last executing test programs: 1m12.501375631s ago: executing program 3 (id=609): r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x38) prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0) fcntl$setsig(r0, 0xa, 0x21) fcntl$setlease(r0, 0x400, 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x200000000000000, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1m12.431111867s ago: executing program 3 (id=612): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b31, &(0x7f0000000580)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 1m11.027857556s ago: executing program 3 (id=634): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xd, 0x0, 0xffffffffffffffff, 0x1f5e0305, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x20000000000000}, 0x50) 1m11.026795187s ago: executing program 3 (id=636): r0 = fsopen(&(0x7f0000000100)='mqueue\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x40000) ioctl$SCSI_IOCTL_GET_IDLUN(r3, 0x5382, &(0x7f0000001340)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) r4 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r4, &(0x7f0000000280), &(0x7f0000001840)=@udp6=r5}, 0x20) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r6, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./bus\x00', 0x34) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r7 = creat(&(0x7f0000000240)='./bus\x00', 0x4) fdatasync(r7) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2c, r2, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}]}, 0x2c}}, 0x0) r8 = fsmount(r0, 0x1, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x4) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') preadv(r9, &(0x7f00000001c0)=[{&(0x7f0000001140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) r10 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r10) waitid(0x0, r10, 0x0, 0x8, 0x0) syz_open_procfs(r10, &(0x7f00000002c0)='net/rpc\x00') fchdir(r8) 1m10.951309435s ago: executing program 3 (id=638): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r1, 0x1, 0x0, 0x25dfdbfc, {{}, {}, {0x18, 0x17, {0x4, 0x0, @l2={'eth', 0x3a, 'sit0\x00'}}}}}, 0x34}}, 0x10) (fail_nth: 6) 1m10.721193386s ago: executing program 3 (id=646): r0 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)={0x30, r0, 0x401, 0x70bd26, 0x25dfdbfe, {}, [@NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x8840}, 0x10) 1m10.592408443s ago: executing program 32 (id=646): r0 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)={0x30, r0, 0x401, 0x70bd26, 0x25dfdbfe, {}, [@NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x8840}, 0x10) 38.009760774s ago: executing program 1 (id=1130): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x7}, {}, {0x2, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0xc, 0x2, [@TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x40010) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth1\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x24, r3, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004844}, 0x0) 38.009422888s ago: executing program 1 (id=1131): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000f80)="d8000000180081064e81f782db4cb910021d0800fd007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000040012000a00ff150048035c3b61c1d67f6f94007134cf6efb80073f6a5aa8457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001252c330f973f4953d2a6823a45", 0xd8}], 0x1}, 0x4000044) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xa0, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x78, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0xc, 0x7, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '+f'}]}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x114}}, 0x0) 37.971502737s ago: executing program 1 (id=1132): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvtap0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="05030200157e0000140012800c0001006d616376746170000400028008000500", @ANYRES32=r1, @ANYBLOB="0800040044"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x404c094) 37.870416405s ago: executing program 1 (id=1135): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="5d5b0000000000001c001a8018000a8014000700fe88000000000000000059d1d985010114003500776731"], 0x50}}, 0x0) 37.869982131s ago: executing program 1 (id=1136): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r1, 0x1, 0xffff0000, 0x25dfdbfc, {{}, {}, {0x18, 0x17, {0x4, 0x0, @l2={'eth', 0x3a, 'sit0\x00'}}}}}, 0x34}}, 0x10) 37.790898986s ago: executing program 1 (id=1137): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) 33.444966965s ago: executing program 0 (id=1197): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10) socket$netlink(0x10, 0x3, 0x10) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b31, &(0x7f0000000580)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 32.299529165s ago: executing program 0 (id=1213): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x50}}, 0x0) 32.299156721s ago: executing program 0 (id=1214): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x7}, {}, {0x2, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0xc, 0x2, [@TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x40010) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth1\x00', 0x0}) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x24, r2, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004844}, 0x0) 32.299076371s ago: executing program 0 (id=1215): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvtap0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000010000305fcffffff0000feffffffffff", @ANYRES32=0x0, @ANYBLOB="05030200157e0000140012800c0001006d616376746170000400028008000500", @ANYRES32=r1, @ANYBLOB="0800040044"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x404c094) 32.211260295s ago: executing program 0 (id=1216): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x40000000002, 0x1, 0x0, 0x0, 0x800000020bd, 0x4, 0x67, 0x225561e6, 0x4d, 0x3, 0x27fc, 0x14db, 0x80000001, 0x1, 0x251, 0x20], 0x4, 0x4302}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 32.070401396s ago: executing program 0 (id=1217): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000040)={0x18, 0x1, 0x0, 0x0, 0x0, 0x6}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_G_STD(r2, 0x80085617, &(0x7f0000000240)) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000400)=ANY=[@ANYBLOB="0a0000000000000007000080090000000300000007000000020000000400000040000000000000000000000000000000070000804000000009da73a201010000df5f00000900000001000000000000000000000000000000010000400900000000000000030000000008000008000000ff"]) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x56, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000400)=ANY=[@ANYBLOB="0a000000000000000100004002000000030000000500000001f0ffff06000000040000000000000000000000000000000d00000000000000030000000200000003000000000000000100010000000000000000000000000001000000000000000300000006000000bf5a63242c"]) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000100)={{0x0, 0x9, 0x3, 0x6, 0x30000000, 0x5, 0x1e7c4884, 0x3ff, 0x9, 0x7, 0x1, 0x0, 0x8, 0x2, 0xb}, 0x28, [0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f0000000740)={r6, 0xfff}) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$sock_int(r7, 0x1, 0x12, &(0x7f0000000040)=0x1, 0x4) ioctl$KVM_RUN(r5, 0xae80, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x1, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000240)={'syztnl1\x00', 0x0, 0x7, 0x20, 0x9, 0xffffdd7e, {{0xb, 0x4, 0x1, 0x18, 0x2c, 0x64, 0x0, 0xa, 0x2f, 0x0, @remote, @broadcast, {[@ra={0x94, 0x4, 0x1}, @rr={0x7, 0x13, 0xde, [@rand_addr=0x64010102, @multicast1, @private=0xa010101, @private=0xa010101]}]}}}}}) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000480)={{0x2000, 0x2000, 0x10, 0x95, 0x81, 0xab, 0x1, 0x6, 0x7, 0x3, 0x7, 0x9}, {0x1000, 0xffff1000, 0xe, 0x3, 0x40, 0x56, 0x1, 0x6, 0xf9, 0xa, 0x1, 0xfe}, {0xf000, 0xdddd1000, 0xe, 0x2, 0x8, 0x2, 0x4, 0x5, 0x40, 0x1c, 0x5, 0xf1}, {0xdddd0000, 0xeeef0000, 0xd, 0xc, 0x0, 0x2, 0x81, 0x1, 0x38, 0x8, 0x6, 0x3}, {0xffff1000, 0x4000, 0x1b, 0x5, 0xa, 0x2, 0x9, 0xc, 0x3, 0x2c, 0xb6, 0xfc}, {0x2, 0x2000, 0x4, 0x9, 0x5, 0x4, 0x0, 0x93, 0x1, 0x1, 0x6, 0x6}, {0x0, 0x2, 0xe, 0x9, 0x4a, 0x3, 0x6, 0x5, 0x40, 0xf, 0x2, 0x4}, {0x1000, 0xdddc1000, 0xc, 0x9e, 0xe0, 0x3, 0x8, 0x7f, 0x7f, 0x1, 0x2, 0x2}, {0x1000, 0x2}, {0x1, 0xf71d}, 0x0, 0x0, 0x1000, 0x300210, 0x0, 0x4000, 0x80a0000, [0x8, 0xe37b, 0x22, 0x5]}) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x20, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000095000000000000575a10aefa7c4d6250eeae71aafe6166c94a5f9e9e4b70def637d7a9935569373db78a597782594482f1deef4e7385474f883a5405f4078d5450caa800fbccda4fc8c254c89626a576d0b89fae6c376ab566eff329fa29c4d23dcfd54c8ffc1d06b82c01bbb800dd88e722845b79907827511745e0ffd71c9d8f3eb0ea73cee3e6d5e4f44e9879ba305f4afcb37f849e487179ab9ded6046519339ececa6ef7565130b56f0f174553d9b20d115f0c2d82efc2b5746c2591ac555006a239b60e55f699ea89af5b3a85ad3d973a713e461f14cfb59a6cf2d321666"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r8, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0x22, 0x0, &(0x7f0000000380)="f6d4e9a1d78ad62ceef18843080078bb3fb7dbfcebd1f85fc171f748a7b5373a3126", 0x0, 0xffffffff, 0x0, 0x2, 0x0, &(0x7f0000000700)="010a", 0x0}, 0x50) ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x5, 0x8, 0x8, 0x200}, {0x9, 0xff, 0xf, 0x8}, {0x2, 0x1, 0x5, 0x3}, {0x7ff, 0x1, 0x6, 0x7}]}) 22.471154637s ago: executing program 33 (id=1137): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) 17.077693589s ago: executing program 34 (id=1217): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000040)={0x18, 0x1, 0x0, 0x0, 0x0, 0x6}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_G_STD(r2, 0x80085617, &(0x7f0000000240)) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000400)=ANY=[@ANYBLOB="0a0000000000000007000080090000000300000007000000020000000400000040000000000000000000000000000000070000804000000009da73a201010000df5f00000900000001000000000000000000000000000000010000400900000000000000030000000008000008000000ff"]) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x56, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000400)=ANY=[@ANYBLOB="0a000000000000000100004002000000030000000500000001f0ffff06000000040000000000000000000000000000000d00000000000000030000000200000003000000000000000100010000000000000000000000000001000000000000000300000006000000bf5a63242c"]) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000100)={{0x0, 0x9, 0x3, 0x6, 0x30000000, 0x5, 0x1e7c4884, 0x3ff, 0x9, 0x7, 0x1, 0x0, 0x8, 0x2, 0xb}, 0x28, [0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f0000000740)={r6, 0xfff}) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$sock_int(r7, 0x1, 0x12, &(0x7f0000000040)=0x1, 0x4) ioctl$KVM_RUN(r5, 0xae80, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x1, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000240)={'syztnl1\x00', 0x0, 0x7, 0x20, 0x9, 0xffffdd7e, {{0xb, 0x4, 0x1, 0x18, 0x2c, 0x64, 0x0, 0xa, 0x2f, 0x0, @remote, @broadcast, {[@ra={0x94, 0x4, 0x1}, @rr={0x7, 0x13, 0xde, [@rand_addr=0x64010102, @multicast1, @private=0xa010101, @private=0xa010101]}]}}}}}) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000480)={{0x2000, 0x2000, 0x10, 0x95, 0x81, 0xab, 0x1, 0x6, 0x7, 0x3, 0x7, 0x9}, {0x1000, 0xffff1000, 0xe, 0x3, 0x40, 0x56, 0x1, 0x6, 0xf9, 0xa, 0x1, 0xfe}, {0xf000, 0xdddd1000, 0xe, 0x2, 0x8, 0x2, 0x4, 0x5, 0x40, 0x1c, 0x5, 0xf1}, {0xdddd0000, 0xeeef0000, 0xd, 0xc, 0x0, 0x2, 0x81, 0x1, 0x38, 0x8, 0x6, 0x3}, {0xffff1000, 0x4000, 0x1b, 0x5, 0xa, 0x2, 0x9, 0xc, 0x3, 0x2c, 0xb6, 0xfc}, {0x2, 0x2000, 0x4, 0x9, 0x5, 0x4, 0x0, 0x93, 0x1, 0x1, 0x6, 0x6}, {0x0, 0x2, 0xe, 0x9, 0x4a, 0x3, 0x6, 0x5, 0x40, 0xf, 0x2, 0x4}, {0x1000, 0xdddc1000, 0xc, 0x9e, 0xe0, 0x3, 0x8, 0x7f, 0x7f, 0x1, 0x2, 0x2}, {0x1000, 0x2}, {0x1, 0xf71d}, 0x0, 0x0, 0x1000, 0x300210, 0x0, 0x4000, 0x80a0000, [0x8, 0xe37b, 0x22, 0x5]}) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x20, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000095000000000000575a10aefa7c4d6250eeae71aafe6166c94a5f9e9e4b70def637d7a9935569373db78a597782594482f1deef4e7385474f883a5405f4078d5450caa800fbccda4fc8c254c89626a576d0b89fae6c376ab566eff329fa29c4d23dcfd54c8ffc1d06b82c01bbb800dd88e722845b79907827511745e0ffd71c9d8f3eb0ea73cee3e6d5e4f44e9879ba305f4afcb37f849e487179ab9ded6046519339ececa6ef7565130b56f0f174553d9b20d115f0c2d82efc2b5746c2591ac555006a239b60e55f699ea89af5b3a85ad3d973a713e461f14cfb59a6cf2d321666"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r8, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0x22, 0x0, &(0x7f0000000380)="f6d4e9a1d78ad62ceef18843080078bb3fb7dbfcebd1f85fc171f748a7b5373a3126", 0x0, 0xffffffff, 0x0, 0x2, 0x0, &(0x7f0000000700)="010a", 0x0}, 0x50) ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x5, 0x8, 0x8, 0x200}, {0x9, 0xff, 0xf, 0x8}, {0x2, 0x1, 0x5, 0x3}, {0x7ff, 0x1, 0x6, 0x7}]}) 6.067472305s ago: executing program 5 (id=1574): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0xfffffffc, {0x0, 0x0, 0x8100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) 5.993511037s ago: executing program 5 (id=1575): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0xcf, 0xf0ff, 0x0, 0x10803, 0x2009}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLAGS={0x6, 0x8, 0x10}]}}}]}, 0x38}}, 0x0) 5.956940453s ago: executing program 5 (id=1577): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r1, 0x1, 0x0, 0x25dfdbfc, {{}, {0x1f00}, {0x18, 0x17, {0x4, 0x0, @l2={'eth', 0x3a, 'sit0\x00'}}}}}, 0x34}}, 0x10) 5.100617043s ago: executing program 5 (id=1579): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = semget$private(0x0, 0x3, 0x0) semop(r1, &(0x7f0000000000)=[{0x1, 0xff00, 0x3000}], 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x48) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000e40), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000000)={0x8, 0x2, 0x3, "a677c17a5a000000009e7379d557d1ea22000000000200000000004000", 0x30314742}) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000580)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb5008, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000540)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x21c5498, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) 5.030637909s ago: executing program 5 (id=1585): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="2000000072000103000000000000000e07000000", @ANYRES32=0x0, @ANYBLOB="0800010012000000d4367a55cc8b1a76ed90728477effbe8fcccf3e190d6c1721ecc217945de55ea4db0f58bc15675c00cbec3c4017eaacaa5a660a97979fed4ea57658bd4c9508da7e8532384c8c5a1176cc997dc639dc4b0390dd311ebd29dd21f817942493569bfdd8f"], 0x20}, 0x1, 0xf00}, 0x0) 4.750807824s ago: executing program 5 (id=1591): openat$cdrom(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) socket$kcm(0x2b, 0x1, 0x0) getsockopt(0xffffffffffffffff, 0x200000000114, 0x2718, 0x0, &(0x7f0000000040)) 4.667827841s ago: executing program 35 (id=1591): openat$cdrom(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) socket$kcm(0x2b, 0x1, 0x0) getsockopt(0xffffffffffffffff, 0x200000000114, 0x2718, 0x0, &(0x7f0000000040)) 3.86858332s ago: executing program 6 (id=1601): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x4400046}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) socket$inet6_mptcp(0xa, 0x1, 0x106) mkdir(0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a700000008"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6}]}) ptrace(0x10, r3) ptrace$getsig(0x4202, r3, 0x3, 0x0) r4 = syz_io_uring_setup(0x466c, 0x0, &(0x7f00000000c0), &(0x7f0000000140)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) io_uring_enter(r4, 0x2d3e, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r4, 0x18, &(0x7f0000000100)={0x7fff, r5, 0x4, {0x101}, 0x1}, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000540)='fdb_delete\x00', r2}, 0x18) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="62796e2c005e3a302d4727fc7978293a133b673305d1adc72b8d25a0e166bd54ce93cef4ea9eec1428d1898c324c261d5602caf07232a7d729660eac9b74d0cb57bad32b32c1836ef0674645e0cf84f7dfd42303392195da142e121a0f56a29f6c52573b78f7e5c2fd5986b61b1b720cedf3afe7416c045c1407d0518aeca65f17691d506f54be985f78e15c32648e44bce7ce01ca069bd7d6d8b399f23db2e2e4737389fcb9112c8f"]) 3.010756761s ago: executing program 6 (id=1612): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x1f) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) fcntl$dupfd(r1, 0x0, r1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x1) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r3, &(0x7f0000000600)="ca391cb1e0881b450a25", 0xa) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000240)={@in6={{0xa, 0x1, 0x0, @dev={0xfe, 0x80, '\x00', 0xf}}}, 0x0, 0x0, 0x44, 0x0, "8ddbb51a3cfd954e41e8ccb21f650fa6a867fb9bbcf0feeee4dc036d0675af58b39fa8d54ee8323507a61a95cf134ce8f605671338c7f8838a00bdfba71bc4b828c7de258b6b9ca1fc52bcc83e2a016a"}, 0xd8) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r6, 0x1a103e43) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7], 0x0, 0x0, 0x1}}, 0x40) r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000240)={[0x40000000002, 0x1, 0x0, 0x0, 0x800000020bd, 0x4, 0x67, 0x225561e6, 0x4d, 0x2400000000000000, 0x27fc, 0x14db, 0x80000001, 0x1, 0x251, 0x20], 0x4, 0x4302}) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000002440)={&(0x7f0000002380)=ANY=[@ANYBLOB="1c0000001900010008bd700000a000250a001408fe04000600000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40005}, 0x40000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x60, 0x0, &(0x7f0000000000)='GPL\x00', 0x1000d, 0x0, 0x0, 0x41000, 0x52, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, 0x0, 0x10, 0x3c}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r11 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r11, 0x8b2a, &(0x7f0000000040)) ioctl$KVM_RUN(r9, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x341c0, 0x0) 1.650388898s ago: executing program 6 (id=1620): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x9f) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000100", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010067656e65766500000400028008000a00", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x2c, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, 0x500}, [@IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008004}, 0x8000) 1.53997888s ago: executing program 6 (id=1624): socket$nl_xfrm(0x10, 0x3, 0x6) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x242082, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) pselect6(0x40, &(0x7f0000000080)={0x5, 0x0, 0x120000000000, 0x2, 0x500, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0x9, 0x86, 0x800, 0x80000002}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.190219928s ago: executing program 2 (id=1630): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000480)={@dev={0xfe, 0x80, '\x00', 0xfe}}, 0x14) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000180)={@remote, 0x0, 0x1, 0x0, 0x0, 0x7}, 0x20) (async) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000180)={@remote, 0x0, 0x1, 0x0, 0x0, 0x7}, 0x20) close(r0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='mpol=interleave,mpol=local']) (async) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='mpol=interleave,mpol=local']) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r2, 0x29, 0x18, &(0x7f0000000000)=0x6, 0x4) (async) setsockopt$inet6_int(r2, 0x29, 0x18, &(0x7f0000000000)=0x6, 0x4) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r3, 0x804c4700, &(0x7f00000000c0)={0x6, 0xaf, 0x9, 0x7, 0x3, "6ceb69bd405ea5c4246ce2a747e5e41edbfe89"}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000a9b8f1f2"], 0x0}, 0x94) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000a9b8f1f2"], 0x0}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r5 = socket(0x15, 0x5, 0x0) setsockopt$sock_timeval(r5, 0x1, 0x14, &(0x7f0000000040)={0x0, 0x2710}, 0x10) read$alg(r5, &(0x7f0000000000)=""/46, 0x2e) (async) read$alg(r5, &(0x7f0000000000)=""/46, 0x2e) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0x7) (async) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0x7) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e24, 0xff, @dev={0xfe, 0x80, '\x00', 0x3c}}, 0x1c) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) (async) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000008, 0x10, r7, 0x51f3d000) setsockopt$inet6_buf(r4, 0x29, 0x6, 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0/file0\x00', 0x101fc3, 0x1) 1.120176121s ago: executing program 2 (id=1631): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x24, r1, 0x1, 0xfffffffc, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000440), 0xa, 0x8000) ioctl$SG_SET_TIMEOUT(r3, 0x2201, 0x0) openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/vlan/vlan1\x00') bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r4 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r4, 0x8983, &(0x7f0000000000)={0x1, 'vlan1\x00', {}, 0xc2c}) pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8000000000000, 0xffffffffffffffff}, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x200000000000000) 1.000158156s ago: executing program 6 (id=1633): r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r0, 0x400, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x150) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/locks\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x6a) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0xb, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @mcast1}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) mount$9p_virtio(&(0x7f0000000680), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18) getdents64(r2, 0x0, 0xc0) getdents(r2, &(0x7f00000000c0)=""/89, 0x59) open(&(0x7f0000000040)='./file1\x00', 0x80, 0x24) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) pread64(r3, &(0x7f0000000140)=""/137, 0x4d, 0x0) 322.969508ms ago: executing program 7 (id=1650): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) shutdown(r0, 0x1) 322.829853ms ago: executing program 4 (id=1651): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40010) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth1\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0xe00, &(0x7f00000000c0)={&(0x7f0000000400)={0x24, r3, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004844}, 0x0) 251.696733ms ago: executing program 2 (id=1652): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40010) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth1\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x24, r3, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004844}, 0x0) (fail_nth: 7) 251.594769ms ago: executing program 4 (id=1653): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000010000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000005080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x54, 0x0}}, 0x10) 251.359844ms ago: executing program 7 (id=1654): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0xc3ff, 0x0, 0x40801}, 0x4000000) 251.292073ms ago: executing program 2 (id=1655): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0xfffffffc, {0x0, 0x0, 0xe4ff}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) 250.86202ms ago: executing program 4 (id=1656): mkdir(&(0x7f0000000100)='./file0\x00', 0x1bd) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYRES8=r0, @ANYBLOB="7bf96048d4e922d428f769c36ad4f90ab5ab7faf0a7eb2453ce860f56dc4e85017e898d395fd480570386d8a2615348e5aed13ea6d8a144e72eafc2c41b9ac2fddc8ac49fc27d736a918756543606c633cfe06a8ab5699bb376c56bbe8014341c5996d1670717d2c5811764046a4eb138c1b5e756da1e4ef5c9974478bd68544ff56cafde0640525607910b402d868c276ac6648584ec123cc3b3427ced1b5472431918edad091e41ed29934d0696b1264166fae5b1ea102d6", @ANYBLOB=',privport,access=', @ANYRES8=r1, @ANYRESHEX=r2]) 190.977609ms ago: executing program 4 (id=1657): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0xcf, 0xfffe, 0x0, 0x10803, 0x2009}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLAGS={0x6, 0x8, 0x10}]}}}]}, 0x38}}, 0x0) 140.72603ms ago: executing program 6 (id=1658): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0xfffffffe, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) 50.58863ms ago: executing program 7 (id=1659): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000780)='syz1\x00') socket$nl_generic(0x10, 0x3, 0x10) 50.37979ms ago: executing program 4 (id=1660): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 50.244278ms ago: executing program 7 (id=1661): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xf) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x82) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000014c0)="ba4200edbaf80c66b8143de18866efbafc0c66b80080000066ef2e36640f2b11660f3880a871bdbaf80c66b8788be58666efbafc0c66edba420066edbaa10066ed0f01d7baf80c66b806aae58f66efbafc0cb0b7ee670f01c8", 0x59}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x40000000002, 0x1, 0x0, 0x0, 0x800000020bd, 0x4, 0x67, 0x225561e6, 0x4d, 0x3, 0x27fc, 0x14db, 0x80000001, 0x1, 0x251, 0x20], 0x4, 0x4302}) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) r6 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0) ioctl$EVIOCGKEY(r6, 0x80404518, &(0x7f00000002c0)=""/183) sendmsg$IPVS_CMD_GET_DAEMON(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001a80)={0x14, r5, 0x301, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000090}, 0x24000040) sendmsg$IPVS_CMD_GET_INFO(r3, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r5, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}]}, 0x30}, 0x1, 0x0, 0x0, 0xc001}, 0x4000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 50.089624ms ago: executing program 2 (id=1662): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvtap0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000010000305fcffffff000000fffe000000", @ANYRES32=0x0, @ANYBLOB="05030200157e0000140012800c0001006d616376746170000400028008000500", @ANYRES32=r1, @ANYBLOB="0800040044"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x404c094) 424.714µs ago: executing program 4 (id=1663): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x1}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) (async) r2 = dup3(r1, r0, 0x0) (async) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) (async) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000940)=0x200000000) write$vhost_msg_v2(r4, &(0x7f00000004c0)={0x2, 0x0, {&(0x7f00000003c0)=""/126, 0xffffffffffffff83, 0x0, 0x0, 0x2}}, 0x48) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) (async) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000640)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) (async) openat$dsp(0xffffffffffffff9c, 0x0, 0x2002, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000440)={0x0, 0x1000000, 0x0, 0x1, 0xa00, &(0x7f00000005c0)="c6"}) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) (async) syz_emit_ethernet(0x5a, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6008120000242b0000000000000000000000ffffac1414bbfe8000000000000000000000000000aa3a0202010000"], 0x0) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) (async) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="28000000100001040200"/20, @ANYRES32=r9, @ANYBLOB="100000000000000008000300", @ANYRES32], 0x28}}, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYRES32=r6], 0x28}, 0x1, 0x0, 0x0, 0x24008000}, 0x0) (async) ioctl$MON_IOCT_RING_SIZE(r2, 0x9204, 0xae58d) (async) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@ipv4_newrule={0x28, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801c}, [@FRA_GENERIC_POLICY=@FRA_UID_RANGE={0xc}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000850) 303.391µs ago: executing program 7 (id=1664): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, 0x0, 0x0) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) shutdown(r0, 0x1) 163.1µs ago: executing program 2 (id=1665): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000014c0)="ba4200edbaf80c66b8143de18866efbafc0c66b80080000066ef2e36640f2b11660f3880a871bdbaf80c66b8788be58666efbafc0c66edba420066edbaa10066ed0f01d7baf80c66b806aae58f66efbafc0cb0b7ee670f01c8", 0x59}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x40000000002, 0x1, 0x0, 0x0, 0x800000020bd, 0x4, 0x67, 0x225561e6, 0x4d, 0x3, 0x27fc, 0x14db, 0x80000001, 0x1, 0x251, 0x20], 0x4, 0x4302}) ioctl$KVM_RUN(r2, 0xae80, 0x29) 0s ago: executing program 7 (id=1666): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r2, 0x83625fc5352ba305, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0xfffffffffffff000}, 0x0) kernel console output (not intermixed with test programs): ] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 110.026249][ T841] usb 7-1: Using ep0 maxpacket: 8 [ 110.030324][ T841] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 40, changing to 9 [ 110.034044][ T841] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 110.040010][ T841] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 110.045088][ T841] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 110.048857][ T841] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.051328][ T841] usb 7-1: Product: Э [ 110.052692][ T841] usb 7-1: Manufacturer: о [ 110.054211][ T841] usb 7-1: SerialNumber: syz [ 110.282791][ T841] cdc_ncm 7-1:1.0: bind() failure [ 110.298893][ T841] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 110.301063][ T841] cdc_ncm 7-1:1.1: bind() failure [ 110.305058][ T841] usb 7-1: USB disconnect, device number 5 [ 110.759871][ T8635] tipc: Started in network mode [ 110.761893][ T8635] tipc: Node identity , cluster identity 4711 [ 110.764439][ T8635] tipc: Failed to obtain node identity [ 110.768702][ T8635] tipc: Enabling of bearer rejected, failed to enable media [ 110.846626][ T8645] netlink: 'syz.0.879': attribute type 1 has an invalid length. [ 110.859860][ T8645] 8021q: adding VLAN 0 to HW filter on device bond28 [ 110.868026][ T8645] bond28: entered promiscuous mode [ 110.890997][ T8652] netlink: 'syz.2.880': attribute type 2 has an invalid length. [ 111.485495][ T8698] netlink: 'syz.1.890': attribute type 1 has an invalid length. [ 111.508184][ T8698] 8021q: adding VLAN 0 to HW filter on device bond17 [ 111.511147][ T8698] bond16: (slave bond17): making interface the new active one [ 111.513693][ T8698] bond16: (slave bond17): Enslaving as an active interface with an up link [ 111.707657][ T8715] tipc: Started in network mode [ 111.709249][ T8715] tipc: Node identity , cluster identity 4711 [ 111.711190][ T8715] tipc: Failed to obtain node identity [ 111.712947][ T8715] tipc: Enabling of bearer rejected, failed to enable media [ 111.763687][ T841] libceph: connect (1)[c::]:6789 error -101 [ 111.765918][ T841] libceph: mon0 (1)[c::]:6789 connect error [ 111.798597][ T6053] libceph: connect (1)[c::]:6789 error -101 [ 111.801114][ T6053] libceph: mon0 (1)[c::]:6789 connect error [ 112.028004][ T841] libceph: connect (1)[c::]:6789 error -101 [ 112.030507][ T841] libceph: mon0 (1)[c::]:6789 connect error [ 112.067287][ T6053] libceph: connect (1)[c::]:6789 error -101 [ 112.069297][ T6053] libceph: mon0 (1)[c::]:6789 connect error [ 112.332289][ T8761] netlink: 8 bytes leftover after parsing attributes in process `syz.0.899'. [ 112.335014][ T8761] netlink: 20 bytes leftover after parsing attributes in process `syz.0.899'. [ 112.341128][ T8761] geneve3: entered promiscuous mode [ 112.342822][ T8761] geneve3: entered allmulticast mode [ 112.353468][ T8761] ata1.00: invalid multi_count 1 ignored [ 112.436516][ T841] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 112.537439][ T5972] libceph: connect (1)[c::]:6789 error -101 [ 112.540203][ T5972] libceph: mon0 (1)[c::]:6789 connect error [ 112.570684][ T8718] ceph: No mds server is up or the cluster is laggy [ 112.574019][ T8723] ceph: No mds server is up or the cluster is laggy [ 112.588468][ T6053] libceph: connect (1)[c::]:6789 error -101 [ 112.594603][ T6053] libceph: mon0 (1)[c::]:6789 connect error [ 112.597752][ T841] usb 7-1: config 0 has no interfaces? [ 112.604224][ T841] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 112.607147][ T841] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.617567][ T841] usb 7-1: config 0 descriptor?? [ 112.699505][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 112.699519][ T40] audit: type=1326 audit(1757538977.995:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8781 comm="syz.4.903" exe="/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7f3e8fb2ada9 code=0x0 [ 112.883634][ T8749] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.888403][ T8749] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.032995][ T5972] usb 7-1: USB disconnect, device number 6 [ 113.557608][ T8824] netlink: 64 bytes leftover after parsing attributes in process `syz.2.907'. [ 113.602598][ T8831] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 113.604789][ T8831] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 113.622295][ T8831] vhci_hcd vhci_hcd.0: Device attached [ 113.626615][ T8831] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(5) [ 113.628710][ T8831] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 113.631052][ T8831] vhci_hcd vhci_hcd.0: Device attached [ 113.635465][ T8831] overlayfs: missing 'lowerdir' [ 113.642011][ T8839] vhci_hcd: connection closed [ 113.643442][ T40] audit: type=1400 audit(1757538978.935:449): avc: denied { ioctl } for pid=8830 comm="syz.2.909" path="socket:[22933]" dev="sockfs" ino=22933 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 113.643740][ T8832] vhci_hcd: connection closed [ 113.644225][ T13] vhci_hcd: stop threads [ 113.644239][ T13] vhci_hcd: release socket [ 113.644247][ T13] vhci_hcd: disconnect device [ 113.660428][ T98] vhci_hcd: stop threads [ 113.662200][ T98] vhci_hcd: release socket [ 113.663830][ T98] vhci_hcd: disconnect device [ 113.696949][ T40] audit: type=1326 audit(1757538978.995:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8843 comm="syz.1.913" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f61bf18eba9 code=0x0 [ 113.800878][ T8858] macvtap2: entered allmulticast mode [ 113.806689][ T8859] macvtap3: entered allmulticast mode [ 113.812790][ T8861] macvtap2: entered allmulticast mode [ 113.834143][ T8865] netlink: 12 bytes leftover after parsing attributes in process `syz.0.918'. [ 113.858205][ T8865] bridge5: port 1(veth11) entered blocking state [ 113.860462][ T8865] bridge5: port 1(veth11) entered disabled state [ 113.862500][ T8865] veth11: entered allmulticast mode [ 113.864890][ T8865] veth11: entered promiscuous mode [ 113.869826][ T8867] team0: No ports can be present during mode change [ 113.904668][ T8874] netlink: 'syz.4.920': attribute type 1 has an invalid length. [ 113.909769][ T8873] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.943087][ T8874] bond1 (unregistering): Released all slaves [ 113.963383][ T8873] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.048669][ T8873] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.115103][ T8873] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.204852][ T98] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.210530][ T40] audit: type=1400 audit(1757538979.505:451): avc: denied { create } for pid=8898 comm="syz.4.927" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 114.219404][ T46] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.228736][ T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.236068][ T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.237816][ T40] audit: type=1400 audit(1757538979.535:452): avc: denied { create } for pid=8898 comm="syz.4.927" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 114.247661][ T40] audit: type=1400 audit(1757538979.535:453): avc: denied { write } for pid=8898 comm="syz.4.927" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 114.308490][ T8910] netlink: zone id is out of range [ 114.310161][ T8910] netlink: zone id is out of range [ 114.311996][ T8910] netlink: del zone limit has 4 unknown bytes [ 114.338003][ T8915] tipc: Started in network mode [ 114.339702][ T8915] tipc: Node identity , cluster identity 4711 [ 114.341682][ T8915] tipc: Failed to obtain node identity [ 114.343488][ T8915] tipc: Enabling of bearer rejected, failed to enable media [ 114.354575][ T40] audit: type=1400 audit(1757538979.645:454): avc: denied { getopt } for pid=8917 comm="syz.0.933" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 114.445801][ T8926] macvtap3: entered allmulticast mode [ 114.591990][ T8940] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.600234][ T8941] team0: No ports can be present during mode change [ 114.615444][ T40] audit: type=1400 audit(1757538979.905:455): avc: denied { recv } for pid=5948 comm="syz-executor" saddr=127.0.0.1 src=35776 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 114.652453][ T40] audit: type=1400 audit(1757538979.945:456): avc: denied { recv } for pid=8954 comm="syz.4.946" saddr=172.20.20.54 src=20000 daddr=172.20.20.54 dest=44704 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 114.664990][ T40] audit: type=1326 audit(1757538979.955:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8955 comm="syz.2.945" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f412c78eba9 code=0x0 [ 114.675770][ T8940] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.691542][ T8965] netlink: 12 bytes leftover after parsing attributes in process `syz.4.948'. [ 114.709830][ T8967] netlink: 'syz.0.949': attribute type 1 has an invalid length. [ 114.746770][ T8940] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.770748][ T8972] 8021q: adding VLAN 0 to HW filter on device bond30 [ 114.774613][ T8972] bond29: (slave bond30): making interface the new active one [ 114.781276][ T8972] bond29: (slave bond30): Enslaving as an active interface with an up link [ 114.862656][ T8985] fuse: Bad value for 'fd' [ 114.871205][ T8940] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.996262][ T46] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.003086][ T46] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.010620][ T46] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.019814][ T46] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.092096][ T9006] tipc: Started in network mode [ 115.093760][ T9006] tipc: Node identity , cluster identity 4711 [ 115.095802][ T9006] tipc: Failed to obtain node identity [ 115.098057][ T9006] tipc: Enabling of bearer rejected, failed to enable media [ 115.125666][ T9013] team0: No ports can be present during mode change [ 115.198335][ T9024] netlink: 12 bytes leftover after parsing attributes in process `syz.1.965'. [ 115.229631][ T9024] bridge8: port 1(veth17) entered blocking state [ 115.231741][ T9024] bridge8: port 1(veth17) entered disabled state [ 115.233784][ T9024] veth17: entered allmulticast mode [ 115.237148][ T9024] veth17: entered promiscuous mode [ 115.242782][ T9027] netdevsim netdevsim4 eth9 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.310331][ T9027] netdevsim netdevsim4 eth8 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.312846][ T9038] netlink: 'syz.1.969': attribute type 1 has an invalid length. [ 115.330708][ T9038] 8021q: adding VLAN 0 to HW filter on device bond18 [ 115.339353][ T9038] bond18: entered promiscuous mode [ 115.373665][ T9027] netdevsim netdevsim4 eth7 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.430152][ T9027] netdevsim netdevsim4 eth6 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.526874][ T46] netdevsim netdevsim4 eth6: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.544750][ T13] netdevsim netdevsim4 eth7: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.559592][ T13] netdevsim netdevsim4 eth8: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.562155][ T13] netdevsim netdevsim4 eth9: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.496720][ T40] kauditd_printk_skb: 12 callbacks suppressed [ 118.496736][ T40] audit: type=1400 audit(1757538983.795:470): avc: denied { getopt } for pid=9157 comm="syz.0.970" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 118.504346][ T9161] usb usb8: usbfs: process 9161 (syz.4.973) did not claim interface 0 before use [ 118.507483][ T40] audit: type=1400 audit(1757538983.795:471): avc: denied { read append } for pid=9159 comm="syz.4.973" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 118.507524][ T40] audit: type=1400 audit(1757538983.795:472): avc: denied { open } for pid=9159 comm="syz.4.973" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 118.520359][ T9160] netlink: 32 bytes leftover after parsing attributes in process `syz.0.970'. [ 118.524737][ T40] audit: type=1400 audit(1757538983.795:473): avc: denied { ioctl } for pid=9159 comm="syz.4.973" path="/dev/nullb0" dev="devtmpfs" ino=707 ioctlcmd=0x127a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 118.547015][ T40] audit: type=1400 audit(1757538983.805:474): avc: denied { open } for pid=9157 comm="syz.0.970" path="/dev/ttyq4" dev="devtmpfs" ino=387 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 118.618912][ T9168] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 118.657788][ T9171] macvtap4: entered allmulticast mode [ 118.687988][ T40] audit: type=1400 audit(1757538983.985:475): avc: denied { bind } for pid=9166 comm="syz.2.976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 118.691730][ T9167] netlink: 187436 bytes leftover after parsing attributes in process `syz.2.976'. [ 118.742131][ T9186] tipc: Started in network mode [ 118.743753][ T9186] tipc: Node identity , cluster identity 4711 [ 118.745741][ T9186] tipc: Failed to obtain node identity [ 118.747591][ T9186] tipc: Enabling of bearer rejected, failed to enable media [ 118.750813][ T40] audit: type=1326 audit(1757538984.045:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9183 comm="syz.1.978" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f61bf18eba9 code=0x0 [ 118.767837][ T9190] cgroup: fork rejected by pids controller in /syz0 [ 118.814155][ T9319] team0: No ports can be present during mode change [ 118.829064][ T9363] netlink: 8 bytes leftover after parsing attributes in process `syz.4.982'. [ 118.831889][ T9363] netlink: 20 bytes leftover after parsing attributes in process `syz.4.982'. [ 118.848076][ T9363] geneve2: entered promiscuous mode [ 118.849987][ T9363] geneve2: entered allmulticast mode [ 118.913475][ T9363] ata1.00: invalid multi_count 1 ignored [ 118.977727][ T9380] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 119.092969][ T9406] netlink: 32 bytes leftover after parsing attributes in process `syz.2.988'. [ 119.197036][ T6035] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 119.204762][ T9413] netlink: 'syz.2.989': attribute type 1 has an invalid length. [ 119.220318][ T9413] 8021q: adding VLAN 0 to HW filter on device bond18 [ 119.229632][ T9413] bond18: entered promiscuous mode [ 119.260865][ T40] audit: type=1400 audit(1757538984.555:477): avc: denied { mounton } for pid=9417 comm="syz.2.990" path="/file0" dev="ramfs" ino=23338 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 119.362137][ T6035] usb 5-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 119.366154][ T6035] usb 5-1: config 1 interface 0 has no altsetting 0 [ 119.369821][ T6035] usb 5-1: New USB device found, idVendor=0458, idProduct=5017, bcdDevice= 0.40 [ 119.372739][ T6035] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.375296][ T6035] usb 5-1: Product: ᘁ [ 119.376896][ T6035] usb 5-1: Manufacturer: 솖ᰵᅏ䕘Ɜ횻꼎涑穦꩝궷۲覹㙡ᮣ瑌䱔탡捵箹䀨﷉愝Ⱌ䶮ﶕ矋춝笁꾘ⅶ教㣚趆ʯాᒣ⬗ƒෲ䍨魜舅輔ﺝᙥ즈䏣⠻襣泩ɯᕫ謮筳ᱪꨋ䏛㢍鑊෣빎稍﹃泵홾斌⬘蕒䷧꘶樬⎅枻닅冓陷똵饪䦹ࢪ咪瓯ಛ [ 119.385487][ T6035] usb 5-1: SerialNumber: ь [ 119.598398][ T40] audit: type=1400 audit(1757538984.895:478): avc: denied { append } for pid=9394 comm="syz.0.994" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 119.619165][ T6035] usbhid 5-1:1.0: can't add hid device: -71 [ 119.621125][ T6035] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 119.636604][ T9442] netlink: 'syz.1.995': attribute type 1 has an invalid length. [ 119.637025][ T9437] tipc: Started in network mode [ 119.640715][ T9437] tipc: Node identity , cluster identity 4711 [ 119.642668][ T9437] tipc: Failed to obtain node identity [ 119.644425][ T9437] tipc: Enabling of bearer rejected, failed to enable media [ 119.658706][ T6035] usb 5-1: USB disconnect, device number 4 [ 119.679233][ T9442] 8021q: adding VLAN 0 to HW filter on device bond20 [ 119.683164][ T9442] bond19: (slave bond20): making interface the new active one [ 119.685759][ T9442] bond19: (slave bond20): Enslaving as an active interface with an up link [ 119.713663][ T40] audit: type=1400 audit(1757538985.005:479): avc: denied { create } for pid=9450 comm="syz.1.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 119.720081][ T9452] netlink: 68 bytes leftover after parsing attributes in process `syz.2.997'. [ 119.771816][ T9459] macvtap3: entered allmulticast mode [ 119.773792][ T9458] netlink: 32 bytes leftover after parsing attributes in process `syz.1.999'. [ 119.818681][ T9466] netlink: 'syz.2.1002': attribute type 1 has an invalid length. [ 119.832882][ T9466] 8021q: adding VLAN 0 to HW filter on device bond19 [ 119.842322][ T9466] bond19: entered promiscuous mode [ 120.228590][ T4979] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 120.366250][ T4979] usb 7-1: device descriptor read/64, error -71 [ 120.414468][ T9508] netlink: 'syz.4.1012': attribute type 1 has an invalid length. [ 120.431551][ T9508] bond1 (unregistering): Released all slaves [ 120.434576][ T9510] udevd[9510]: failed to send result of seq 21349 to main daemon: Connection refused [ 120.504257][ T9516] macvtap4: entered allmulticast mode [ 120.522614][ T9518] tipc: Started in network mode [ 120.524558][ T9518] tipc: Node identity , cluster identity 4711 [ 120.528752][ T9518] tipc: Failed to obtain node identity [ 120.529324][ T9520] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1017'. [ 120.530670][ T9518] tipc: Enabling of bearer rejected, failed to enable media [ 120.534273][ T9521] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1017'. [ 120.606399][ T4979] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 120.619493][ T9529] binder: 9528:9529 ioctl c0306201 200000000080 returned -14 [ 120.623308][ T9529] binder: 9528:9529 ioctl 8933 2000000000c0 returned -22 [ 120.647964][ T9529] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1021'. [ 120.682411][ T9533] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 120.720688][ T9535] team0: No ports can be present during mode change [ 120.738137][ T4979] usb 7-1: device descriptor read/64, error -71 [ 120.773526][ T9539] loop7: detected capacity change from 0 to 7 [ 120.780312][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 120.783107][ C3] buffer_io_error: 27 callbacks suppressed [ 120.783115][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 120.788168][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 120.791208][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 120.794133][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 120.797032][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 120.801362][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 120.804275][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 120.806983][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 120.810888][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 120.813906][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 120.816804][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 120.819365][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 120.822271][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 120.824806][ T9539] ldm_validate_partition_table(): Disk read failed. [ 120.846421][ T4979] usb usb7-port1: attempt power cycle [ 120.867373][ T9540] loop7: detected capacity change from 7 to 0 [ 120.868008][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 120.872344][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 120.874883][ T9539] Dev loop7: unable to read RDB block 0 [ 120.877271][ T9539] loop7: unable to read partition table [ 120.879139][ T9539] loop7: partition table beyond EOD, truncated [ 120.881075][ T9539] loop_reread_partitions: partition scan of loop7 (, (L1C Jq7S%h)8&\DJ(%OF|ʢ( P^K) failed (rc=-5) [ 121.196234][ T4979] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 121.226693][ T4979] usb 7-1: device descriptor read/8, error -71 [ 121.241167][ T6063] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 121.395018][ T6063] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 121.398677][ T6063] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 121.401704][ T6063] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 121.404439][ T6063] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.410328][ T9545] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 121.414115][ T6063] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 121.476241][ T4979] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 121.497045][ T4979] usb 7-1: device descriptor read/8, error -71 [ 121.556609][ T9562] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=16242 sclass=netlink_route_socket pid=9562 comm=syz.4.1034 [ 121.618069][ T4979] usb usb7-port1: unable to enumerate USB device [ 121.651761][ T6035] usb 5-1: USB disconnect, device number 5 [ 121.717621][ T9567] team0: No ports can be present during mode change [ 121.742201][ T9569] netlink: 'syz.4.1037': attribute type 1 has an invalid length. [ 122.878183][ T9594] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=24690 sclass=netlink_route_socket pid=9594 comm=syz.4.1046 [ 123.182480][ T9601] netlink: 'syz.1.1049': attribute type 1 has an invalid length. [ 123.196812][ T9601] 8021q: adding VLAN 0 to HW filter on device bond21 [ 123.204458][ T9602] netdevsim netdevsim4 eth9 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.214852][ T9601] bond21: entered promiscuous mode [ 123.271690][ T9602] netdevsim netdevsim4 eth8 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.328198][ T9609] bridge8: port 1(veth13) entered blocking state [ 123.331341][ T9609] bridge8: port 1(veth13) entered disabled state [ 123.333495][ T9609] veth13: entered allmulticast mode [ 123.337875][ T9609] veth13: entered promiscuous mode [ 123.391737][ T9602] netdevsim netdevsim4 eth7 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.416932][ T9619] netlink: 'syz.1.1058': attribute type 1 has an invalid length. [ 123.424660][ T9622] netlink: 'syz.2.1059': attribute type 1 has an invalid length. [ 123.448074][ T9622] 8021q: adding VLAN 0 to HW filter on device bond20 [ 123.463047][ T9622] bond20: entered promiscuous mode [ 123.467746][ T9602] netdevsim netdevsim4 eth6 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.495447][ T9625] netlink: 'syz.2.1060': attribute type 1 has an invalid length. [ 123.509779][ T9625] 8021q: adding VLAN 0 to HW filter on device bond21 [ 123.529222][ T9625] bond21: entered promiscuous mode [ 123.612226][ T40] kauditd_printk_skb: 16 callbacks suppressed [ 123.612239][ T40] audit: type=1326 audit(1757538988.905:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9629 comm="syz.2.1062" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f412c78eba9 code=0x0 [ 123.620210][ T1149] netdevsim netdevsim4 eth6: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.641129][ T1149] netdevsim netdevsim4 eth7: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.644672][ T1149] netdevsim netdevsim4 eth8: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.652168][ T1149] netdevsim netdevsim4 eth9: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.833501][ T5979] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 123.856315][ T9645] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=42610 sclass=netlink_route_socket pid=9645 comm=syz.4.1067 [ 124.042747][ T9663] __nla_validate_parse: 3 callbacks suppressed [ 124.042758][ T9663] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1075'. [ 124.083803][ T9668] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.140797][ T9668] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.198551][ T9668] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.204611][ T9671] tipc: Started in network mode [ 124.206929][ T9671] tipc: Node identity , cluster identity 4711 [ 124.209469][ T9671] tipc: Failed to obtain node identity [ 124.211729][ T9671] tipc: Enabling of bearer rejected, failed to enable media [ 124.241868][ T9668] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.321282][ T9255] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.330914][ T9255] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.338838][ T9255] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.347506][ T1149] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.384170][ T9681] netlink: 'syz.1.1081': attribute type 1 has an invalid length. [ 124.404523][ T9681] 8021q: adding VLAN 0 to HW filter on device bond23 [ 124.429375][ T9681] bond23: entered promiscuous mode [ 124.483908][ T9690] netlink: 'syz.1.1085': attribute type 1 has an invalid length. [ 124.501739][ T9690] 8021q: adding VLAN 0 to HW filter on device bond24 [ 124.529210][ T9690] bond24: entered promiscuous mode [ 124.555510][ T9694] FAULT_INJECTION: forcing a failure. [ 124.555510][ T9694] name failslab, interval 1, probability 0, space 0, times 0 [ 124.560465][ T9694] CPU: 2 UID: 0 PID: 9694 Comm: syz.1.1086 Not tainted syzkaller #0 PREEMPT(full) [ 124.560487][ T9694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.560496][ T9694] Call Trace: [ 124.560502][ T9694] [ 124.560509][ T9694] dump_stack_lvl+0x16c/0x1f0 [ 124.560555][ T9694] should_fail_ex+0x512/0x640 [ 124.560583][ T9694] ? fs_reclaim_acquire+0xae/0x150 [ 124.560608][ T9694] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 124.560632][ T9694] should_failslab+0xc2/0x120 [ 124.560652][ T9694] __kmalloc_noprof+0xd2/0x510 [ 124.560676][ T9694] tomoyo_realpath_from_path+0xc2/0x6e0 [ 124.560704][ T9694] ? tomoyo_profile+0x47/0x60 [ 124.560722][ T9694] tomoyo_path_number_perm+0x245/0x580 [ 124.560743][ T9694] ? tomoyo_path_number_perm+0x237/0x580 [ 124.560768][ T9694] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 124.560792][ T9694] ? find_held_lock+0x2b/0x80 [ 124.560837][ T9694] ? find_held_lock+0x2b/0x80 [ 124.560858][ T9694] ? hook_file_ioctl_common+0x145/0x410 [ 124.560883][ T9694] ? __fget_files+0x20e/0x3c0 [ 124.560909][ T9694] security_file_ioctl+0x9b/0x240 [ 124.560934][ T9694] __x64_sys_ioctl+0xb7/0x210 [ 124.560961][ T9694] do_syscall_64+0xcd/0x4c0 [ 124.560994][ T9694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.561011][ T9694] RIP: 0033:0x7f61bf18eba9 [ 124.561031][ T9694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.561047][ T9694] RSP: 002b:00007f61c0040038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 124.561062][ T9694] RAX: ffffffffffffffda RBX: 00007f61bf3d5fa0 RCX: 00007f61bf18eba9 [ 124.561074][ T9694] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000004 [ 124.561083][ T9694] RBP: 00007f61c0040090 R08: 0000000000000000 R09: 0000000000000000 [ 124.561092][ T9694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.561101][ T9694] R13: 00007f61bf3d6038 R14: 00007f61bf3d5fa0 R15: 00007fff51c025a8 [ 124.561120][ T9694] [ 124.561125][ T9694] ERROR: Out of memory at tomoyo_realpath_from_path. [ 124.631516][ T9696] wg1: entered promiscuous mode [ 124.633215][ T9696] wg1: entered allmulticast mode [ 124.719120][ T40] audit: type=1326 audit(1757538990.015:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9702 comm="syz.0.1091" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb86818eba9 code=0x0 [ 124.731232][ T9708] netlink: 'syz.2.1093': attribute type 1 has an invalid length. [ 124.743446][ T9708] 8021q: adding VLAN 0 to HW filter on device bond22 [ 124.758820][ T9708] bond22: entered promiscuous mode [ 124.806217][ T9714] netlink: 'syz.2.1095': attribute type 1 has an invalid length. [ 124.825029][ T9714] bond23: (slave bridge9): making interface the new active one [ 124.828106][ T9714] bond23: (slave bridge9): Enslaving as an active interface with an up link [ 124.855423][ T9717] netlink: 'syz.2.1096': attribute type 1 has an invalid length. [ 124.868894][ T9717] 8021q: adding VLAN 0 to HW filter on device bond24 [ 124.876082][ T9717] bond24: entered promiscuous mode [ 124.904270][ T9724] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1105'. [ 125.389051][ T9694] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 125.562673][ T9727] wg1: entered promiscuous mode [ 125.564572][ T9727] wg1: entered allmulticast mode [ 125.609758][ T9736] netlink: 'syz.1.1104': attribute type 1 has an invalid length. [ 125.615107][ T9737] netlink: 'syz.0.1103': attribute type 1 has an invalid length. [ 125.644895][ T9737] 8021q: adding VLAN 0 to HW filter on device bond31 [ 125.662519][ T9736] 8021q: adding VLAN 0 to HW filter on device bond26 [ 125.665917][ T9736] bond25: (slave bond26): making interface the new active one [ 125.669466][ T9736] bond25: (slave bond26): Enslaving as an active interface with an up link [ 125.678374][ T9737] bond31: entered promiscuous mode [ 125.729301][ T9745] macvtap3: entered allmulticast mode [ 125.861836][ T40] audit: type=1326 audit(1757538991.155:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9750 comm="syz.1.1109" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f61bf18eba9 code=0x0 [ 125.924014][ T9755] tipc: Started in network mode [ 125.926169][ T9755] tipc: Node identity , cluster identity 4711 [ 125.928168][ T9755] tipc: Failed to obtain node identity [ 125.930037][ T9755] tipc: Enabling of bearer rejected, failed to enable media [ 125.986183][ T9759] PKCS8: Unsupported PKCS#8 version [ 125.988943][ T40] audit: type=1400 audit(1757538991.285:499): avc: denied { setopt } for pid=9758 comm="syz.2.1112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 126.266970][ T40] audit: type=1400 audit(1757538991.565:500): avc: denied { map } for pid=9776 comm="syz.2.1119" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 126.444395][ T9788] netlink: 'syz.2.1123': attribute type 10 has an invalid length. [ 126.448356][ T9788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.451859][ T9788] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 126.455753][ T9788] netlink: 'syz.2.1123': attribute type 10 has an invalid length. [ 126.459929][ T9788] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1123'. [ 126.463039][ T9788] batadv0: entered promiscuous mode [ 126.464802][ T9788] batadv0: entered allmulticast mode [ 126.468827][ T9788] bond0: (slave batadv0): Releasing backup interface [ 126.472980][ T9788] bridge0: port 1(batadv0) entered blocking state [ 126.475207][ T9788] bridge0: port 1(batadv0) entered disabled state [ 126.531030][ T9794] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=9794 comm=syz.2.1125 [ 126.544102][ T9794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.548096][ T9794] 8021q: adding VLAN 0 to HW filter on device team0 [ 126.553109][ T9794] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 126.646305][ T9255] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 126.649650][ T9255] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 126.752180][ T9804] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1128'. [ 126.788210][ T9804] bridge9: port 1(veth19) entered blocking state [ 126.791097][ T9804] bridge9: port 1(veth19) entered disabled state [ 126.794014][ T9804] veth19: entered allmulticast mode [ 126.800638][ T9804] veth19: entered promiscuous mode [ 126.836616][ T9806] netlink: 'syz.1.1129': attribute type 1 has an invalid length. [ 126.860989][ T9806] 8021q: adding VLAN 0 to HW filter on device bond28 [ 126.865160][ T9806] bond27: (slave bond28): making interface the new active one [ 126.868696][ T9806] bond27: (slave bond28): Enslaving as an active interface with an up link [ 126.988322][ T9815] macvtap4: entered allmulticast mode [ 127.078965][ T9821] tipc: Started in network mode [ 127.080627][ T9821] tipc: Node identity , cluster identity 4711 [ 127.082694][ T9821] tipc: Failed to obtain node identity [ 127.084525][ T9821] tipc: Enabling of bearer rejected, failed to enable media [ 128.143443][ T9859] team0: No ports can be present during mode change [ 128.187507][ T9833] cgroup: fork rejected by pids controller in /syz4 [ 128.191394][ T40] audit: type=1400 audit(1757538993.485:501): avc: denied { create } for pid=9863 comm="syz.2.1144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 128.191704][ T9864] tmpfs: Invalid gid '0x00000000ffffffff' [ 128.199880][ T40] audit: type=1400 audit(1757538993.485:502): avc: denied { getopt } for pid=9863 comm="syz.2.1144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 128.204385][ T9864] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 128.344168][ T9881] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2051 sclass=netlink_route_socket pid=9881 comm=syz.0.1145 [ 128.355310][ T9881] can0: slcan on ttyS3. [ 128.406599][ T9881] can0 (unregistered): slcan off ttyS3. [ 128.410345][ T40] audit: type=1400 audit(1757538993.705:503): avc: denied { setopt } for pid=9879 comm="syz.0.1145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 128.479577][ T9894] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 128.558239][ T9907] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=9907 comm=syz.0.1149 [ 128.566420][ T9907] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 128.600552][ T9911] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1150'. [ 128.639652][ T9911] veth13: entered promiscuous mode [ 128.641851][ T9911] veth13: entered allmulticast mode [ 128.644292][ T9911] bridge6: port 1(veth13) entered blocking state [ 128.647215][ T9911] bridge6: port 1(veth13) entered disabled state [ 128.754952][ T9925] 8021q: adding VLAN 0 to HW filter on device bond33 [ 128.758909][ T9925] bond32: (slave bond33): making interface the new active one [ 128.761562][ T9925] bond32: (slave bond33): Enslaving as an active interface with an up link [ 129.371109][ T9941] macvtap5: entered allmulticast mode [ 129.801335][ T9949] netdevsim netdevsim4 eth9 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.859219][ T9953] tipc: Started in network mode [ 129.860792][ T9953] tipc: Node identity , cluster identity 4711 [ 129.862837][ T9953] tipc: Failed to obtain node identity [ 129.864983][ T9953] tipc: Enabling of bearer rejected, failed to enable media [ 129.871659][ T9949] netdevsim netdevsim4 eth8 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.930957][ T9949] netdevsim netdevsim4 eth7 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.999249][ T9949] netdevsim netdevsim4 eth6 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.084295][ T9255] netdevsim netdevsim4 eth6: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.093038][ T9311] netdevsim netdevsim4 eth7: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.104248][ T1149] netdevsim netdevsim4 eth8: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.109711][ T9968] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.121441][ T1149] netdevsim netdevsim4 eth9: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.159399][ T9968] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.260844][ T9968] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.321644][ T9975] validate_nla: 2 callbacks suppressed [ 130.321655][ T9975] netlink: 'syz.4.1167': attribute type 1 has an invalid length. [ 130.341561][ T9975] 8021q: adding VLAN 0 to HW filter on device bond1 [ 130.368723][ T9975] bond1: (slave geneve3): making interface the new active one [ 130.371854][ T9975] bond1: (slave geneve3): Enslaving as an active interface with an up link [ 130.382542][ T9968] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.398901][ T9975] bond1: entered promiscuous mode [ 130.401066][ T9975] geneve3: entered promiscuous mode [ 130.528242][ T1149] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.542056][ T1149] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.554789][ T9255] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.568091][ T1149] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.601768][ T9983] netlink: 'syz.0.1170': attribute type 1 has an invalid length. [ 130.615399][ T9983] 8021q: adding VLAN 0 to HW filter on device bond34 [ 130.639090][ T9983] bond34: entered promiscuous mode [ 130.704228][ T9990] team0: No ports can be present during mode change [ 130.735607][ T9994] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1175'. [ 130.792456][ T40] audit: type=1400 audit(1757538996.085:504): avc: denied { connect } for pid=9993 comm="syz.0.1175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 131.066206][ T4979] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 131.104008][T10022] macvtap4: entered allmulticast mode [ 131.117010][T10021] openvswitch: netlink: IPv4 tun info is not correct [ 131.139488][ T40] audit: type=1400 audit(1757538996.435:505): avc: denied { mount } for pid=10023 comm="syz.2.1186" name="/" dev="9p" ino=35913855 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 131.164440][T10024] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1186'. [ 131.170802][ T40] audit: type=1400 audit(1757538996.465:506): avc: denied { execmem } for pid=10023 comm="syz.2.1186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 131.172252][T10029] netlink: 'syz.0.1188': attribute type 1 has an invalid length. [ 131.177109][ T40] audit: type=1400 audit(1757538996.465:507): avc: denied { setopt } for pid=10023 comm="syz.2.1186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 131.216793][T10029] 8021q: adding VLAN 0 to HW filter on device bond36 [ 131.218525][ T4979] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 131.220911][T10029] bond35: (slave bond36): making interface the new active one [ 131.223462][ T4979] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 131.227079][T10029] bond35: (slave bond36): Enslaving as an active interface with an up link [ 131.229785][ T4979] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 131.238800][ T4979] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 131.241864][ T4979] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 131.244955][ T4979] usb 9-1: Product: syz [ 131.246501][ T4979] usb 9-1: Manufacturer: syz [ 131.248554][ T4979] usb 9-1: SerialNumber: syz [ 131.266938][ T40] audit: type=1400 audit(1757538996.565:508): avc: denied { unmount } for pid=5976 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 131.344325][T10040] tipc: Started in network mode [ 131.345911][T10040] tipc: Node identity , cluster identity 4711 [ 131.349245][T10040] tipc: Failed to obtain node identity [ 131.350998][T10040] tipc: Enabling of bearer rejected, failed to enable media [ 131.457095][ T4979] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 131.484654][ T40] audit: type=1400 audit(1757538996.775:509): avc: denied { ioctl } for pid=10051 comm="syz.2.1198" path="socket:[29168]" dev="sockfs" ino=29168 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 131.494511][ T40] audit: type=1400 audit(1757538996.785:510): avc: denied { remount } for pid=10051 comm="syz.2.1198" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 131.556846][T10057] macvtap5: entered allmulticast mode [ 131.592623][T10059] gretap1: entered promiscuous mode [ 131.633289][T10061] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 131.658609][ T6063] usb 9-1: USB disconnect, device number 2 [ 131.663255][ T6063] usblp0: removed [ 131.723819][T10067] sock: sock_set_timeout: `syz.2.1205' (pid 10067) tries to set negative timeout [ 131.724400][ T40] audit: type=1400 audit(1757538997.015:511): avc: denied { setopt } for pid=10066 comm="syz.2.1205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 131.826189][T10073] netlink: 'syz.2.1207': attribute type 1 has an invalid length. [ 131.849128][T10073] 8021q: adding VLAN 0 to HW filter on device bond26 [ 131.852254][T10073] bond25: (slave bond26): making interface the new active one [ 131.854853][T10073] bond25: (slave bond26): Enslaving as an active interface with an up link [ 132.091582][ T40] audit: type=1326 audit(1757538997.385:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10078 comm="syz.2.1209" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f412c78eba9 code=0x0 [ 132.204385][T10083] tipc: Started in network mode [ 132.206855][T10083] tipc: Node identity , cluster identity 4711 [ 132.209488][T10083] tipc: Failed to obtain node identity [ 132.211887][T10083] tipc: Enabling of bearer rejected, failed to enable media [ 132.280529][T10087] netdevsim netdevsim4 eth9 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.470459][T10087] netdevsim netdevsim4 eth8 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.609821][T10087] netdevsim netdevsim4 eth7 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.658954][T10093] macvtap5: entered allmulticast mode [ 132.674253][T10087] netdevsim netdevsim4 eth6 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.946523][T10102] netlink: 'syz.2.1218': attribute type 1 has an invalid length. [ 132.979994][T10102] 8021q: adding VLAN 0 to HW filter on device bond28 [ 132.985258][T10102] bond27: (slave bond28): making interface the new active one [ 132.988967][T10102] bond27: (slave bond28): Enslaving as an active interface with an up link [ 133.019687][T10106] netem: incorrect ge model size [ 133.022233][T10106] netem: change failed [ 133.070909][ T40] audit: type=1400 audit(1757538998.365:513): avc: denied { ioctl } for pid=10110 comm="syz.2.1221" path="/dev/ptyq8" dev="devtmpfs" ino=135 ioctlcmd=0x5414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 133.099109][T10113] tipc: Started in network mode [ 133.100700][T10113] tipc: Node identity , cluster identity 4711 [ 133.102605][T10113] tipc: Failed to obtain node identity [ 133.104344][T10113] tipc: Enabling of bearer rejected, failed to enable media [ 133.132191][T10115] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 133.324993][T10125] 8021q: adding VLAN 0 to HW filter on device bond29 [ 133.334191][T10125] bond29: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 133.367635][T10128] binder: 10127:10128 ioctl 80086601 200000001840 returned -22 [ 133.393324][T10132] netlink: 'syz.2.1228': attribute type 1 has an invalid length. [ 133.409111][T10132] 8021q: adding VLAN 0 to HW filter on device bond30 [ 133.418841][T10132] bond30: entered promiscuous mode [ 133.437786][ T9255] bond29: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 133.547195][ T9311] bond29: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 134.334142][T10139] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1231'. [ 134.364936][T10141] sctp: [Deprecated]: syz.2.1232 (pid 10141) Use of int in max_burst socket option. [ 134.364936][T10141] Use struct sctp_assoc_value instead [ 134.547219][T10151] netlink: 'syz.2.1235': attribute type 1 has an invalid length. [ 134.569531][T10151] 8021q: adding VLAN 0 to HW filter on device bond32 [ 134.573492][T10151] bond31: (slave bond32): making interface the new active one [ 134.577694][T10151] bond31: (slave bond32): Enslaving as an active interface with an up link [ 134.805762][T10160] tipc: Started in network mode [ 134.807630][T10160] tipc: Node identity , cluster identity 4711 [ 134.809665][T10160] tipc: Failed to obtain node identity [ 134.811662][T10160] tipc: Enabling of bearer rejected, failed to enable media [ 135.254154][ T9255] netdevsim netdevsim4 eth6: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.262490][ T9255] netdevsim netdevsim4 eth7: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.270586][ T9255] netdevsim netdevsim4 eth8: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.278546][ T9255] netdevsim netdevsim4 eth9: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.559523][T10176] Bluetooth: hci4: Frame reassembly failed (-84) [ 135.562869][ T9255] Bluetooth: hci4: Frame reassembly failed (-84) [ 135.702080][T10179] macvtap6: entered allmulticast mode [ 136.762532][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 136.762547][ T40] audit: type=1400 audit(1757539002.055:518): avc: denied { execute } for pid=10188 comm="syz.2.1250" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=28571 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 136.813146][T10191] tipc: Started in network mode [ 136.815083][T10191] tipc: Node identity , cluster identity 4711 [ 136.817436][T10191] tipc: Failed to obtain node identity [ 136.819651][T10191] tipc: Enabling of bearer rejected, failed to enable media [ 137.566306][ T5983] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 137.566364][ T5971] Bluetooth: hci4: command 0xfc11 tx timeout [ 137.622100][T10199] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1255'. [ 137.661909][T10201] netdevsim netdevsim4 eth9 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.702739][T10201] netdevsim netdevsim4 eth8 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.798383][ T40] audit: type=1326 audit(1757539003.095:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10202 comm="syz.2.1257" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f412c78eba9 code=0x0 [ 137.810219][ T1424] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.811791][T10201] netdevsim netdevsim4 eth7 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.812359][ T1424] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.822059][ T1424] aoe: packet could not be sent on ipvlan0. consider increasing tx_queue_len [ 137.824863][ T1424] aoe: packet could not be sent on ipvlan1. consider increasing tx_queue_len [ 137.878665][T10201] netdevsim netdevsim4 eth6 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.691731][T10214] netlink: 'syz.2.1260': attribute type 1 has an invalid length. [ 138.716015][T10214] 8021q: adding VLAN 0 to HW filter on device bond34 [ 138.719280][T10214] bond33: (slave bond34): making interface the new active one [ 138.721832][T10214] bond33: (slave bond34): Enslaving as an active interface with an up link [ 138.762508][T10218] macvtap7: entered allmulticast mode [ 139.764146][ T40] audit: type=1326 audit(1757539005.055:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10227 comm="syz.2.1266" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f412c78eba9 code=0x0 [ 140.399684][ T9313] netdevsim netdevsim4 eth6: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.412191][ T9313] netdevsim netdevsim4 eth7: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.423212][ T9313] netdevsim netdevsim4 eth8: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.432670][ T9313] netdevsim netdevsim4 eth9: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.474958][T10232] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1267'. [ 140.601380][T10238] A link change request failed with some changes committed already. Interface teql0 may have been left with an inconsistent configuration, please check. [ 140.662621][T10249] team0: No ports can be present during mode change [ 140.687291][T10251] tipc: Started in network mode [ 140.688875][T10251] tipc: Node identity , cluster identity 4711 [ 140.690979][T10251] tipc: Failed to obtain node identity [ 140.692699][T10251] tipc: Enabling of bearer rejected, failed to enable media [ 140.718524][T10253] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1277'. [ 141.616458][ T40] audit: type=1326 audit(1757539006.915:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10259 comm="syz.2.1279" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f412c78eba9 code=0x0 [ 142.485714][T10268] netlink: 'syz.2.1282': attribute type 10 has an invalid length. [ 142.590877][T10274] netlink: 'syz.2.1284': attribute type 1 has an invalid length. [ 142.609916][ T5971] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 142.613513][ T5971] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 142.617026][ T5971] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 142.620236][ T5971] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 142.622871][ T5971] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 142.632167][T10274] 8021q: adding VLAN 0 to HW filter on device bond36 [ 142.635633][T10274] bond35: (slave bond36): making interface the new active one [ 142.638419][T10274] bond35: (slave bond36): Enslaving as an active interface with an up link [ 142.683096][T10280] macvtap8: entered allmulticast mode [ 142.771603][T10276] chnl_net:caif_netlink_parms(): no params data found [ 142.773824][ T40] audit: type=1400 audit(1757539008.065:522): avc: denied { write } for pid=10283 comm="syz.2.1286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 142.878901][T10284] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1286'. [ 142.916269][T10276] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.918557][T10276] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.920864][T10276] bridge_slave_0: entered allmulticast mode [ 142.924296][T10276] bridge_slave_0: entered promiscuous mode [ 142.927621][T10276] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.929905][T10276] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.932459][T10276] bridge_slave_1: entered allmulticast mode [ 142.935185][T10276] bridge_slave_1: entered promiscuous mode [ 142.935425][T10284] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 142.971092][T10276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.975675][T10276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 143.014299][T10276] team0: Port device team_slave_0 added [ 143.017950][T10276] team0: Port device team_slave_1 added [ 143.058657][T10276] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 143.060837][T10276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.069534][T10276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 143.073838][T10276] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 143.076052][T10276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.084187][T10276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 143.129732][T10276] hsr_slave_0: entered promiscuous mode [ 143.132824][T10276] hsr_slave_1: entered promiscuous mode [ 143.135435][T10276] debugfs: 'hsr0' already exists in 'hsr' [ 143.137754][T10276] Cannot create hsr debugfs directory [ 143.217826][T10295] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1288'. [ 143.268531][T10276] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 143.273849][T10276] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 143.280678][T10276] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 143.286576][T10276] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 143.298374][ T40] audit: type=1326 audit(1757539008.595:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10298 comm="syz.4.1290" exe="/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7f3e8fb2ada9 code=0x0 [ 143.310615][T10276] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.312896][T10276] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.315287][T10276] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.317598][T10276] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.355883][T10276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.373893][ T9313] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.379791][ T9313] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.400915][T10276] 8021q: adding VLAN 0 to HW filter on device team0 [ 143.410956][ T9313] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.413253][ T9313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.419890][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.423024][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.544417][T10276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 143.692523][T10276] veth0_vlan: entered promiscuous mode [ 143.701070][T10276] veth1_vlan: entered promiscuous mode [ 143.726998][T10276] veth0_macvtap: entered promiscuous mode [ 143.731092][T10276] veth1_macvtap: entered promiscuous mode [ 143.739600][T10276] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 143.750129][T10276] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 143.758851][ T9311] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.761939][ T9311] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.765265][ T9311] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.769211][ T9311] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.812504][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.815103][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.837299][ T9313] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.839841][ T9313] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.857016][ T40] audit: type=1400 audit(1757539009.155:524): avc: denied { mounton } for pid=10276 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 143.925533][T10321] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.001282][T10321] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.119086][T10321] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.149905][T10336] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1297'. [ 144.150062][T10334] hfsplus: unable to find HFS+ superblock [ 144.177537][T10321] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.194152][T10338] A link change request failed with some changes committed already. Interface teql0 may have been left with an inconsistent configuration, please check. [ 144.200205][T10340] team0: No ports can be present during mode change [ 144.236044][ T5971] Bluetooth: hci0: Unable to find connection for big 0x00 [ 144.438733][T10349] tipc: Started in network mode [ 144.440415][T10349] tipc: Node identity , cluster identity 4711 [ 144.442409][T10349] tipc: Failed to obtain node identity [ 144.444237][T10349] tipc: Enabling of bearer rejected, failed to enable media [ 144.696331][ T5971] Bluetooth: hci4: command tx timeout [ 145.205231][T10352] netlink: 'syz.2.1304': attribute type 1 has an invalid length. [ 145.205843][ T40] audit: type=1400 audit(1757539010.495:525): avc: denied { connect } for pid=10350 comm="syz.4.1305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 145.240622][T10352] 8021q: adding VLAN 0 to HW filter on device bond38 [ 145.244636][T10352] bond37: (slave bond38): making interface the new active one [ 145.247850][T10352] bond37: (slave bond38): Enslaving as an active interface with an up link [ 145.261017][ T40] audit: type=1326 audit(1757539010.555:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10356 comm="syz.4.1306" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3e8fb8eba9 code=0x0 [ 145.293994][T10360] macvtap9: entered allmulticast mode [ 145.329516][T10363] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1308'. [ 145.634132][ T9311] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.645759][ T1145] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.659080][ T9311] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.671379][ T9311] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.707828][ T40] audit: type=1400 audit(1757539011.005:527): avc: denied { connect } for pid=10367 comm="syz.5.1310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 145.708540][T10368] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1310'. [ 145.713858][ T40] audit: type=1400 audit(1757539011.005:528): avc: denied { shutdown } for pid=10367 comm="syz.5.1310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 145.946288][T10384] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1318'. [ 146.009404][T10388] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 146.092437][T10392] team0: No ports can be present during mode change [ 146.133796][T10401] tipc: Started in network mode [ 146.135620][T10401] tipc: Node identity , cluster identity 4711 [ 146.138226][T10401] tipc: Failed to obtain node identity [ 146.140829][T10401] tipc: Enabling of bearer rejected, failed to enable media [ 146.148856][T10403] netlink: 'syz.5.1326': attribute type 1 has an invalid length. [ 146.161653][T10403] bond1 (unregistering): Released all slaves [ 146.173892][T10406] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1327'. [ 146.270966][T10411] macvtap1: entered allmulticast mode [ 146.273509][T10411] veth0_macvtap: entered allmulticast mode [ 146.316435][T10408] block nbd0: server does not support multiple connections per device. [ 146.321801][T10408] block nbd0: shutting down sockets [ 146.406541][ T40] audit: type=1326 audit(1757539011.695:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10416 comm="syz.4.1332" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3e8fb8eba9 code=0x0 [ 146.607204][ T60] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 146.759046][ T60] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 146.762170][ T60] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 146.765170][ T60] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 146.766320][ T5971] Bluetooth: hci4: command tx timeout [ 146.770783][ T60] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 146.774307][ T60] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 146.776917][ T60] usb 10-1: Product: syz [ 146.778250][ T60] usb 10-1: Manufacturer: syz [ 146.779770][ T60] usb 10-1: SerialNumber: syz [ 146.985652][ T60] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 147.006585][ T40] audit: type=1400 audit(1757539012.305:530): avc: denied { lock } for pid=10429 comm="syz.2.1337" path="socket:[33137]" dev="sockfs" ino=33137 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 147.184902][ T60] usb 10-1: USB disconnect, device number 2 [ 147.188774][ T60] usblp0: removed [ 147.254952][T10436] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1340'. [ 147.258156][T10436] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1340'. [ 147.263955][T10436] ifb1: entered promiscuous mode [ 147.266393][T10436] batadv_slave_1: entered promiscuous mode [ 147.324607][T10438] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1341'. [ 147.707809][T10449] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5122 sclass=netlink_route_socket pid=10449 comm=syz.4.1345 [ 147.713212][ T5971] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 147.752739][T10453] netlink: 'syz.4.1347': attribute type 1 has an invalid length. [ 147.786225][ T40] audit: type=1326 audit(1757539013.075:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10454 comm="syz.5.1348" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd1b5f8eba9 code=0x0 [ 147.789025][T10453] 8021q: adding VLAN 0 to HW filter on device bond3 [ 147.797851][T10453] bond2: (slave bond3): making interface the new active one [ 147.800467][T10453] bond2: (slave bond3): Enslaving as an active interface with an up link [ 147.949651][T10466] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1352'. [ 148.039737][ T5983] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 148.043576][ T5983] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 148.049029][ T5983] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 148.053659][ T5983] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 148.057993][ T5983] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 148.191710][T10469] chnl_net:caif_netlink_parms(): no params data found [ 148.313042][T10469] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.316198][T10469] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.319381][T10469] bridge_slave_0: entered allmulticast mode [ 148.323326][T10469] bridge_slave_0: entered promiscuous mode [ 148.328664][T10469] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.331460][T10469] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.333771][T10469] bridge_slave_1: entered allmulticast mode [ 148.336498][T10469] bridge_slave_1: entered promiscuous mode [ 148.375684][T10469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.381033][T10469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.433405][T10469] team0: Port device team_slave_0 added [ 148.437115][T10469] team0: Port device team_slave_1 added [ 148.488592][T10469] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.491588][T10469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.501496][T10469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.507362][T10469] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.510173][T10469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.520190][T10469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.588333][T10469] hsr_slave_0: entered promiscuous mode [ 148.591505][T10469] hsr_slave_1: entered promiscuous mode [ 148.594361][T10469] debugfs: 'hsr0' already exists in 'hsr' [ 148.598309][T10469] Cannot create hsr debugfs directory [ 148.640220][T10483] macvtap10: entered allmulticast mode [ 148.769514][T10469] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 148.773996][T10469] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 148.778454][ T40] audit: type=1326 audit(1757539014.075:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10495 comm="syz.5.1362" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd1b5f8eba9 code=0x0 [ 148.779660][T10469] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 148.792455][T10469] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 148.809771][T10469] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.812087][T10469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.814471][T10469] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.817028][T10469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.852894][ T9254] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.857409][ T5983] Bluetooth: hci4: command tx timeout [ 148.863660][ T9254] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.886776][ T59] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 148.898009][T10469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.913099][T10469] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.920668][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.922994][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.941613][ T9254] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.944694][ T9254] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.047457][ T59] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 149.050917][ T59] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 149.053985][ T59] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 149.062119][ T59] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 149.065133][ T59] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 149.068045][ T59] usb 9-1: Product: syz [ 149.069502][ T59] usb 9-1: Manufacturer: syz [ 149.071207][ T59] usb 9-1: SerialNumber: syz [ 149.134882][T10469] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.280265][ T59] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 149.352872][T10469] veth0_vlan: entered promiscuous mode [ 149.359494][T10469] veth1_vlan: entered promiscuous mode [ 149.380266][T10469] veth0_macvtap: entered promiscuous mode [ 149.384915][T10469] veth1_macvtap: entered promiscuous mode [ 149.399478][T10469] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.407755][T10469] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.416842][ T1145] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.421161][ T1145] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.425650][ T1145] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.429679][ T1145] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.479607][ T60] usb 9-1: USB disconnect, device number 3 [ 149.481233][ T9254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.484543][ T60] usblp0: removed [ 149.485043][ T9254] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.510433][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.513929][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.652084][ T40] audit: type=1400 audit(1757539014.945:533): avc: denied { write } for pid=10523 comm="syz.6.1365" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 149.748547][T10533] team0: No ports can be present during mode change [ 149.755581][ T40] audit: type=1400 audit(1757539015.045:534): avc: denied { setcurrent } for pid=10532 comm="syz.5.1370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 149.756628][T10533] netlink: 'syz.5.1370': attribute type 10 has an invalid length. [ 149.766498][ T40] audit: type=1400 audit(1757539015.055:535): avc: denied { getopt } for pid=10534 comm="syz.6.1371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 149.777917][T10533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.782188][T10533] team0: Port device bond0 added [ 149.789272][T10533] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1370'. [ 149.811586][T10537] netlink: 'syz.6.1372': attribute type 1 has an invalid length. [ 149.888900][T10533] team0 (unregistering): Port device team_slave_0 removed [ 149.896724][T10533] team0 (unregistering): Port device team_slave_1 removed [ 149.905588][T10533] team0 (unregistering): Port device bond0 removed [ 149.945252][T10538] 8021q: adding VLAN 0 to HW filter on device bond1 [ 149.950283][T10538] bond0: (slave bond1): Enslaving as an active interface with an up link [ 150.002352][ T40] audit: type=1326 audit(1757539015.295:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10540 comm="syz.6.1373" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab0fd8eba9 code=0x0 [ 150.041156][T10548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.045880][T10548] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 150.127084][ T5983] Bluetooth: hci5: command tx timeout [ 150.190316][T10560] tipc: Started in network mode [ 150.191972][T10560] tipc: Node identity , cluster identity 4711 [ 150.193954][T10560] tipc: Failed to obtain node identity [ 150.195850][T10560] tipc: Enabling of bearer rejected, failed to enable media [ 150.254220][T10562] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.311921][T10562] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.363939][T10562] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.452595][T10562] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.455809][T10572] netlink: 'syz.4.1385': attribute type 1 has an invalid length. [ 150.479696][T10572] 8021q: adding VLAN 0 to HW filter on device bond4 [ 150.490080][T10572] bond4: entered promiscuous mode [ 150.545575][ T1145] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.560615][ T9313] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.566646][ T68] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 150.572839][ T9313] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.585606][ T1145] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.656386][T10587] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 150.687147][T10589] team0: No ports can be present during mode change [ 150.708853][T10591] tipc: Started in network mode [ 150.711109][T10591] tipc: Node identity , cluster identity 4711 [ 150.713677][T10591] tipc: Failed to obtain node identity [ 150.716030][T10591] tipc: Enabling of bearer rejected, failed to enable media [ 150.727875][ T68] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 150.732099][ T68] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 150.733614][T10593] netdevsim netdevsim4 eth9 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.737993][ T68] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 150.748899][ T68] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 150.752921][ T68] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 150.757202][ T68] usb 7-1: Product: syz [ 150.758991][ T68] usb 7-1: Manufacturer: syz [ 150.760980][ T68] usb 7-1: SerialNumber: syz [ 150.801523][T10593] netdevsim netdevsim4 eth8 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.854458][T10601] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3) [ 150.857299][T10601] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 150.861861][T10601] vhci_hcd vhci_hcd.0: Device attached [ 150.868252][T10593] netdevsim netdevsim4 eth7 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.868482][T10600] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1398'. [ 150.927987][T10605] macvtap2: entered allmulticast mode [ 150.936417][ T5983] Bluetooth: hci4: command tx timeout [ 150.950783][T10593] netdevsim netdevsim4 eth6 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.969324][ T68] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 151.030773][ T1149] netdevsim netdevsim4 eth6: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.043250][ T1149] netdevsim netdevsim4 eth7: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.057158][ T1149] netdevsim netdevsim4 eth8: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.068917][ T9255] netdevsim netdevsim4 eth9: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.106244][ T5972] usb 49-1: new high-speed USB device number 2 using vhci_hcd [ 151.116237][ T4979] usb 11-1: new full-speed USB device number 2 using dummy_hcd [ 151.117081][T10615] netlink: 'syz.4.1405': attribute type 1 has an invalid length. [ 151.150867][T10615] 8021q: adding VLAN 0 to HW filter on device bond5 [ 151.165489][T10615] bond5: entered promiscuous mode [ 151.171812][ T60] usb 7-1: USB disconnect, device number 11 [ 151.176531][ T60] usblp0: removed [ 151.277933][ T4979] usb 11-1: config 1 interface 0 altsetting 253 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 151.283514][ T4979] usb 11-1: config 1 interface 0 has no altsetting 0 [ 151.291458][ T40] audit: type=1400 audit(1757539016.585:537): avc: denied { bind } for pid=10624 comm="syz.5.1409" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 151.291683][ T4979] usb 11-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 151.292751][T10625] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1409'. [ 151.300181][ T4979] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.300206][ T4979] usb 11-1: Product: syz [ 151.300220][ T4979] usb 11-1: Manufacturer: syz [ 151.300234][ T4979] usb 11-1: SerialNumber: syz [ 151.305184][T10623] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1408'. [ 151.384190][ T40] audit: type=1400 audit(1757539016.675:538): avc: denied { append } for pid=10631 comm="syz.5.1412" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 151.418365][T10634] A link change request failed with some changes committed already. Interface teql0 may have been left with an inconsistent configuration, please check. [ 151.461507][T10638] tipc: Started in network mode [ 151.463809][T10638] tipc: Node identity , cluster identity 4711 [ 151.466610][T10638] tipc: Failed to obtain node identity [ 151.469198][T10638] tipc: Enabling of bearer rejected, failed to enable media [ 151.525763][T10644] smc: net device bond0 applied user defined pnetid SYZ2 [ 151.529287][T10644] netlink: 14 bytes leftover after parsing attributes in process `syz.5.1417'. [ 151.554473][T10601] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 151.563917][ T40] audit: type=1400 audit(1757539016.855:539): avc: denied { mounton } for pid=10640 comm="syz.4.1416" path="/172/bus" dev="9p" ino=35913855 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 151.564354][T10647] overlayfs: workdir and upperdir must reside under the same mount [ 151.612408][T10644] smc: removing net device bond0 with user defined pnetid SYZ2 [ 151.617449][T10644] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 151.622122][T10644] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 151.626293][T10644] bond0 (unregistering): Released all slaves [ 151.714933][T10649] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1418'. [ 151.729375][T10602] vhci_hcd: connection reset by peer [ 151.731582][ T9313] vhci_hcd: stop threads [ 151.733020][ T9313] vhci_hcd: release socket [ 151.735053][ T9313] vhci_hcd: disconnect device [ 151.736655][ T4979] usb 11-1: USB disconnect, device number 2 [ 151.752105][T10651] syz.2.1419: attempt to access beyond end of device [ 151.752105][T10651] sr0: rw=6144, sector=128, nr_sectors = 8 limit=128 [ 151.756869][T10651] gfs2: error -5 reading superblock [ 151.797535][T10653] netlink: 'syz.2.1420': attribute type 1 has an invalid length. [ 151.826383][T10653] 8021q: adding VLAN 0 to HW filter on device bond40 [ 151.830596][T10653] bond39: (slave bond40): making interface the new active one [ 151.834042][T10653] bond39: (slave bond40): Enslaving as an active interface with an up link [ 152.206245][ T5983] Bluetooth: hci5: command tx timeout [ 152.443781][T10663] netlink: 'syz.2.1424': attribute type 1 has an invalid length. [ 152.466555][T10663] 8021q: adding VLAN 0 to HW filter on device bond41 [ 152.470000][T10666] team0: No ports can be present during mode change [ 152.479827][T10663] bond41: entered promiscuous mode [ 152.527093][T10674] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1429'. [ 152.570164][T10678] macvtap11: entered allmulticast mode [ 152.649269][T10685] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1433'. [ 152.682433][T10690] ptrace attach of "/syz-executor exec"[7750] was attempted by ""[10690] [ 152.736377][ T10] usb 11-1: new high-speed USB device number 3 using dummy_hcd [ 152.739954][T10698] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1438'. [ 152.750660][T10700] netlink: 'syz.4.1439': attribute type 1 has an invalid length. [ 152.794686][T10700] 8021q: adding VLAN 0 to HW filter on device bond7 [ 152.799263][T10700] bond6: (slave bond7): making interface the new active one [ 152.802805][T10700] bond6: (slave bond7): Enslaving as an active interface with an up link [ 152.889661][ T10] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 152.894002][ T10] usb 11-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 152.898468][ T10] usb 11-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 152.906706][ T10] usb 11-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 152.910922][ T10] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 152.914357][ T10] usb 11-1: Product: syz [ 152.916531][ T10] usb 11-1: Manufacturer: syz [ 152.918618][ T10] usb 11-1: SerialNumber: syz [ 153.130443][ T10] usblp 11-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 153.330617][ T73] usb 11-1: USB disconnect, device number 3 [ 153.337747][ T73] usblp0: removed [ 153.745669][T10711] team0: No ports can be present during mode change [ 153.863661][T10717] netlink: 'syz.6.1445': attribute type 1 has an invalid length. [ 153.920447][T10718] bond_slave_0: entered promiscuous mode [ 154.161525][T10720] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 154.225761][T10724] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1448'. [ 154.252045][T10726] macvtap12: entered allmulticast mode [ 154.266586][T10728] tipc: Started in network mode [ 154.268126][T10728] tipc: Node identity , cluster identity 4711 [ 154.270123][T10728] tipc: Failed to obtain node identity [ 154.271873][T10728] tipc: Enabling of bearer rejected, failed to enable media [ 154.286289][ T5983] Bluetooth: hci5: command tx timeout [ 154.566258][ T73] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 154.663653][T10739] kvm: pic: non byte write [ 154.672518][ T40] audit: type=1400 audit(1757539019.965:540): avc: denied { getopt } for pid=10738 comm="syz.5.1455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 154.718026][ T73] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 154.721579][ T73] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 154.725122][ T73] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 154.732227][ T73] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 154.735631][ T73] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 154.738972][ T73] usb 9-1: Product: syz [ 154.740581][ T73] usb 9-1: Manufacturer: syz [ 154.742276][ T73] usb 9-1: SerialNumber: syz [ 154.950723][ T73] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 155.154675][ T9] usb 9-1: USB disconnect, device number 4 [ 155.159525][ T9] usblp0: removed [ 155.232811][T10761] macvtap1: entered allmulticast mode [ 155.235107][T10761] veth0_macvtap: entered allmulticast mode [ 155.250006][ T40] audit: type=1326 audit(1757539020.545:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10760 comm="syz.5.1464" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd1b5f8eba9 code=0x0 [ 155.250097][T10765] tipc: Started in network mode [ 155.259766][T10765] tipc: Node identity , cluster identity 4711 [ 155.261795][T10765] tipc: Failed to obtain node identity [ 155.263651][T10765] tipc: Enabling of bearer rejected, failed to enable media [ 155.691401][T10781] tmpfs: Bad value for 'mpol' [ 155.693602][T10782] netlink: 'syz.4.1473': attribute type 1 has an invalid length. [ 155.724909][T10782] 8021q: adding VLAN 0 to HW filter on device bond8 [ 155.735719][T10785] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 155.748329][T10782] bond8: entered promiscuous mode [ 155.790981][T10789] team0: No ports can be present during mode change [ 155.803938][T10787] kvm: pic: level sensitive irq not supported [ 155.804480][T10787] kvm: pic: non byte read [ 155.812268][ T40] audit: type=1400 audit(1757539021.105:542): avc: denied { getopt } for pid=10786 comm="syz.2.1475" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 155.813208][T10787] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1475'. [ 155.824540][T10787] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1475'. [ 156.059183][ T40] audit: type=1400 audit(1757539021.355:543): avc: denied { create } for pid=10806 comm="syz.4.1484" name="#d" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 156.066549][ T40] audit: type=1400 audit(1757539021.355:544): avc: denied { link } for pid=10806 comm="syz.4.1484" name="#d" dev="tmpfs" ino=1008 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 156.071715][T10807] evm: overlay not supported [ 156.073325][ T40] audit: type=1400 audit(1757539021.355:545): avc: denied { rename } for pid=10806 comm="syz.4.1484" name="#e" dev="tmpfs" ino=1008 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 156.098820][T10809] netlink: 'syz.5.1485': attribute type 1 has an invalid length. [ 156.117617][T10809] smc: adding net device bond0 with user defined pnetid SYZ2 [ 156.123544][T10812] netdevsim netdevsim4 eth9 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.152368][T10809] 8021q: adding VLAN 0 to HW filter on device bond1 [ 156.155414][T10809] bond0: (slave bond1): making interface the new active one [ 156.161407][T10809] bond0: (slave bond1): Enslaving as an active interface with an up link [ 156.189144][T10812] netdevsim netdevsim4 eth8 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.189701][T10815] netlink: 'syz.5.1487': attribute type 10 has an invalid length. [ 156.194859][T10815] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1487'. [ 156.206540][ T5972] vhci_hcd: vhci_device speed not set [ 156.236259][ T9] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 156.251850][T10812] netdevsim netdevsim4 eth7 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.267538][T10819] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 156.281201][T10821] netlink: 'syz.5.1490': attribute type 1 has an invalid length. [ 156.298192][T10821] 8021q: adding VLAN 0 to HW filter on device bond2 [ 156.307425][T10821] bond2: (slave geneve2): making interface the new active one [ 156.310703][T10821] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 156.322321][T10821] bond2: entered promiscuous mode [ 156.324088][T10821] geneve2: entered promiscuous mode [ 156.329355][T10812] netdevsim netdevsim4 eth6 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.352958][T10826] team0: No ports can be present during mode change [ 156.367615][ T5983] Bluetooth: hci5: command tx timeout [ 156.407806][ T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 156.410834][ T9] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 156.414036][ T9] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 156.414599][ T9311] netdevsim netdevsim4 eth6: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.421609][T10833] netlink: 'syz.6.1496': attribute type 10 has an invalid length. [ 156.421683][ T9] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 156.421708][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 156.421726][ T9] usb 7-1: Product: syz [ 156.421740][ T9] usb 7-1: Manufacturer: syz [ 156.421753][ T9] usb 7-1: SerialNumber: syz [ 156.439949][ T9311] netdevsim netdevsim4 eth7: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.447638][T10833] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 156.452045][T10833] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 156.457155][T10833] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 156.465093][ T40] audit: type=1400 audit(1757539021.755:546): avc: denied { ioctl } for pid=10832 comm="syz.6.1496" path="socket:[35293]" dev="sockfs" ino=35293 ioctlcmd=0x8b15 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 156.465801][ T1149] netdevsim netdevsim4 eth8: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.488359][ T9255] netdevsim netdevsim4 eth9: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.542095][T10840] netlink: 'syz.4.1498': attribute type 1 has an invalid length. [ 156.551583][T10842] Bluetooth: MGMT ver 1.23 [ 156.588050][T10840] 8021q: adding VLAN 0 to HW filter on device bond10 [ 156.592228][T10840] bond9: (slave bond10): making interface the new active one [ 156.595616][T10840] bond9: (slave bond10): Enslaving as an active interface with an up link [ 156.638660][ T9] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 156.640292][T10849] macvtap6: entered allmulticast mode [ 156.721505][T10858] netlink: 'syz.4.1505': attribute type 1 has an invalid length. [ 156.775346][T10858] 8021q: adding VLAN 0 to HW filter on device bond12 [ 156.780490][T10858] bond11: (slave bond12): making interface the new active one [ 156.784018][T10858] bond11: (slave bond12): Enslaving as an active interface with an up link [ 156.787363][T10864] team0: No ports can be present during mode change [ 156.834838][ T9] usb 7-1: USB disconnect, device number 12 [ 156.845697][ T9] usblp0: removed [ 156.957723][T10874] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 156.962265][T10876] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1512'. [ 157.216389][ T7388] usb 9-1: new low-speed USB device number 5 using dummy_hcd [ 157.295576][T10891] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1519'. [ 157.298669][T10891] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1519'. [ 157.378984][T10897] netlink: 'syz.6.1521': attribute type 1 has an invalid length. [ 157.379522][ T7388] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 157.384889][ T7388] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 157.389013][ T7388] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 157.393124][ T7388] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 157.396843][ T7388] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 157.396870][T10897] 8021q: adding VLAN 0 to HW filter on device bond2 [ 157.401492][ T7388] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 157.404726][ T7388] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 157.410391][T10897] bond2: (slave geneve2): making interface the new active one [ 157.412028][ T7388] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 157.414469][T10897] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 157.418913][ T7388] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 157.424244][ T7388] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 157.429643][T10897] bond2: entered promiscuous mode [ 157.430381][ T7388] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 157.431305][T10897] geneve2: entered promiscuous mode [ 157.434140][ T7388] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 157.441445][ T7388] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 157.445632][ T7388] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 157.464410][ T7388] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 157.471396][ T7388] usb 9-1: string descriptor 0 read error: -22 [ 157.474005][ T7388] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 157.477931][ T7388] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.489868][ T7388] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 157.589825][ T40] audit: type=1400 audit(1757539022.885:547): avc: denied { write } for pid=10906 comm="syz.6.1525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 157.594358][T10907] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1525'. [ 157.688662][T10876] delete_channel: no stack [ 157.688947][ T40] audit: type=1400 audit(1757539022.985:548): avc: denied { getopt } for pid=10875 comm="syz.4.1512" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 157.738897][ T40] audit: type=1400 audit(1757539023.035:549): avc: denied { bind } for pid=10899 comm="syz.2.1522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 157.755851][T10899] delete_channel: no stack [ 157.770091][ T7388] usb 9-1: USB disconnect, device number 5 [ 157.797922][T10922] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 157.818195][T10924] pimreg: entered allmulticast mode [ 157.820531][T10924] pimreg: left allmulticast mode [ 157.927505][T10934] netlink: 'syz.2.1533': attribute type 1 has an invalid length. [ 157.963412][T10934] 8021q: adding VLAN 0 to HW filter on device bond43 [ 157.968667][T10934] bond42: (slave bond43): making interface the new active one [ 157.972321][T10934] bond42: (slave bond43): Enslaving as an active interface with an up link [ 158.019835][T10944] tipc: Started in network mode [ 158.021615][T10944] tipc: Node identity , cluster identity 4711 [ 158.023919][T10944] tipc: Failed to obtain node identity [ 158.025800][T10944] tipc: Enabling of bearer rejected, failed to enable media [ 158.035998][T10948] pimreg: entered allmulticast mode [ 158.073944][T10953] nbd: must specify a device to reconfigure [ 158.073984][T10954] FAULT_INJECTION: forcing a failure. [ 158.073984][T10954] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.083162][T10954] CPU: 2 UID: 0 PID: 10954 Comm: syz.2.1541 Not tainted syzkaller #0 PREEMPT(full) [ 158.083186][T10954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.083195][T10954] Call Trace: [ 158.083202][T10954] [ 158.083208][T10954] dump_stack_lvl+0x16c/0x1f0 [ 158.083237][T10954] should_fail_ex+0x512/0x640 [ 158.083263][T10954] _copy_from_user+0x2e/0xd0 [ 158.083288][T10954] copy_msghdr_from_user+0x98/0x160 [ 158.083309][T10954] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 158.083342][T10954] ___sys_sendmsg+0xfe/0x1d0 [ 158.083364][T10954] ? __pfx____sys_sendmsg+0x10/0x10 [ 158.083417][T10954] __sys_sendmsg+0x16d/0x220 [ 158.083439][T10954] ? __pfx___sys_sendmsg+0x10/0x10 [ 158.083476][T10954] do_syscall_64+0xcd/0x4c0 [ 158.083499][T10954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.083516][T10954] RIP: 0033:0x7f412c78eba9 [ 158.083530][T10954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.083546][T10954] RSP: 002b:00007f412d6f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.083562][T10954] RAX: ffffffffffffffda RBX: 00007f412c9d5fa0 RCX: 00007f412c78eba9 [ 158.083573][T10954] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000003 [ 158.083583][T10954] RBP: 00007f412d6f3090 R08: 0000000000000000 R09: 0000000000000000 [ 158.083593][T10954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.083603][T10954] R13: 00007f412c9d6038 R14: 00007f412c9d5fa0 R15: 00007ffef5003b08 [ 158.083627][T10954] [ 158.122218][T10958] team0: No ports can be present during mode change [ 158.161467][T10960] netlink: 'syz.5.1545': attribute type 29 has an invalid length. [ 158.168665][T10960] netlink: 500 bytes leftover after parsing attributes in process `syz.5.1545'. [ 158.172894][T10960] unsupported nla_type 58 [ 158.176075][T10960] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 158.239873][T10972] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 158.419620][T10983] 8021q: adding VLAN 0 to HW filter on device bond14 [ 158.425649][T10983] bond13: (slave bond14): making interface the new active one [ 158.429294][T10983] bond13: (slave bond14): Enslaving as an active interface with an up link [ 158.485688][T10992] tipc: Started in network mode [ 158.488080][T10992] tipc: Node identity , cluster identity 4711 [ 158.491262][T10992] tipc: Failed to obtain node identity [ 158.493621][T10992] tipc: Enabling of bearer rejected, failed to enable media [ 158.643205][T11008] FAULT_INJECTION: forcing a failure. [ 158.643205][T11008] name failslab, interval 1, probability 0, space 0, times 0 [ 158.648915][T11008] CPU: 2 UID: 0 PID: 11008 Comm: syz.4.1564 Not tainted syzkaller #0 PREEMPT(full) [ 158.648929][T11008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.648936][T11008] Call Trace: [ 158.648940][T11008] [ 158.648944][T11008] dump_stack_lvl+0x16c/0x1f0 [ 158.648962][T11008] should_fail_ex+0x512/0x640 [ 158.648976][T11008] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 158.648989][T11008] should_failslab+0xc2/0x120 [ 158.649001][T11008] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 158.649012][T11008] ? __alloc_skb+0x2b2/0x380 [ 158.649026][T11008] __alloc_skb+0x2b2/0x380 [ 158.649037][T11008] ? __pfx___alloc_skb+0x10/0x10 [ 158.649051][T11008] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 158.649068][T11008] netlink_alloc_large_skb+0x69/0x130 [ 158.649083][T11008] netlink_sendmsg+0x6a1/0xdd0 [ 158.649099][T11008] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.649118][T11008] ____sys_sendmsg+0xa98/0xc70 [ 158.649134][T11008] ? copy_msghdr_from_user+0x10a/0x160 [ 158.649147][T11008] ? __pfx_____sys_sendmsg+0x10/0x10 [ 158.649169][T11008] ___sys_sendmsg+0x134/0x1d0 [ 158.649183][T11008] ? __pfx____sys_sendmsg+0x10/0x10 [ 158.649212][T11008] __sys_sendmsg+0x16d/0x220 [ 158.649225][T11008] ? __pfx___sys_sendmsg+0x10/0x10 [ 158.649246][T11008] do_syscall_64+0xcd/0x4c0 [ 158.649261][T11008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.649272][T11008] RIP: 0033:0x7f3e8fb8eba9 [ 158.649281][T11008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.649291][T11008] RSP: 002b:00007f3e90a9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.649302][T11008] RAX: ffffffffffffffda RBX: 00007f3e8fdd5fa0 RCX: 00007f3e8fb8eba9 [ 158.649308][T11008] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000003 [ 158.649314][T11008] RBP: 00007f3e90a9e090 R08: 0000000000000000 R09: 0000000000000000 [ 158.649320][T11008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.649326][T11008] R13: 00007f3e8fdd6038 R14: 00007f3e8fdd5fa0 R15: 00007ffdbe982048 [ 158.649339][T11008] [ 158.754213][T11015] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 158.833657][T11028] A link change request failed with some changes committed already. Interface teql0 may have been left with an inconsistent configuration, please check. [ 158.898239][T11032] usb usb4: usbfs: interface 0 claimed by hub while 'syz.4.1573' sets config #1 [ 158.912234][T11034] 8021q: adding VLAN 0 to HW filter on device bond4 [ 158.915997][T11034] bond3: (slave bond4): making interface the new active one [ 158.919777][T11034] bond3: (slave bond4): Enslaving as an active interface with an up link [ 158.924017][T11032] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11032 comm=syz.4.1573 [ 158.933712][T11032] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1573'. [ 158.980189][T11040] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 158.994498][T11044] tipc: Started in network mode [ 158.996558][T11044] tipc: Node identity , cluster identity 4711 [ 158.998663][T11044] tipc: Failed to obtain node identity [ 159.000822][T11044] tipc: Enabling of bearer rejected, failed to enable media [ 159.850668][T11054] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1581'. [ 160.091339][T11072] team0: No ports can be present during mode change [ 160.156209][ T6063] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 160.239074][ T9313] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.309814][ T9313] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.328717][ T6063] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 160.332548][ T6063] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 160.337374][ T6063] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 160.344247][ T6063] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 160.349482][ T6063] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 160.352165][ T6063] usb 9-1: Product: syz [ 160.353682][ T6063] usb 9-1: Manufacturer: syz [ 160.355202][ T6063] usb 9-1: SerialNumber: syz [ 160.362454][ T9313] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.382931][T11085] macvtap13: entered allmulticast mode [ 160.434247][ T9313] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.469542][ T5971] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 160.474103][ T5971] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 160.477426][ T5971] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 160.480612][ T5971] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 160.483420][ T5971] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 160.523880][ T9254] netdevsim netdevsim5 eth10: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.532322][ T9254] netdevsim netdevsim5 eth11: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.555089][ T9254] netdevsim netdevsim5 eth12: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.566824][ T6063] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 160.572234][ T6063] usb 9-1: USB disconnect, device number 6 [ 160.577381][ T6063] usblp0: removed [ 160.579057][ T9254] netdevsim netdevsim5 eth13: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.592236][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 160.592249][ T40] audit: type=1400 audit(1757539025.885:553): avc: denied { write } for pid=11094 comm="syz.2.1598" lport=42089 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 160.592349][ T9313] bridge_slave_1: left allmulticast mode [ 160.593848][T11095] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1598'. [ 160.608128][ T9313] bridge_slave_1: left promiscuous mode [ 160.610993][ T9313] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.618035][ T9313] bridge_slave_0: left allmulticast mode [ 160.620208][ T9313] bridge_slave_0: left promiscuous mode [ 160.622513][ T9313] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.622889][ T40] audit: type=1400 audit(1757539025.915:554): avc: denied { read } for pid=11094 comm="syz.2.1598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 160.667747][T11098] RDS: rds_bind could not find a transport for ::ffff:172.30.1.3, load rds_tcp or rds_rdma? [ 160.675746][ T40] audit: type=1400 audit(1757539025.965:555): avc: denied { connect } for pid=11097 comm="syz.2.1599" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 160.730317][ T40] audit: type=1400 audit(1757539026.025:556): avc: denied { watch_mount } for pid=11097 comm="syz.2.1599" path="/479" dev="tmpfs" ino=2484 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 160.758243][ T9313] bond2 (unregistering): (slave geneve2): Releasing active interface [ 160.761263][ T9313] geneve2 (unregistering): left promiscuous mode [ 160.871168][ T9313] smc: removing net device bond0 with user defined pnetid SYZ2 [ 160.874718][ T9313] bond0 (unregistering): (slave bond1): Releasing backup interface [ 160.878442][ T9313] bond0 (unregistering): Released all slaves [ 160.954630][ T9313] bond1 (unregistering): Released all slaves [ 161.049150][ T9313] bond2 (unregistering): Released all slaves [ 161.049393][ T40] audit: type=1326 audit(1757539026.345:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11103 comm="syz.6.1601" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab0fd8eba9 code=0x0 [ 161.061382][ T9313] bond3 (unregistering): (slave bond4): Releasing backup interface [ 161.065470][ T9313] bond3 (unregistering): Released all slaves [ 161.151145][ T9313] bond4 (unregistering): Released all slaves [ 161.155469][T11107] FAULT_INJECTION: forcing a failure. [ 161.155469][T11107] name failslab, interval 1, probability 0, space 0, times 0 [ 161.160851][T11107] CPU: 2 UID: 0 PID: 11107 Comm: syz.4.1602 Not tainted syzkaller #0 PREEMPT(full) [ 161.160872][T11107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 161.160883][T11107] Call Trace: [ 161.160888][T11107] [ 161.160894][T11107] dump_stack_lvl+0x16c/0x1f0 [ 161.160920][T11107] should_fail_ex+0x512/0x640 [ 161.160941][T11107] ? fs_reclaim_acquire+0xae/0x150 [ 161.160963][T11107] ? tomoyo_encode2+0x100/0x3e0 [ 161.160986][T11107] should_failslab+0xc2/0x120 [ 161.161005][T11107] __kmalloc_noprof+0xd2/0x510 [ 161.161028][T11107] tomoyo_encode2+0x100/0x3e0 [ 161.161054][T11107] tomoyo_encode+0x29/0x50 [ 161.161075][T11107] tomoyo_realpath_from_path+0x18f/0x6e0 [ 161.161128][T11107] ? tomoyo_profile+0x47/0x60 [ 161.161148][T11107] tomoyo_path_number_perm+0x245/0x580 [ 161.161166][T11107] ? tomoyo_path_number_perm+0x237/0x580 [ 161.161189][T11107] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 161.161210][T11107] ? find_held_lock+0x2b/0x80 [ 161.161258][T11107] ? find_held_lock+0x2b/0x80 [ 161.161276][T11107] ? hook_file_ioctl_common+0x145/0x410 [ 161.161313][T11107] ? __fget_files+0x20e/0x3c0 [ 161.161337][T11107] security_file_ioctl+0x9b/0x240 [ 161.161361][T11107] __x64_sys_ioctl+0xb7/0x210 [ 161.161386][T11107] do_syscall_64+0xcd/0x4c0 [ 161.161408][T11107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.161423][T11107] RIP: 0033:0x7f3e8fb8eba9 [ 161.161437][T11107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.161459][T11107] RSP: 002b:00007f3e90a9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.161474][T11107] RAX: ffffffffffffffda RBX: 00007f3e8fdd5fa0 RCX: 00007f3e8fb8eba9 [ 161.161485][T11107] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 161.161494][T11107] RBP: 00007f3e90a9e090 R08: 0000000000000000 R09: 0000000000000000 [ 161.161503][T11107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.161512][T11107] R13: 00007f3e8fdd6038 R14: 00007f3e8fdd5fa0 R15: 00007ffdbe982048 [ 161.161548][T11107] [ 161.161584][T11107] ERROR: Out of memory at tomoyo_realpath_from_path. [ 161.260914][T11090] chnl_net:caif_netlink_parms(): no params data found [ 161.411500][T11120] team0: No ports can be present during mode change [ 161.413736][T11090] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.417070][T11090] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.419592][T11090] bridge_slave_0: entered allmulticast mode [ 161.422746][T11090] bridge_slave_0: entered promiscuous mode [ 161.426350][T11090] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.428623][T11090] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.430987][T11090] bridge_slave_1: entered allmulticast mode [ 161.433740][T11090] bridge_slave_1: entered promiscuous mode [ 161.500441][T11090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 161.532173][T11090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 161.593809][T11090] team0: Port device team_slave_0 added [ 161.599381][T11090] team0: Port device team_slave_1 added [ 161.666067][ T9313] hsr_slave_0: left promiscuous mode [ 161.670865][ T9313] hsr_slave_1: left promiscuous mode [ 161.673927][ T9313] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.678489][ T9313] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 161.684947][ T9313] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 161.689236][ T9313] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 161.743321][ T9313] veth0_macvtap: left allmulticast mode [ 161.747173][ T9313] veth1_macvtap: left promiscuous mode [ 161.749119][ T9313] veth0_macvtap: left promiscuous mode [ 161.750814][ T40] audit: type=1400 audit(1757539027.045:558): avc: denied { getopt } for pid=11134 comm="syz.4.1611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 161.751050][ T9313] veth1_vlan: left promiscuous mode [ 161.762081][ T9313] veth0_vlan: left promiscuous mode [ 161.906281][ T68] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 162.069290][ T68] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 162.072603][ T68] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 162.076015][ T68] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 162.083470][ T68] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 162.087577][ T68] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 162.090987][ T68] usb 7-1: Product: syz [ 162.094411][ T68] usb 7-1: Manufacturer: syz [ 162.096628][ T68] usb 7-1: SerialNumber: syz [ 162.304449][ T68] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 162.315203][ T68] usb 7-1: USB disconnect, device number 13 [ 162.319740][ T68] usblp0: removed [ 162.537976][ T5971] Bluetooth: hci4: command tx timeout [ 162.686443][ T40] audit: type=1400 audit(1757539027.975:559): avc: denied { write } for pid=11147 comm="syz.4.1615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 163.128406][T11090] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.131384][T11090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.141946][T11090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.170313][T11090] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.173346][T11090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.184345][T11090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.206686][T11156] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1618'. [ 163.237772][T11090] hsr_slave_0: entered promiscuous mode [ 163.240956][T11090] hsr_slave_1: entered promiscuous mode [ 163.243905][T11090] debugfs: 'hsr0' already exists in 'hsr' [ 163.247678][T11090] Cannot create hsr debugfs directory [ 163.263249][ T40] audit: type=1400 audit(1757539028.555:560): avc: denied { mount } for pid=11157 comm="syz.4.1619" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 163.271093][ T40] audit: type=1400 audit(1757539028.555:561): avc: denied { search } for pid=11157 comm="syz.4.1619" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 163.273016][T11160] validate_nla: 3 callbacks suppressed [ 163.273024][T11160] netlink: 'syz.6.1620': attribute type 1 has an invalid length. [ 163.278082][ T40] audit: type=1400 audit(1757539028.555:562): avc: denied { search } for pid=11157 comm="syz.4.1619" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 163.299939][T11160] 8021q: adding VLAN 0 to HW filter on device bond3 [ 163.348227][T11160] bond3: entered promiscuous mode [ 163.455810][T11090] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 163.461061][T11090] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 163.464916][T11090] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 163.470710][T11090] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 163.514627][T11090] 8021q: adding VLAN 0 to HW filter on device bond0 [ 163.527648][T11090] 8021q: adding VLAN 0 to HW filter on device team0 [ 163.532804][ T9311] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.535066][ T9311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 163.542597][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.544934][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 163.573010][T11181] macvtap7: entered allmulticast mode [ 163.603763][T11184] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1626'. [ 163.682564][T11090] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.702309][T11192] team0: No ports can be present during mode change [ 163.757044][T11199] sock: sock_set_timeout: `syz.2.1630' (pid 11199) tries to set negative timeout [ 163.823205][T11090] veth0_vlan: entered promiscuous mode [ 163.829178][T11090] veth1_vlan: entered promiscuous mode [ 163.844773][T11207] netdevsim netdevsim4 eth9 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.854745][T11090] veth0_macvtap: entered promiscuous mode [ 163.859102][T11090] veth1_macvtap: entered promiscuous mode [ 163.873477][T11090] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.881705][T11090] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.888918][ T9381] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.892197][ T9381] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.895370][ T9381] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.898173][ T9381] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.925123][T11207] netdevsim netdevsim4 eth8 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.941565][ T9313] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.943981][ T9313] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.960336][ T9254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.962765][ T9254] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.989438][T11207] netdevsim netdevsim4 eth7 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.999924][T11212] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 164.030879][T11215] netlink: 48 bytes leftover after parsing attributes in process `syz.7.1634'. [ 164.039184][T11207] netdevsim netdevsim4 eth6 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.059972][T11217] Mount JFS Failure: -22 [ 164.063372][T11217] openvswitch: netlink: IP tunnel dst address not specified [ 164.145139][ T9311] netdevsim netdevsim4 eth6: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.152573][ T9311] netdevsim netdevsim4 eth7: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.160512][ T9311] netdevsim netdevsim4 eth8: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.168996][ T9311] netdevsim netdevsim4 eth9: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.264455][T11230] macvtap1: entered allmulticast mode [ 164.266578][T11230] veth0_macvtap: entered allmulticast mode [ 164.328856][T11228] capability: warning: `syz.4.1640' uses 32-bit capabilities (legacy support in use) [ 164.498923][T11241] tipc: Started in network mode [ 164.500515][T11241] tipc: Node identity , cluster identity 4711 [ 164.502418][T11241] tipc: Failed to obtain node identity [ 164.504166][T11241] tipc: Enabling of bearer rejected, failed to enable media [ 164.545860][T11246] team0: No ports can be present during mode change [ 164.588804][T11251] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 164.592493][T11251] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 164.606291][ T5971] Bluetooth: hci4: command tx timeout [ 164.661571][T11258] FAULT_INJECTION: forcing a failure. [ 164.661571][T11258] name failslab, interval 1, probability 0, space 0, times 0 [ 164.666463][T11258] CPU: 3 UID: 0 PID: 11258 Comm: syz.2.1652 Not tainted syzkaller #0 PREEMPT(full) [ 164.666479][T11258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 164.666485][T11258] Call Trace: [ 164.666490][T11258] [ 164.666495][T11258] dump_stack_lvl+0x16c/0x1f0 [ 164.666529][T11258] should_fail_ex+0x512/0x640 [ 164.666548][T11258] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 164.666562][T11258] should_failslab+0xc2/0x120 [ 164.666575][T11258] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 164.666586][T11258] ? genl_start+0x1e8/0x980 [ 164.666601][T11258] ? __netlink_dump_start+0x60b/0x990 [ 164.666614][T11258] ? __alloc_skb+0x2b2/0x380 [ 164.666629][T11258] __alloc_skb+0x2b2/0x380 [ 164.666641][T11258] ? __pfx___alloc_skb+0x10/0x10 [ 164.666659][T11258] netlink_dump+0x19b/0xd30 [ 164.666675][T11258] ? __pfx_netlink_dump+0x10/0x10 [ 164.666695][T11258] ? __asan_memset+0x23/0x50 [ 164.666711][T11258] ? genl_start+0x67f/0x980 [ 164.666729][T11258] __netlink_dump_start+0x6d6/0x990 [ 164.666746][T11258] genl_family_rcv_msg_dumpit+0x1e2/0x2e0 [ 164.666764][T11258] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 164.666786][T11258] ? __pfx_genl_start+0x10/0x10 [ 164.666800][T11258] ? __pfx_genl_dumpit+0x10/0x10 [ 164.666815][T11258] ? __pfx_genl_done+0x10/0x10 [ 164.666832][T11258] ? bpf_lsm_capable+0x9/0x10 [ 164.666848][T11258] ? security_capable+0x7e/0x260 [ 164.666863][T11258] ? ns_capable+0xd7/0x110 [ 164.666878][T11258] genl_rcv_msg+0x46e/0x800 [ 164.666896][T11258] ? __pfx_genl_rcv_msg+0x10/0x10 [ 164.666913][T11258] ? __pfx_batadv_orig_dump+0x10/0x10 [ 164.666934][T11258] netlink_rcv_skb+0x155/0x420 [ 164.666948][T11258] ? __pfx_genl_rcv_msg+0x10/0x10 [ 164.666966][T11258] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 164.666986][T11258] ? netlink_deliver_tap+0x1ae/0xd30 [ 164.667037][T11258] genl_rcv+0x28/0x40 [ 164.667053][T11258] netlink_unicast+0x5aa/0x870 [ 164.667070][T11258] ? __pfx_netlink_unicast+0x10/0x10 [ 164.667085][T11258] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 164.667104][T11258] netlink_sendmsg+0x8d1/0xdd0 [ 164.667121][T11258] ? __pfx_netlink_sendmsg+0x10/0x10 [ 164.667141][T11258] ____sys_sendmsg+0xa98/0xc70 [ 164.667159][T11258] ? copy_msghdr_from_user+0x10a/0x160 [ 164.667173][T11258] ? __pfx_____sys_sendmsg+0x10/0x10 [ 164.667197][T11258] ___sys_sendmsg+0x134/0x1d0 [ 164.667211][T11258] ? __pfx____sys_sendmsg+0x10/0x10 [ 164.667243][T11258] __sys_sendmsg+0x16d/0x220 [ 164.667257][T11258] ? __pfx___sys_sendmsg+0x10/0x10 [ 164.667281][T11258] do_syscall_64+0xcd/0x4c0 [ 164.667302][T11258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.667314][T11258] RIP: 0033:0x7f412c78eba9 [ 164.667323][T11258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.667333][T11258] RSP: 002b:00007f412d6f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 164.667343][T11258] RAX: ffffffffffffffda RBX: 00007f412c9d5fa0 RCX: 00007f412c78eba9 [ 164.667349][T11258] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000003 [ 164.667355][T11258] RBP: 00007f412d6f3090 R08: 0000000000000000 R09: 0000000000000000 [ 164.667361][T11258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.667372][T11258] R13: 00007f412c9d6038 R14: 00007f412c9d5fa0 R15: 00007ffef5003b08 [ 164.667386][T11258] [ 164.693303][T11266] netlink: 'syz.2.1655': attribute type 1 has an invalid length. [ 164.811383][T11262] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 164.850536][T11269] 8021q: adding VLAN 0 to HW filter on device bond45 [ 164.855352][T11269] bond44: (slave bond45): making interface the new active one [ 164.858140][T11269] bond44: (slave bond45): Enslaving as an active interface with an up link [ 164.897591][T11279] macvtap14: entered allmulticast mode [ 164.907694][T11283] binder: 11282:11283 ioctl c0306201 200000000440 returned -14 [ 164.911113][T11286] binder: 11282:11286 ioctl 9204 ae58d returned -22 [ 164.932615][T11281] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.948919][T11283] : renamed from bridge_slave_0 (while UP) [ 164.957966][T11283] bridge0: port 1() entered disabled state [ 165.023739][T11281] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.133588][T11281] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.162109][T11308] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1671'. [ 165.200339][T11310] binder: binder_mmap: 11309 200000ffc000-200001000000 bad vm_flags failed -1 [ 165.218612][T11281] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.314917][ T9311] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.324350][ T9311] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.333938][ T9254] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.348066][ T9381] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.612332][ T29] ================================================================== [ 166.614816][ T29] BUG: KASAN: slab-use-after-free in __mutex_lock+0xe8a/0x1060 [ 166.617425][ T29] Read of size 8 at addr ffff88805a130320 by task kworker/1:0/29 [ 166.621210][ T29] [ 166.622283][ T29] CPU: 1 UID: 0 PID: 29 Comm: kworker/1:0 Not tainted syzkaller #0 PREEMPT(full) [ 166.622296][ T29] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 166.622304][ T29] Workqueue: events l2cap_chan_timeout [ 166.622326][ T29] Call Trace: [ 166.622330][ T29] [ 166.622335][ T29] dump_stack_lvl+0x116/0x1f0 [ 166.622350][ T29] print_report+0xcd/0x630 [ 166.622367][ T29] ? __virt_addr_valid+0x81/0x610 [ 166.622380][ T29] ? __phys_addr+0xe8/0x180 [ 166.622394][ T29] ? __mutex_lock+0xe8a/0x1060 [ 166.622407][ T29] kasan_report+0xe0/0x110 [ 166.622419][ T29] ? __mutex_lock+0xe8a/0x1060 [ 166.622433][ T29] ? l2cap_chan_timeout+0x6d/0x310 [ 166.622443][ T29] __mutex_lock+0xe8a/0x1060 [ 166.622457][ T29] ? add_lock_to_list+0x9d/0x130 [ 166.622472][ T29] ? l2cap_chan_timeout+0x6d/0x310 [ 166.622483][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 166.622496][ T29] ? debug_object_deactivate+0x1ec/0x3a0 [ 166.622510][ T29] ? l2cap_chan_timeout+0x6d/0x310 [ 166.622520][ T29] l2cap_chan_timeout+0x6d/0x310 [ 166.622531][ T29] process_one_work+0x9cc/0x1b70 [ 166.622545][ T29] ? __pfx_process_one_work+0x10/0x10 [ 166.622558][ T29] ? assign_work+0x1a0/0x250 [ 166.622568][ T29] worker_thread+0x6c8/0xf10 [ 166.622582][ T29] ? __pfx_worker_thread+0x10/0x10 [ 166.622593][ T29] kthread+0x3c2/0x780 [ 166.622602][ T29] ? __pfx_kthread+0x10/0x10 [ 166.622612][ T29] ? rcu_is_watching+0x12/0xc0 [ 166.622625][ T29] ? __pfx_kthread+0x10/0x10 [ 166.622635][ T29] ret_from_fork+0x5d4/0x6f0 [ 166.622645][ T29] ? __pfx_kthread+0x10/0x10 [ 166.622655][ T29] ret_from_fork_asm+0x1a/0x30 [ 166.622671][ T29] [ 166.622674][ T29] [ 166.676486][ T29] Allocated by task 9772: [ 166.677838][ T29] kasan_save_stack+0x33/0x60 [ 166.679344][ T29] kasan_save_track+0x14/0x30 [ 166.681115][ T29] __kasan_kmalloc+0xaa/0xb0 [ 166.682994][ T29] l2cap_conn_add.part.0+0x60/0xa60 [ 166.685122][ T29] l2cap_chan_connect+0x15e5/0x2020 [ 166.687232][ T29] l2cap_sock_connect+0x3ba/0x740 [ 166.689275][ T29] kernel_connect+0x107/0x180 [ 166.691089][ T29] rfcomm_dlc_open+0x821/0xaa0 [ 166.692804][ T29] rfcomm_sock_connect+0x423/0x670 [ 166.694863][ T29] __sys_connect_file+0x141/0x1a0 [ 166.696900][ T29] __sys_connect+0x13b/0x160 [ 166.698785][ T29] __x64_sys_connect+0x72/0xb0 [ 166.700344][ T29] do_syscall_64+0xcd/0x4c0 [ 166.701954][ T29] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.704302][ T29] [ 166.705310][ T29] Freed by task 9824: [ 166.707000][ T29] kasan_save_stack+0x33/0x60 [ 166.708987][ T29] kasan_save_track+0x14/0x30 [ 166.710926][ T29] kasan_save_free_info+0x3b/0x60 [ 166.713037][ T29] __kasan_slab_free+0x60/0x70 [ 166.715058][ T29] kfree+0x2b4/0x4d0 [ 166.716678][ T29] l2cap_conn_del+0x59c/0x730 [ 166.718649][ T29] l2cap_disconn_cfm+0x96/0xd0 [ 166.720669][ T29] hci_conn_hash_flush+0x10b/0x260 [ 166.722343][ T29] hci_dev_reset+0x249/0x610 [ 166.723864][ T29] hci_sock_ioctl+0x493/0x7d0 [ 166.725366][ T29] sock_do_ioctl+0x118/0x280 [ 166.726335][ T5979] Bluetooth: hci4: command tx timeout [ 166.726850][ T29] sock_ioctl+0x227/0x6b0 [ 166.730054][ T29] __x64_sys_ioctl+0x18b/0x210 [ 166.731826][ T29] do_syscall_64+0xcd/0x4c0 [ 166.733389][ T29] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.735671][ T29] [ 166.736471][ T29] The buggy address belongs to the object at ffff88805a130000 [ 166.736471][ T29] which belongs to the cache kmalloc-1k of size 1024 [ 166.740910][ T29] The buggy address is located 800 bytes inside of [ 166.740910][ T29] freed 1024-byte region [ffff88805a130000, ffff88805a130400) [ 166.745797][ T29] [ 166.746803][ T29] The buggy address belongs to the physical page: [ 166.749441][ T29] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5a130 [ 166.752601][ T29] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 166.755426][ T29] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 166.758568][ T29] page_type: f5(slab) [ 166.760064][ T29] raw: 00fff00000000040 ffff88801b842dc0 dead000000000100 dead000000000122 [ 166.763495][ T29] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 166.766823][ T29] head: 00fff00000000040 ffff88801b842dc0 dead000000000100 dead000000000122 [ 166.769604][ T29] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 166.772990][ T29] head: 00fff00000000003 ffffea0001684c01 00000000ffffffff 00000000ffffffff [ 166.775755][ T29] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 166.778558][ T29] page dumped because: kasan: bad access detected [ 166.780555][ T29] page_owner tracks the page as allocated [ 166.782315][ T29] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9772, tgid 9771 (syz.4.1117), ts 126125723360, free_ts 125970863709 [ 166.788887][ T29] post_alloc_hook+0x1c0/0x230 [ 166.790736][ T29] get_page_from_freelist+0x132b/0x38e0 [ 166.793025][ T29] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 166.795501][ T29] alloc_pages_mpol+0x1fb/0x550 [ 166.797532][ T29] new_slab+0x247/0x330 [ 166.799296][ T29] ___slab_alloc+0xcf2/0x1750 [ 166.801277][ T29] __slab_alloc.constprop.0+0x56/0xb0 [ 166.803609][ T29] __kmalloc_cache_noprof+0xfb/0x3e0 [ 166.805854][ T29] l2cap_conn_add.part.0+0x60/0xa60 [ 166.808070][ T29] l2cap_chan_connect+0x15e5/0x2020 [ 166.810247][ T29] l2cap_sock_connect+0x3ba/0x740 [ 166.812365][ T29] kernel_connect+0x107/0x180 [ 166.814330][ T29] rfcomm_dlc_open+0x821/0xaa0 [ 166.816355][ T29] rfcomm_sock_connect+0x423/0x670 [ 166.818500][ T29] __sys_connect_file+0x141/0x1a0 [ 166.820622][ T29] __sys_connect+0x13b/0x160 [ 166.822554][ T29] page last free pid 5976 tgid 5976 stack trace: [ 166.825189][ T29] __free_frozen_pages+0x7d5/0x10f0 [ 166.827387][ T29] qlist_free_all+0x4d/0x120 [ 166.829226][ T29] kasan_quarantine_reduce+0x195/0x1e0 [ 166.831048][ T29] __kasan_slab_alloc+0x69/0x90 [ 166.832571][ T29] __kmalloc_noprof+0x1d4/0x510 [ 166.834043][ T29] tomoyo_realpath_from_path+0xc2/0x6e0 [ 166.835798][ T29] tomoyo_path_perm+0x274/0x460 [ 166.837518][ T29] security_inode_getattr+0x116/0x290 [ 166.839779][ T29] vfs_fstat+0x4b/0xe0 [ 166.841203][ T29] vfs_fstatat+0xbc/0xf0 [ 166.842542][ T29] __do_sys_newfstatat+0x97/0x120 [ 166.844647][ T29] do_syscall_64+0xcd/0x4c0 [ 166.846583][ T29] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.849086][ T29] [ 166.850140][ T29] Memory state around the buggy address: [ 166.852121][ T29] ffff88805a130200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 166.854574][ T29] ffff88805a130280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 166.857070][ T29] >ffff88805a130300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 166.859670][ T29] ^ [ 166.861287][ T29] ffff88805a130380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 166.863892][ T29] ffff88805a130400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 166.866363][ T29] ================================================================== [ 166.869715][ T29] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 166.872620][ T29] CPU: 1 UID: 0 PID: 29 Comm: kworker/1:0 Not tainted syzkaller #0 PREEMPT(full) [ 166.875414][ T29] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 166.878598][ T29] Workqueue: events l2cap_chan_timeout [ 166.880296][ T29] Call Trace: [ 166.881454][ T29] [ 166.882482][ T29] dump_stack_lvl+0x3d/0x1f0 [ 166.884430][ T29] vpanic+0x6e8/0x7a0 [ 166.886126][ T29] ? __pfx_vpanic+0x10/0x10 [ 166.887653][ T29] ? __pfx_vprintk_emit+0x10/0x10 [ 166.889237][ T29] ? __mutex_lock+0xe8a/0x1060 [ 166.890748][ T29] panic+0xca/0xd0 [ 166.892088][ T29] ? __pfx_panic+0x10/0x10 [ 166.893985][ T29] ? check_panic_on_warn+0x1f/0xb0 [ 166.895721][ T29] check_panic_on_warn+0xab/0xb0 [ 166.897262][ T29] end_report+0x107/0x170 [ 166.898643][ T29] kasan_report+0xee/0x110 [ 166.900055][ T29] ? __mutex_lock+0xe8a/0x1060 [ 166.901518][ T29] ? l2cap_chan_timeout+0x6d/0x310 [ 166.903400][ T29] __mutex_lock+0xe8a/0x1060 [ 166.905206][ T29] ? add_lock_to_list+0x9d/0x130 [ 166.907294][ T29] ? l2cap_chan_timeout+0x6d/0x310 [ 166.909417][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 166.911524][ T29] ? debug_object_deactivate+0x1ec/0x3a0 [ 166.913841][ T29] ? l2cap_chan_timeout+0x6d/0x310 [ 166.915941][ T29] l2cap_chan_timeout+0x6d/0x310 [ 166.917999][ T29] process_one_work+0x9cc/0x1b70 [ 166.920089][ T29] ? __pfx_process_one_work+0x10/0x10 [ 166.922313][ T29] ? assign_work+0x1a0/0x250 [ 166.924247][ T29] worker_thread+0x6c8/0xf10 [ 166.926126][ T29] ? __pfx_worker_thread+0x10/0x10 [ 166.927778][ T29] kthread+0x3c2/0x780 [ 166.929056][ T29] ? __pfx_kthread+0x10/0x10 [ 166.930501][ T29] ? rcu_is_watching+0x12/0xc0 [ 166.932022][ T29] ? __pfx_kthread+0x10/0x10 [ 166.933516][ T29] ret_from_fork+0x5d4/0x6f0 [ 166.934959][ T29] ? __pfx_kthread+0x10/0x10 [ 166.936371][ T29] ret_from_fork_asm+0x1a/0x30 [ 166.938310][ T29] [ 166.940165][ T29] Kernel Offset: disabled [ 166.941916][ T29] Rebooting in 86400 seconds.. VM DIAGNOSIS: 21:17:12 Registers: info registers vcpu 0 CPU#0 RAX=000000000016907f RBX=0000000000000000 RCX=ffffffff8b946c29 RDX=0000000000000000 RSI=ffffffff8de52618 RDI=ffffffff8c162d00 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08 R8 =0000000000000001 R9 =ffffed100d486655 R10=ffff88806a4332ab R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab6d90 R15=0000000000000000 RIP=ffffffff8b94578f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d66b5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055557a9f05c8 CR3=00000000315d8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 bec0dcc685db4a08 6e416c6d75ffde52 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6b22c36d69f8efee d3501442b31645c0 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6bad0441fb408a1d 0197aec865919b4d ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 69fd09140fdfb509 d44573f532684939 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 00000000000000b4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000034 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 df54cbcf0c558307 5fe707d9572aec53 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 69ba070fe5a90a17 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 60075cbe63babb7c 09d687110799f148 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f10fd41b00000000 35299715b93eefd1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 48dac4340c1d4877 0f6a59a5b2c4a4cc ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b3b59f523b7f3743 a107d3cbf697b262 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0122000800288003 40a0801000278004 2680040100000c08 06080e2238080027 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0110840410002980 0340a08010002880 040fffffffffffff 00080007000c0008 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 04002a90031a0800 2a88033ffe08002a 800329800449c408 000100000c080606 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0001000004080606 011db80000000000 0001ffffffffffff fffff3082a940306 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 012a8004088185b9 e808000100000408 0606011db8000000 00000001ffffffff ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fffffffff3082a94 030604002a90031a 08002a88033ffe08 002a800329800449 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c408000100000c08 0606011084041000 29800340a0801000 2880040fffffffff ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff040100000e08 0608012200080028 800340a080100027 8004268004010000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85647c75 RDI=ffffffff9b1150a0 RBP=ffffffff9b115060 RSP=ffffc90000687530 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b115060 R15=ffffffff85647c10 RIP=ffffffff85647c9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d67b5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c26ec90 CR3=000000000e380000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000ffffff80 Opmask01=0000000020080810 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdbaf139e6 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdbaf139e6 00007ffdbaf139ec ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab0fe12e46 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab0fe12e53 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab0fe12e4d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab0fe12e61 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab0fe12ee7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab0fe12fc5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab0ffa74a8 00007fab0ffa74a0 00007fab0ffa7498 00007fab0ffa7470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab10b0d100 00007fab0ffa7460 00007fab0ffa7478 00007fab0ffa74c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab0ffa74b8 00007fab0ffa74b0 00007fab0ffa74a8 00007fab0ffa74a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000015397f RBX=0000000000000002 RCX=ffffffff8b946c29 RDX=0000000000000000 RSI=ffffffff8de52618 RDI=ffffffff8c162d00 RBP=ffffed1003c53910 RSP=ffffc90000187df8 R8 =0000000000000001 R9 =ffffed100d4c6655 R10=ffff88806a6332ab R11=0000000000000000 R12=0000000000000002 R13=ffff88801e29c880 R14=ffffffff90ab6d90 R15=0000000000000000 RIP=ffffffff8b94578f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d68b5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffdbe980b28 CR3=00000000315d8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000010000000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 35e93cf3dbfe4a33 69e30b740bdebcd0 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4ba6b20312526f46 e2aaf63276cab326 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fd632bc33d123488 637177538ffeddaa ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 59fca73f3e8c10eb f3cf7a90b254f72f ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000007540 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000659961082c 4cf3d66200800100 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000066 0000006600800100 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 106c7cd7f19c5813 c2fd5c6c009b04c2 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000664d17aa0e 4d089190d1c83dbc ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73544ced9447662c d48887e87b2ad5ec ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3bf8e11f538accb9 9c60b891e69bf812 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0007000000100008 0000000000000004 000c001a00100000 0014010000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000c000000080004 001c000e00000000 0000000000000000 0683000000200000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0011000000003351 d140000000140000 001c0000000e0014 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 dc02000000000100 0000000000260000 000cffffdbee0000 03e6000000080004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000800080000 0028000000400000 0058000000700000 00880000009c0000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00b0000000c40000 00dc000000380000 00f8000023d40000 23e8000023fc0000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 24140000242c0000 2440000024580000 2478000024900000 24b0000000150000 ZMM24=af460797af460797 af460797af460797 af460797af460797 af460797af460797 af460797af460797 af460797af460797 af460797af460797 af460797af460797 ZMM25=ce827d25ce827d25 ce827d25ce827d25 ce827d25ce827d25 ce827d25ce827d25 ce827d25ce827d25 ce827d25ce827d25 ce827d25ce827d25 ce827d25ce827d25 ZMM26=c8f1b4fcc8f1b4fc c8f1b4fcc8f1b4fc c8f1b4fcc8f1b4fc c8f1b4fcc8f1b4fc c8f1b4fcc8f1b4fc c8f1b4fcc8f1b4fc c8f1b4fcc8f1b4fc c8f1b4fcc8f1b4fc ZMM27=5bcbd4685bcbd468 5bcbd4685bcbd468 5bcbd4685bcbd468 5bcbd4685bcbd468 5bcbd4685bcbd468 5bcbd4685bcbd468 5bcbd4685bcbd468 5bcbd4685bcbd468 ZMM28=000000a00000009f 0000009e0000009d 0000009c0000009b 0000009a00000099 0000009800000097 0000009600000095 0000009400000093 0000009200000091 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0e0b00000e0b0000 0e0b00000e0b0000 0e0b00000e0b0000 0e0b00000e0b0000 0e0b00000e0b0000 0e0b00000e0b0000 0e0b00000e0b0000 0e0b00000e0b0000 info registers vcpu 3 CPU#3 RAX=0000000000112e37 RBX=0000000000000003 RCX=ffffffff8b946c29 RDX=0000000000000000 RSI=ffffffff8de52618 RDI=ffffffff8c162d00 RBP=ffffed1003c56000 RSP=ffffc90000197df8 R8 =0000000000000001 R9 =ffffed100d4e6655 R10=ffff88806a7332ab R11=0000000000000000 R12=0000000000000003 R13=ffff88801e2b0000 R14=ffffffff90ab6d90 R15=0000000000000000 RIP=ffffffff8b94578f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d69b5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f3e90a7cf98 CR3=000000000e380000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000080040001 Opmask01=0000000020080810 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000a60ce07b 00000000cec3662e ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 67c79a513a63aa34 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdbe982556 00007ffdbe98255c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3e8fc12e46 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3e8fc12e53 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3e8fc12e4d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3e8fc12e61 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3e8fc12ee7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3e8fc12fc5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000