read [ 99.264654][ T8474] kvm: pic: level sensitive irq not supported [ 99.265279][ T8474] kvm: pic: non byte read [ 99.280379][ T8474] kvm: pic: level sensitive irq not supported [ 99.280803][ T8474] kvm: pic: non byte read [ 99.287380][ T8474] kvm: pic: level sensitive irq not supported [ 99.287797][ T8474] kvm: pic: non byte read [ 99.296218][ T8474] kvm: pic: level sensitive irq not supported [ 99.297491][ T8474] kvm: pic: non byte read [ 99.458360][ T8494] cxusb: i2c rd: len=4096 is too big! [ 99.458360][ T8494] [ 99.482069][ T5706] cxusb: set interface failed [ 99.483778][ T5706] dvb-usb: bulk message failed: -22 (1/0) [ 99.509778][ T5706] DVB: Unable to find symbol mt352_attach() [ 99.512395][ T5706] dvb-usb: bulk message failed: -22 (5/0) [ 99.514848][ T5706] zl10353_read_register: readreg error (reg=127, ret==-121) [ 99.517829][ T5706] dvb-usb: no frontend was attached by 'DigitalNow DVB-T Dual USB' [ 99.558782][ T8508] FAULT_INJECTION: forcing a failure. [ 99.558782][ T8508] name failslab, interval 1, probability 0, space 0, times 0 [ 99.564871][ T8508] CPU: 1 UID: 0 PID: 8508 Comm: syz.0.818 Tainted: G L syzkaller #0 PREEMPT(full) [ 99.564889][ T8508] Tainted: [L]=SOFTLOCKUP [ 99.564892][ T8508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.564898][ T8508] Call Trace: [ 99.564902][ T8508] [ 99.564906][ T8508] dump_stack_lvl+0x16c/0x1f0 [ 99.564939][ T8508] should_fail_ex+0x512/0x640 [ 99.564958][ T8508] ? kmem_cache_alloc_noprof+0x62/0x770 [ 99.564970][ T8508] should_failslab+0xc2/0x120 [ 99.564984][ T8508] kmem_cache_alloc_noprof+0x83/0x770 [ 99.564994][ T8508] ? vm_area_alloc+0x1f/0x160 [ 99.565012][ T8508] ? vm_area_alloc+0x1f/0x160 [ 99.565026][ T8508] vm_area_alloc+0x1f/0x160 [ 99.565041][ T8508] __mmap_region+0x107a/0x2a00 [ 99.565052][ T8508] ? __lock_acquire+0x436/0x2890 [ 99.565069][ T8508] ? __pfx___mmap_region+0x10/0x10 [ 99.565089][ T8508] ? is_bpf_text_address+0x94/0x1a0 [ 99.565107][ T8508] ? find_held_lock+0x2b/0x80 [ 99.565121][ T8508] ? process_measurement+0x1e6/0x22d0 [ 99.565152][ T8508] ? __lock_acquire+0x436/0x2890 [ 99.565167][ T8508] mmap_region+0x1ab/0x3f0 [ 99.565177][ T8508] ? __get_unmapped_area+0x267/0x3f0 [ 99.565192][ T8508] do_mmap+0xa3e/0x1210 [ 99.565207][ T8508] ? __pfx_do_mmap+0x10/0x10 [ 99.565220][ T8508] ? __pfx_down_write_killable+0x10/0x10 [ 99.565239][ T8508] vm_mmap_pgoff+0x29e/0x470 [ 99.565254][ T8508] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 99.565269][ T8508] ? __fget_files+0x20e/0x3c0 [ 99.565286][ T8508] ksys_mmap_pgoff+0x32c/0x5c0 [ 99.565299][ T8508] ? __pfx_ksys_write+0x10/0x10 [ 99.565313][ T8508] __x64_sys_mmap+0x125/0x190 [ 99.565326][ T8508] do_syscall_64+0xcd/0xf80 [ 99.565340][ T8508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.565351][ T8508] RIP: 0033:0x7fcb3498f7c9 [ 99.565359][ T8508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.565369][ T8508] RSP: 002b:00007fcb35752038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 99.565379][ T8508] RAX: ffffffffffffffda RBX: 00007fcb34be5fa0 RCX: 00007fcb3498f7c9 [ 99.565386][ T8508] RDX: 0000000002000007 RSI: 0000000000002000 RDI: 0000200000ffb000 [ 99.565391][ T8508] RBP: 00007fcb35752090 R08: 0000000000000003 R09: 000000007448a000 [ 99.565397][ T8508] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 99.565403][ T8508] R13: 00007fcb34be6038 R14: 00007fcb34be5fa0 R15: 00007ffcd05db888 [ 99.565417][ T8508] [ 99.579583][ T5706] rc_core: IR keymap rc-dvico-mce not found [ 99.665786][ T5706] Registered IR keymap rc-empty [ 99.668208][ T5706] rc rc0: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.2/usb7/7-1/rc/rc0 [ 99.668855][ T8512] syzkaller0: entered promiscuous mode [ 99.672419][ T5706] input: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.2/usb7/7-1/rc/rc0/input13 [ 99.674020][ T8512] syzkaller0: entered allmulticast mode [ 99.679034][ T5706] dvb-usb: schedule remote query interval to 100 msecs. [ 99.681913][ T5706] dvb-usb: DigitalNow DVB-T Dual USB successfully initialized and connected. [ 99.698469][ T5706] usb 7-1: USB disconnect, device number 2 [ 99.783803][ T5706] dvb-usb: DigitalNow DVB-T Dual USB successfully deinitialized and disconnected. [ 99.840916][ T40] kauditd_printk_skb: 38 callbacks suppressed [ 99.840928][ T40] audit: type=1400 audit(1766308272.431:22699): avc: denied { setopt } for pid=8510 comm="syz.0.819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 99.919985][ T40] audit: type=1400 audit(1766308272.511:22700): avc: denied { create } for pid=8516 comm="syz.3.821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 99.933830][ T40] audit: type=1400 audit(1766308272.521:22701): avc: denied { read } for pid=8516 comm="syz.3.821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 100.058590][ T8523] __nla_validate_parse: 6 callbacks suppressed [ 100.058606][ T8523] netlink: 32 bytes leftover after parsing attributes in process `syz.2.823'. [ 100.176125][ T8532] netlink: 24 bytes leftover after parsing attributes in process `syz.3.826'. [ 100.250513][ T8536] netlink: 76 bytes leftover after parsing attributes in process `syz.3.828'. [ 100.290525][ T40] audit: type=1400 audit(1766308272.881:22702): avc: denied { open } for pid=8535 comm="syz.3.828" path="/dev/ptyqa" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 100.300319][ T40] audit: type=1400 audit(1766308272.881:22703): avc: denied { write } for pid=8535 comm="syz.3.828" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 100.302795][ T8536] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 100.310040][ T40] audit: type=1400 audit(1766308272.881:22704): avc: denied { open } for pid=8535 comm="syz.3.828" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 100.322142][ T40] audit: type=1400 audit(1766308272.891:22705): avc: denied { ioctl } for pid=8535 comm="syz.3.828" path="/dev/ptyqa" dev="devtmpfs" ino=137 ioctlcmd=0x5431 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 100.340106][ T8536] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 100.656340][ T8546] netlink: 36 bytes leftover after parsing attributes in process `syz.3.831'. [ 100.671974][ T8556] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan1, syncid = 0, id = 0 [ 100.672745][ T40] audit: type=1400 audit(1766308273.261:22706): avc: denied { mounton } for pid=8552 comm="syz.1.833" path="/213/file0" dev="autofs" ino=24846 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 100.758410][ T8562] netlink: 24 bytes leftover after parsing attributes in process `syz.0.835'. [ 100.887428][ T8569] netlink: 'syz.3.838': attribute type 10 has an invalid length. [ 100.897082][ T8569] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.903327][ T8569] bond0: (slave team0): Enslaving as an active interface with an up link [ 100.909663][ T8569] netlink: 'syz.3.838': attribute type 10 has an invalid length. [ 100.914814][ T8571] netlink: 28 bytes leftover after parsing attributes in process `syz.2.839'. [ 100.919946][ T8571] gretap0: entered allmulticast mode [ 100.922989][ T8571] bridge0: port 3(gretap0) entered blocking state [ 100.925328][ T8571] bridge0: port 3(gretap0) entered disabled state [ 100.928372][ T8571] gretap0: entered promiscuous mode [ 100.931653][ T8571] bridge0: port 3(gretap0) entered blocking state [ 100.933896][ T8571] bridge0: port 3(gretap0) entered forwarding state [ 100.985655][ T40] audit: type=1400 audit(1766308273.571:22707): avc: denied { mount } for pid=8573 comm="syz.2.840" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 101.014638][ T40] audit: type=1400 audit(1766308273.601:22708): avc: denied { unmount } for pid=5943 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 101.097104][ T8584] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.842'. [ 101.110289][ T8584] x_tables: duplicate underflow at hook 1 [ 101.200729][ T8591] netlink: 8 bytes leftover after parsing attributes in process `syz.2.844'. [ 101.215240][ T8591] netlink: 8 bytes leftover after parsing attributes in process `syz.2.844'. [ 101.310536][ T8595] netlink: 68 bytes leftover after parsing attributes in process `syz.2.846'. [ 101.469571][ T6006] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 101.631199][ T6006] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 101.635889][ T6006] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 101.640927][ T6006] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 101.645115][ T6006] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.657069][ T8593] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 101.666042][ T8612] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 101.668769][ T8612] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 101.670458][ T6006] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 101.672204][ T8612] vhci_hcd vhci_hcd.0: Device attached [ 101.783788][ T8613] vhci_hcd: connection closed [ 101.785271][ T1144] vhci_hcd vhci_hcd.1: stop threads [ 101.788689][ T1144] vhci_hcd vhci_hcd.1: release socket [ 101.792554][ T1144] vhci_hcd vhci_hcd.1: disconnect device [ 101.859929][ T6000] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 101.952172][ T8593] vivid-000: ================= START STATUS ================= [ 101.955201][ T8593] vivid-000: Test Pattern: 75% Colorbar [ 101.957982][ T8593] vivid-000: Fill Percentage of Frame: 100 [ 101.961329][ T8593] vivid-000: Horizontal Movement: No Movement [ 101.963862][ T8593] vivid-000: Vertical Movement: No Movement [ 101.966358][ T8593] vivid-000: OSD Text Mode: All [ 101.968518][ T8593] vivid-000: Show Border: false [ 101.971827][ T8593] vivid-000: Show Square: false [ 101.973548][ T8593] vivid-000: Sensor Flipped Horizontally: false [ 101.975562][ T8593] vivid-000: Sensor Flipped Vertically: false [ 101.977562][ T8593] vivid-000: Insert SAV Code in Image: false [ 101.979733][ T8593] vivid-000: Insert EAV Code in Image: false [ 101.981973][ T8593] vivid-000: Insert Video Guard Band: false [ 101.984468][ T8593] vivid-000: Reduced Framerate: false [ 101.987065][ T8593] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 101.990064][ T8593] vivid-000: S-Video 000-0 Is Connected To: None [ 101.992742][ T8593] vivid-000: Enable Capture Cropping: true [ 101.995196][ T8593] vivid-000: Enable Capture Composing: true [ 101.997715][ T8593] vivid-000: Enable Capture Scaler: true [ 102.000297][ T8593] vivid-000: Timestamp Source: End of Frame [ 102.002849][ T8593] vivid-000: Colorspace: sRGB [ 102.004778][ T8593] vivid-000: Transfer Function: Default [ 102.007100][ T8593] vivid-000: Y'CbCr Encoding: Default [ 102.009390][ T8593] vivid-000: HSV Encoding: Hue 0-179 [ 102.011823][ T8593] vivid-000: Quantization: Default [ 102.014022][ T8593] vivid-000: Apply Alpha To Red Only: true [ 102.016482][ T8593] vivid-000: Standard Aspect Ratio: 4x3 [ 102.018845][ T8593] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 102.022402][ T8593] vivid-000: DV Timings: 640x480p59 inactive [ 102.024967][ T8593] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 102.028025][ T8593] vivid-000: Maximum EDID Blocks: 1 [ 102.030684][ T8593] vivid-000: Limited RGB Range (16-235): false [ 102.033381][ T8593] vivid-000: Rx RGB Quantization Range: Automatic [ 102.036138][ T8593] vivid-000: Power Present: 0x00000001 [ 102.038404][ T8593] tpg source WxH: 320x240 (R'G'B) [ 102.040664][ T8593] tpg field: 1 [ 102.042130][ T8593] tpg crop: (0,0)/320x240 [ 102.043986][ T8593] tpg compose: (0,0)/320x240 [ 102.045990][ T8593] tpg colorspace: 8 [ 102.047630][ T8593] tpg transfer function: 0/2 [ 102.049786][ T8593] tpg quantization: 0/1 [ 102.051550][ T8593] tpg RGB range: 0/2 [ 102.053254][ T8593] vivid-000: ================== END STATUS ================== [ 102.062922][ T1335] usb 8-1: USB disconnect, device number 6 [ 102.117216][ T8647] lo speed is unknown, defaulting to 1000 [ 102.381398][ T8658] IPv6: Can't replace route, no match found [ 102.999598][ T6021] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 103.075649][ T8686] FAT-fs (nullb0): bogus number of reserved sectors [ 103.077974][ T8686] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 103.153421][ T6021] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 103.157072][ T6021] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.161254][ T6021] usb 8-1: Product: syz [ 103.162973][ T6021] usb 8-1: Manufacturer: syz [ 103.164856][ T6021] usb 8-1: SerialNumber: syz [ 103.170739][ T6021] usb 8-1: config 0 descriptor?? [ 103.272430][ T8694] netlink: 'syz.1.879': attribute type 10 has an invalid length. [ 103.277391][ T8694] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 103.282917][ T8694] unsupported nlmsg_type 40 [ 103.377285][ T6000] usb 8-1: USB disconnect, device number 7 [ 103.432607][ T8707] IPVS: Error connecting to the multicast addr [ 103.721298][ T8723] Unknown options in mask b7f2 [ 103.788805][ T8726] 9pnet_fd: p9_fd_create_tcp (8726): problem connecting socket to 127.0.0.1 [ 104.015346][ T8735] netlink: 'syz.1.894': attribute type 178 has an invalid length. [ 104.144684][ T8739] program syz.3.895 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 104.236103][ T8743] netlink: 'syz.3.896': attribute type 13 has an invalid length. [ 104.243543][ T8743] gretap0: refused to change device tx_queue_len [ 104.246577][ T8743] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 104.252934][ T1335] lo speed is unknown, defaulting to 1000 [ 104.259618][ T6021] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 104.389561][ T6021] usb 6-1: device descriptor read/64, error -71 [ 104.549588][ T60] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 104.649630][ T6021] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 104.709599][ T60] usb 8-1: Using ep0 maxpacket: 16 [ 104.713544][ T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.717464][ T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.721720][ T60] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 104.726113][ T60] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 104.729281][ T60] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.734876][ T60] usb 8-1: config 0 descriptor?? [ 104.779731][ T6021] usb 6-1: device descriptor read/64, error -71 [ 104.900016][ T6021] usb usb6-port1: attempt power cycle [ 105.139895][ T60] usbhid 8-1:0.0: can't add hid device: -71 [ 105.142457][ T60] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 105.152445][ T60] usb 8-1: USB disconnect, device number 8 [ 105.259615][ T6021] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 105.280476][ T6021] usb 6-1: device descriptor read/8, error -71 [ 105.356104][ T40] kauditd_printk_skb: 22 callbacks suppressed [ 105.356118][ T40] audit: type=1400 audit(1766308277.941:22731): avc: denied { getopt } for pid=8775 comm="syz.0.908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 105.487210][ T1335] hid-generic 0005:0B57:FFFB.0004: item fetching failed at offset 0/1 [ 105.492837][ T1335] hid-generic 0005:0B57:FFFB.0004: probe with driver hid-generic failed with error -22 [ 105.529641][ T6021] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 105.550643][ T6021] usb 6-1: device descriptor read/8, error -71 [ 105.659750][ T6021] usb usb6-port1: unable to enumerate USB device [ 105.663089][ T8787] __nla_validate_parse: 4 callbacks suppressed [ 105.663097][ T8787] netlink: 24 bytes leftover after parsing attributes in process `syz.0.912'. [ 105.668468][ T8787] netlink: 'syz.0.912': attribute type 1 has an invalid length. [ 105.671059][ T8787] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 105.677502][ T40] audit: type=1400 audit(1766308278.261:22732): avc: denied { bind } for pid=8788 comm="syz.3.913" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 105.729022][ T40] audit: type=1326 audit(1766308278.311:22733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8785 comm="syz.0.912" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcb3498f7c9 code=0x0 [ 105.796699][ T8794] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 105.798812][ T8794] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 105.801953][ T8794] vhci_hcd vhci_hcd.0: Device attached [ 105.899187][ T8802] xt_hashlimit: invalid interval [ 105.908180][ T8795] vhci_hcd: connection closed [ 105.908513][ T221] vhci_hcd vhci_hcd.3: stop threads [ 105.913081][ T221] vhci_hcd vhci_hcd.3: release socket [ 105.915551][ T221] vhci_hcd vhci_hcd.3: disconnect device [ 105.996497][ T8807] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan1, syncid = 0, id = 0 [ 106.679627][ T64] Bluetooth: hci3: command 0x0406 tx timeout [ 106.791519][ T40] audit: type=1400 audit(1766308279.381:22734): avc: denied { read } for pid=8816 comm="syz.3.922" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 106.799800][ T40] audit: type=1400 audit(1766308279.391:22735): avc: denied { open } for pid=8816 comm="syz.3.922" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 106.859840][ T40] audit: type=1400 audit(1766308279.451:22736): avc: denied { ioctl } for pid=8816 comm="syz.3.922" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x4592 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 107.231903][ T8829] IPv6: syztnl0: Disabled Multicast RS [ 107.546172][ T8831] FAULT_INJECTION: forcing a failure. [ 107.546172][ T8831] name failslab, interval 1, probability 0, space 0, times 0 [ 107.551582][ T8831] CPU: 1 UID: 0 PID: 8831 Comm: syz.3.926 Tainted: G L syzkaller #0 PREEMPT(full) [ 107.551599][ T8831] Tainted: [L]=SOFTLOCKUP [ 107.551602][ T8831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 107.551608][ T8831] Call Trace: [ 107.551612][ T8831] [ 107.551616][ T8831] dump_stack_lvl+0x16c/0x1f0 [ 107.551650][ T8831] should_fail_ex+0x512/0x640 [ 107.551670][ T8831] ? fs_reclaim_acquire+0xae/0x150 [ 107.551685][ T8831] should_failslab+0xc2/0x120 [ 107.551699][ T8831] __kmalloc_noprof+0xeb/0x910 [ 107.551715][ T8831] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 107.551733][ T8831] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 107.551747][ T8831] tomoyo_realpath_from_path+0xc2/0x6e0 [ 107.551762][ T8831] ? tomoyo_profile+0x47/0x60 [ 107.551779][ T8831] tomoyo_path_number_perm+0x245/0x580 [ 107.551790][ T8831] ? tomoyo_path_number_perm+0x237/0x580 [ 107.551812][ T8831] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 107.551828][ T8831] ? find_held_lock+0x2b/0x80 [ 107.551869][ T8831] ? find_held_lock+0x2b/0x80 [ 107.551892][ T8831] ? hook_file_ioctl_common+0x144/0x410 [ 107.551922][ T8831] ? __fget_files+0x20e/0x3c0 [ 107.551947][ T8831] security_file_ioctl+0x9b/0x240 [ 107.552454][ T8831] __x64_sys_ioctl+0xb7/0x210 [ 107.552468][ T8831] do_syscall_64+0xcd/0xf80 [ 107.552483][ T8831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.552494][ T8831] RIP: 0033:0x7fd7ded8f7c9 [ 107.552502][ T8831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.552512][ T8831] RSP: 002b:00007fd7dfca2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 107.552522][ T8831] RAX: ffffffffffffffda RBX: 00007fd7defe5fa0 RCX: 00007fd7ded8f7c9 [ 107.552528][ T8831] RDX: 0000200000000000 RSI: 00000000c02c563a RDI: 0000000000000003 [ 107.552534][ T8831] RBP: 00007fd7dfca2090 R08: 0000000000000000 R09: 0000000000000000 [ 107.552540][ T8831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.552546][ T8831] R13: 00007fd7defe6038 R14: 00007fd7defe5fa0 R15: 00007ffd417360d8 [ 107.552560][ T8831] [ 107.552564][ T8831] ERROR: Out of memory at tomoyo_realpath_from_path. [ 107.723603][ T40] audit: type=1400 audit(1766308280.311:22737): avc: denied { bind } for pid=8832 comm="syz.3.927" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 107.731862][ T40] audit: type=1400 audit(1766308280.311:22738): avc: denied { listen } for pid=8832 comm="syz.3.927" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 107.740004][ T40] audit: type=1400 audit(1766308280.311:22739): avc: denied { accept } for pid=8832 comm="syz.3.927" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 107.802001][ T40] audit: type=1400 audit(1766308280.391:22740): avc: denied { map } for pid=8832 comm="syz.3.927" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 108.004891][ T8833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.927'. [ 108.007812][ T8833] netlink: 40 bytes leftover after parsing attributes in process `syz.3.927'. [ 108.095659][ T8840] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54554 sclass=netlink_route_socket pid=8840 comm=syz.1.929 [ 108.169570][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 108.458711][ T8858] evm: overlay not supported [ 108.520976][ T8858] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 108.524862][ T8858] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 108.681192][ T8866] geneve2: entered promiscuous mode [ 108.683879][ T221] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.687107][ T221] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.691315][ T221] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.694213][ T221] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.702175][ T8866] raw_sendmsg: syz.1.937 forgot to set AF_INET. Fix it! [ 108.704920][ T8866] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8866 comm=syz.1.937 [ 108.980257][ T8886] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 108.983211][ T8886] block device autoloading is deprecated and will be removed. [ 109.093712][ T8894] netlink: 4 bytes leftover after parsing attributes in process `syz.1.945'. [ 109.113941][ T8896] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan1, syncid = 0, id = 0 [ 109.923413][ T8909] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 109.977774][ T8908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.950'. [ 109.982941][ T8908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.950'. [ 110.214335][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 110.216941][ T1144] Bluetooth: hci4: Frame reassembly failed (-84) [ 110.233597][ T8921] lo speed is unknown, defaulting to 1000 [ 110.463661][ T8891] kexec: Could not allocate control_code_buffer [ 110.783593][ T8933] hub 4-0:1.0: USB hub found [ 110.785912][ T8933] hub 4-0:1.0: 2 ports detected [ 110.797577][ T40] kauditd_printk_skb: 21 callbacks suppressed [ 110.797587][ T40] audit: type=1400 audit(1766308283.381:22762): avc: denied { getopt } for pid=8932 comm="syz.1.958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 110.945265][ T40] audit: type=1400 audit(1766308283.531:22763): avc: denied { read write } for pid=8936 comm="syz.0.961" name="uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 110.955079][ T40] audit: type=1400 audit(1766308283.531:22764): avc: denied { open } for pid=8936 comm="syz.0.961" path="/dev/uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 110.980001][ T8943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.963'. [ 110.983705][ T8942] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 110.986394][ T8942] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 110.993438][ T8942] vhci_hcd vhci_hcd.0: Device attached [ 110.999992][ T8942] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(7) [ 111.002499][ T8942] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 111.005892][ T8942] vhci_hcd vhci_hcd.0: Device attached [ 111.010940][ T8949] netlink: 8 bytes leftover after parsing attributes in process `syz.0.964'. [ 111.014918][ T8949] netlink: 16 bytes leftover after parsing attributes in process `syz.0.964'. [ 111.018548][ T40] audit: type=1400 audit(1766308283.601:22765): avc: denied { read } for pid=8948 comm="syz.0.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 111.034689][ T8946] vhci_hcd: connection closed [ 111.034730][ T8944] vhci_hcd: connection closed [ 111.037027][ T12] vhci_hcd vhci_hcd.1: stop threads [ 111.041037][ T40] audit: type=1400 audit(1766308283.621:22766): avc: denied { ioctl } for pid=8948 comm="syz.0.964" path="socket:[26350]" dev="sockfs" ino=26350 ioctlcmd=0x662c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 111.041589][ T12] vhci_hcd vhci_hcd.1: release socket [ 111.056235][ T12] vhci_hcd vhci_hcd.1: disconnect device [ 111.059256][ T12] vhci_hcd vhci_hcd.1: stop threads [ 111.062046][ T12] vhci_hcd vhci_hcd.1: release socket [ 111.064335][ T12] vhci_hcd vhci_hcd.1: disconnect device [ 111.115111][ T8954] netlink: 'syz.0.966': attribute type 10 has an invalid length. [ 111.117966][ T8954] netlink: 228 bytes leftover after parsing attributes in process `syz.0.966'. [ 111.187820][ T40] audit: type=1400 audit(1766308283.771:22767): avc: denied { ioctl } for pid=8957 comm="syz.0.968" path="socket:[25258]" dev="sockfs" ino=25258 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 111.490688][ T8965] usb usb4: usbfs: interface 0 claimed by hub while 'syz.0.969' sets config #1 [ 111.680355][ T40] audit: type=1400 audit(1766308284.271:22768): avc: denied { unmount } for pid=5934 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 112.039844][ T1335] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 112.189726][ T1335] usb 5-1: Using ep0 maxpacket: 8 [ 112.194481][ T1335] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 112.197301][ T1335] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 112.201005][ T1335] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 112.204142][ T1335] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 112.207968][ T1335] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 112.213459][ T1335] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 112.217333][ T1335] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.269599][ T5295] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 112.269656][ T64] Bluetooth: hci4: command 0x1003 tx timeout [ 112.320958][ T8985] bridge6: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 112.400377][ T8989] bridge_slave_0: invalid flags given to default FDB implementation [ 112.425837][ T1335] usb 5-1: usb_control_msg returned -32 [ 112.428366][ T1335] usbtmc 5-1:16.0: can't read capabilities [ 112.428946][ T40] audit: type=1400 audit(1766308285.011:22769): avc: denied { watch watch_reads } for pid=8990 comm="syz.3.978" path="/251" dev="tmpfs" ino=1359 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 112.439317][ T40] audit: type=1400 audit(1766308285.021:22770): avc: denied { setopt } for pid=8990 comm="syz.3.978" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 112.631308][ T40] audit: type=1400 audit(1766308285.221:22771): avc: denied { ioctl } for pid=9002 comm="syz.1.981" path="socket:[26471]" dev="sockfs" ino=26471 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 112.779150][ T9014] usbtmc 5-1:16.0: INITIATE_CLEAR returned 0 [ 112.983654][ T1335] usb 5-1: USB disconnect, device number 4 [ 113.026433][ T9020] f2fs: Unknown parameter 'barrierher' [ 113.550524][ T9024] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=9024 comm=syz.1.986 [ 113.678918][ T9031] netlink: 28 bytes leftover after parsing attributes in process `syz.0.989'. [ 113.682073][ T9031] netlink: 'syz.0.989': attribute type 7 has an invalid length. [ 113.684898][ T9031] netlink: 'syz.0.989': attribute type 8 has an invalid length. [ 113.687917][ T9031] netlink: 4 bytes leftover after parsing attributes in process `syz.0.989'. [ 113.771470][ T9033] netlink: 48 bytes leftover after parsing attributes in process `syz.0.990'. [ 113.846433][ T9041] netlink: 'syz.3.993': attribute type 10 has an invalid length. [ 113.849554][ T9041] netlink: 228 bytes leftover after parsing attributes in process `syz.3.993'. [ 113.983674][ T9052] netlink: 12 bytes leftover after parsing attributes in process `syz.0.998'. [ 113.997104][ T9052] 8021q: adding VLAN 0 to HW filter on device bond1 [ 114.133732][ T9061] netlink: 432 bytes leftover after parsing attributes in process `syz.3.1000'. [ 114.210334][ T9065] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9065 comm=syz.3.1000 [ 114.280471][ T9070] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.294104][ T9071] erspan1: entered promiscuous mode [ 114.352950][ T9070] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.412627][ T9070] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.485131][ T9070] bond0: (slave netdevsim0): Releasing backup interface [ 114.522102][ T9070] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.647522][ T221] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.663965][ T4182] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.666605][ T4182] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.674682][ T4182] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.712235][ T9073] netlink: 'syz.1.1004': attribute type 10 has an invalid length. [ 114.854490][ T9081] openvswitch: netlink: Flow key attr not present in new flow. [ 115.081615][ T9099] netlink: 'syz.1.1015': attribute type 1 has an invalid length. [ 115.095812][ T9099] 8021q: adding VLAN 0 to HW filter on device bond2 [ 115.101200][ T9099] bond2: option tlb_dynamic_lb: unable to set because the bond device is up [ 115.265332][ T9123] QAT: Invalid ioctl -2144835806 [ 115.271641][ T9123] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2050 sclass=netlink_route_socket pid=9123 comm=syz.0.1022 [ 115.339323][ T9130] openvswitch: netlink: IP tunnel dst address not specified [ 115.347815][ T9131] geneve2: entered promiscuous mode [ 115.350375][ T9131] geneve2: entered allmulticast mode [ 115.353253][ T5063] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 115.356456][ T5063] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 115.359291][ T5063] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 115.370862][ T9134] lo speed is unknown, defaulting to 1000 [ 115.950265][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 115.950277][ T40] audit: type=1400 audit(1766308288.541:22775): avc: denied { connect } for pid=9159 comm="syz.0.1031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 116.046260][ T9166] netlink: 'syz.0.1034': attribute type 10 has an invalid length. [ 116.048879][ T9166] __nla_validate_parse: 5 callbacks suppressed [ 116.048887][ T9166] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1034'. [ 116.115089][ T9174] 8021q: VLANs not supported on gre0 [ 116.159821][ T9179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1039'. [ 116.271284][ T9184] loop4: detected capacity change from 0 to 524288000 [ 116.285343][ T9183] netlink: 'syz.0.1042': attribute type 1 has an invalid length. [ 116.288070][ T9183] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1042'. [ 116.290967][ T9183] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1042'. [ 117.061252][ T9190] netlink: 'syz.3.1045': attribute type 10 has an invalid length. [ 117.064712][ T9190] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1045'. [ 117.114580][ T40] audit: type=1400 audit(1766308289.701:22776): avc: denied { ioctl } for pid=9191 comm="syz.0.1046" path="socket:[29844]" dev="sockfs" ino=29844 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 117.121984][ T9195] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 117.129540][ T40] audit: type=1400 audit(1766308289.711:22777): avc: denied { mount } for pid=9194 comm="syz.3.1047" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 117.147599][ T40] audit: type=1400 audit(1766308289.731:22778): avc: denied { unmount } for pid=5947 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 117.508565][ T1143] Bluetooth: hci4: Frame reassembly failed (-84) [ 117.522225][ T9203] lo speed is unknown, defaulting to 1000 [ 118.116647][ T9274] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1053'. [ 118.183036][ T9312] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 118.185439][ T9312] IPv6: NLM_F_CREATE should be set when creating new route [ 118.223851][ T9318] netlink: 'syz.3.1055': attribute type 10 has an invalid length. [ 118.226278][ T9318] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1055'. [ 118.353633][ T9322] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1057'. [ 118.388929][ T9322] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1057'. [ 118.667583][ T40] audit: type=1400 audit(1766308291.251:22779): avc: denied { setopt } for pid=9331 comm="syz.3.1060" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 118.936224][ T9342] netlink: 'syz.3.1064': attribute type 10 has an invalid length. [ 118.938735][ T9342] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1064'. [ 118.968215][ T9344] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 119.127464][ T9354] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 119.129625][ T9354] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 119.132991][ T9354] vhci_hcd vhci_hcd.0: Device attached [ 119.136724][ T9354] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(7) [ 119.139485][ T9354] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 119.142997][ T9354] vhci_hcd vhci_hcd.0: Device attached [ 119.157824][ T9357] vhci_hcd: connection closed [ 119.157943][ T9355] vhci_hcd: connection closed [ 119.159690][ T221] vhci_hcd vhci_hcd.3: stop threads [ 119.163033][ T221] vhci_hcd vhci_hcd.3: release socket [ 119.164791][ T221] vhci_hcd vhci_hcd.3: disconnect device [ 119.166698][ T221] vhci_hcd vhci_hcd.3: stop threads [ 119.168396][ T221] vhci_hcd vhci_hcd.3: release socket [ 119.170201][ T221] vhci_hcd vhci_hcd.3: disconnect device [ 119.549576][ T64] Bluetooth: hci4: command 0x1003 tx timeout [ 119.549597][ T5295] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 119.695162][ T9367] FAULT_INJECTION: forcing a failure. [ 119.695162][ T9367] name failslab, interval 1, probability 0, space 0, times 0 [ 119.704070][ T9367] CPU: 1 UID: 0 PID: 9367 Comm: syz.3.1072 Tainted: G L syzkaller #0 PREEMPT(full) [ 119.704105][ T9367] Tainted: [L]=SOFTLOCKUP [ 119.704111][ T9367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 119.704121][ T9367] Call Trace: [ 119.704128][ T9367] [ 119.704136][ T9367] dump_stack_lvl+0x16c/0x1f0 [ 119.704161][ T9367] should_fail_ex+0x512/0x640 [ 119.704186][ T9367] ? fs_reclaim_acquire+0xae/0x150 [ 119.704211][ T9367] should_failslab+0xc2/0x120 [ 119.704233][ T9367] __kmalloc_noprof+0xeb/0x910 [ 119.704260][ T9367] ? tomoyo_encode2+0x100/0x3e0 [ 119.704287][ T9367] ? tomoyo_encode2+0x100/0x3e0 [ 119.704308][ T9367] tomoyo_encode2+0x100/0x3e0 [ 119.704334][ T9367] tomoyo_encode+0x29/0x50 [ 119.704354][ T9367] tomoyo_realpath_from_path+0x18f/0x6e0 [ 119.704384][ T9367] tomoyo_path_number_perm+0x245/0x580 [ 119.704403][ T9367] ? tomoyo_path_number_perm+0x237/0x580 [ 119.704425][ T9367] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 119.704446][ T9367] ? find_held_lock+0x2b/0x80 [ 119.704495][ T9367] ? find_held_lock+0x2b/0x80 [ 119.704518][ T9367] ? hook_file_ioctl_common+0x144/0x410 [ 119.704549][ T9367] ? __fget_files+0x20e/0x3c0 [ 119.704578][ T9367] security_file_ioctl+0x9b/0x240 [ 119.704603][ T9367] __x64_sys_ioctl+0xb7/0x210 [ 119.704625][ T9367] do_syscall_64+0xcd/0xf80 [ 119.704648][ T9367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.704665][ T9367] RIP: 0033:0x7fd7ded8f7c9 [ 119.704679][ T9367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.704695][ T9367] RSP: 002b:00007fd7dfca2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 119.704711][ T9367] RAX: ffffffffffffffda RBX: 00007fd7defe5fa0 RCX: 00007fd7ded8f7c9 [ 119.704722][ T9367] RDX: 0000200000000080 RSI: 00000000c0cc5616 RDI: 0000000000000003 [ 119.704733][ T9367] RBP: 00007fd7dfca2090 R08: 0000000000000000 R09: 0000000000000000 [ 119.704743][ T9367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 119.704753][ T9367] R13: 00007fd7defe6038 R14: 00007fd7defe5fa0 R15: 00007ffd417360d8 [ 119.704779][ T9367] [ 119.704796][ T9367] ERROR: Out of memory at tomoyo_realpath_from_path. [ 119.712460][ T9363] program syz.0.1071 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 120.331128][ T34] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 120.351040][ T5063] Bluetooth: hci4: Frame reassembly failed (-84) [ 120.365019][ T9383] lo speed is unknown, defaulting to 1000 [ 120.479827][ T34] usb 8-1: Using ep0 maxpacket: 16 [ 120.482798][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.486099][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.489079][ T34] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 120.493240][ T34] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 120.496041][ T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.501608][ T34] usb 8-1: config 0 descriptor?? [ 120.959592][ T34] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 120.961630][ T34] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 120.963518][ T34] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 120.965477][ T34] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 120.967452][ T34] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 120.972466][ T34] input: HID 0955:7214 Haptics as /devices/virtual/input/input14 [ 120.994641][ T34] shield 0003:0955:7214.0005: Registered Thunderstrike controller [ 120.997004][ T34] shield 0003:0955:7214.0005: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.3-1/input0 [ 121.158699][ T9375] random: crng reseeded on system resumption [ 121.170915][ T6006] usb 8-1: USB disconnect, device number 9 [ 121.171219][ T6223] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 121.183612][ T6006] ------------[ cut here ]------------ [ 121.185522][ T6223] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 121.185694][ T6006] workqueue: work disable count underflowed [ 121.189896][ T6223] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 121.192165][ T6006] WARNING: kernel/workqueue.c:4359 at enable_work+0x2ca/0x310, CPU#2: kworker/2:3/6006 [ 121.196252][ T6223] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 121.199085][ T6006] Modules linked in: [ 121.204638][ T6006] CPU: 2 UID: 0 PID: 6006 Comm: kworker/2:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 121.208012][ T6006] Tainted: [L]=SOFTLOCKUP [ 121.209376][ T6006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 121.212796][ T6006] Workqueue: usb_hub_wq hub_event [ 121.214395][ T6006] RIP: 0010:enable_work+0x2ca/0x310 [ 121.216086][ T6006] Code: ff e8 fa 0d 3a 00 90 0f 0b 90 e9 b4 fe ff ff e8 ec 0d 3a 00 e8 17 29 f3 09 e9 49 ff ff ff e8 dd 0d 3a 00 48 8d 3d 36 cd 06 0f <67> 48 0f b9 3a e9 33 fe ff ff 48 89 ef e8 c4 e7 a3 00 e9 f7 fd ff [ 121.222059][ T6006] RSP: 0018:ffffc900027df348 EFLAGS: 00010093 [ 121.223970][ T6006] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8184d6e3 [ 121.226463][ T6006] RDX: ffff88802e54a4c0 RSI: ffffffff8184d8b3 RDI: ffffffff908ba5f0 [ 121.228935][ T6006] RBP: ffff888053ef7738 R08: 0000000000000005 R09: 0000000000000000 [ 121.231397][ T6006] R10: 0000000000000000 R11: ffff88802e54aff0 R12: 1ffff920004fbe6a [ 121.233871][ T6006] R13: ffffffff8fc4e77f R14: ffff888053ef7698 R15: ffff888053ef7730 [ 121.236884][ T6006] FS: 0000000000000000(0000) GS:ffff8880d6af5000(0000) knlGS:0000000000000000 [ 121.239811][ T6006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.242545][ T6006] CR2: 00005650300ffa18 CR3: 0000000036767000 CR4: 0000000000352ef0 [ 121.245532][ T6006] Call Trace: [ 121.246886][ T6006] [ 121.248169][ T6006] ? __pfx_enable_work+0x10/0x10 [ 121.250276][ T6006] cancel_delayed_work_sync+0x96/0xf0 [ 121.252546][ T6006] thermal_zone_device_unregister+0x28e/0x4d0 [ 121.255088][ T6006] ? __pfx_shield_remove+0x10/0x10 [ 121.257216][ T6006] power_supply_unregister+0x10a/0x150 [ 121.259507][ T6006] shield_remove+0x75/0x130 [ 121.261427][ T6006] ? __pfx_shield_remove+0x10/0x10 [ 121.263235][ T6006] hid_device_remove+0xd1/0x260 [ 121.264944][ T6006] ? __pfx_hid_device_remove+0x10/0x10 [ 121.267244][ T6006] device_remove+0xcb/0x170 [ 121.269194][ T6006] device_release_driver_internal+0x44b/0x620 [ 121.271763][ T6006] bus_remove_device+0x22f/0x450 [ 121.273824][ T6006] device_del+0x396/0x9f0 [ 121.275633][ T6006] ? __pfx_device_del+0x10/0x10 [ 121.277187][ T6006] ? do_raw_spin_lock+0x12c/0x2b0 [ 121.278667][ T6006] hid_destroy_device+0x19c/0x240 [ 121.280632][ T6006] usbhid_disconnect+0xa0/0xe0 [ 121.282626][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 121.284782][ T6006] ? kernfs_remove_by_name_ns+0xbe/0x100 [ 121.287135][ T6006] ? __pfx_usb_unbind_interface+0x10/0x10 [ 121.289515][ T6006] device_remove+0x125/0x170 [ 121.291491][ T6006] device_release_driver_internal+0x44b/0x620 [ 121.294048][ T6006] bus_remove_device+0x22f/0x450 [ 121.296149][ T6006] device_del+0x396/0x9f0 [ 121.298021][ T6006] ? __pfx_device_del+0x10/0x10 [ 121.300102][ T6006] ? kobject_put+0x218/0x6f0 [ 121.302059][ T6006] usb_disable_device+0x355/0x820 [ 121.304192][ T6006] usb_disconnect+0x2e1/0x9e0 [ 121.306183][ T6006] hub_event+0x1d84/0x52f0 [ 121.308115][ T6006] ? __lock_acquire+0x436/0x2890 [ 121.310198][ T6006] ? do_raw_spin_unlock+0x172/0x230 [ 121.312400][ T6006] ? __pfx_hub_event+0x10/0x10 [ 121.314411][ T6006] ? debug_objects_fill_pool+0x380/0x660 [ 121.316747][ T6006] ? finish_task_switch.isra.0+0x202/0xbd0 [ 121.319213][ T6006] ? rcu_is_watching+0x12/0xc0 [ 121.321246][ T6006] process_one_work+0x9ba/0x1b20 [ 121.323337][ T6006] ? __pfx_process_one_work+0x10/0x10 [ 121.325610][ T6006] ? assign_work+0x1a0/0x250 [ 121.327559][ T6006] worker_thread+0x6c8/0xf10 [ 121.329522][ T6006] ? __kthread_parkme+0x19e/0x250 [ 121.331639][ T6006] ? __pfx_worker_thread+0x10/0x10 [ 121.333818][ T6006] kthread+0x3c5/0x780 [ 121.335535][ T6006] ? __pfx_kthread+0x10/0x10 [ 121.337506][ T6006] ? rcu_is_watching+0x12/0xc0 [ 121.339527][ T6006] ? __pfx_kthread+0x10/0x10 [ 121.341553][ T6006] ret_from_fork+0x983/0xb10 [ 121.343554][ T6006] ? __pfx_ret_from_fork+0x10/0x10 [ 121.345712][ T6006] ? __switch_to+0x7af/0x10d0 [ 121.347618][ T6006] ? __pfx_kthread+0x10/0x10 [ 121.349594][ T6006] ret_from_fork_asm+0x1a/0x30 [ 121.351698][ T6006] [ 121.352870][ T6006] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 121.355255][ T6006] CPU: 2 UID: 0 PID: 6006 Comm: kworker/2:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 121.358554][ T6006] Tainted: [L]=SOFTLOCKUP [ 121.359979][ T6006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 121.363317][ T6006] Workqueue: usb_hub_wq hub_event [ 121.365021][ T6006] Call Trace: [ 121.366076][ T6006] [ 121.367091][ T6006] dump_stack_lvl+0x3d/0x1f0 [ 121.368857][ T6006] vpanic+0x640/0x6f0 [ 121.370337][ T6006] ? enable_work+0x2ca/0x310 [ 121.371853][ T6006] panic+0xca/0xd0 [ 121.373147][ T6006] ? __pfx_panic+0x10/0x10 [ 121.374616][ T6006] ? check_panic_on_warn+0x1f/0xb0 [ 121.376254][ T6006] check_panic_on_warn+0xab/0xb0 [ 121.377803][ T6006] __warn+0x108/0x3c0 [ 121.379066][ T6006] __report_bug+0x2a0/0x520 [ 121.380556][ T6006] ? enable_work+0x2ca/0x310 [ 121.382012][ T6006] ? __pfx___report_bug+0x10/0x10 [ 121.383579][ T6006] ? __wait_for_common+0x1e0/0x4e0 [ 121.385389][ T6006] ? enable_work+0x2c3/0x310 [ 121.386843][ T6006] ? enable_work+0xf3/0x310 [ 121.388410][ T6006] ? find_held_lock+0x2b/0x80 [ 121.390312][ T6006] report_bug_entry+0xe1/0x290 [ 121.392356][ T6006] ? enable_work+0x2ca/0x310 [ 121.394286][ T6006] handle_bug+0x18a/0x260 [ 121.396165][ T6006] exc_invalid_op+0x17/0x50 [ 121.397991][ T6006] asm_exc_invalid_op+0x1a/0x20 [ 121.399947][ T6006] RIP: 0010:enable_work+0x2ca/0x310 [ 121.402006][ T6006] Code: ff e8 fa 0d 3a 00 90 0f 0b 90 e9 b4 fe ff ff e8 ec 0d 3a 00 e8 17 29 f3 09 e9 49 ff ff ff e8 dd 0d 3a 00 48 8d 3d 36 cd 06 0f <67> 48 0f b9 3a e9 33 fe ff ff 48 89 ef e8 c4 e7 a3 00 e9 f7 fd ff [ 121.409469][ T6006] RSP: 0018:ffffc900027df348 EFLAGS: 00010093 [ 121.411357][ T6006] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8184d6e3 [ 121.413752][ T6006] RDX: ffff88802e54a4c0 RSI: ffffffff8184d8b3 RDI: ffffffff908ba5f0 [ 121.416379][ T6006] RBP: ffff888053ef7738 R08: 0000000000000005 R09: 0000000000000000 [ 121.418818][ T6006] R10: 0000000000000000 R11: ffff88802e54aff0 R12: 1ffff920004fbe6a [ 121.421290][ T6006] R13: ffffffff8fc4e77f R14: ffff888053ef7698 R15: ffff888053ef7730 [ 121.423734][ T6006] ? enable_work+0xf3/0x310 [ 121.425201][ T6006] ? enable_work+0x2c3/0x310 [ 121.426724][ T6006] ? enable_work+0x2c3/0x310 [ 121.428187][ T6006] ? __pfx_enable_work+0x10/0x10 [ 121.429739][ T6006] cancel_delayed_work_sync+0x96/0xf0 [ 121.431560][ T6006] thermal_zone_device_unregister+0x28e/0x4d0 [ 121.433486][ T6006] ? __pfx_shield_remove+0x10/0x10 [ 121.435116][ T6006] power_supply_unregister+0x10a/0x150 [ 121.436866][ T6006] shield_remove+0x75/0x130 [ 121.438292][ T6006] ? __pfx_shield_remove+0x10/0x10 [ 121.439910][ T6006] hid_device_remove+0xd1/0x260 [ 121.441427][ T6006] ? __pfx_hid_device_remove+0x10/0x10 [ 121.443121][ T6006] device_remove+0xcb/0x170 [ 121.444620][ T6006] device_release_driver_internal+0x44b/0x620 [ 121.447152][ T6006] bus_remove_device+0x22f/0x450 [ 121.448764][ T6006] device_del+0x396/0x9f0 [ 121.450155][ T6006] ? __pfx_device_del+0x10/0x10 [ 121.451692][ T6006] ? do_raw_spin_lock+0x12c/0x2b0 [ 121.453284][ T6006] hid_destroy_device+0x19c/0x240 [ 121.454897][ T6006] usbhid_disconnect+0xa0/0xe0 [ 121.456526][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 121.458180][ T6006] ? kernfs_remove_by_name_ns+0xbe/0x100 [ 121.459903][ T6006] ? __pfx_usb_unbind_interface+0x10/0x10 [ 121.461631][ T6006] device_remove+0x125/0x170 [ 121.463231][ T6006] device_release_driver_internal+0x44b/0x620 [ 121.465155][ T6006] bus_remove_device+0x22f/0x450 [ 121.466709][ T6006] device_del+0x396/0x9f0 [ 121.468108][ T6006] ? __pfx_device_del+0x10/0x10 [ 121.469632][ T6006] ? kobject_put+0x218/0x6f0 [ 121.471087][ T6006] usb_disable_device+0x355/0x820 [ 121.472683][ T6006] usb_disconnect+0x2e1/0x9e0 [ 121.474169][ T6006] hub_event+0x1d84/0x52f0 [ 121.476000][ T6006] ? __lock_acquire+0x436/0x2890 [ 121.478050][ T6006] ? do_raw_spin_unlock+0x172/0x230 [ 121.480282][ T6006] ? __pfx_hub_event+0x10/0x10 [ 121.482306][ T6006] ? debug_objects_fill_pool+0x380/0x660 [ 121.484672][ T6006] ? finish_task_switch.isra.0+0x202/0xbd0 [ 121.487142][ T6006] ? rcu_is_watching+0x12/0xc0 [ 121.489177][ T6006] process_one_work+0x9ba/0x1b20 [ 121.491266][ T6006] ? __pfx_process_one_work+0x10/0x10 [ 121.493543][ T6006] ? assign_work+0x1a0/0x250 [ 121.495577][ T6006] worker_thread+0x6c8/0xf10 [ 121.497521][ T6006] ? __kthread_parkme+0x19e/0x250 [ 121.499632][ T6006] ? __pfx_worker_thread+0x10/0x10 [ 121.501806][ T6006] kthread+0x3c5/0x780 [ 121.503535][ T6006] ? __pfx_kthread+0x10/0x10 [ 121.505532][ T6006] ? rcu_is_watching+0x12/0xc0 [ 121.507545][ T6006] ? __pfx_kthread+0x10/0x10 [ 121.509516][ T6006] ret_from_fork+0x983/0xb10 [ 121.511421][ T6006] ? __pfx_ret_from_fork+0x10/0x10 [ 121.513594][ T6006] ? __switch_to+0x7af/0x10d0 [ 121.515578][ T6006] ? __pfx_kthread+0x10/0x10 [ 121.517547][ T6006] ret_from_fork_asm+0x1a/0x30 [ 121.519583][ T6006] [ 121.521707][ T6006] Kernel Offset: disabled [ 121.523539][ T6006] Rebooting in 86400 seconds..