last executing test programs: 5m21.755065978s ago: executing program 3 (id=4392): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020605000000000000000000000000001400078008000640001b0000080013400000000205000100060000000900020073797a32000000000500040000000000050005000a00000011000300686173683a69702c6d61726b"], 0x60}, 0x1, 0x0, 0x0, 0x4008840}, 0x0) 5m21.685799433s ago: executing program 3 (id=4395): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000e00)=@newtaction={0x6c, 0x30, 0x1, 0x3, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0xfffffffffffffe65, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x10001, 0x9, 0x10000000, 0x0, 0x20}, 0x1}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8848}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 5m21.685567745s ago: executing program 3 (id=4397): r0 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0) read$sequencer(r0, &(0x7f0000000480)=""/98, 0x62) 5m21.627742732s ago: executing program 3 (id=4400): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE={0x8, 0x2, @broadcast}, @IFLA_GENEVE_REMOTE6={0x14, 0x7, @loopback}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4001}, 0x0) 5m21.606774545s ago: executing program 3 (id=4403): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) 5m21.546910434s ago: executing program 3 (id=4406): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, @empty, @empty, 0x0, 0x0, 0x0, 0x20000000}}) 5m5.531470049s ago: executing program 32 (id=4406): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, @empty, @empty, 0x0, 0x0, 0x0, 0x20000000}}) 3m43.935883406s ago: executing program 0 (id=8257): syz_emit_ethernet(0x6e, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @broadcast, @val={@val={0x88a8, 0x2, 0x1, 0x2}, {0x8100, 0x5, 0x0, 0x4}}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x58, 0x0, 0x0, 0xff, 0x2f, 0x0, @rand_addr=0x64010100, @local}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x88a8, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x4}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x8}}}}}}}}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) 3m43.874464881s ago: executing program 0 (id=8259): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) close_range(r0, r0, 0x0) 3m43.86910348s ago: executing program 0 (id=8262): socketpair$unix(0x1, 0x2, 0x0, 0x0) request_key(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000140)='\\\\@[*#)\x00', 0xfffffffffffffffe) add_key$user(&(0x7f0000000180), &(0x7f0000000000)={'syz', 0x0}, &(0x7f00000005c0)='\x00', 0x1, 0xfffffffffffffffe) 3m43.802177594s ago: executing program 0 (id=8267): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000001580), 0x138a09f12d160b2d, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000200)=0x12) close(r0) 3m43.731736153s ago: executing program 0 (id=8271): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) 3m43.73112495s ago: executing program 0 (id=8275): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) get_mempolicy(0x0, 0x0, 0x203, &(0x7f0000394000/0x3000)=nil, 0x3) 3m27.686515376s ago: executing program 33 (id=8275): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) get_mempolicy(0x0, 0x0, 0x203, &(0x7f0000394000/0x3000)=nil, 0x3) 2m34.879194308s ago: executing program 1 (id=10042): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='task\x00') getdents64(r0, &(0x7f0000000240)=""/44, 0x7a) getdents64(r0, 0x0, 0x0) 2m34.878858284s ago: executing program 1 (id=10044): socket$key(0xf, 0x3, 0x2) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001a40)=ANY=[@ANYBLOB="5801000010000100030000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000001600"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000000400000033000000ac1414bb00000000000000000000000000000000000000000000000000000000030000000000000004000000000000005700000000000000fdffffffffffffff000000000000010000000000000000007b00000000000000000080000000000000200000000000000000000000000000000000005cfd00000000000000000000000000000a000000aa0000000000000048000100686d61632873686131290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001700010000002bbd70002bbd70002bbd700026bd700004"], 0x158}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 2m34.759732889s ago: executing program 1 (id=10049): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x820061, &(0x7f0000000200)={[{@size={'size', 0x3d, [0x65]}}]}) 2m34.702917723s ago: executing program 1 (id=10055): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x45110, 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000300)={[{@gid}]}) 2m34.651482232s ago: executing program 1 (id=10058): r0 = memfd_create(&(0x7f0000000b40)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b \x00\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\xfe\xe6\xd2SLR\xa1\x00\x00\x17\x1f$^\xe1\x00\x00\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\x00\x00\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\x9b\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x14M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe2\x89\xf6L\x1b1\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\xe7\xf6\t\x9dJ\xa4^m\xf3\xb5Y\f\x8f\r\xd5)>A\xe9\xf59\'G[\xf0`\xf3\'\xe4\xb2\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I?^\xf3,\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4u\xdaav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW', 0x6) fcntl$addseals(r0, 0x409, 0xc) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x800}) 2m34.324416357s ago: executing program 1 (id=10067): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 2m34.241787154s ago: executing program 34 (id=10067): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 2m11.225179274s ago: executing program 4 (id=10214): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)={0x20, 0x1a, 0xa01, 0x0, 0x0, {0xa}, [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x7, 0x0, 0x0, 0x0, @str='\x1d@\x00'}]}]}, 0x20}}, 0x0) 2m11.146293669s ago: executing program 4 (id=10217): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x2c, r1, 0x1, 0x0, 0x80000004, {0x1b}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}]}, 0x2c}}, 0x0) 2m10.830255257s ago: executing program 4 (id=10220): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) 2m10.319492959s ago: executing program 4 (id=10242): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0x6) 2m10.244598429s ago: executing program 4 (id=10245): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) fstat(r0, &(0x7f0000000300)) 2m10.184708432s ago: executing program 4 (id=10247): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x34, r1, 0x6ff, 0x0, 0x25dfdbfc, {0x52}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x48004}, 0x0) 1m54.094786509s ago: executing program 35 (id=10247): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x34, r1, 0x6ff, 0x0, 0x25dfdbfc, {0x52}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x48004}, 0x0) 3.285981797s ago: executing program 7 (id=12403): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000005a80)={0x0, 0xfffffffe, 0x10}, 0xc) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback, 0x7fff}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="0e", 0x1, 0x40000, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback, 0x2}, 0x1c) 2.297041965s ago: executing program 7 (id=12410): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000024c0)=@newtaction={0x6c, 0x30, 0x48b, 0x0, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x40000, 0x0, 0x0, 0x200}, @multicast2, @remote}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20008000}, 0x8000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.139120172s ago: executing program 2 (id=12415): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000100)='./file0\x00') openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.pending_reads\x00', 0x0, 0x28) 2.08902501s ago: executing program 2 (id=12416): mkdir(&(0x7f0000000300)='./bus\x00', 0x90) r0 = socket$netlink(0x10, 0x3, 0xa) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000080)=0xc) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r1, 0x0, 0x1000) 2.088642338s ago: executing program 2 (id=12417): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="14"], 0x18}, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000000), 0x4) recvmmsg(r1, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}, 0xc}], 0x1, 0x40, 0x0) 2.007940244s ago: executing program 2 (id=12418): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_LIST(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x8000) 1.950384543s ago: executing program 2 (id=12419): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x80, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c) sendto$inet6(r0, &(0x7f0000000300)="938f", 0x2, 0x14, &(0x7f0000000100)={0xa, 0x4e23, 0x7, @loopback}, 0x1c) 1.433960664s ago: executing program 7 (id=12420): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="0100000000000000f2000040"]) 1.317097849s ago: executing program 5 (id=12425): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x0, "4fcb819bbe7bfabee2b094a3de6dbfd30a74457bcd1cfd5feffe5c019f45d57f", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000180)={"000000149c0286e08ffad43c40fc0a000000ab65a29e23546aad0281b3aff5eb", r1, 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r2, 0xc0383e04, &(0x7f0000000000)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.313162284s ago: executing program 7 (id=12427): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x2}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x6, 0x4, 0x4000000}]}]}]}}]}, 0xa4}}, 0x0) 1.231756423s ago: executing program 5 (id=12428): sendmsg$nl_route(0xffffffffffffffff, &(0x7f000009de00)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c000000160001002abd"], 0x2c}}, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) open_by_handle_at(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="15000000fe"], 0x1) 1.231536714s ago: executing program 5 (id=12429): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000300)='rxrpc_client\x00', r0}, 0x18) r1 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0xfc00) 1.137942086s ago: executing program 5 (id=12431): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001c00c92429bd70000000024007000000", @ANYRES32=r1, @ANYBLOB="80008f0b0a000200aac9aaaaaaaa00000600050001"], 0x30}, 0x1, 0x0, 0x0, 0xc8890}, 0x0) 1.050818489s ago: executing program 6 (id=12433): r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0xcd1d, 0x10100, 0x1000000}, &(0x7f0000000040), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_register$IORING_REGISTER_PBUF_STATUS(r0, 0x1a, &(0x7f0000000280)={0x8001}, 0x1) 1.047408366s ago: executing program 2 (id=12434): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) ioctl$TUNGETIFF(r0, 0x800454d2, &(0x7f0000000040)={'ip6tnl0\x00'}) 1.007512993s ago: executing program 6 (id=12435): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)}], 0x1}}], 0x1, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000240)={r1, 0x8000, 0x200, 0x2, 0x7ff, 0xffffffc0}, &(0x7f0000000280)=0x14) 923.429739ms ago: executing program 6 (id=12436): r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r0, 0x9) setsockopt$inet_tcp_int(r0, 0x6, 0x3, &(0x7f00000001c0), 0x4) 923.188188ms ago: executing program 6 (id=12437): r0 = syz_clone(0x0, 0x0, 0xfffffffffffffe7b, 0x0, 0x0, 0x0) ptrace(0x4206, r0) ptrace(0x8, r0) waitid(0x0, 0x0, 0x0, 0x40000004, 0x0) 785.099649ms ago: executing program 6 (id=12438): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x1}) 507.083035ms ago: executing program 6 (id=12439): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)=@newqdisc={0x9c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r2, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x6c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100], [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x9, 0x4, 0x0, 0x0, 0x4]}}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0xc, 0x0, 0x1, [{0xffffff8a}]}]}}]}, 0x9c}}, 0x0) 10.226582ms ago: executing program 7 (id=12440): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x8, &(0x7f0000000100)=@framed={{0x18, 0x3}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f00000001c0)='GPL\x00'}, 0x90) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') read$qrtrtun(r1, &(0x7f00000004c0)=""/57, 0x39) 9.897979ms ago: executing program 5 (id=12441): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.freeze\x00', 0x275a, 0x0) dup3(r2, r0, 0x0) sendmsg$unix(r1, &(0x7f0000000ac0)={0x0, 0x0, 0x0}, 0x0) 325.276µs ago: executing program 7 (id=12442): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000020000a3c000000120a09080000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x0) 0s ago: executing program 5 (id=12443): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008dffff"}) 0s ago: executing program 2 (id=12444): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @remote, 0x5}, 0x1c, &(0x7f0000000480)=[{&(0x7f0000000300)="e2", 0x1}], 0x1}}, {{&(0x7f0000000580)={0xa, 0x4e24, 0x81, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xb}, 0x1c, &(0x7f0000000600)=[{&(0x7f00000005c0)="6ab4", 0x2}], 0x1}}], 0x2, 0x14) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x85, &(0x7f0000002380)=""/4107, &(0x7f00000000c0)=0x1012) kernel console output (not intermixed with test programs): 0] audit: type=1326 audit(1753237747.825:44951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25768 comm="syz.5.9355" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03658e929 code=0x7ffc0000 [ 270.927389][ T40] audit: type=1326 audit(1753237747.843:44952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25768 comm="syz.5.9355" exe="/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7fe03658e929 code=0x7ffc0000 [ 270.935610][ T40] audit: type=1326 audit(257.341:44953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25768 comm="syz.5.9355" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03658e929 code=0x7ffc0000 [ 270.946369][ T40] audit: type=1326 audit(257.341:44954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25768 comm="syz.5.9355" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03658e929 code=0x7ffc0000 [ 271.152610][T25811] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9376'. [ 271.218476][T25820] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9380'. [ 271.518765][T25850] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9392'. [ 271.522493][T25850] netlink: 'syz.1.9392': attribute type 30 has an invalid length. [ 271.525493][T25850] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9392'. [ 271.596167][T25863] netlink: 212364 bytes leftover after parsing attributes in process `syz.5.9396'. [ 271.601245][T25863] openvswitch: netlink: Message has 5 unknown bytes. [ 271.753586][ T40] audit: type=1400 audit(258.164:44955): avc: denied { listen } for pid=25880 comm="syz.4.9404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 271.815428][T25892] fuse: Invalid rootmode [ 273.081313][T25933] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 273.901634][T25993] "syz.4.9452" (25993) uses obsolete ecb(arc4) skcipher [ 273.933334][T26001] netlink: 'syz.2.9455': attribute type 1 has an invalid length. [ 273.987880][T26014] A link change request failed with some changes committed already. Interface may have been left with an inconsistent configuration, please check. [ 274.020995][T26015] delete_channel: no stack [ 274.153729][T26031] tipc: Started in network mode [ 274.156498][T26031] tipc: Node identity ac14140f, cluster identity 4711 [ 274.162278][T26031] tipc: New replicast peer: 255.255.255.247 [ 274.166031][T26031] tipc: Enabled bearer , priority 10 [ 274.708869][T26080] tmpfs: Cannot change global quota limit on remount [ 274.754139][T26084] [U] 1WT`8H$09\ [ 274.756398][T26084] [U] ;2}UGVĥ#O9ե>-ߴSݢP [ 274.760495][T26083] [U]  [ 274.958068][T26101] smc: net device bond0 erased user defined pnetid SYZ0 [ 275.205691][T26130] netlink: 32 bytes leftover after parsing attributes in process `syz.1.9515'. [ 275.225635][ T29] tipc: Node number set to 2886997007 [ 275.358296][T26147] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9523'. [ 275.437366][T26155] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9527'. [ 275.471488][T26159] netlink: 36 bytes leftover after parsing attributes in process `syz.4.9529'. [ 275.491734][T24780] udevd[24780]: inotify_add_watch(7, /dev/pmem0p13, 10) failed: No such file or directory [ 275.525351][ T40] audit: type=1400 audit(261.690:44956): avc: denied { write } for pid=26165 comm="syz.1.9533" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 275.950519][ T1021] usb 6-1: new low-speed USB device number 9 using dummy_hcd [ 276.112682][ T1021] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 276.115849][ T1021] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 276.120224][ T1021] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 276.125320][ T1021] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 276.130194][ T1021] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 276.137741][ T1021] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 276.142118][ T1021] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 276.153604][ T1021] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 276.158392][ T1021] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 276.170055][ T1021] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 276.176218][ T1021] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 276.179341][ T1021] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 276.183667][ T1021] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 276.196336][ T1021] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 276.200943][ T1021] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 276.214103][ T1021] usb 6-1: string descriptor 0 read error: -22 [ 276.216879][ T1021] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 276.222446][ T1021] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.236859][ T1021] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 276.462567][ T24] usb 6-1: USB disconnect, device number 9 [ 276.467332][T26217] netlink: 'syz.2.9557': attribute type 1 has an invalid length. [ 276.470662][T26217] netlink: 220 bytes leftover after parsing attributes in process `syz.2.9557'. [ 276.477724][T26217] netlink: 'syz.2.9557': attribute type 1 has an invalid length. [ 277.084059][ T40] audit: type=1400 audit(263.150:44957): avc: denied { bind } for pid=26236 comm="syz.2.9567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 277.320517][T26262] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9579'. [ 277.332316][ T40] audit: type=1400 audit(263.383:44958): avc: denied { getopt } for pid=26263 comm="syz.2.9580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 277.516792][ T40] audit: type=1400 audit(263.552:44959): avc: denied { write } for pid=26278 comm="syz.4.9587" name="file0" dev="tmpfs" ino=5987 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 277.526825][ T40] audit: type=1400 audit(263.552:44960): avc: denied { open } for pid=26278 comm="syz.4.9587" path="/1182/file0" dev="tmpfs" ino=5987 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 277.612932][T26288] can0: slcan on ptm0. [ 277.693449][T26286] can0 (unregistered): slcan off ptm0. [ 278.044816][T26326] netlink: 344 bytes leftover after parsing attributes in process `syz.4.9610'. [ 278.081358][T26329] netlink: 'syz.4.9612': attribute type 4 has an invalid length. [ 278.084281][T26329] netlink: 17 bytes leftover after parsing attributes in process `syz.4.9612'. [ 278.138021][ T40] audit: type=1400 audit(264.132:44961): avc: denied { map } for pid=26335 comm="syz.4.9615" path="/dev/video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 278.290767][T26354] nbd: must specify an index to disconnect [ 278.369882][T26362] netlink: 'syz.5.9628': attribute type 2 has an invalid length. [ 278.777313][T26409] netlink: 36 bytes leftover after parsing attributes in process `syz.2.9652'. [ 278.998212][T26437] netlink: 272 bytes leftover after parsing attributes in process `syz.4.9667'. [ 279.003271][ T40] audit: type=1400 audit(264.946:44962): avc: denied { read } for pid=26436 comm="syz.4.9667" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 279.012681][ T40] audit: type=1400 audit(264.946:44963): avc: denied { accept } for pid=26439 comm="syz.2.9665" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 279.052079][T26444] tipc: Started in network mode [ 279.053688][T26444] tipc: Node identity 1000000000000000ffffffffffffffff, cluster identity 4711 [ 279.098143][T26449] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 279.108682][ T40] audit: type=1400 audit(265.039:44964): avc: denied { mounton } for pid=26450 comm="syz.1.9672" path="/2564/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 279.148017][ T40] audit: type=1400 audit(265.086:44965): avc: denied { watch_mount } for pid=26454 comm="syz.1.9674" path="/2565" dev="tmpfs" ino=12912 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 279.188298][ T40] audit: type=1400 audit(265.114:44966): avc: denied { ioctl } for pid=26458 comm="syz.1.9675" path="socket:[79006]" dev="sockfs" ino=79006 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 279.279010][T26466] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9679'. [ 279.628384][T26498] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.9695'. [ 279.680938][T26504] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9698'. [ 279.702382][T26506] vivid-000: ================= START STATUS ================= [ 279.708240][T26506] vivid-000: Test Pattern: 100% Color Squares [ 279.711513][T26506] vivid-000: Fill Percentage of Frame: 100 [ 279.714474][T26506] vivid-000: Horizontal Movement: No Movement [ 279.717096][T26506] vivid-000: Vertical Movement: Move Down Slow [ 279.719785][T26506] vivid-000: OSD Text Mode: Counters Only [ 279.722209][T26506] vivid-000: Show Border: false [ 279.724511][T26506] vivid-000: Show Square: true [ 279.726627][T26506] vivid-000: Sensor Flipped Horizontally: true [ 279.729110][T26506] vivid-000: Sensor Flipped Vertically: true [ 279.731548][T26506] vivid-000: Insert SAV Code in Image: true [ 279.733960][T26506] vivid-000: Insert EAV Code in Image: true [ 279.737054][T26506] vivid-000: Insert Video Guard Band: true [ 279.739489][T26506] vivid-000: Reduced Framerate: true [ 279.741638][T26506] vivid-000: HDMI 000-0 Is Connected To: None [ 279.744088][T26506] vivid-000: S-Video 000-0 Is Connected To: None [ 279.746980][T26506] vivid-000: Enable Capture Cropping: true grabbed [ 279.749506][T26506] vivid-000: Enable Capture Composing: true grabbed [ 279.752412][T26506] vivid-000: Enable Capture Scaler: true grabbed [ 279.754988][T26506] vivid-000: Timestamp Source: End of Frame [ 279.756349][T26509] IPVS: Scheduler module ip_vs_sip not found [ 279.757771][T26506] vivid-000: Colorspace: SMPTE 170M [ 279.762313][T26506] vivid-000: Transfer Function: None [ 279.764116][T26506] vivid-000: Y'CbCr Encoding: BT.2020 [ 279.766347][T26506] vivid-000: HSV Encoding: Hue 0-179 [ 279.769089][T26506] vivid-000: Quantization: Default [ 279.770857][T26506] vivid-000: Apply Alpha To Red Only: true [ 279.772847][T26506] vivid-000: Standard Aspect Ratio: 14x9 [ 279.774664][T26506] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 279.777273][T26506] vivid-000: DV Timings: 640x480p59 inactive [ 279.780121][T26506] vivid-000: DV Timings Aspect Ratio: 4x3 [ 279.782407][T26506] vivid-000: Maximum EDID Blocks: 2 [ 279.785113][T26506] vivid-000: Limited RGB Range (16-235): true [ 279.787544][T26506] vivid-000: Rx RGB Quantization Range: RGB Full Range (0-255) [ 279.797242][T26506] vivid-000: Power Present: 0x00000000 [ 279.801152][T26506] tpg source WxH: 720x576 (R'G'B) [ 279.803222][T26506] tpg field: 3 [ 279.804711][T26506] tpg crop: (0,0)/64x64 [ 279.806487][T26506] tpg compose: (0,0)/16x8 [ 279.808178][T26506] tpg colorspace: 1 [ 279.809425][T26506] tpg transfer function: 6/6 [ 279.817303][T26506] tpg quantization: 0/1 [ 279.818718][T26506] tpg RGB range: 0/1 [ 279.820016][T26506] vivid-000: ================== END STATUS ================== [ 280.240858][T26558] binder: 26557:26558 ioctl c0306201 200000000080 returned -22 [ 280.285422][T26564] tmpfs: Bad value for 'mpol' [ 280.594287][T26585] program syz.5.9736 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 280.757227][T26593] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9740'. [ 280.989307][T26608] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 280.989307][T26608] The task syz.1.9745 (26608) triggered the difference, watch for misbehavior. [ 281.291823][T26621] IPVS: Unknown mcast interface: nicvf0 [ 281.720873][T26643] netlink: 'syz.4.9763': attribute type 1 has an invalid length. [ 282.328638][T26684] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 282.331407][T26684] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 282.339405][T26684] vhci_hcd vhci_hcd.0: Device attached [ 282.347629][T26685] vhci_hcd: connection closed [ 282.348493][T22602] vhci_hcd: stop threads [ 282.352829][T22602] vhci_hcd: release socket [ 282.355034][T22602] vhci_hcd: disconnect device [ 282.527039][T26698] __nla_validate_parse: 1 callbacks suppressed [ 282.527057][T26698] netlink: 52 bytes leftover after parsing attributes in process `syz.5.9788'. [ 282.726117][T26716] atomic_op ffff88802d8b1198 conn xmit_atomic 0000000000000000 [ 282.747976][T26718] netlink: 'syz.5.9798': attribute type 62 has an invalid length. [ 282.812906][T26724] ipt_rpfilter: only valid in 'raw' or 'mangle' table, not '' [ 283.513055][T26772] tmpfs: Cannot enable quota on remount [ 283.523397][T26774] macvlan1: entered promiscuous mode [ 283.525694][T26774] macvlan1: entered allmulticast mode [ 283.940751][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 283.940768][ T40] audit: type=1400 audit(269.566:44969): avc: denied { accept } for pid=26816 comm="syz.5.9844" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 284.340338][ T40] audit: type=1400 audit(269.931:44970): avc: denied { read } for pid=26842 comm="syz.5.9855" path="socket:[79242]" dev="sockfs" ino=79242 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 284.361744][ C1] hpet: Lost 1 RTC interrupts [ 284.374715][ T40] audit: type=1400 audit(269.941:44971): avc: denied { write } for pid=26844 comm="syz.2.9854" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 284.429760][ T40] audit: type=1400 audit(270.025:44972): avc: denied { write } for pid=26852 comm="syz.4.9859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 284.451935][T26856] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 284.676383][T26876] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 285.111697][T26894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9878'. [ 285.126707][T26894] openvswitch: netlink: nsh attr 8196 is out of range max 3 [ 285.130306][T26894] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 285.135879][ T6160] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 285.141531][T26896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9880'. [ 285.147113][T26896] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9880'. [ 285.150585][T26896] netlink: 'syz.2.9880': attribute type 20 has an invalid length. [ 285.295990][ T6160] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 285.300707][ T6160] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 285.306001][ T6160] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 285.309962][ T6160] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.317525][T26886] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 285.324062][ T6160] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 285.450075][T26916] random: crng reseeded on system resumption [ 285.505753][T26920] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9890'. [ 285.509370][T26920] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9890'. [ 285.512943][T26920] netlink: 'syz.1.9890': attribute type 12 has an invalid length. [ 285.591496][ T6160] usb 9-1: USB disconnect, device number 6 [ 285.644800][T26926] program syz.1.9893 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.868935][T26936] program syz.1.9898 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 286.048237][T26945] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 286.184287][T26956] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9908'. [ 286.188057][T26956] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9908'. [ 286.271082][T26966] program syz.4.9912 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 286.286867][T26969] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9913'. [ 286.330881][T26975] program syz.4.9912 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 286.561019][T27005] xt_hashlimit: size too large, truncated to 1048576 [ 286.656661][T27018] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9937'. [ 286.782962][T27035] nd_bus ndbus0: __nd_ioctl:bus unknown input size cmd: cmd_call field: 1 [ 286.816512][T27041] rdma_op ffff88802b8859f0 conn xmit_rdma 0000000000000000 [ 287.261534][ T6160] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 287.442933][ T6160] usb 10-1: Using ep0 maxpacket: 16 [ 287.447531][ T6160] usb 10-1: config 0 has an invalid interface number: 8 but max is 0 [ 287.451573][ T6160] usb 10-1: config 0 has no interface number 0 [ 287.455918][ T6160] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 287.460581][ T6160] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 287.466386][ T6160] usb 10-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 287.469103][ T6160] usb 10-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 287.469456][T27096] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 287.471347][ T6160] usb 10-1: Product: syz [ 287.471359][ T6160] usb 10-1: SerialNumber: syz [ 287.472911][ T6160] usb 10-1: config 0 descriptor?? [ 287.496534][ T6160] cm109 10-1:0.8: invalid payload size 0, expected 4 [ 287.500393][ T6160] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.8/input/input26 [ 287.546805][T27102] xt_CT: You must specify a L4 protocol and not use inversions on it [ 287.703718][ C3] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 287.717104][ C3] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 287.721004][ C3] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 287.724369][ C3] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 287.727480][ T6160] usb 10-1: USB disconnect, device number 3 [ 287.729886][ C3] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 287.729907][ C3] cm109 10-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 287.740575][ T6160] cm109 10-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 288.077702][T27136] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 288.096403][ C1] hpet: Lost 1 RTC interrupts [ 288.144761][T27142] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9997'. [ 288.227566][ T40] audit: type=1400 audit(273.570:44973): avc: denied { mount } for pid=27151 comm="syz.1.10002" name="/" dev="autofs" ino=81631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 288.246151][ T40] audit: type=1400 audit(273.589:44974): avc: denied { unmount } for pid=6122 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 288.295437][T27162] program syz.4.10007 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 288.328796][T27167] netlink: 'syz.5.10008': attribute type 7 has an invalid length. [ 288.332447][T27167] netlink: 204 bytes leftover after parsing attributes in process `syz.5.10008'. [ 288.376828][ T40] audit: type=1400 audit(273.710:44975): avc: denied { read } for pid=27171 comm="syz.5.10011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 288.407827][T27154] /dev/sr0: Can't open blockdev [ 288.414003][T27163] gfs2: gfs2 mount does not exist [ 288.569473][T27197] SELinux: security policydb version 18 (MLS) not backwards compatible [ 288.572689][T27197] SELinux: failed to load policy [ 288.935929][T27225] QAT: failed to copy from user. [ 289.031114][T27258] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10051'. [ 289.034853][T27258] netlink: 12 bytes leftover after parsing attributes in process `syz.5.10051'. [ 289.039744][T27258] netlink: 'syz.5.10051': attribute type 18 has an invalid length. [ 289.040655][T27259] hugetlbfs: Bad value 'e' for mount option 'size' [ 289.040655][T27259] [ 289.744412][ T6132] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 289.752132][ T6132] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 289.758143][ T6132] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 289.758725][ T61] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.762713][ T6132] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 289.769326][ T6132] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 289.924377][ T61] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.990055][T27328] delete_channel: no stack [ 290.132304][ T61] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.147181][T27306] chnl_net:caif_netlink_parms(): no params data found [ 290.191250][T27340] A link change request failed with some changes committed already. Interface may have been left with an inconsistent configuration, please check. [ 290.328618][T27306] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.334454][T27306] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.338084][T27306] bridge_slave_0: entered allmulticast mode [ 290.342881][T27306] bridge_slave_0: entered promiscuous mode [ 290.350714][T27306] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.353696][T27306] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.356869][T27306] bridge_slave_1: entered allmulticast mode [ 290.360668][T27306] bridge_slave_1: entered promiscuous mode [ 290.418091][T27306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 290.424817][T27306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 290.484559][T27306] team0: Port device team_slave_0 added [ 290.489357][T27306] team0: Port device team_slave_1 added [ 290.578803][T27306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 290.582272][T27306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 290.596586][T27306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 290.619517][T27306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 290.622415][T27306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 290.634118][T27306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 290.659637][ T61] bridge_slave_1: left allmulticast mode [ 290.662643][ T61] bridge_slave_1: left promiscuous mode [ 290.666848][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.675224][ T61] bridge_slave_0: left allmulticast mode [ 290.677569][ T61] bridge_slave_0: left promiscuous mode [ 290.680059][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.685437][ T40] audit: type=1400 audit(275.862:44976): avc: denied { unmount } for pid=24467 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 290.720942][ T40] audit: type=1400 audit(275.908:44977): avc: denied { bind } for pid=27368 comm="syz.5.10102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 290.748355][ T40] audit: type=1326 audit(275.936:44978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27313 comm="syz.4.10078" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d878e929 code=0x7fc00000 [ 290.787124][T27373] netlink: 76 bytes leftover after parsing attributes in process `syz.4.10104'. [ 291.011859][T27392] netlink: 'syz.4.10113': attribute type 1 has an invalid length. [ 291.045077][T27394] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10114'. [ 291.218461][T27399] netlink: 44 bytes leftover after parsing attributes in process `syz.5.10116'. [ 291.222565][T27399] netlink: 'syz.5.10116': attribute type 6 has an invalid length. [ 291.225980][T27399] netlink: 'syz.5.10116': attribute type 5 has an invalid length. [ 291.229649][T27399] netlink: 'syz.5.10116': attribute type 4 has an invalid length. [ 291.314917][T27403] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 291.314917][T27403] program syz.5.10118 not setting count and/or reply_len properly [ 291.997355][ T6132] Bluetooth: hci1: command tx timeout [ 292.595884][ T6132] Bluetooth: hci2: command 0x1003 tx timeout [ 292.596410][ T5309] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 293.347475][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 293.392328][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 293.442682][ T61] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 293.483764][ T61] bond0 (unregistering): Released all slaves [ 294.220821][ T5309] Bluetooth: hci1: command tx timeout [ 294.372830][ T61] bond1 (unregistering): Released all slaves [ 294.380091][ T61] bond2 (unregistering): Released all slaves [ 294.388545][ T61] bond3 (unregistering): Released all slaves [ 294.399031][ T61] bond4 (unregistering): Released all slaves [ 294.416392][ T61] bond5 (unregistering): Released all slaves [ 294.423899][ T61] bond6 (unregistering): Released all slaves [ 294.453813][T27427] tipc: Started in network mode [ 294.455994][T27427] tipc: Node identity , cluster identity 4711 [ 294.460195][T27427] tipc: Failed to set node id, please configure manually [ 294.463732][T27427] tipc: Enabling of bearer rejected, failed to enable media [ 294.532453][T27306] hsr_slave_0: entered promiscuous mode [ 294.533007][T27306] hsr_slave_1: entered promiscuous mode [ 294.538459][T27306] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 294.541887][T27306] Cannot create hsr debugfs directory [ 294.577377][ T61] tipc: Left network mode [ 294.633139][T27437] openvswitch: netlink: Tunnel attr 14 has unexpected len 2 expected 0 [ 294.685228][T27441] netlink: 20 bytes leftover after parsing attributes in process `syz.4.10135'. [ 294.689449][T27441] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 294.721920][T27445] ptrace attach of "/syz-executor exec"[6119] was attempted by " b\x0a\x0c ! \x07    ?j}6ٱĞ Dl\x0a9:$VQ\x09d'ZbWzr‘Q``V\x5c4fL\x0a6\x0az^k`q0ȟ [ 294.744379][T27306] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 294.783977][T27306] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 294.792533][T27306] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 294.797497][T27306] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 294.913855][T27306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 294.932236][T27306] 8021q: adding VLAN 0 to HW filter on device team0 [ 294.952164][T22584] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.956378][T22584] bridge0: port 1(bridge_slave_0) entered forwarding state [ 294.960011][T22584] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.960061][T22584] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.096583][T27306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 295.480895][T27488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10155'. [ 295.487921][T27488] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10155'. [ 295.491636][T27488] netlink: 'syz.2.10155': attribute type 13 has an invalid length. [ 295.529872][ T61] hsr_slave_0: left promiscuous mode [ 295.534783][ T61] hsr_slave_1: left promiscuous mode [ 295.537810][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 295.540886][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 295.554973][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 295.567813][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 295.614567][ T61] team_slave_0: left promiscuous mode [ 295.617435][ T61] team_slave_1: left promiscuous mode [ 295.619743][ T61] veth1_macvtap: left promiscuous mode [ 295.622663][ T61] veth0_macvtap: left promiscuous mode [ 295.626437][ T61] veth1_vlan: left promiscuous mode [ 295.628686][ T61] veth0_vlan: left promiscuous mode [ 295.835496][ T61] pimreg (unregistering): left allmulticast mode [ 296.330820][T27512] fuse: blksize only supported for fuseblk [ 296.444398][ T5309] Bluetooth: hci1: command tx timeout [ 296.667288][ T40] audit: type=1800 audit(281.465:44979): pid=27533 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.4.10175" name="/newroot/1355/bus/#6862//deleted" dev="tmpfs" ino=6862 res=0 errno=0 [ 298.668103][ T5309] Bluetooth: hci1: command tx timeout [ 303.134216][ T61] team0 (unregistering): Port device team_slave_1 removed [ 303.986088][ T61] team0 (unregistering): Port device team_slave_0 removed [ 310.637461][T27306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 310.812629][T27564] vlan2: entered promiscuous mode [ 310.814852][T27564] bridge0: entered promiscuous mode [ 310.854592][T27306] veth0_vlan: entered promiscuous mode [ 310.868101][T27306] veth1_vlan: entered promiscuous mode [ 310.891485][T27306] veth0_macvtap: entered promiscuous mode [ 310.894100][ T40] audit: type=1326 audit(294.775:44980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27567 comm="syz.4.10188" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f63d878e929 code=0x0 [ 310.900515][T27306] veth1_macvtap: entered promiscuous mode [ 311.009394][T27306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 311.073515][T27306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 311.081315][T27306] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.085158][T27306] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.088793][T27306] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.093042][T27306] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.166934][T22602] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.170498][T22602] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.196607][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.202722][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.217385][T27585] openvswitch: netlink: Duplicate key (type 0). [ 311.245758][T27587] netlink: 32 bytes leftover after parsing attributes in process `syz.2.10197'. [ 311.401018][ T6105] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 311.415882][ T61] IPVS: stop unused estimator thread 0... [ 311.610246][T27606] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.412326][T27615] syz_tun: entered allmulticast mode [ 312.419998][T27613] syz_tun: left allmulticast mode [ 312.514468][T27623] IPVS: persistence engine module ip_vs_pe_s not found [ 312.614071][ C2] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 313.008845][T27648] netlink: 24 bytes leftover after parsing attributes in process `syz.6.10223'. [ 313.153137][ T40] audit: type=1400 audit(296.880:44981): avc: denied { listen } for pid=27656 comm="syz.5.10227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 313.161890][ T5309] Bluetooth: Frame is too long (len 12, expected len 4) [ 313.179822][T27660] can0: slcan on ptm0. [ 313.252907][T27659] can0 (unregistered): slcan off ptm0. [ 313.337907][T27677] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 313.410745][ T40] audit: type=1400 audit(297.123:44982): avc: denied { compute_member } for pid=27684 comm="syz.2.10237" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 314.462786][T27725] program syz.6.10259 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 314.523101][T27729] support for the xor transformation has been removed. [ 315.039403][ C1] hpet: Lost 1 RTC interrupts [ 315.153245][T27769] netlink: zone id is out of range [ 315.179487][T27769] netlink: set zone limit has 4 unknown bytes [ 315.495926][T27792] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 315.943829][ T40] audit: type=1400 audit(299.490:44983): avc: denied { map } for pid=27828 comm="syz.6.10307" path="socket:[83756]" dev="sockfs" ino=83756 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 316.043371][ T40] audit: type=1400 audit(299.593:44984): avc: denied { remount } for pid=27837 comm="syz.5.10311" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 316.043443][T27838] devtmpfs: Cannot change global quota limit on remount [ 316.261703][ T40] audit: type=1400 audit(299.789:44985): avc: denied { watch watch_reads } for pid=27852 comm="syz.2.10318" path="pipe:[84459]" dev="pipefs" ino=84459 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 316.303075][T27857] syz_tun: entered allmulticast mode [ 316.306133][T27857] SELinux: failure in sel_netif_sid_slow(), invalid network interface (0) [ 316.308409][T27860] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10322'. [ 316.309974][T27857] mroute: pending queue full, dropping entries [ 316.313864][T27860] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 316.313890][T27860] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 316.334258][T27855] syz_tun: left allmulticast mode [ 316.846709][T27899] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10341'. [ 316.912713][T27905] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 317.152613][ T5309] Bluetooth: hci1: command tx timeout [ 317.248182][T27926] netlink: 'syz.5.10353': attribute type 13 has an invalid length. [ 317.330577][T27930] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 317.501211][T27942] netlink: 168 bytes leftover after parsing attributes in process `syz.5.10361'. [ 317.510171][ T40] audit: type=1400 audit(300.958:44986): avc: denied { append } for pid=27943 comm="syz.6.10363" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 317.516780][T27944] binder: 27943:27944 ioctl c0306201 0 returned -14 [ 317.533956][T27944] binder: 27943:27944 ioctl c0306201 200000000040 returned -11 [ 317.741024][T27964] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10372'. [ 317.754461][ T5309] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 317.759292][ T5309] CPU: 0 UID: 0 PID: 5309 Comm: kworker/u33:1 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 317.759327][ T5309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 317.759341][ T5309] Workqueue: hci4 hci_rx_work [ 317.759371][ T5309] Call Trace: [ 317.759377][ T5309] [ 317.759383][ T5309] dump_stack_lvl+0x16c/0x1f0 [ 317.759408][ T5309] sysfs_warn_dup+0x7f/0xa0 [ 317.759435][ T5309] sysfs_create_dir_ns+0x24b/0x2b0 [ 317.759458][ T5309] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 317.759480][ T5309] ? find_held_lock+0x2b/0x80 [ 317.759506][ T5309] ? do_raw_spin_unlock+0x172/0x230 [ 317.759528][ T5309] kobject_add_internal+0x2c4/0x9b0 [ 317.759559][ T5309] kobject_add+0x16e/0x240 [ 317.759584][ T5309] ? __pfx_kobject_add+0x10/0x10 [ 317.759612][ T5309] ? do_raw_spin_unlock+0x172/0x230 [ 317.759634][ T5309] ? kobject_put+0xab/0x5a0 [ 317.759666][ T5309] device_add+0x288/0x1a70 [ 317.759684][ T5309] ? __pfx_dev_set_name+0x10/0x10 [ 317.759702][ T5309] ? __pfx_device_add+0x10/0x10 [ 317.759718][ T5309] ? mgmt_send_event_skb+0x2fb/0x460 [ 317.759751][ T5309] hci_conn_add_sysfs+0x17e/0x230 [ 317.759782][ T5309] le_conn_complete_evt+0x1075/0x1d70 [ 317.759813][ T5309] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 317.759840][ T5309] ? hci_event_packet+0x459/0x11c0 [ 317.759871][ T5309] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 317.759898][ T5309] ? skb_pull_data+0x166/0x210 [ 317.759920][ T5309] hci_le_meta_evt+0x357/0x5e0 [ 317.759947][ T5309] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 317.759974][ T5309] hci_event_packet+0x685/0x11c0 [ 317.759999][ T5309] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 317.760027][ T5309] ? __pfx_hci_event_packet+0x10/0x10 [ 317.760055][ T5309] ? kcov_remote_start+0x3c9/0x6d0 [ 317.760075][ T5309] ? lockdep_hardirqs_on+0x7c/0x110 [ 317.760127][ T5309] hci_rx_work+0x2c5/0x16b0 [ 317.760157][ T5309] ? rcu_is_watching+0x12/0xc0 [ 317.760187][ T5309] process_one_work+0x9cf/0x1b70 [ 317.760217][ T5309] ? __pfx_process_one_work+0x10/0x10 [ 317.760245][ T5309] ? assign_work+0x1a0/0x250 [ 317.760267][ T5309] worker_thread+0x6c8/0xf10 [ 317.760298][ T5309] ? __pfx_worker_thread+0x10/0x10 [ 317.760328][ T5309] kthread+0x3c5/0x780 [ 317.760347][ T5309] ? __pfx_kthread+0x10/0x10 [ 317.760368][ T5309] ? rcu_is_watching+0x12/0xc0 [ 317.760395][ T5309] ? __pfx_kthread+0x10/0x10 [ 317.760414][ T5309] ret_from_fork+0x5d7/0x6f0 [ 317.760443][ T5309] ? __pfx_kthread+0x10/0x10 [ 317.760461][ T5309] ret_from_fork_asm+0x1a/0x30 [ 317.760497][ T5309] [ 317.760521][ T5309] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 317.855359][ T40] audit: type=1326 audit(301.286:44987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27973 comm="syz.2.10377" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a3b18e929 code=0x0 [ 317.857702][ T5309] Bluetooth: hci4: failed to register connection device [ 318.082790][ C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 318.326094][ T40] audit: type=1800 audit(301.725:44988): pid=27987 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.6.10383" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 318.556823][ T40] audit: type=1326 audit(301.941:44989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28002 comm="syz.5.10391" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe03658e929 code=0x0 [ 318.833018][T28013] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10395'. [ 318.836538][T28013] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10395'. [ 318.840239][T28013] netlink: 'syz.6.10395': attribute type 13 has an invalid length. [ 318.996581][T28026] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 318.999527][T28026] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 319.057302][ T40] audit: type=1400 audit(302.399:44990): avc: denied { accept } for pid=28029 comm="syz.2.10403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 319.065692][ T40] audit: type=1400 audit(302.399:44991): avc: denied { write } for pid=28029 comm="syz.2.10403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 319.117233][ T40] audit: type=1400 audit(302.464:44992): avc: denied { execute_no_trans } for pid=28033 comm="syz.6.10404" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="hugetlbfs" ino=84707 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 319.655180][T28055] block nbd0: server does not support multiple connections per device. [ 319.662001][T28055] block nbd0: shutting down sockets [ 320.444762][ T40] audit: type=1400 audit(303.699:44993): avc: denied { remount } for pid=28101 comm="syz.6.10437" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 320.665995][T28112] netlink: 152 bytes leftover after parsing attributes in process `syz.2.10441'. [ 320.669959][T28112] tipc: Started in network mode [ 320.672043][T28112] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711 [ 320.678386][T28112] tipc: Enabled bearer , priority 10 [ 320.725987][ T40] audit: type=1400 audit(303.970:44994): avc: denied { getopt } for pid=28113 comm="syz.2.10442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 320.769893][T28116] random: crng reseeded on system resumption [ 320.785320][T28116] Hibernate inconsistent memory map detected! [ 320.792934][T28116] PM: hibernation: Image mismatch: architecture specific data [ 321.812459][T28150] netlink: 'syz.2.10460': attribute type 7 has an invalid length. [ 321.816309][T28150] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10460'. [ 321.830024][T28152] sch_fq: defrate 0 ignored. [ 321.880213][ T835] tipc: Node number set to 4269801514 [ 322.037744][ T34] usb 11-1: new full-speed USB device number 2 using dummy_hcd [ 322.211079][ T34] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 322.215227][ T34] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 322.218783][ T34] usb 11-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 322.223038][ T34] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.228648][ T34] usb 11-1: config 0 descriptor?? [ 322.239806][ T34] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 322.246131][ T34] dvb-usb: bulk message failed: -22 (3/0) [ 322.261520][ T34] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 322.274231][ T34] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 322.277557][ T34] usb 11-1: media controller created [ 322.282620][ T34] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 322.316321][ T34] dvb-usb: bulk message failed: -22 (6/0) [ 322.319129][ T34] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 322.326123][ T34] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb11/11-1/input/input27 [ 322.333571][ T34] dvb-usb: schedule remote query interval to 150 msecs. [ 322.336510][ T34] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 322.463239][ T34] usb 11-1: USB disconnect, device number 2 [ 322.682693][ T34] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 323.395103][T28159] team0: entered allmulticast mode [ 323.397709][T28159] team_slave_0: entered allmulticast mode [ 323.400135][T28159] team_slave_1: entered allmulticast mode [ 324.316692][T28185] nbd: nbd5 already in use [ 324.432607][ T40] audit: type=1326 audit(307.431:44995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28165 comm="syz.6.10467" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e698e929 code=0x7fc00000 [ 324.460480][ T40] audit: type=1400 audit(307.459:44996): avc: denied { execute } for pid=28193 comm="syz.2.10480" path="/dev/audio1" dev="devtmpfs" ino=1323 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 325.286878][T28238] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.759078][ T40] audit: type=1400 audit(308.685:44997): avc: denied { mounton } for pid=28245 comm="syz.5.10504" path="/395/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 325.774923][ T40] audit: type=1400 audit(308.694:44998): avc: denied { remount } for pid=28245 comm="syz.5.10504" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 326.411124][T28262] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 326.419843][ T1140] Bluetooth: hci2: Frame reassembly failed (-84) [ 328.166836][T28324] netlink: 76 bytes leftover after parsing attributes in process `syz.5.10536'. [ 328.501264][ T40] audit: type=1400 audit(311.238:44999): avc: denied { getopt } for pid=28335 comm="syz.5.10541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 328.507927][T28336] tmpfs: Invalid gid '0x00000000ffffffff' [ 328.612438][ T5309] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 328.612739][ T6132] Bluetooth: hci2: command 0x1003 tx timeout [ 328.885010][T28358] bridge_slave_0: invalid flags given to default FDB implementation [ 329.110265][T28380] __vm_enough_memory: pid: 28380, comm: syz.6.10564, bytes: 21199898673152 not enough memory for the allocation [ 329.209808][ T40] audit: type=1400 audit(311.903:45000): avc: denied { getopt } for pid=28387 comm="syz.5.10568" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 329.212483][T28388] 9p: Unknown uid 00000000004294967295 [ 329.826995][T28392] pim6reg: entered allmulticast mode [ 329.829705][T28393] pim6reg: left allmulticast mode [ 329.865036][ T6132] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 329.875438][ T6132] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 329.880614][ T6132] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 329.883945][ T6132] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 329.888998][ T6132] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 330.034218][ T40] audit: type=1326 audit(312.670:45001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28381 comm="syz.2.10565" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3b18e929 code=0x7fc00000 [ 330.984055][T28395] chnl_net:caif_netlink_parms(): no params data found [ 331.907639][T28442] openvswitch: netlink: IP tunnel TTL not specified. [ 332.108335][ T6132] Bluetooth: hci2: command tx timeout [ 332.296562][ T61] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.301663][ T61] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 332.525186][ T40] audit: type=1400 audit(314.999:45002): avc: denied { connect } for pid=28456 comm="syz.2.10592" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 332.572194][ T61] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.575890][ T61] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 332.587816][T28395] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.590957][T28395] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.593535][T28395] bridge_slave_0: entered allmulticast mode [ 332.596181][T28395] bridge_slave_0: entered promiscuous mode [ 332.607190][T28453] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 332.613732][T28395] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.617044][T28395] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.620274][T28395] bridge_slave_1: entered allmulticast mode [ 332.624740][T28395] bridge_slave_1: entered promiscuous mode [ 332.773332][ T61] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.778153][ T61] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 332.819062][T28395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 332.826372][T28395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 333.000233][ T61] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.004607][ T61] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 333.022983][T28395] team0: Port device team_slave_0 added [ 333.026740][T28395] team0: Port device team_slave_1 added [ 333.093317][T28395] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 333.096931][T28395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.108234][T28395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 333.125218][T28395] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 333.144594][T28395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.155713][T28395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 333.247174][T28395] hsr_slave_0: entered promiscuous mode [ 333.250425][T28395] hsr_slave_1: entered promiscuous mode [ 333.253592][T28395] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 333.262850][T28395] Cannot create hsr debugfs directory [ 333.430616][ T61] dummy0: left allmulticast mode [ 333.433314][ T61] dummy0: left promiscuous mode [ 333.435494][ T61] bridge0: port 3(dummy0) entered disabled state [ 333.441491][ T61] bridge_slave_1: left allmulticast mode [ 333.444128][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.449291][ T61] bridge_slave_0: left allmulticast mode [ 333.451424][ T61] bridge_slave_0: left promiscuous mode [ 333.453354][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.792744][T28526] SELinux: failure in selinux_parse_skb(), unable to parse packet [ 334.060472][ T40] audit: type=1326 audit(316.439:45003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28531 comm="syz.5.10624" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe03658e929 code=0x0 [ 334.342647][ T6132] Bluetooth: hci2: command tx timeout [ 334.509448][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 334.512257][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 335.778025][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 335.832388][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 335.894405][ T61] bond0 (unregistering): Released all slaves [ 335.912299][ T61] bond1 (unregistering): Released all slaves [ 335.937055][ T61] bond2 (unregistering): Released all slaves [ 336.030730][ T61] : left promiscuous mode [ 336.049875][T28549] mkiss: ax0: crc mode is auto. [ 336.089620][ T61] tipc: Left network mode [ 336.135881][T28395] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 336.140726][T28395] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 336.148561][T28395] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 336.157053][T28395] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 336.268545][T28395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 336.282534][T28395] 8021q: adding VLAN 0 to HW filter on device team0 [ 336.291378][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 336.294329][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 336.302209][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 336.305211][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 336.566266][ T6132] Bluetooth: hci2: command tx timeout [ 337.868952][T28623] netlink: 28 bytes leftover after parsing attributes in process `syz.5.10658'. [ 337.927431][T28395] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 337.963224][ T61] hsr_slave_0: left promiscuous mode [ 337.969581][ T61] hsr_slave_1: left promiscuous mode [ 337.972500][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 337.975569][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 337.985974][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 337.991935][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 338.043527][ T61] veth1_macvtap: left promiscuous mode [ 338.045945][ T61] veth0_macvtap: left allmulticast mode [ 338.049100][ T61] veth0_macvtap: left promiscuous mode [ 338.051885][ T61] veth1_vlan: left promiscuous mode [ 338.642645][ T40] audit: type=1400 audit(320.733:45004): avc: denied { bind } for pid=28650 comm="syz.6.10669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 338.705797][T28653] netlink: 'syz.6.10670': attribute type 1 has an invalid length. [ 338.779220][ T6132] Bluetooth: hci2: command tx timeout [ 338.800220][T28657] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 344.813160][ T61] team0 (unregistering): Port device team_slave_1 removed [ 345.690472][ T61] team0 (unregistering): Port device team_slave_0 removed [ 352.199547][T28668] erspan0: entered promiscuous mode [ 352.337980][T28688] team0: No ports can be present during mode change [ 352.450661][T28395] veth0_vlan: entered promiscuous mode [ 352.455715][T28699] netlink: 156 bytes leftover after parsing attributes in process `syz.6.10690'. [ 352.457501][T28395] veth1_vlan: entered promiscuous mode [ 352.461274][T28699] netlink: 'syz.6.10690': attribute type 5 has an invalid length. [ 352.469844][ T40] audit: type=1326 audit(333.660:45005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28697 comm="syz.5.10689" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03658e929 code=0x7ffc0000 [ 352.473828][T28699] netlink: 'syz.6.10690': attribute type 6 has an invalid length. [ 352.482568][T28699] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10690'. [ 352.505678][ T40] audit: type=1326 audit(333.660:45006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28697 comm="syz.5.10689" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03658e929 code=0x7ffc0000 [ 352.541495][ T40] audit: type=1326 audit(333.660:45007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28697 comm="syz.5.10689" exe="/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7fe03658e929 code=0x7ffc0000 [ 352.550311][ T40] audit: type=1326 audit(333.660:45008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28697 comm="syz.5.10689" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03658e929 code=0x7ffc0000 [ 352.557197][ T40] audit: type=1326 audit(333.660:45009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28697 comm="syz.5.10689" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03658e929 code=0x7ffc0000 [ 352.605680][T28395] veth0_macvtap: entered promiscuous mode [ 352.611984][T28395] veth1_macvtap: entered promiscuous mode [ 352.624045][T28395] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 352.638511][T28395] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 352.645423][T28395] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.649145][T28395] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.652847][T28395] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.662498][T28395] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.684597][ T40] audit: type=1400 audit(333.866:45010): avc: denied { bind } for pid=28719 comm="syz.2.10700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 352.762960][T22597] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 352.766932][T22597] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 352.792110][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 352.795735][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 352.918608][T28734] netlink: 24 bytes leftover after parsing attributes in process `syz.6.10706'. [ 353.002126][T28737] ipvlan2: entered promiscuous mode [ 353.004491][T28737] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 353.007509][T28737] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 353.044231][T28743] netlink: 8 bytes leftover after parsing attributes in process `syz.7.10710'. [ 353.100965][T28743] macsec0: entered promiscuous mode [ 353.339453][T28760] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10718'. [ 353.546675][T28771] netlink: 'syz.2.10723': attribute type 2 has an invalid length. [ 353.549792][T28771] netlink: 'syz.2.10723': attribute type 8 has an invalid length. [ 353.553069][T28771] netlink: 1148 bytes leftover after parsing attributes in process `syz.2.10723'. [ 353.760724][T28788] netlink: 108 bytes leftover after parsing attributes in process `syz.2.10731'. [ 353.764255][T28788] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10731'. [ 353.974083][T28808] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 354.028539][T28812] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10742'. [ 354.104548][T28814] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.160075][T28823] netlink: 28 bytes leftover after parsing attributes in process `syz.7.10748'. [ 354.242484][T28814] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.406083][T28814] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.422891][T28833] xt_hashlimit: size too large, truncated to 1048576 [ 354.560371][T28814] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.780012][T28814] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.803090][T28814] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.814521][T28814] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.827739][T28814] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.980665][T28855] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 354.982880][T28855] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 355.082962][ T5309] Bluetooth: hci4: Malformed LE Event: 0x1b [ 355.200145][ T5309] Bluetooth: hci3: command 0x1003 tx timeout [ 355.200531][ T6132] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 357.582711][ T40] audit: type=1400 audit(338.440:45011): avc: denied { bind } for pid=28922 comm="syz.6.10796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 357.653477][ T40] audit: type=1326 audit(338.515:45012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28932 comm="syz.5.10801" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe03658e929 code=0x0 [ 357.688715][ T40] audit: type=1400 audit(338.543:45013): avc: denied { write } for pid=28936 comm="syz.2.10804" name="file0" dev="9p" ino=36047867 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 357.700959][ T40] audit: type=1400 audit(338.552:45014): avc: denied { ioctl } for pid=28936 comm="syz.2.10804" path="/2770/file0/file0" dev="9p" ino=36047867 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 357.989471][T28958] openvswitch: netlink: Multiple metadata blocks provided [ 358.032174][T28962] loop7: detected capacity change from 0 to 524255232 [ 358.074002][T28964] tipc: New replicast peer: 255.255.255.255 [ 358.079220][T28964] tipc: Enabled bearer , priority 10 [ 358.083497][T28964] __nla_validate_parse: 3 callbacks suppressed [ 358.083508][T28964] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10814'. [ 358.091302][T28964] tipc: Disabling bearer [ 358.124457][ T5359] udevd[5359]: worker [28819] terminated by signal 33 (Unknown signal 33) [ 358.127588][ T5359] udevd[5359]: worker [28819] failed while handling '/devices/virtual/block/loop7' [ 358.518391][ T40] audit: type=1400 audit(339.319:45015): avc: denied { accept } for pid=28982 comm="syz.2.10823" path=0000214E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 358.765325][ T6160] IPVS: starting estimator thread 0... [ 358.878407][T29003] IPVS: using max 45 ests per chain, 108000 per kthread [ 359.705500][T29068] bond0: entered promiscuous mode [ 359.707645][T29068] bond_slave_0: entered promiscuous mode [ 359.710060][T29068] bond_slave_1: entered promiscuous mode [ 359.714868][T29068] batadv0: entered promiscuous mode [ 359.718326][T29068] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 359.725608][T29068] bond0: left promiscuous mode [ 359.727356][T29068] bond_slave_0: left promiscuous mode [ 359.729487][T29068] bond_slave_1: left promiscuous mode [ 359.740119][T29068] batadv0: left promiscuous mode [ 359.797978][T29072] overlay: filesystem on ./bus not supported [ 359.969833][T29080] netlink: 4 bytes leftover after parsing attributes in process `syz.7.10867'. [ 359.976592][T29080] netlink: 4 bytes leftover after parsing attributes in process `syz.7.10867'. [ 360.214539][T29105] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 360.371478][T29114] netlink: 24 bytes leftover after parsing attributes in process `syz.5.10883'. [ 360.547531][T29132] misc userio: Can't change port type on an already running userio instance [ 361.325949][ T7078] usb 11-1: new low-speed USB device number 4 using dummy_hcd [ 361.501730][ T7078] usb 11-1: config 0 has an invalid interface number: 1 but max is 0 [ 361.505343][ T7078] usb 11-1: config 0 has no interface number 0 [ 361.512763][ T7078] usb 11-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 361.518328][ T7078] usb 11-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 361.522843][ T7078] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 361.526672][ T7078] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.532996][ T7078] usb 11-1: config 0 descriptor?? [ 361.535936][T29162] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 361.545201][ T7078] iowarrior 11-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 361.622282][T29193] netlink: 'syz.7.10920': attribute type 1 has an invalid length. [ 361.625093][T29193] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 361.761769][ T10] usb 11-1: USB disconnect, device number 4 [ 361.808030][T29199] netlink: 4 bytes leftover after parsing attributes in process `syz.7.10923'. [ 362.617321][T29199] team0 (unregistering): Port device team_slave_0 removed [ 362.630560][T29199] team0 (unregistering): Port device team_slave_1 removed [ 362.884657][T29227] netlink: 20 bytes leftover after parsing attributes in process `syz.5.10936'. [ 362.885065][T29225] netlink: 4 bytes leftover after parsing attributes in process `syz.7.10935'. [ 362.924713][T29227] netlink: 20 bytes leftover after parsing attributes in process `syz.5.10936'. [ 362.986965][T29237] netlink: 160 bytes leftover after parsing attributes in process `syz.2.10940'. [ 363.013543][T29241] netlink: 'syz.5.10941': attribute type 11 has an invalid length. [ 363.035676][T29244] batadv_slave_1: entered promiscuous mode [ 363.048044][T29243] batadv_slave_1: left promiscuous mode [ 363.125738][T29246] tipc: Started in network mode [ 363.127809][T29246] tipc: Node identity ac14140f, cluster identity 4711 [ 363.132123][T29246] tipc: New replicast peer: 255.255.255.255 [ 363.140170][T29246] tipc: Enabled bearer , priority 10 [ 363.205525][T29262] openvswitch: netlink: Tunnel attr 16370 out of range max 16 [ 363.290068][T29269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10954'. [ 363.293978][T29269] netlink: 'syz.2.10954': attribute type 21 has an invalid length. [ 363.584838][ T40] audit: type=1400 audit(344.062:45016): avc: denied { shutdown } for pid=29294 comm="syz.7.10966" laddr=172.20.20.10 lport=15 faddr=172.20.20.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 363.928323][T29317] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 363.930960][T29317] syzkaller1: linktype set to 6 [ 364.214584][ T6210] tipc: Node number set to 2886997007 [ 364.388017][T29344] netlink: 88 bytes leftover after parsing attributes in process `syz.2.10992'. [ 364.391822][T29344] netlink: 48 bytes leftover after parsing attributes in process `syz.2.10992'. [ 364.474273][T29354] bridge_slave_0: default FDB implementation only supports local addresses [ 364.632317][T29365] overlayfs: missing 'workdir' [ 364.751236][T29373] could not open pipe file descriptor [ 364.834729][T29385] tun0: tun_chr_ioctl cmd 1074025676 [ 364.837063][T29385] tun0: owner set to 0 [ 364.886770][T29391] netlink: 4 bytes leftover after parsing attributes in process `syz.6.11014'. [ 364.915863][ T40] audit: type=1400 audit(345.306:45017): avc: denied { add_name } for pid=29392 comm="syz.2.11015" name="blkio.bfq.io_merged_recursive" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 364.924871][ T40] audit: type=1400 audit(345.306:45018): avc: denied { create } for pid=29392 comm="syz.2.11015" name="blkio.bfq.io_merged_recursive" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 364.939298][ T40] audit: type=1400 audit(345.306:45019): avc: denied { associate } for pid=29392 comm="syz.2.11015" name="blkio.bfq.io_merged_recursive" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 364.948914][ T40] audit: type=1400 audit(345.324:45020): avc: denied { append } for pid=29392 comm="syz.2.11015" path="/2816/file0/blkio.bfq.io_merged_recursive" dev="9p" ino=36047883 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 364.996273][T29399] netlink: 'syz.5.11018': attribute type 5 has an invalid length. [ 365.073595][T29408] tmpfs: Invalid uid '0x00000000ffffffff' [ 365.720228][T29458] kvm: kvm [29457]: vcpu1, guest rIP: 0xfff0 Unhandled RDMSR(0x4000007c) [ 365.927208][T29472] 8021q: adding VLAN 0 to HW filter on device bond1 [ 365.931908][T29472] bond0: (slave bond1): Enslaving as an active interface with an up link [ 366.025407][ T40] audit: type=1400 audit(346.344:45021): avc: denied { read } for pid=29480 comm="syz.6.11057" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 366.211267][ T40] audit: type=1400 audit(346.512:45022): avc: denied { setopt } for pid=29491 comm="syz.2.11062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 366.264874][ T1021] usb 12-1: new high-speed USB device number 2 using dummy_hcd [ 366.427909][ T1021] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 366.432433][ T1021] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 366.438477][ T1021] usb 12-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 366.442124][ T1021] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.454395][ T1021] usb 12-1: config 0 descriptor?? [ 366.550206][T29508] loop6: detected capacity change from 0 to 524287999 [ 366.556407][T29508] buffer_io_error: 23 callbacks suppressed [ 366.556422][T29508] Buffer I/O error on dev loop6, logical block 0, async page read [ 366.562437][T29508] Buffer I/O error on dev loop6, logical block 0, async page read [ 366.566341][T29508] Buffer I/O error on dev loop6, logical block 0, async page read [ 366.569743][T29508] Buffer I/O error on dev loop6, logical block 0, async page read [ 366.573031][T29508] Buffer I/O error on dev loop6, logical block 0, async page read [ 366.577218][T29508] Buffer I/O error on dev loop6, logical block 0, async page read [ 366.580930][T29508] Buffer I/O error on dev loop6, logical block 0, async page read [ 366.584284][T29508] Buffer I/O error on dev loop6, logical block 0, async page read [ 366.588527][T29508] ldm_validate_partition_table(): Disk read failed. [ 366.591314][T29508] Buffer I/O error on dev loop6, logical block 0, async page read [ 366.594760][T29508] Buffer I/O error on dev loop6, logical block 0, async page read [ 366.598551][T29508] Dev loop6: unable to read RDB block 0 [ 366.601302][T29508] loop6: unable to read partition table [ 366.603855][T29508] loop_reread_partitions: partition scan of loop6 (3 xC) failed (rc=-5) [ 366.652171][T29167] ldm_validate_partition_table(): Disk read failed. [ 366.655345][T29167] Dev loop6: unable to read RDB block 0 [ 366.658160][T29167] loop6: unable to read partition table [ 366.662489][T29509] ldm_validate_partition_table(): Disk read failed. [ 366.665634][T29509] Dev loop6: unable to read RDB block 0 [ 366.668362][T29509] loop6: unable to read partition table [ 366.671087][T29509] loop_reread_partitions: partition scan of loop6 (3 xC) failed (rc=-5) [ 366.685371][ T1021] usbhid 12-1:0.0: can't add hid device: -71 [ 366.688050][ T1021] usbhid 12-1:0.0: probe with driver usbhid failed with error -71 [ 366.696674][ T1021] usb 12-1: USB disconnect, device number 2 [ 367.163798][T29544] netlink: 292 bytes leftover after parsing attributes in process `syz.2.11085'. [ 367.168867][T29545] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 367.661319][T29586] netlink: 340 bytes leftover after parsing attributes in process `syz.6.11105'. [ 367.852520][ T40] audit: type=1400 audit(348.056:45023): avc: denied { read } for pid=29597 comm="syz.6.11109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 367.868554][ T24] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 368.053665][ T24] usb 10-1: Using ep0 maxpacket: 8 [ 368.070106][ T24] usb 10-1: config 0 has an invalid interface number: 55 but max is 0 [ 368.077064][ T24] usb 10-1: config 0 has no interface number 0 [ 368.079809][ T24] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 368.084953][ T24] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 368.089755][ T24] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 368.094290][ T24] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 368.099472][ T24] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 368.103247][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.109088][ T24] usb 10-1: config 0 descriptor?? [ 368.120953][ T24] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 368.339275][ T10] usb 10-1: USB disconnect, device number 4 [ 368.346631][ T10] ldusb 10-1:0.55: LD USB Device #0 now disconnected [ 368.822040][ T40] audit: type=1400 audit(348.963:45024): avc: denied { override_creds } for pid=29614 comm="syz.6.11117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 368.830934][ T29] usb 12-1: new high-speed USB device number 3 using dummy_hcd [ 368.998391][ T29] usb 12-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 369.009536][ T29] usb 12-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 369.014178][ T29] usb 12-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 369.018467][ T29] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 369.024076][ T29] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 369.031875][ T29] usb 12-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 369.038212][ T29] usb 12-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 369.041632][ T29] usb 12-1: Product: syz [ 369.043473][ T29] usb 12-1: Manufacturer: syz [ 369.056606][ T29] cdc_wdm 12-1:1.0: skipping garbage [ 369.058895][ T29] cdc_wdm 12-1:1.0: skipping garbage [ 369.063735][ T29] cdc_wdm 12-1:1.0: cdc-wdm0: USB WDM device [ 369.071968][ T29] cdc_wdm 12-1:1.0: Unknown control protocol [ 369.275193][ T10] usb 12-1: USB disconnect, device number 3 [ 369.279648][ T6160] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 369.450721][ T6160] usb 10-1: Using ep0 maxpacket: 32 [ 369.455000][ T6160] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 369.461648][ T6160] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 369.465368][ T6160] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 369.468848][ T6160] usb 10-1: Product: syz [ 369.470634][ T6160] usb 10-1: Manufacturer: syz [ 369.472800][ T6160] usb 10-1: SerialNumber: syz [ 369.477109][ T6160] usb 10-1: config 0 descriptor?? [ 369.480010][T29628] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 369.483670][ T6160] hub 10-1:0.0: bad descriptor, ignoring hub [ 369.486141][ T6160] hub 10-1:0.0: probe with driver hub failed with error -5 [ 369.824968][ T6160] usb 10-1: USB disconnect, device number 5 [ 369.860679][T29640] netlink: 20 bytes leftover after parsing attributes in process `syz.7.11129'. [ 370.244859][T29659] vxcan1: tx address claim with dest, not broadcast [ 370.336103][T29662] netlink: 72 bytes leftover after parsing attributes in process `syz.7.11137'. [ 371.264421][ T40] audit: type=1400 audit(351.246:45025): avc: denied { map } for pid=29678 comm="syz.5.11143" path="socket:[89996]" dev="sockfs" ino=89996 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 371.328841][T29681] netlink: 20 bytes leftover after parsing attributes in process `syz.7.11145'. [ 371.396922][T29688] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 371.399960][T29688] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 371.404619][T29688] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 371.410649][T29688] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 371.709009][T29707] openvswitch: netlink: IPv4 tunnel dst address is zero [ 371.767699][T29715] netlink: 'syz.2.11161': attribute type 11 has an invalid length. [ 371.771262][T29715] netlink: 44 bytes leftover after parsing attributes in process `syz.2.11161'. [ 371.827274][T29721] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.830268][T29721] bridge0: port 1(bridge_slave_0) entered forwarding state [ 371.991230][T29738] netlink: 52 bytes leftover after parsing attributes in process `syz.2.11168'. [ 371.995788][T29738] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11168'. [ 372.011807][T29742] netlink: 72 bytes leftover after parsing attributes in process `syz.7.11174'. [ 372.518780][ T6210] usb 11-1: new high-speed USB device number 5 using dummy_hcd [ 372.679147][ T6210] usb 11-1: Using ep0 maxpacket: 16 [ 372.683406][ T6210] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 372.690479][ T6210] usb 11-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 372.694327][ T6210] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.697719][ T6210] usb 11-1: Product: syz [ 372.699836][ T6210] usb 11-1: Manufacturer: syz [ 372.701969][ T6210] usb 11-1: SerialNumber: syz [ 372.706191][ T6210] usb 11-1: config 0 descriptor?? [ 372.711999][ T6210] em28xx 11-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 372.715945][ T6210] em28xx 11-1:0.0: DVB interface 0 found: bulk [ 373.002073][ T6210] em28xx 11-1:0.0: unknown em28xx chip ID (0) [ 373.072072][ T6210] em28xx 11-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 373.078749][ T6210] em28xx 11-1:0.0: board has no eeprom [ 373.149166][T29755] em28xx 11-1:0.0: writing to i2c device at 0x0 failed (error=-5) [ 373.153828][ T6210] em28xx 11-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 373.157070][ T6210] em28xx 11-1:0.0: dvb set to bulk mode. [ 373.159822][ T24] em28xx 11-1:0.0: Binding DVB extension [ 373.168523][ T6210] usb 11-1: USB disconnect, device number 5 [ 373.176234][ T6210] em28xx 11-1:0.0: Disconnecting em28xx [ 373.199364][T29783] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present [ 373.206279][T29783] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9) [ 373.209170][ C2] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 373.220583][ T24] em28xx 11-1:0.0: Registering input extension [ 373.223443][ T6210] em28xx 11-1:0.0: Closing input extension [ 373.249242][ T6210] em28xx 11-1:0.0: Freeing device [ 374.359739][ C2] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 374.538294][T29849] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11223'. [ 374.741188][T29868] binder: BC_ATTEMPT_ACQUIRE not supported [ 374.744423][T29868] binder: 29867:29868 ioctl c0306201 200000000640 returned -22 [ 374.805241][ T40] audit: type=1400 audit(610.549:45026): avc: denied { read } for pid=29876 comm="syz.6.11236" path="socket:[90099]" dev="sockfs" ino=90099 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 375.358249][T29920] netlink: 4 bytes leftover after parsing attributes in process `syz.7.11256'. [ 375.385269][ T6210] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 375.388334][ T6210] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 375.391490][ T6210] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 375.401985][ T6210] hid-generic 0003:0004:0000.0005: hidraw1: USB HID v0.00 Device [syz0] on syz1 [ 375.469666][ C2] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 375.476486][T29927] fido_id[29927]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 375.514567][T29931] netlink: 28 bytes leftover after parsing attributes in process `syz.2.11260'. [ 375.807524][ T6210] rtc_cmos 00:05: Alarms can be up to one day in the future [ 375.822158][ T6210] rtc_cmos 00:05: Alarms can be up to one day in the future [ 375.826889][ T6210] rtc_cmos 00:05: Alarms can be up to one day in the future [ 375.831271][ T6210] rtc_cmos 00:05: Alarms can be up to one day in the future [ 375.843519][ T6210] rtc rtc0: __rtc_set_alarm: err=-22 [ 376.589533][ C2] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 376.851546][T30016] veth0: entered promiscuous mode [ 376.855712][T30015] veth0: left promiscuous mode [ 377.149572][T30034] netlink: 28 bytes leftover after parsing attributes in process `syz.6.11310'. [ 377.153784][T30034] netlink: 'syz.6.11310': attribute type 7 has an invalid length. [ 377.156956][T30034] netlink: 20 bytes leftover after parsing attributes in process `syz.6.11310'. [ 377.318815][ T5309] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 377.324533][ T5309] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 377.329041][ T5309] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 377.342302][ T5309] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 377.346510][ T5309] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 377.441424][T30038] netlink: 108 bytes leftover after parsing attributes in process `syz.2.11312'. [ 377.616140][T22561] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.672566][T30049] unknown channel width for channel at 909000KHz? [ 377.694213][ C2] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 377.739980][T30056] netlink: 44 bytes leftover after parsing attributes in process `syz.5.11320'. [ 377.761654][T22561] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.785241][T30056] bridge0: port 1(bridge_slave_0) entered disabled state [ 377.963425][T22561] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.145439][T22561] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.153046][T30035] chnl_net:caif_netlink_parms(): no params data found [ 378.201914][T30080] netlink: 152 bytes leftover after parsing attributes in process `syz.5.11331'. [ 378.237656][T30083] netlink: 'syz.6.11332': attribute type 1 has an invalid length. [ 378.243190][T30083] netlink: 'syz.6.11332': attribute type 4 has an invalid length. [ 378.246356][T30083] netlink: 208 bytes leftover after parsing attributes in process `syz.6.11332'. [ 378.251690][T30083] NCSI netlink: No device for ifindex 3088861696 [ 378.287691][T30035] bridge0: port 1(bridge_slave_0) entered blocking state [ 378.290130][T30035] bridge0: port 1(bridge_slave_0) entered disabled state [ 378.293173][T30035] bridge_slave_0: entered allmulticast mode [ 378.296078][T30035] bridge_slave_0: entered promiscuous mode [ 378.304776][T30035] bridge0: port 2(bridge_slave_1) entered blocking state [ 378.311438][T30035] bridge0: port 2(bridge_slave_1) entered disabled state [ 378.315600][T30035] bridge_slave_1: entered allmulticast mode [ 378.318608][T30035] bridge_slave_1: entered promiscuous mode [ 378.379709][T30035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 378.392021][T30035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 378.486056][T30103] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11340'. [ 378.513277][T30035] team0: Port device team_slave_0 added [ 378.538051][T30035] team0: Port device team_slave_1 added [ 378.612675][T30035] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 378.616028][T30035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.627256][T30035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 378.634185][T30035] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 378.637077][T30035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.648068][T30035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 378.652827][T22561] bridge_slave_1: left allmulticast mode [ 378.655157][T22561] bridge_slave_1: left promiscuous mode [ 378.657535][T22561] bridge0: port 2(bridge_slave_1) entered disabled state [ 378.664519][T22561] bridge_slave_0: left allmulticast mode [ 378.667140][T22561] bridge_slave_0: left promiscuous mode [ 378.669527][T22561] bridge0: port 1(bridge_slave_0) entered disabled state [ 378.766231][T30124] autofs4:pid:30124:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(24.11), cmd(0xc018937e) [ 378.771251][T30124] autofs4:pid:30124:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 378.805066][ C2] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 379.578274][ T6132] Bluetooth: hci2: command tx timeout [ 380.785656][T22561] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 380.839465][T22561] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 380.902105][T22561] bond0 (unregistering): Released all slaves [ 381.061068][T30035] hsr_slave_0: entered promiscuous mode [ 381.064070][T30035] hsr_slave_1: entered promiscuous mode [ 381.066870][T30035] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 381.069938][T30035] Cannot create hsr debugfs directory [ 381.074246][T22561] tipc: Disabling bearer [ 381.076780][T22561] tipc: Left network mode [ 381.115911][T30155] Attempt to restore checkpoint with obsolete wellknown handles [ 381.194017][ T40] audit: type=1326 audit(616.536:45027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30161 comm="syz.2.11368" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3b18e929 code=0x7ffc0000 [ 381.194673][T30162] 9pnet_rdma: rdma_create_trans (30162): problem binding to privport: 13 [ 381.203332][ T40] audit: type=1326 audit(616.536:45028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30161 comm="syz.2.11368" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3b18e929 code=0x7ffc0000 [ 381.220185][ T40] audit: type=1326 audit(616.536:45029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30161 comm="syz.2.11368" exe="/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f6a3b18e929 code=0x7ffc0000 [ 381.229938][ T40] audit: type=1326 audit(616.536:45030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30161 comm="syz.2.11368" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3b18e929 code=0x7ffc0000 [ 381.237837][ T40] audit: type=1326 audit(616.536:45031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30161 comm="syz.2.11368" exe="/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6a3b18e929 code=0x7ffc0000 [ 381.254667][ T40] audit: type=1326 audit(616.536:45032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30161 comm="syz.2.11368" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3b18e929 code=0x7ffc0000 [ 381.263337][ T40] audit: type=1326 audit(616.536:45033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30161 comm="syz.2.11368" exe="/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f6a3b18e929 code=0x7ffc0000 [ 381.272402][ T40] audit: type=1326 audit(616.536:45034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30161 comm="syz.2.11368" exe="/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000 [ 381.281705][ T40] audit: type=1326 audit(616.536:45035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30161 comm="syz.2.11368" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3b18e929 code=0x7ffc0000 [ 381.412885][T30179] netlink: 24 bytes leftover after parsing attributes in process `syz.5.11376'. [ 381.468299][T30182] netlink: 24 bytes leftover after parsing attributes in process `syz.5.11376'. [ 381.808915][ T6132] Bluetooth: hci2: command tx timeout [ 381.988742][T22561] hsr_slave_0: left promiscuous mode [ 381.992004][T22561] hsr_slave_1: left promiscuous mode [ 381.994949][T22561] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 381.998097][T22561] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 382.002811][T22561] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 382.005469][T22561] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 382.031642][T22561] veth1_macvtap: left promiscuous mode [ 382.034182][T22561] veth0_macvtap: left promiscuous mode [ 382.036922][T22561] veth1_vlan: left promiscuous mode [ 382.039054][T22561] veth0_vlan: left promiscuous mode [ 384.022149][ T6132] Bluetooth: hci2: command tx timeout [ 386.245783][ T6132] Bluetooth: hci2: command tx timeout [ 396.117981][ T40] audit: type=1400 audit(630.492:45036): avc: denied { setopt } for pid=30225 comm="syz.5.11396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 396.172033][ T40] audit: type=1400 audit(630.529:45037): avc: denied { accept } for pid=30229 comm="syz.5.11397" laddr=2001:: lport=43751 faddr=2001:: fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 396.206417][T30035] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 396.220372][T30035] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 396.227981][T30035] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 396.235251][T30035] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 396.312112][T30035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 396.329007][T30035] 8021q: adding VLAN 0 to HW filter on device team0 [ 396.344127][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 396.346521][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 396.353801][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 396.356386][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 396.596264][T30035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 396.784461][T30035] veth0_vlan: entered promiscuous mode [ 396.794238][T30035] veth1_vlan: entered promiscuous mode [ 396.822207][T30035] veth0_macvtap: entered promiscuous mode [ 396.828829][T30035] veth1_macvtap: entered promiscuous mode [ 396.844826][T30035] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 396.866394][T30035] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 396.874853][T30035] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.878535][T30035] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.882193][T30035] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.886471][T30035] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.944419][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.949095][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.968797][T22561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.972338][T22561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.409888][T30304] veth0: entered promiscuous mode [ 397.413810][T30304] veth0: left promiscuous mode [ 397.447421][ T40] audit: type=1400 audit(631.736:45038): avc: denied { ioctl } for pid=30308 comm="syz.7.11426" path="socket:[96715]" dev="sockfs" ino=96715 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 397.573382][T30326] netlink: 20 bytes leftover after parsing attributes in process `syz.5.11434'. [ 398.488671][ T40] audit: type=1400 audit(632.709:45039): avc: denied { bind } for pid=30333 comm="syz.2.11437" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 399.573068][T30358] netlink: 28 bytes leftover after parsing attributes in process `syz.6.11448'. [ 399.679472][T30353] mac80211_hwsim hwsim28 wlan0: entered promiscuous mode [ 399.688803][T30353] macvtap1: entered allmulticast mode [ 399.691007][T30353] mac80211_hwsim hwsim28 wlan0: entered allmulticast mode [ 399.701314][T30353] mac80211_hwsim hwsim28 wlan0: left allmulticast mode [ 399.704300][T30353] mac80211_hwsim hwsim28 wlan0: left promiscuous mode [ 399.864607][T30360] bridge0: entered promiscuous mode [ 399.867836][T30360] bridge0: left allmulticast mode [ 399.960737][T30372] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11453'. [ 400.191170][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 400.193322][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 400.478213][T30414] netlink: 108 bytes leftover after parsing attributes in process `syz.6.11474'. [ 401.276977][T30473] netlink: 4 bytes leftover after parsing attributes in process `syz.7.11502'. [ 401.432149][T30482] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0 [ 402.245812][T30533] autofs4:pid:30533:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(24.11), cmd(0xc018937e) [ 402.251786][T30533] autofs4:pid:30533:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 402.445934][T30545] netlink: 'syz.5.11542': attribute type 1 has an invalid length. [ 402.449350][T30545] netlink: 'syz.5.11542': attribute type 4 has an invalid length. [ 402.452943][T30545] netlink: 208 bytes leftover after parsing attributes in process `syz.5.11542'. [ 402.456072][T30545] NCSI netlink: No device for ifindex 3088861696 [ 402.830679][T30578] netlink: 36 bytes leftover after parsing attributes in process `syz.6.11551'. [ 403.442211][T30606] ip6erspan0: tun_chr_ioctl cmd 1074025675 [ 403.445688][T30606] ip6erspan0: persist disabled [ 404.317891][T30650] netlink: 8 bytes leftover after parsing attributes in process `syz.7.11582'. [ 404.408884][T30659] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 404.528274][ T40] audit: type=1326 audit(638.359:45040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30662 comm="syz.7.11588" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f8718e929 code=0x0 [ 405.339307][T30689] netpci0: tun_chr_ioctl cmd 1074025672 [ 405.341896][T30689] netpci0: ignored: set checksum disabled [ 405.587908][T30699] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 405.675356][T30703] bond0: option mode: unable to set because the bond device has slaves [ 405.878785][ T40] audit: type=1400 audit(639.622:45041): avc: denied { execmod } for pid=30712 comm="syz.2.11609" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=98673 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 406.010884][T30724] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11614'. [ 406.014866][T30724] netlink: 12 bytes leftover after parsing attributes in process `syz.6.11614'. [ 406.019218][T30726] netlink: 277 bytes leftover after parsing attributes in process `syz.7.11615'. [ 406.218538][T30737] netlink: 12 bytes leftover after parsing attributes in process `syz.5.11620'. [ 407.210459][T30769] nbd: socks must be embedded in a SOCK_ITEM attr [ 407.213159][T30769] block nbd0: shutting down sockets [ 407.225754][T30771] netlink: 256 bytes leftover after parsing attributes in process `syz.2.11635'. [ 407.474264][ T40] audit: type=1400 audit(641.109:45042): avc: denied { getopt } for pid=30787 comm="syz.2.11642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 407.785513][T30802] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11647'. [ 407.991344][T30823] netlink: 68 bytes leftover after parsing attributes in process `syz.7.11657'. [ 408.099405][ T40] audit: type=1400 audit(641.698:45043): avc: denied { lock } for pid=30832 comm="syz.5.11661" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=98848 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 408.109188][ T40] audit: type=1400 audit(641.698:45044): avc: denied { open } for pid=30832 comm="syz.5.11661" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=98848 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 408.206107][T30841] bridge0: port 3(syz_tun) entered blocking state [ 408.209115][T30841] bridge0: port 3(syz_tun) entered disabled state [ 408.211919][T30841] syz_tun: entered allmulticast mode [ 408.215140][T30841] syz_tun: entered promiscuous mode [ 408.338891][T30856] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11672'. [ 408.567780][T30877] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11680'. [ 408.612053][T30883] netlink: 'syz.2.11683': attribute type 12 has an invalid length. [ 408.826613][T30902] sch_tbf: burst 0 is lower than device geneve0 mtu (1464) ! [ 409.171479][T30921] openvswitch: netlink: IP tunnel TTL not specified. [ 409.594236][ T24] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 409.768217][ T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 409.773029][ T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 409.777770][ T24] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 409.783260][ T24] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 409.787516][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.793623][ T24] usb 10-1: config 0 descriptor?? [ 410.234588][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.237829][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.240927][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.243991][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.247146][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.250164][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.252720][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.255318][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.258804][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.261899][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.264961][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.268165][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.270944][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.273896][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.276451][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.279350][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.281983][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.284915][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.287477][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.291654][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.294825][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.297909][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.301627][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.304671][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.307636][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.311338][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.314444][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.317510][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.320617][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.324782][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.327784][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.330798][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.336078][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.338632][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.341350][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.344964][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.348173][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.351242][ T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 410.393854][ T24] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 410.525155][ T24] usb 10-1: USB disconnect, device number 6 [ 410.698542][ T6132] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 410.741893][ T40] audit: type=1400 audit(644.177:45045): avc: denied { ioctl } for pid=30972 comm="syz.6.11724" path="socket:[98216]" dev="sockfs" ino=98216 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 411.256079][T31023] vlan1: entered promiscuous mode [ 411.268777][T31023] bridge0: entered promiscuous mode [ 411.270800][T31023] vlan1: entered allmulticast mode [ 411.273897][T31023] bridge0: entered allmulticast mode [ 411.341294][T31037] __nla_validate_parse: 2 callbacks suppressed [ 411.341310][T31037] netlink: 4 bytes leftover after parsing attributes in process `syz.7.11755'. [ 411.491776][T31046] geneve3: entered promiscuous mode [ 411.493642][T31046] geneve3: entered allmulticast mode [ 411.555548][T31054] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11763'. [ 411.649931][T31067] netlink: 12 bytes leftover after parsing attributes in process `syz.6.11769'. [ 411.735789][T31076] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11773'. [ 411.788197][T31085] erspan0: entered promiscuous mode [ 411.970797][T31104] input: syz0 as /devices/virtual/input/input31 [ 412.146223][T31116] netlink: 'syz.7.11790': attribute type 6 has an invalid length. [ 412.152623][T31116] netlink: 36 bytes leftover after parsing attributes in process `syz.7.11790'. [ 412.158127][T31116] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.161825][T31116] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.357089][ T5309] Bluetooth: hci4: command 0x0406 tx timeout [ 413.395596][ T40] audit: type=1326 audit(646.656:45046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31141 comm="syz.5.11802" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03658e929 code=0x7fc00000 [ 413.767451][T31208] MPI: mpi too large (16392 bits) [ 413.832284][T31214] xfrm1: entered allmulticast mode [ 413.933184][T31220] e1000 0000:00:06.0 eth0: Unsupported Speed/Duplex configuration [ 414.192482][T31236] netlink: 6032 bytes leftover after parsing attributes in process `syz.2.11846'. [ 414.695417][T31267] lo: Master is either lo or non-ether device [ 414.732388][T31272] netlink: 128 bytes leftover after parsing attributes in process `syz.2.11861'. [ 414.948895][T31289] netlink: 'syz.2.11868': attribute type 25 has an invalid length. [ 414.952609][T31289] netlink: 184 bytes leftover after parsing attributes in process `syz.2.11868'. [ 415.316501][T31297] GUP no longer grows the stack in syz.6.11871 (31297): 200000007000-20000000a000 (200000004000) [ 415.321374][T31297] CPU: 1 UID: 0 PID: 31297 Comm: syz.6.11871 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 415.321399][T31297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 415.321410][T31297] Call Trace: [ 415.321418][T31297] [ 415.321425][T31297] dump_stack_lvl+0x16c/0x1f0 [ 415.321456][T31297] gup_vma_lookup+0x1d2/0x220 [ 415.321485][T31297] __get_user_pages+0x271/0x3b80 [ 415.321510][T31297] ? kasan_save_stack+0x33/0x60 [ 415.321532][T31297] ? kasan_save_track+0x14/0x30 [ 415.321553][T31297] ? __kasan_kmalloc+0xaa/0xb0 [ 415.321572][T31297] ? __kvmalloc_node_noprof+0x27b/0x620 [ 415.321592][T31297] ? xdp_umem_create+0x652/0x1270 [ 415.321614][T31297] ? __pfx___get_user_pages+0x10/0x10 [ 415.321628][T31297] ? __x64_sys_setsockopt+0xbd/0x160 [ 415.321651][T31297] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.321678][T31297] __gup_longterm_locked+0x5e7/0x1840 [ 415.321706][T31297] ? __pfx___gup_longterm_locked+0x10/0x10 [ 415.321738][T31297] pin_user_pages+0x13c/0x160 [ 415.321758][T31297] ? __pfx_pin_user_pages+0x10/0x10 [ 415.321774][T31297] ? trace_kmalloc+0x2b/0xd0 [ 415.321802][T31297] ? xdp_umem_create+0x652/0x1270 [ 415.321829][T31297] xdp_umem_create+0x73c/0x1270 [ 415.321858][T31297] xsk_setsockopt+0x5b2/0x840 [ 415.321881][T31297] ? __pfx_xsk_setsockopt+0x10/0x10 [ 415.321898][T31297] ? __lock_acquire+0x622/0x1c90 [ 415.321920][T31297] ? selinux_socket_setsockopt+0x6a/0x80 [ 415.321944][T31297] ? __pfx_xsk_setsockopt+0x10/0x10 [ 415.321963][T31297] do_sock_setsockopt+0x224/0x470 [ 415.321990][T31297] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 415.322032][T31297] __sys_setsockopt+0x1a0/0x230 [ 415.322060][T31297] __x64_sys_setsockopt+0xbd/0x160 [ 415.322081][T31297] ? do_syscall_64+0x91/0x4c0 [ 415.322105][T31297] ? lockdep_hardirqs_on+0x7c/0x110 [ 415.322128][T31297] do_syscall_64+0xcd/0x4c0 [ 415.322185][T31297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.322205][T31297] RIP: 0033:0x7fc8e698e929 [ 415.322221][T31297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 415.322239][T31297] RSP: 002b:00007fc8e7749038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 415.322258][T31297] RAX: ffffffffffffffda RBX: 00007fc8e6bb5fa0 RCX: 00007fc8e698e929 [ 415.322269][T31297] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 415.322280][T31297] RBP: 00007fc8e6a10ca1 R08: 0000000000000020 R09: 0000000000000000 [ 415.322290][T31297] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 415.322301][T31297] R13: 0000000000000000 R14: 00007fc8e6bb5fa0 R15: 00007fffc92c00e8 [ 415.322332][T31297] [ 415.722350][T31311] netlink: 'syz.6.11879': attribute type 10 has an invalid length. [ 415.727033][T31311] hsr_slave_0: left promiscuous mode [ 415.729596][T31311] hsr_slave_1: left promiscuous mode [ 415.878193][T31329] xt_hashlimit: size too large, truncated to 1048576 [ 415.946481][T31333] : renamed from bridge_slave_0 (while UP) [ 416.128548][T31350] gretap2: entered allmulticast mode [ 416.132280][T31350] bridge0: port 3(gretap2) entered blocking state [ 416.135097][T31350] bridge0: port 3(gretap2) entered disabled state [ 416.141776][T31350] gretap2: entered promiscuous mode [ 416.145122][T31350] bridge0: port 3(gretap2) entered blocking state [ 416.148350][T31350] bridge0: port 3(gretap2) entered listening state [ 416.578054][T31382] netlink: 12 bytes leftover after parsing attributes in process `syz.7.11909'. [ 416.581970][T31382] netlink: 1 bytes leftover after parsing attributes in process `syz.7.11909'. [ 416.992268][T31394] netlink: 52 bytes leftover after parsing attributes in process `syz.6.11914'. [ 417.187713][T31408] netlink: 20 bytes leftover after parsing attributes in process `syz.5.11920'. [ 417.987205][T31442] netlink: 20 bytes leftover after parsing attributes in process `syz.6.11938'. [ 418.217710][ T6132] Bluetooth: hci4: unexpected event for opcode 0x0c7a [ 418.320122][ C3] bridge0: port 3(gretap2) entered learning state [ 418.433853][T31462] gretap1: entered allmulticast mode [ 418.437198][T31462] bridge0: port 3(gretap1) entered blocking state [ 418.439628][T31462] bridge0: port 3(gretap1) entered disabled state [ 418.443296][T31462] gretap1: entered promiscuous mode [ 418.751193][ T40] audit: type=1400 audit(651.660:45047): avc: denied { link } for pid=31481 comm="syz.6.11955" name="file1" dev="9p" ino=36047872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 419.629388][ T40] audit: type=1400 audit(652.483:45048): avc: denied { watch } for pid=31526 comm="syz.5.11984" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 419.639032][ T40] audit: type=1400 audit(652.483:45049): avc: denied { watch_sb } for pid=31526 comm="syz.5.11984" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 419.707174][ T7078] usb 11-1: new high-speed USB device number 6 using dummy_hcd [ 419.867639][ T7078] usb 11-1: Using ep0 maxpacket: 16 [ 419.871211][ T7078] usb 11-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 419.875324][ T7078] usb 11-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 1152, setting to 1024 [ 419.880563][ T7078] usb 11-1: config 0 interface 0 has no altsetting 0 [ 419.885742][ T7078] usb 11-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 419.889787][ T7078] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.893086][ T7078] usb 11-1: Product: syz [ 419.894938][ T7078] usb 11-1: Manufacturer: syz [ 419.896822][ T7078] usb 11-1: SerialNumber: syz [ 419.917810][ T7078] usb 11-1: config 0 descriptor?? [ 419.927032][T31518] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 419.959630][T31534] netlink: 12 bytes leftover after parsing attributes in process `syz.5.11979'. [ 420.151798][T31518] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 420.160752][ T7078] input: syz syz as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/input/input32 [ 420.541097][ C3] bridge0: port 3(gretap2) entered forwarding state [ 420.544341][ C3] bridge0: topology change detected, propagating [ 420.663166][ T24] usb 11-1: USB disconnect, device number 6 [ 420.759978][T31573] batadv_slave_1: entered promiscuous mode [ 420.763054][T31573] batadv_slave_1: left promiscuous mode [ 420.802054][T31575] netlink: 32 bytes leftover after parsing attributes in process `syz.5.11993'. [ 420.805315][T31575] netem: unknown loss type 13 [ 420.806781][T31575] netem: change failed [ 421.087898][T31597] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.095289][T22561] bridge0: port 2(veth0_to_bridge) entered disabled state [ 421.243325][ T40] audit: type=1400 audit(653.989:45050): avc: denied { listen } for pid=31612 comm="syz.5.12011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 421.952205][ T24] usb 11-1: new high-speed USB device number 7 using dummy_hcd [ 422.112692][ T24] usb 11-1: Using ep0 maxpacket: 16 [ 422.118222][ T24] usb 11-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 422.122028][ T24] usb 11-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 422.126249][ T24] usb 11-1: Product: syz [ 422.128072][ T24] usb 11-1: Manufacturer: syz [ 422.130057][ T24] usb 11-1: SerialNumber: syz [ 422.135239][ T24] usb 11-1: config 0 descriptor?? [ 422.355112][ T24] usb 11-1: USB disconnect, device number 7 [ 423.198268][ T40] audit: type=1400 audit(655.823:45051): avc: denied { mounton } for pid=31691 comm="syz.6.12045" path="/536/file0" dev="tmpfs" ino=2746 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 424.111447][T31701] netlink: 12 bytes leftover after parsing attributes in process `syz.6.12049'. [ 424.195807][T31707] Failed to get privilege flags for destination (handle=0x2:0x4) [ 424.331429][T31717] netlink: 8 bytes leftover after parsing attributes in process `syz.5.12059'. [ 424.562990][T31733] SELinux: ebitmap: truncated map [ 424.573823][T31733] SELinux: failed to load policy [ 424.581188][T31735] bpf: Bad value for 'uid' [ 424.955079][T31765] batadv_slave_1: entered promiscuous mode [ 424.960786][T31763] batadv_slave_1: left promiscuous mode [ 425.216503][T31800] batadv_slave_1: entered promiscuous mode [ 425.234747][T31798] batadv_slave_1: left promiscuous mode [ 425.490438][T31828] bond0: entered promiscuous mode [ 425.496138][T31828] bond_slave_0: entered promiscuous mode [ 425.498335][T31828] bond_slave_1: entered promiscuous mode [ 425.508129][T31828] bond0: left promiscuous mode [ 425.509837][T31828] bond_slave_0: left promiscuous mode [ 425.513327][T31828] bond_slave_1: left promiscuous mode [ 425.541485][T31832] netlink: 4 bytes leftover after parsing attributes in process `syz.7.12111'. [ 426.412623][ T29] usb 12-1: new high-speed USB device number 4 using dummy_hcd [ 426.570576][ T29] usb 12-1: Using ep0 maxpacket: 16 [ 426.576996][ T29] usb 12-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 426.580721][ T29] usb 12-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 426.584538][ T29] usb 12-1: Product: syz [ 426.586313][ T29] usb 12-1: Manufacturer: syz [ 426.588258][ T29] usb 12-1: SerialNumber: syz [ 426.592593][ T29] usb 12-1: config 0 descriptor?? [ 426.817586][ T835] usb 12-1: USB disconnect, device number 4 [ 427.259934][T31893] netlink: 64 bytes leftover after parsing attributes in process `syz.5.12139'. [ 427.597403][ T24] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 427.757207][ T24] usb 10-1: Using ep0 maxpacket: 16 [ 427.761590][ T24] usb 10-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 427.765706][ T24] usb 10-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 1152, setting to 1024 [ 427.770547][ T24] usb 10-1: config 0 interface 0 has no altsetting 0 [ 427.775927][ T24] usb 10-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 427.780338][ T24] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.783773][ T24] usb 10-1: Product: syz [ 427.785759][ T24] usb 10-1: Manufacturer: syz [ 427.787863][ T24] usb 10-1: SerialNumber: syz [ 427.792903][ T24] usb 10-1: config 0 descriptor?? [ 427.795910][T31902] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 428.022129][T31902] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 428.028696][ T24] input: syz syz as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/input/input33 [ 428.485702][ T6105] usb 10-1: USB disconnect, device number 7 [ 428.532710][T31928] batadv_slave_1: entered promiscuous mode [ 429.670788][ T53] usb 11-1: new high-speed USB device number 8 using dummy_hcd [ 429.831130][ T53] usb 11-1: Using ep0 maxpacket: 8 [ 429.836647][ T53] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 429.840829][ T53] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 429.844299][ T53] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.848920][ T53] usb 11-1: config 0 descriptor?? [ 430.073922][ T53] iowarrior 11-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 430.184636][T31955] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 430.292124][ T53] usb 11-1: USB disconnect, device number 8 [ 430.499291][T31996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12186'. [ 430.502876][T31996] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12186'. [ 430.506422][T31996] netlink: 'syz.2.12186': attribute type 7 has an invalid length. [ 431.367494][T32072] tap0: tun_chr_ioctl cmd 1074025678 [ 431.370199][T32072] tap0: group set to 0 [ 431.687464][T32098] netlink: 'syz.6.12236': attribute type 14 has an invalid length. [ 432.022758][ T6130] usb 12-1: new high-speed USB device number 5 using dummy_hcd [ 432.183120][ T6130] usb 12-1: Using ep0 maxpacket: 8 [ 432.187328][ T6130] usb 12-1: config 0 has an invalid interface number: 55 but max is 0 [ 432.190907][ T6130] usb 12-1: config 0 has no interface number 0 [ 432.193621][ T6130] usb 12-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 432.198708][ T6130] usb 12-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 432.203270][ T6130] usb 12-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 432.207935][ T6130] usb 12-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 432.213026][ T6130] usb 12-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 432.217396][ T6130] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.226297][ T6130] usb 12-1: config 0 descriptor?? [ 432.232587][ T6130] ldusb 12-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 432.447433][ T6130] usb 12-1: USB disconnect, device number 5 [ 432.447489][ C2] ldusb 12-1:0.55: usb_submit_urb failed (-19) [ 432.458394][ T6130] ldusb 12-1:0.55: LD USB Device #0 now disconnected [ 432.666529][T32100] ldusb: No device or device unplugged -19 [ 434.253298][ T40] audit: type=1400 audit(922.166:45052): avc: denied { create } for pid=32143 comm="syz.7.12258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 434.260927][T32140] netlink: 20 bytes leftover after parsing attributes in process `syz.6.12256'. [ 434.265267][ T40] audit: type=1400 audit(922.176:45053): avc: denied { sys_admin } for pid=32143 comm="syz.7.12258" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 434.346553][T32142] netlink: 'syz.5.12257': attribute type 2 has an invalid length. [ 434.395722][T32152] netlink: 8 bytes leftover after parsing attributes in process `syz.6.12262'. [ 434.409278][T22561] bond0: (slave bond_slave_0): interface is now down [ 434.414548][T22561] bond0: (slave bond_slave_1): interface is now down [ 434.482569][T32162] netlink: 8 bytes leftover after parsing attributes in process `syz.6.12265'. [ 434.486459][T32162] netlink: 12 bytes leftover after parsing attributes in process `syz.6.12265'. [ 434.487916][T32161] input: syz1 as /devices/virtual/input/input34 [ 434.886791][T32203] netlink: 36 bytes leftover after parsing attributes in process `syz.2.12286'. [ 434.991863][T32213] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 435.000584][T32214] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.12291'. [ 435.167000][T32226] loop7: detected capacity change from 0 to 7 [ 435.184363][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 435.188816][ C3] buffer_io_error: 40 callbacks suppressed [ 435.188829][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 435.197219][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 435.201186][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 435.206877][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 435.210743][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 435.214683][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 435.218550][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 435.222749][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 435.225775][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 435.233873][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 435.238058][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 435.242603][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 435.246765][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 435.250161][T30722] ldm_validate_partition_table(): Disk read failed. [ 435.256235][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 435.259547][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 435.263470][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 435.267706][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 435.272175][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 435.275635][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 435.283718][T30722] Dev loop7: unable to read RDB block 0 [ 435.290775][T30722] loop7: unable to read partition table [ 435.293334][T30722] loop7: partition table beyond EOD, truncated [ 435.301385][T32226] ldm_validate_partition_table(): Disk read failed. [ 435.308988][T32226] Dev loop7: unable to read RDB block 0 [ 435.314286][T32226] loop7: unable to read partition table [ 435.318236][T32226] loop7: partition table beyond EOD, truncated [ 435.320847][T32226] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 435.796069][T32269] tipc: Started in network mode [ 435.798529][T32269] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 435.802464][T32269] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 435.807048][T32269] tipc: Enabled bearer , priority 10 [ 435.876015][T32277] ptrace attach of "/syz-executor exec"[30035] was attempted by ""[32277] [ 436.459794][T22568] bond0: (slave bond_slave_0): interface is now down [ 436.462724][T22568] bond0: (slave bond_slave_1): interface is now down [ 436.471994][T22568] bond0: now running without any active interface! [ 436.572558][T32323] netlink: 16 bytes leftover after parsing attributes in process `syz.5.12338'. [ 437.004613][ T835] tipc: Node number set to 1 [ 437.468837][T32375] netlink: 'syz.6.12362': attribute type 4 has an invalid length. [ 438.151239][T32392] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 438.750444][T32426] batadv_slave_1: entered promiscuous mode [ 438.755594][T32425] batadv_slave_1: left promiscuous mode [ 438.941979][ T34] usb 11-1: new high-speed USB device number 9 using dummy_hcd [ 439.132110][ T34] usb 11-1: Using ep0 maxpacket: 8 [ 439.136251][ T34] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 439.140487][ T34] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 439.144983][ T34] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 439.149156][ T34] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 439.155636][ T34] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 439.159867][ T34] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.174905][ T6160] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 439.372243][ T6160] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 439.376775][ T6160] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 439.380943][ T6160] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 439.384806][ T34] usb 11-1: GET_CAPABILITIES returned 0 [ 439.387160][ T34] usbtmc 11-1:16.0: can't read capabilities [ 439.389726][ T6160] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.396552][T32436] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 439.406431][ T6160] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 439.600468][T32420] usbtmc 11-1:16.0: usbtmc488_ioctl_trigger returned -90 [ 439.606161][ T835] usb 11-1: USB disconnect, device number 9 [ 439.626310][ T6160] usb 10-1: USB disconnect, device number 8 [ 442.479587][T32520] netlink: 'syz.7.12427': attribute type 4 has an invalid length. [ 443.735955][T32554] netlink: 4 bytes leftover after parsing attributes in process `syz.6.12439'. [ 443.789508][T32562] netlink: 4 bytes leftover after parsing attributes in process `syz.7.12442'. [ 443.794529][T32562] netlink: 4 bytes leftover after parsing attributes in process `syz.7.12442'. [ 443.843444][T32564] [ 443.844587][T32564] ====================================================== [ 443.847631][T32564] WARNING: possible circular locking dependency detected [ 443.850658][T32564] 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 Not tainted [ 443.855006][T32564] ------------------------------------------------------ [ 443.858681][T32564] syz.2.12444/32564 is trying to acquire lock: [ 443.861351][T32564] ffff88802b7e4a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{3:3}, at: __dev_queue_xmit+0x334c/0x43e0 [ 443.865783][T32564] [ 443.865783][T32564] but task is already holding lock: [ 443.868096][T32564] ffff888033dd2558 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x3ba/0xcf0 [ 443.871237][T32564] [ 443.871237][T32564] which lock already depends on the new lock. [ 443.871237][T32564] [ 443.874872][T32564] [ 443.874872][T32564] the existing dependency chain (in reverse order) is: [ 443.878175][T32564] [ 443.878175][T32564] -> #1 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}: [ 443.881557][T32564] _raw_spin_lock+0x2e/0x40 [ 443.883649][T32564] sch_direct_xmit+0x3ba/0xcf0 [ 443.885804][T32564] __dev_queue_xmit+0x13c7/0x43e0 [ 443.888052][T32564] neigh_resolve_output+0x53a/0x940 [ 443.890360][T32564] ip6_finish_output2+0xaeb/0x2020 [ 443.892659][T32564] ip6_finish_output+0x3f9/0x1360 [ 443.894857][T32564] ip6_output+0x1f9/0x540 [ 443.896757][T32564] mld_sendpack+0x9e9/0x1220 [ 443.898384][T32564] mld_ifc_work+0x740/0xca0 [ 443.899967][T32564] process_one_work+0x9cf/0x1b70 [ 443.901667][T32564] worker_thread+0x6c8/0xf10 [ 443.903347][T32564] kthread+0x3c5/0x780 [ 443.904798][T32564] ret_from_fork+0x5d7/0x6f0 [ 443.906506][T32564] ret_from_fork_asm+0x1a/0x30 [ 443.908150][T32564] [ 443.908150][T32564] -> #0 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{3:3}: [ 443.912137][T32564] __lock_acquire+0x126f/0x1c90 [ 443.914387][T32564] lock_acquire+0x179/0x350 [ 443.916532][T32564] _raw_spin_lock+0x2e/0x40 [ 443.918678][T32564] __dev_queue_xmit+0x334c/0x43e0 [ 443.920962][T32564] neigh_resolve_output+0x53a/0x940 [ 443.923139][T32564] ip6_finish_output2+0xaeb/0x2020 [ 443.924896][T32564] ip6_finish_output+0x3f9/0x1360 [ 443.926711][T32564] ip6_output+0x1f9/0x540 [ 443.928256][T32564] ip6_local_out+0xcd/0x4a0 [ 443.929818][T32564] ip6_send_skb+0x112/0x460 [ 443.931551][T32564] ip6_push_pending_frames+0xe0/0x110 [ 443.933808][T32564] icmpv6_push_pending_frames+0x2dc/0x460 [ 443.936404][T32564] icmp6_send+0x1ec9/0x2be0 [ 443.938481][T32564] ip6_link_failure+0x31/0x5a0 [ 443.940294][T32564] ip_tunnel_xmit+0x2fb0/0x37b0 [ 443.942045][T32564] __gre_xmit+0x8bb/0xc00 [ 443.943595][T32564] erspan_xmit+0x56b/0x25d0 [ 443.945293][T32564] dev_hard_start_xmit+0x97/0x740 [ 443.947037][T32564] sch_direct_xmit+0x1b2/0xcf0 [ 443.948754][T32564] __qdisc_run+0x541/0x1bf0 [ 443.950364][T32564] __dev_queue_xmit+0x2aa4/0x43e0 [ 443.952104][T32564] neigh_resolve_output+0x53a/0x940 [ 443.953991][T32564] ip6_finish_output2+0xaeb/0x2020 [ 443.955952][T32564] ip6_fragment+0xbf2/0x27f0 [ 443.957596][T32564] ip6_finish_output+0x395/0x1360 [ 443.959504][T32564] ip6_output+0x1f9/0x540 [ 443.961212][T32564] ip6_xmit+0x12d7/0x2320 [ 443.963170][T32564] sctp_v6_xmit+0xcab/0x11a0 [ 443.964780][T32564] sctp_packet_transmit+0x1ef9/0x3040 [ 443.966642][T32564] sctp_packet_singleton+0x19e/0x370 [ 443.968643][T32564] sctp_outq_flush+0x53d/0x3350 [ 443.970344][T32564] sctp_do_sm+0x1792/0x5c80 [ 443.971958][T32564] sctp_primitive_ASSOCIATE+0x9c/0xd0 [ 443.973804][T32564] sctp_sendmsg_to_asoc+0xa45/0x1bf0 [ 443.975642][T32564] sctp_sendmsg+0xef5/0x1ee0 [ 443.977251][T32564] inet_sendmsg+0x119/0x140 [ 443.978881][T32564] ____sys_sendmsg+0x973/0xc70 [ 443.980754][T32564] ___sys_sendmsg+0x134/0x1d0 [ 443.982471][T32564] __sys_sendmmsg+0x200/0x420 [ 443.984482][T32564] __x64_sys_sendmmsg+0x9c/0x100 [ 443.986805][T32564] do_syscall_64+0xcd/0x4c0 [ 443.988936][T32564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.991616][T32564] [ 443.991616][T32564] other info that might help us debug this: [ 443.991616][T32564] [ 443.995822][T32564] Possible unsafe locking scenario: [ 443.995822][T32564] [ 443.998890][T32564] CPU0 CPU1 [ 444.001175][T32564] ---- ---- [ 444.003376][T32564] lock(&qdisc_xmit_lock_key#4); [ 444.005409][T32564] lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2); [ 444.009395][T32564] lock(&qdisc_xmit_lock_key#4); [ 444.012472][T32564] lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2); [ 444.015361][T32564] [ 444.015361][T32564] *** DEADLOCK *** [ 444.015361][T32564] [ 444.018393][T32564] 10 locks held by syz.2.12444/32564: [ 444.020556][T32564] #0: ffff888047e994d8 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_sendmsg+0xd8c/0x1ee0 [ 444.024356][T32564] #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: sctp_v6_xmit+0xbac/0x11a0 [ 444.027457][T32564] #2: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x39d/0x2020 [ 444.030394][T32564] #3: ffffffff8e5c4da0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x276/0x43e0 [ 444.033556][T32564] #4: ffff888033dd2558 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x3ba/0xcf0 [ 444.037063][T32564] #5: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: icmp6_send+0x24c/0x2be0 [ 444.040058][T32564] #6: ffff888109ec8998 (k-slock-AF_INET6){+.-.}-{3:3}, at: icmp6_send+0x8a5/0x2be0 [ 444.043173][T32564] #7: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: ip6_send_skb+0xb9/0x460 [ 444.046206][T32564] #8: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x39d/0x2020 [ 444.049780][T32564] #9: ffffffff8e5c4da0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x276/0x43e0 [ 444.053036][T32564] [ 444.053036][T32564] stack backtrace: [ 444.054933][T32564] CPU: 1 UID: 0 PID: 32564 Comm: syz.2.12444 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 444.054949][T32564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 444.054960][T32564] Call Trace: [ 444.054964][T32564] [ 444.054969][T32564] dump_stack_lvl+0x116/0x1f0 [ 444.054987][T32564] print_circular_bug+0x275/0x350 [ 444.055005][T32564] check_noncircular+0x14c/0x170 [ 444.055028][T32564] __lock_acquire+0x126f/0x1c90 [ 444.055046][T32564] lock_acquire+0x179/0x350 [ 444.055061][T32564] ? __dev_queue_xmit+0x334c/0x43e0 [ 444.055084][T32564] ? unwind_get_return_address+0x59/0xa0 [ 444.055105][T32564] _raw_spin_lock+0x2e/0x40 [ 444.055132][T32564] ? __dev_queue_xmit+0x334c/0x43e0 [ 444.055153][T32564] __dev_queue_xmit+0x334c/0x43e0 [ 444.055172][T32564] ? stack_trace_save+0x8e/0xc0 [ 444.055187][T32564] ? __pfx_stack_trace_save+0x10/0x10 [ 444.055203][T32564] ? __pfx___dev_queue_xmit+0x10/0x10 [ 444.055216][T32564] ? check_path.constprop.0+0x24/0x50 [ 444.055233][T32564] ? save_trace+0x4e/0x380 [ 444.055247][T32564] ? add_lock_to_list+0x9d/0x130 [ 444.055263][T32564] ? lockdep_unlock+0x64/0xe0 [ 444.055277][T32564] ? __lock_acquire+0x1053/0x1c90 [ 444.055289][T32564] ? lock_acquire+0x179/0x350 [ 444.055299][T32564] ? find_held_lock+0x2b/0x80 [ 444.055312][T32564] ? __asan_memcpy+0x3c/0x60 [ 444.055324][T32564] ? eth_header+0x11c/0x1f0 [ 444.055341][T32564] neigh_resolve_output+0x53a/0x940 [ 444.055354][T32564] ip6_finish_output2+0xaeb/0x2020 [ 444.055369][T32564] ip6_finish_output+0x3f9/0x1360 [ 444.055383][T32564] ip6_output+0x1f9/0x540 [ 444.055394][T32564] ? __pfx_ip6_output+0x10/0x10 [ 444.055405][T32564] ip6_local_out+0xcd/0x4a0 [ 444.055423][T32564] ip6_send_skb+0x112/0x460 [ 444.055435][T32564] ip6_push_pending_frames+0xe0/0x110 [ 444.055448][T32564] icmpv6_push_pending_frames+0x2dc/0x460 [ 444.055461][T32564] icmp6_send+0x1ec9/0x2be0 [ 444.055474][T32564] ? __pfx_icmp6_send+0x10/0x10 [ 444.055484][T32564] ? lock_acquire+0x179/0x350 [ 444.055496][T32564] ? find_held_lock+0x2b/0x80 [ 444.055509][T32564] ? ip6_neigh_lookup+0x7b5/0xbe0 [ 444.055523][T32564] ? __pfx_ip6_neigh_lookup+0x10/0x10 [ 444.055535][T32564] ? ip6_link_failure+0x31/0x5a0 [ 444.055544][T32564] ip6_link_failure+0x31/0x5a0 [ 444.055553][T32564] ? __pfx_ip6_link_failure+0x10/0x10 [ 444.055562][T32564] ip_tunnel_xmit+0x2fb0/0x37b0 [ 444.055575][T32564] ? rcu_gp_slow+0x86/0x90 [ 444.055591][T32564] ? is_bpf_text_address+0x8a/0x1a0 [ 444.055604][T32564] ? rcu_is_watching+0x12/0xc0 [ 444.055618][T32564] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 444.055630][T32564] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 444.055645][T32564] ? is_bpf_text_address+0x94/0x1a0 [ 444.055659][T32564] ? arch_stack_walk+0xa6/0x100 [ 444.055672][T32564] __gre_xmit+0x8bb/0xc00 [ 444.055682][T32564] ? __pfx___gre_xmit+0x10/0x10 [ 444.055692][T32564] ? check_path.constprop.0+0x24/0x50 [ 444.055709][T32564] erspan_xmit+0x56b/0x25d0 [ 444.055720][T32564] ? __pfx_erspan_xmit+0x10/0x10 [ 444.055732][T32564] dev_hard_start_xmit+0x97/0x740 [ 444.055745][T32564] sch_direct_xmit+0x1b2/0xcf0 [ 444.055762][T32564] ? __pfx_sch_direct_xmit+0x10/0x10 [ 444.055776][T32564] ? pie_process_dequeue+0x36c/0x4e0 [ 444.055794][T32564] ? fq_pie_qdisc_dequeue+0x3bb/0x9b0 [ 444.055812][T32564] __qdisc_run+0x541/0x1bf0 [ 444.055828][T32564] ? rcu_is_watching+0x12/0xc0 [ 444.055842][T32564] __dev_queue_xmit+0x2aa4/0x43e0 [ 444.055855][T32564] ? __lock_acquire+0x622/0x1c90 [ 444.055865][T32564] ? __pfx___dev_queue_xmit+0x10/0x10 [ 444.055877][T32564] ? look_up_lock_class+0x59/0x150 [ 444.055894][T32564] ? __lock_acquire+0xb8a/0x1c90 [ 444.055907][T32564] ? __asan_memcpy+0x3c/0x60 [ 444.055919][T32564] ? eth_header+0x11c/0x1f0 [ 444.055935][T32564] neigh_resolve_output+0x53a/0x940 [ 444.055948][T32564] ip6_finish_output2+0xaeb/0x2020 [ 444.055962][T32564] ip6_fragment+0xbf2/0x27f0 [ 444.055973][T32564] ? __pfx_ip6_finish_output2+0x10/0x10 [ 444.055987][T32564] ? __pfx_ip6_fragment+0x10/0x10 [ 444.055998][T32564] ? nf_hook+0x48d/0x780 [ 444.056011][T32564] ? ip6_mtu+0x1a3/0x4a0 [ 444.056028][T32564] ip6_finish_output+0x395/0x1360 [ 444.056040][T32564] ip6_output+0x1f9/0x540 [ 444.056052][T32564] ? __pfx_ip6_output+0x10/0x10 [ 444.056063][T32564] ip6_xmit+0x12d7/0x2320 [ 444.056073][T32564] ? __kasan_slab_free+0x51/0x70 [ 444.056088][T32564] ? kmem_cache_free+0x2d1/0x4d0 [ 444.056103][T32564] ? __pfx_ip6_xmit+0x10/0x10 [ 444.056119][T32564] sctp_v6_xmit+0xcab/0x11a0 [ 444.056138][T32564] ? do_softirq+0xe0/0xf0 [ 444.056151][T32564] ? kernel_fpu_end+0x59/0x70 [ 444.056166][T32564] ? __pfx_sctp_v6_xmit+0x10/0x10 [ 444.056180][T32564] ? kernel_fpu_end+0x5e/0x70 [ 444.056195][T32564] ? crc32c_arch+0x1aa/0x280 [ 444.056220][T32564] ? skb_crc32c+0x770/0x8d0 [ 444.056242][T32564] sctp_packet_transmit+0x1ef9/0x3040 [ 444.056273][T32564] sctp_packet_singleton+0x19e/0x370 [ 444.056295][T32564] ? __pfx_sctp_packet_singleton+0x10/0x10 [ 444.056311][T32564] ? sctp_outq_select_transport+0x208/0x740 [ 444.056324][T32564] sctp_outq_flush+0x53d/0x3350 [ 444.056336][T32564] ? __pfx__raw_spin_unlock_irq+0x1/0x10 [ 444.056351][T32564] ? __pfx_sctp_outq_flush+0x10/0x10 [ 444.056364][T32564] ? __pfx_sctp_sm_lookup_event+0x10/0x10 [ 444.056380][T32564] ? sctp_outq_tail+0x671/0xa30 [ 444.056392][T32564] ? sctp_endpoint_add_asoc+0x225/0x2f0 [ 444.056410][T32564] sctp_do_sm+0x1792/0x5c80 [ 444.056424][T32564] ? kasan_save_stack+0x42/0x60 [ 444.056437][T32564] ? kasan_save_stack+0x33/0x60 [ 444.056450][T32564] ? kasan_save_track+0x14/0x30 [ 444.056463][T32564] ? __pfx_sctp_do_sm+0x10/0x10 [ 444.056475][T32564] ? sctp_sendmsg+0xef5/0x1ee0 [ 444.056486][T32564] ? ____sys_sendmsg+0x973/0xc70 [ 444.056497][T32564] ? __x64_sys_sendmmsg+0x9c/0x100 [ 444.056511][T32564] ? do_syscall_64+0xcd/0x4c0 [ 444.056532][T32564] ? sk_leave_memory_pressure+0xdd/0x130 [ 444.056543][T32564] ? __sk_mem_raise_allocated+0x94d/0x1670 [ 444.056560][T32564] sctp_primitive_ASSOCIATE+0x9c/0xd0 [ 444.056573][T32564] sctp_sendmsg_to_asoc+0xa45/0x1bf0 [ 444.056583][T32564] ? sctp_assoc_set_primary+0x177/0x300 [ 444.056596][T32564] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 444.056606][T32564] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 444.056621][T32564] sctp_sendmsg+0xef5/0x1ee0 [ 444.056634][T32564] ? __pfx_sctp_sendmsg+0x10/0x10 [ 444.056647][T32564] ? __pfx_sock_has_perm+0x10/0x10 [ 444.056662][T32564] ? __import_iovec+0x1dd/0x650 [ 444.056678][T32564] ? __pfx_sctp_sendmsg+0x10/0x10 [ 444.056690][T32564] inet_sendmsg+0x119/0x140 [ 444.056704][T32564] ____sys_sendmsg+0x973/0xc70 [ 444.056714][T32564] ? copy_msghdr_from_user+0x10a/0x160 [ 444.056728][T32564] ? __pfx_____sys_sendmsg+0x10/0x10 [ 444.056739][T32564] ? find_held_lock+0x2b/0x80 [ 444.056752][T32564] ? futex_unqueue+0x133/0x2c0 [ 444.056768][T32564] ___sys_sendmsg+0x134/0x1d0 [ 444.056783][T32564] ? __pfx____sys_sendmsg+0x10/0x10 [ 444.056800][T32564] ? find_held_lock+0x2b/0x80 [ 444.056817][T32564] __sys_sendmmsg+0x200/0x420 [ 444.056832][T32564] ? __pfx___sys_sendmmsg+0x10/0x10 [ 444.056848][T32564] ? __pfx_do_futex+0x10/0x10 [ 444.056866][T32564] ? __sys_socket+0xac/0x260 [ 444.056877][T32564] ? xfd_validate_state+0x61/0x180 [ 444.056894][T32564] __x64_sys_sendmmsg+0x9c/0x100 [ 444.056908][T32564] ? lockdep_hardirqs_on+0x7c/0x110 [ 444.056922][T32564] do_syscall_64+0xcd/0x4c0 [ 444.056937][T32564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.056949][T32564] RIP: 0033:0x7f6a3b18e929 [ 444.056958][T32564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.056969][T32564] RSP: 002b:00007f6a3c097038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 444.056979][T32564] RAX: ffffffffffffffda RBX: 00007f6a3b3b5fa0 RCX: 00007f6a3b18e929 [ 444.056986][T32564] RDX: 0000000000000002 RSI: 0000200000000800 RDI: 0000000000000003 [ 444.056992][T32564] RBP: 00007f6a3b210ca1 R08: 0000000000000000 R09: 0000000000000000 [ 444.056999][T32564] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000000 [ 444.057005][T32564] R13: 0000000000000000 R14: 00007f6a3b3b5fa0 R15: 00007ffd5dac50b8 [ 444.057015][T32564] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 444.352810][ T40] audit: type=1400 audit(931.614:45054): avc: denied { write } for pid=5922 comm="syz-executor" path="pipe:[2856]" dev="pipefs" ino=2856 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 444.389348][T32564] syz.2.12444 (32564) used greatest stack depth: 18640 bytes left [ 446.178271][T32560] syz_tun (unregistering): left allmulticast mode [ 446.181063][T32560] syz_tun (unregistering): left promiscuous mode [ 446.183778][T32560] bridge0: port 3(syz_tun) entered disabled state [ 446.263571][T22597] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.466541][T22597] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.574097][T22597] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.713023][T22597] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.879166][T22597] gretap1: left promiscuous mode [ 446.881386][T22597] bridge0: port 3(gretap1) entered disabled state [ 446.885746][T22597] bridge_slave_1: left allmulticast mode [ 446.888306][T22597] bridge_slave_1: left promiscuous mode [ 446.890701][T22597] bridge0: port 2(bridge_slave_1) entered disabled state [ 446.894947][T22597] bridge_slave_0: left allmulticast mode [ 446.897040][T22597] bridge_slave_0: left promiscuous mode [ 446.899351][T22597] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.077505][T22597] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 449.119296][T22597] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 449.171511][T22597] bond0 (unregistering): Released all slaves [ 449.977365][T22597] hsr_slave_0: left promiscuous mode [ 449.980129][T22597] hsr_slave_1: left promiscuous mode [ 449.982995][T22597] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 449.986143][T22597] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 449.989603][T22597] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 449.992731][T22597] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 449.998135][T22597] batadv_slave_1: left promiscuous mode [ 450.000141][T22597] veth1_macvtap: left promiscuous mode [ 450.001747][T22597] veth0_macvtap: left promiscuous mode [ 450.004459][T22597] veth1_vlan: left promiscuous mode [ 450.006635][T22597] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 00:54:06 Registers: info registers vcpu 0 CPU#0 RAX=00000000001eb734 RBX=0000000000000000 RCX=ffffffff8b885c99 RDX=ffffed100d486646 RSI=ffffffff8c158ee0 RDI=ffffffff81920e71 RBP=fffffbfff1c52ef0 RSP=ffffffff8e207e08 R8 =0000000000000000 R9 =ffffed100d486645 R10=ffff88806a43322b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e297780 R14=ffffffff90a98750 R15=0000000000000000 RIP=ffffffff8b8847ff RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6713000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055555c552808 CR3=0000000051690000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000100001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd5dac5440 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211c7a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211c87 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211c81 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211c95 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211d1b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211df9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855bced5 RDI=ffffffff9b0c72a0 RBP=ffffffff9b0c7260 RSP=ffffc90006ecd298 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e36312e36 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b0c7260 R15=ffffffff855bce70 RIP=ffffffff855bceff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f6a3c0976c0 ffffffff 00c00000 GS =0000 ffff8880d6813000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6a3c096f98 CR3=0000000048c94000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000d8d26619 00000000135c83fd ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 015126a009b202d6 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 05d6d3e8a2ccd9bf ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211c7a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211c87 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211c81 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211c95 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211d1b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b211df9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b386488 00007f6a3b386480 00007f6a3b386478 00007f6a3b386450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3beed100 00007f6a3b386440 00007f6a3b386458 00007f6a3b3864a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a3b386498 00007f6a3b386490 00007f6a3b386488 00007f6a3b386480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000001f36d4 RBX=0000000000000002 RCX=ffffffff8b885c99 RDX=ffffed100d4c6646 RSI=ffffffff8c158ee0 RDI=ffffffff81920e71 RBP=ffffed1003c53910 RSP=ffffc90000187df8 R8 =0000000000000000 R9 =ffffed100d4c6645 R10=ffff88806a63322b R11=0000000000000000 R12=0000000000000002 R13=ffff88801e29c880 R14=ffffffff90a98750 R15=0000000000000000 RIP=ffffffff8b8847ff RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6913000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2c51aff8 CR3=00000000654d9000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff816ca809 ffffffff816ca758 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff816ca758 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11c7a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11c87 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11c81 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11c95 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11d1b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11df9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6b86488 00007fc8e6b86480 00007fc8e6b86478 00007fc8e6b86450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e76ed100 00007fc8e6b86440 00007fc800040008 0000000f0010000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6b86498 00007fc8e6b86490 00007fc8e6b86488 00007fc8e6b86480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000001dd424 RBX=0000000000000003 RCX=ffffffff8b885c99 RDX=ffffed100d4e6646 RSI=ffffffff8c158ee0 RDI=ffffffff81920e71 RBP=ffffed1003c56000 RSP=ffffc90000197df8 R8 =0000000000000000 R9 =ffffed100d4e6645 R10=ffff88806a73322b R11=0000000000000000 R12=0000000000000003 R13=ffff88801e2b0000 R14=ffffffff90a98750 R15=0000000000000000 RIP=ffffffff8b8847ff RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a13000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b30e13ff8 CR3=0000000052b75000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000100001 Opmask01=0000000000000000 Opmask02=0000000002fefcfe Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffc92c0470 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11c7a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11c87 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11c81 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11c95 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11d1b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc8e6a11df9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000