Warning: Permanently added '[localhost]:15464' (ECDSA) to the list of known hosts. [ 67.196477][ T39] audit: type=1400 audit(1668242621.649:75): avc: denied { execute } for pid=3677 comm="sh" name="syz-fuzzer" dev="sda1" ino=1134 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 67.212753][ T39] audit: type=1400 audit(1668242621.649:76): avc: denied { execute_no_trans } for pid=3677 comm="sh" path="/syz-fuzzer" dev="sda1" ino=1134 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 2022/11/12 08:43:41 fuzzer started 2022/11/12 08:43:42 dialing manager at localhost:44853 [ 69.895501][ T39] audit: type=1400 audit(1668242624.349:77): avc: denied { mounton } for pid=3690 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 69.902275][ T3690] cgroup: Unknown subsys name 'net' [ 69.911905][ T39] audit: type=1400 audit(1668242624.349:78): avc: denied { mount } for pid=3690 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 69.934263][ T39] audit: type=1400 audit(1668242624.389:79): avc: denied { unmount } for pid=3690 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 70.101218][ T3690] cgroup: Unknown subsys name 'rlimit' [ 70.201483][ T39] audit: type=1400 audit(1668242624.659:80): avc: denied { mounton } for pid=3690 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 70.242259][ T39] audit: type=1400 audit(1668242624.679:81): avc: denied { mount } for pid=3690 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 2022/11/12 08:43:44 syscalls: 3810 2022/11/12 08:43:44 code coverage: enabled 2022/11/12 08:43:44 comparison tracing: enabled 2022/11/12 08:43:44 extra coverage: enabled 2022/11/12 08:43:44 delay kcov mmap: enabled 2022/11/12 08:43:44 setuid sandbox: enabled 2022/11/12 08:43:44 namespace sandbox: enabled 2022/11/12 08:43:44 Android sandbox: enabled 2022/11/12 08:43:44 fault injection: enabled 2022/11/12 08:43:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2022/11/12 08:43:44 net packet injection: enabled 2022/11/12 08:43:44 net device setup: enabled 2022/11/12 08:43:44 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/11/12 08:43:44 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/11/12 08:43:44 NIC VF setup: PCI device 0000:00:11.0 is not available 2022/11/12 08:43:44 USB emulation: enabled [ 70.274719][ T39] audit: type=1400 audit(1668242624.679:82): avc: denied { setattr } for pid=3690 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 2022/11/12 08:43:44 hci packet injection: enabled 2022/11/12 08:43:44 wifi device emulation: enabled 2022/11/12 08:43:44 802.15.4 emulation: enabled [ 70.298717][ T39] audit: type=1400 audit(1668242624.679:83): avc: denied { create } for pid=3690 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 2022/11/12 08:43:44 fetching corpus: 0, signal 0/2000 (executing program) [ 70.324826][ T39] audit: type=1400 audit(1668242624.679:84): avc: denied { write } for pid=3690 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 70.343007][ T39] audit: type=1400 audit(1668242624.679:85): avc: denied { read } for pid=3690 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 2022/11/12 08:43:45 fetching corpus: 50, signal 43177/46729 (executing program) 2022/11/12 08:43:45 fetching corpus: 100, signal 61731/66747 (executing program) 2022/11/12 08:43:45 fetching corpus: 150, signal 77217/83552 (executing program) 2022/11/12 08:43:46 fetching corpus: 200, signal 86424/94085 (executing program) 2022/11/12 08:43:46 fetching corpus: 250, signal 96822/105682 (executing program) 2022/11/12 08:43:46 fetching corpus: 300, signal 105048/115052 (executing program) 2022/11/12 08:43:46 fetching corpus: 350, signal 110917/122059 (executing program) 2022/11/12 08:43:47 fetching corpus: 400, signal 116058/128383 (executing program) 2022/11/12 08:43:47 fetching corpus: 450, signal 124522/137752 (executing program) 2022/11/12 08:43:47 fetching corpus: 499, signal 130756/144959 (executing program) 2022/11/12 08:43:47 fetching corpus: 549, signal 135525/150707 (executing program) 2022/11/12 08:43:47 fetching corpus: 599, signal 141087/157116 (executing program) 2022/11/12 08:43:48 fetching corpus: 649, signal 150064/166629 (executing program) 2022/11/12 08:43:48 fetching corpus: 699, signal 155940/173174 (executing program) 2022/11/12 08:43:49 fetching corpus: 749, signal 159676/177734 (executing program) 2022/11/12 08:43:49 fetching corpus: 799, signal 162760/181643 (executing program) 2022/11/12 08:43:49 fetching corpus: 849, signal 166527/186182 (executing program) 2022/11/12 08:43:49 fetching corpus: 899, signal 172404/192572 (executing program) 2022/11/12 08:43:50 fetching corpus: 948, signal 176944/197787 (executing program) 2022/11/12 08:43:51 fetching corpus: 996, signal 180674/202167 (executing program) 2022/11/12 08:43:51 fetching corpus: 1046, signal 184945/206956 (executing program) 2022/11/12 08:43:51 fetching corpus: 1096, signal 189027/211520 (executing program) 2022/11/12 08:43:52 fetching corpus: 1146, signal 191354/214539 (executing program) 2022/11/12 08:43:53 fetching corpus: 1195, signal 195091/218731 (executing program) 2022/11/12 08:43:53 fetching corpus: 1245, signal 198308/222347 (executing program) 2022/11/12 08:43:53 fetching corpus: 1295, signal 201195/225690 (executing program) 2022/11/12 08:43:54 fetching corpus: 1345, signal 204466/229375 (executing program) 2022/11/12 08:43:54 fetching corpus: 1395, signal 206670/232075 (executing program) 2022/11/12 08:43:54 fetching corpus: 1445, signal 210633/236277 (executing program) 2022/11/12 08:43:55 fetching corpus: 1495, signal 213159/239224 (executing program) 2022/11/12 08:43:55 fetching corpus: 1545, signal 215372/241821 (executing program) 2022/11/12 08:43:56 fetching corpus: 1595, signal 219464/245937 (executing program) 2022/11/12 08:43:56 fetching corpus: 1645, signal 221990/248824 (executing program) 2022/11/12 08:43:56 fetching corpus: 1695, signal 225285/252304 (executing program) 2022/11/12 08:43:57 fetching corpus: 1744, signal 227715/255030 (executing program) 2022/11/12 08:43:57 fetching corpus: 1794, signal 230485/257955 (executing program) 2022/11/12 08:43:57 fetching corpus: 1844, signal 232575/260344 (executing program) 2022/11/12 08:43:58 fetching corpus: 1894, signal 236033/263790 (executing program) 2022/11/12 08:43:58 fetching corpus: 1944, signal 238129/266108 (executing program) 2022/11/12 08:43:58 fetching corpus: 1994, signal 240041/268301 (executing program) 2022/11/12 08:43:59 fetching corpus: 2044, signal 241420/270068 (executing program) 2022/11/12 08:43:59 fetching corpus: 2094, signal 243001/271930 (executing program) 2022/11/12 08:43:59 fetching corpus: 2144, signal 244563/273770 (executing program) 2022/11/12 08:43:59 fetching corpus: 2192, signal 246670/275982 (executing program) [ 85.596905][ T1358] ieee802154 phy0 wpan0: encryption failed: -22 [ 85.604454][ T1358] ieee802154 phy1 wpan1: encryption failed: -22 2022/11/12 08:44:00 fetching corpus: 2241, signal 247827/277495 (executing program) 2022/11/12 08:44:00 fetching corpus: 2291, signal 249608/279483 (executing program) 2022/11/12 08:44:00 fetching corpus: 2341, signal 251164/281244 (executing program) 2022/11/12 08:44:01 fetching corpus: 2391, signal 252877/283103 (executing program) 2022/11/12 08:44:01 fetching corpus: 2441, signal 256903/286679 (executing program) 2022/11/12 08:44:01 fetching corpus: 2491, signal 258171/288176 (executing program) 2022/11/12 08:44:02 fetching corpus: 2541, signal 261189/290909 (executing program) 2022/11/12 08:44:02 fetching corpus: 2591, signal 263125/292825 (executing program) 2022/11/12 08:44:02 fetching corpus: 2641, signal 265608/295093 (executing program) 2022/11/12 08:44:02 fetching corpus: 2691, signal 267332/296799 (executing program) 2022/11/12 08:44:03 fetching corpus: 2740, signal 268588/298189 (executing program) 2022/11/12 08:44:03 fetching corpus: 2790, signal 270214/299857 (executing program) 2022/11/12 08:44:03 fetching corpus: 2839, signal 271646/301372 (executing program) 2022/11/12 08:44:04 fetching corpus: 2889, signal 273042/302865 (executing program) 2022/11/12 08:44:04 fetching corpus: 2939, signal 274895/304643 (executing program) 2022/11/12 08:44:04 fetching corpus: 2989, signal 276967/306530 (executing program) 2022/11/12 08:44:04 fetching corpus: 3039, signal 278333/307930 (executing program) 2022/11/12 08:44:05 fetching corpus: 3089, signal 279824/309321 (executing program) 2022/11/12 08:44:05 fetching corpus: 3139, signal 281407/310795 (executing program) 2022/11/12 08:44:05 fetching corpus: 3188, signal 282926/312265 (executing program) 2022/11/12 08:44:05 fetching corpus: 3238, signal 284215/313583 (executing program) 2022/11/12 08:44:06 fetching corpus: 3286, signal 285400/314807 (executing program) 2022/11/12 08:44:06 fetching corpus: 3336, signal 287057/316281 (executing program) 2022/11/12 08:44:06 fetching corpus: 3386, signal 288296/317436 (executing program) 2022/11/12 08:44:07 fetching corpus: 3436, signal 289442/318577 (executing program) 2022/11/12 08:44:07 fetching corpus: 3486, signal 290313/319522 (executing program) 2022/11/12 08:44:07 fetching corpus: 3536, signal 291455/320605 (executing program) 2022/11/12 08:44:07 fetching corpus: 3586, signal 293248/322061 (executing program) 2022/11/12 08:44:08 fetching corpus: 3636, signal 295122/323583 (executing program) 2022/11/12 08:44:08 fetching corpus: 3686, signal 296202/324625 (executing program) 2022/11/12 08:44:08 fetching corpus: 3735, signal 297433/325780 (executing program) 2022/11/12 08:44:08 fetching corpus: 3785, signal 298978/327057 (executing program) 2022/11/12 08:44:09 fetching corpus: 3835, signal 300184/328130 (executing program) 2022/11/12 08:44:09 fetching corpus: 3884, signal 302308/329634 (executing program) 2022/11/12 08:44:09 fetching corpus: 3934, signal 303527/330702 (executing program) 2022/11/12 08:44:09 fetching corpus: 3984, signal 304509/331616 (executing program) 2022/11/12 08:44:10 fetching corpus: 4034, signal 306652/333162 (executing program) 2022/11/12 08:44:10 fetching corpus: 4081, signal 307452/333940 (executing program) 2022/11/12 08:44:10 fetching corpus: 4131, signal 308694/334942 (executing program) 2022/11/12 08:44:11 fetching corpus: 4181, signal 309972/335998 (executing program) 2022/11/12 08:44:11 fetching corpus: 4231, signal 311793/337281 (executing program) 2022/11/12 08:44:11 fetching corpus: 4281, signal 312589/337956 (executing program) 2022/11/12 08:44:11 fetching corpus: 4331, signal 314123/339058 (executing program) 2022/11/12 08:44:12 fetching corpus: 4380, signal 315241/339924 (executing program) 2022/11/12 08:44:12 fetching corpus: 4430, signal 316391/340742 (executing program) 2022/11/12 08:44:12 fetching corpus: 4480, signal 317570/341593 (executing program) 2022/11/12 08:44:13 fetching corpus: 4530, signal 319640/342941 (executing program) 2022/11/12 08:44:13 fetching corpus: 4580, signal 321014/343853 (executing program) 2022/11/12 08:44:13 fetching corpus: 4630, signal 321919/344557 (executing program) 2022/11/12 08:44:13 fetching corpus: 4680, signal 323187/345453 (executing program) 2022/11/12 08:44:13 fetching corpus: 4730, signal 323977/346046 (executing program) 2022/11/12 08:44:14 fetching corpus: 4780, signal 325201/346828 (executing program) 2022/11/12 08:44:14 fetching corpus: 4830, signal 326426/347641 (executing program) 2022/11/12 08:44:14 fetching corpus: 4880, signal 327733/348478 (executing program) 2022/11/12 08:44:15 fetching corpus: 4930, signal 328702/349148 (executing program) [ 100.953171][ T38] cfg80211: failed to load regulatory.db 2022/11/12 08:44:15 fetching corpus: 4979, signal 329951/349935 (executing program) 2022/11/12 08:44:15 fetching corpus: 5029, signal 330913/350589 (executing program) 2022/11/12 08:44:16 fetching corpus: 5079, signal 331828/351198 (executing program) 2022/11/12 08:44:16 fetching corpus: 5129, signal 332902/351877 (executing program) 2022/11/12 08:44:16 fetching corpus: 5178, signal 334091/352549 (executing program) 2022/11/12 08:44:16 fetching corpus: 5228, signal 334872/353074 (executing program) 2022/11/12 08:44:16 fetching corpus: 5278, signal 336175/353780 (executing program) 2022/11/12 08:44:17 fetching corpus: 5328, signal 337529/354509 (executing program) 2022/11/12 08:44:17 fetching corpus: 5377, signal 338621/355114 (executing program) 2022/11/12 08:44:17 fetching corpus: 5427, signal 339509/355623 (executing program) 2022/11/12 08:44:18 fetching corpus: 5477, signal 340300/356046 (executing program) 2022/11/12 08:44:18 fetching corpus: 5527, signal 340966/356462 (executing program) 2022/11/12 08:44:19 fetching corpus: 5577, signal 341890/356951 (executing program) 2022/11/12 08:44:19 fetching corpus: 5626, signal 343260/357598 (executing program) 2022/11/12 08:44:19 fetching corpus: 5676, signal 344189/358080 (executing program) 2022/11/12 08:44:19 fetching corpus: 5726, signal 345655/358741 (executing program) 2022/11/12 08:44:20 fetching corpus: 5776, signal 346653/359197 (executing program) 2022/11/12 08:44:20 fetching corpus: 5824, signal 347725/359663 (executing program) 2022/11/12 08:44:20 fetching corpus: 5873, signal 348627/360096 (executing program) 2022/11/12 08:44:21 fetching corpus: 5923, signal 349414/360455 (executing program) 2022/11/12 08:44:21 fetching corpus: 5973, signal 350240/360849 (executing program) 2022/11/12 08:44:21 fetching corpus: 6023, signal 351024/361184 (executing program) 2022/11/12 08:44:21 fetching corpus: 6073, signal 351901/361534 (executing program) 2022/11/12 08:44:22 fetching corpus: 6123, signal 352881/361939 (executing program) 2022/11/12 08:44:22 fetching corpus: 6172, signal 353643/362260 (executing program) 2022/11/12 08:44:22 fetching corpus: 6222, signal 354392/362550 (executing program) 2022/11/12 08:44:23 fetching corpus: 6272, signal 355049/362809 (executing program) 2022/11/12 08:44:23 fetching corpus: 6321, signal 356413/363288 (executing program) 2022/11/12 08:44:23 fetching corpus: 6371, signal 357535/363649 (executing program) 2022/11/12 08:44:23 fetching corpus: 6421, signal 358379/363931 (executing program) 2022/11/12 08:44:24 fetching corpus: 6451, signal 358780/364084 (executing program) 2022/11/12 08:44:24 fetching corpus: 6452, signal 358784/364125 (executing program) 2022/11/12 08:44:24 fetching corpus: 6452, signal 358784/364159 (executing program) 2022/11/12 08:44:24 fetching corpus: 6452, signal 358784/364207 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364244 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364286 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364333 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364379 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364425 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364479 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364516 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364564 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364605 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364646 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364690 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364734 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364773 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364820 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364861 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364899 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364944 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/364985 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365025 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365066 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365103 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365147 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365182 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365221 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365269 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365304 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365343 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365388 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365427 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365469 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365509 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365552 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365600 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365644 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365692 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365740 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365785 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365831 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365871 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365926 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/365962 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/366000 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/366045 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/366093 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/366155 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/366204 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/366240 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/366281 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/366320 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/366322 (executing program) 2022/11/12 08:44:24 fetching corpus: 6453, signal 358786/366322 (executing program) 2022/11/12 08:44:29 starting 4 fuzzer processes 08:44:29 executing program 0: socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[], 0x19fc0}}, 0x48001) recvfrom$inet(r1, 0x0, 0x2, 0x3, 0x0, 0x0) 08:44:29 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[], 0x208e24b) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 08:44:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="5400ddd136cb4b99cdb5061c66b5508f87a0ea000000000000003b7e5f0072287f636d927288fc09678eb43669401e166450c5c8eece3c00000000000200a4265042e0e8af98f49b0a00813fc2b0439aa8c6ed137f7f"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:44:29 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x4}, @CTA_PROTONAT_PORT_MAX={0x6}]}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0xac}}, 0x0) [ 114.733932][ T39] audit: type=1400 audit(1668242669.189:86): avc: denied { execmem } for pid=3706 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 115.115206][ T39] audit: type=1400 audit(1668242669.569:87): avc: denied { mounton } for pid=3711 comm="syz-executor.3" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 115.136536][ T39] audit: type=1400 audit(1668242669.569:88): avc: denied { mount } for pid=3711 comm="syz-executor.3" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 115.156099][ T39] audit: type=1400 audit(1668242669.569:89): avc: denied { create } for pid=3711 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 115.171710][ T39] audit: type=1400 audit(1668242669.569:90): avc: denied { read write } for pid=3711 comm="syz-executor.3" name="vhci" dev="devtmpfs" ino=1105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 115.189198][ T39] audit: type=1400 audit(1668242669.569:91): avc: denied { open } for pid=3711 comm="syz-executor.3" path="/dev/vhci" dev="devtmpfs" ino=1105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 115.205100][ T39] audit: type=1400 audit(1668242669.579:92): avc: denied { ioctl } for pid=3711 comm="syz-executor.3" path="socket:[29392]" dev="sockfs" ino=29392 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 115.219178][ T3715] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 115.225788][ T3725] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 115.232121][ T3715] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 115.233751][ T3726] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 115.236033][ T3726] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 115.236662][ T3726] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 115.238802][ T3725] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 115.239148][ T3725] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 115.239736][ T3725] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 115.240734][ T3725] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 115.242065][ T3725] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 115.242594][ T3725] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 115.246843][ T3714] Bluetooth: hci1: HCI_REQ-0x0c1a [ 115.248812][ T3715] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 115.249370][ T3715] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 115.249707][ T3715] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 115.250647][ T3726] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 115.251440][ T3726] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 115.251963][ T3726] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 115.252247][ T3726] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 115.253030][ T3726] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 115.255364][ T3726] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 115.256521][ T3718] Bluetooth: hci2: HCI_REQ-0x0c1a [ 115.257222][ T3712] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 115.263096][ T3711] Bluetooth: hci0: HCI_REQ-0x0c1a [ 115.266991][ T39] audit: type=1400 audit(1668242669.719:93): avc: denied { read } for pid=3714 comm="syz-executor.1" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 115.314473][ T3715] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 115.315014][ T39] audit: type=1400 audit(1668242669.719:94): avc: denied { open } for pid=3714 comm="syz-executor.1" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 115.321971][ T3715] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 115.326151][ T39] audit: type=1400 audit(1668242669.719:95): avc: denied { mounton } for pid=3714 comm="syz-executor.1" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 115.334854][ T3719] Bluetooth: hci3: HCI_REQ-0x0c1a [ 115.804858][ T3714] chnl_net:caif_netlink_parms(): no params data found [ 115.850265][ T3718] chnl_net:caif_netlink_parms(): no params data found [ 115.950021][ T3711] chnl_net:caif_netlink_parms(): no params data found [ 116.437528][ T3714] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.444770][ T3714] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.455320][ T3714] device bridge_slave_0 entered promiscuous mode [ 116.467726][ T3711] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.473123][ T3711] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.480537][ T3711] device bridge_slave_0 entered promiscuous mode [ 116.487273][ T3718] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.493000][ T3718] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.507024][ T3718] device bridge_slave_0 entered promiscuous mode [ 116.514954][ T3718] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.521279][ T3718] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.529198][ T3718] device bridge_slave_1 entered promiscuous mode [ 116.543593][ T3714] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.549525][ T3714] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.556379][ T3714] device bridge_slave_1 entered promiscuous mode [ 116.561545][ T3711] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.566736][ T3711] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.573645][ T3711] device bridge_slave_1 entered promiscuous mode [ 116.708386][ T3719] chnl_net:caif_netlink_parms(): no params data found [ 116.757268][ T3714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.771721][ T3711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.805725][ T3718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.815435][ T3714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.855403][ T3711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.890797][ T3718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.003240][ T3714] team0: Port device team_slave_0 added [ 117.012312][ T3711] team0: Port device team_slave_0 added [ 117.058016][ T3714] team0: Port device team_slave_1 added [ 117.086513][ T3711] team0: Port device team_slave_1 added [ 117.141981][ T3718] team0: Port device team_slave_0 added [ 117.232757][ T3719] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.238940][ T3719] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.245292][ T3719] device bridge_slave_0 entered promiscuous mode [ 117.252889][ T3718] team0: Port device team_slave_1 added [ 117.257451][ T3714] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.262516][ T3714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.287432][ T3714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.301630][ T3711] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.305912][ T3711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.325789][ T3711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.335122][ T3719] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.341932][ T3719] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.350074][ T3719] device bridge_slave_1 entered promiscuous mode [ 117.351221][ T3723] Bluetooth: hci2: command 0x0409 tx timeout [ 117.351235][ T3715] Bluetooth: hci1: command 0x0409 tx timeout [ 117.351475][ T3715] Bluetooth: hci0: command 0x0409 tx timeout [ 117.379662][ T3714] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.386600][ T3714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.404834][ T3714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.418203][ T3711] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.423453][ T3711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.440263][ T3723] Bluetooth: hci3: command 0x0409 tx timeout [ 117.440506][ T3711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.530600][ T3718] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.537553][ T3718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.559729][ T3718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.582137][ T3719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.589793][ T3718] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.594559][ T3718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.612476][ T3718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.651588][ T3719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.771782][ T3714] device hsr_slave_0 entered promiscuous mode [ 117.777249][ T3714] device hsr_slave_1 entered promiscuous mode [ 117.786682][ T3711] device hsr_slave_0 entered promiscuous mode [ 117.792446][ T3711] device hsr_slave_1 entered promiscuous mode [ 117.797203][ T3711] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 117.806138][ T3711] Cannot create hsr debugfs directory [ 117.905766][ T3719] team0: Port device team_slave_0 added [ 117.940275][ T3718] device hsr_slave_0 entered promiscuous mode [ 117.945562][ T3718] device hsr_slave_1 entered promiscuous mode [ 117.950942][ T3718] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 117.955847][ T3718] Cannot create hsr debugfs directory [ 117.979649][ T3719] team0: Port device team_slave_1 added [ 118.101488][ T3719] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 118.108897][ T3719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 118.127733][ T3719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 118.173271][ T3719] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 118.178057][ T3719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 118.197591][ T3719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 118.355477][ T3719] device hsr_slave_0 entered promiscuous mode [ 118.361989][ T3719] device hsr_slave_1 entered promiscuous mode [ 118.367659][ T3719] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 118.373245][ T3719] Cannot create hsr debugfs directory [ 118.687702][ T3714] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 118.698660][ T3714] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 118.706479][ T3714] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 118.715979][ T3714] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 118.774592][ T3719] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 118.783051][ T3719] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 118.790060][ T3719] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 118.799465][ T3719] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 118.914592][ T3718] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 118.928526][ T3718] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 118.945225][ T3718] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 118.955826][ T3718] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 118.996973][ T3714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.048460][ T3711] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 119.075052][ T3711] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 119.085508][ T3711] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 119.099531][ T3719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.109282][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.124024][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.135070][ T3714] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.142814][ T3711] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 119.209272][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.217563][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.224860][ T177] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.230812][ T177] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.237962][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.245660][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.253386][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.262253][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.269734][ T177] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.275048][ T177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.281836][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 119.298329][ T3719] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.338218][ T3718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.346074][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.357344][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.365195][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.373136][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.379319][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.405483][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 119.430308][ T63] Bluetooth: hci0: command 0x041b tx timeout [ 119.430414][ T3723] Bluetooth: hci1: command 0x041b tx timeout [ 119.440192][ T3715] Bluetooth: hci2: command 0x041b tx timeout [ 119.443511][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.454701][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.461722][ T3753] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.467807][ T3753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.475711][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.484512][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.494101][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.504373][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.510804][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.510938][ T3715] Bluetooth: hci3: command 0x041b tx timeout [ 119.563773][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.571447][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 119.586510][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.594827][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 119.602194][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.610624][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 119.618283][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 119.636100][ T3719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 119.645444][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.651448][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.658835][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.666637][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.674435][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.691743][ T3718] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.705806][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 119.718419][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.730666][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 119.737742][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.761145][ T3714] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 119.768140][ T39] kauditd_printk_skb: 1 callbacks suppressed [ 119.768175][ T39] audit: type=1400 audit(1668242674.219:97): avc: denied { sys_module } for pid=3719 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 119.779127][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 119.811644][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.820335][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.827821][ T177] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.834711][ T177] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.841693][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.850227][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.857662][ T177] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.864945][ T177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.873518][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.880247][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 119.886593][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 119.893109][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 119.908227][ T3711] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.921724][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.941152][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.947539][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.954598][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.960884][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.967360][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.985756][ T3711] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.995012][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.001237][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.010786][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.017264][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.030673][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.037171][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.045213][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.053269][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.061908][ T3754] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.067531][ T3754] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.076920][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 120.086295][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 120.092514][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 120.108979][ T3718] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.143097][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.152620][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.164910][ T3753] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.170979][ T3753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.179193][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.187502][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.209080][ T3719] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.222902][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 120.231317][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 120.237920][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.246303][ T177] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.265612][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.271595][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.279497][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.302975][ T3718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.325818][ T3758] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 120.331997][ T3758] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 120.337363][ T3758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.345285][ T3758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.359992][ T3714] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.372139][ T3758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.380288][ T3758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.390796][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.415209][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 120.422742][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 120.435575][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 120.442598][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 120.465983][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 120.473898][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 120.483452][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 120.488980][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 120.499598][ T3718] device veth0_vlan entered promiscuous mode [ 120.529759][ T3718] device veth1_vlan entered promiscuous mode [ 120.564334][ T3719] device veth0_vlan entered promiscuous mode [ 120.571879][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 120.578913][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 120.585477][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 120.592624][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 120.606236][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 120.612854][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 120.618958][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 120.625086][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 120.652468][ T3718] device veth0_macvtap entered promiscuous mode [ 120.665561][ T3718] device veth1_macvtap entered promiscuous mode [ 120.672385][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 120.680729][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 120.688283][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 120.698509][ T3719] device veth1_vlan entered promiscuous mode [ 120.726012][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 120.733008][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 120.764032][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 120.770326][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 120.775703][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 120.801758][ T3711] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.821184][ T3714] device veth0_vlan entered promiscuous mode [ 120.842225][ T3718] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.852132][ T3718] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.859129][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 120.866433][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 120.880838][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 120.887085][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 120.895216][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 120.902358][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 120.911637][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 120.918004][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 120.932025][ T3714] device veth1_vlan entered promiscuous mode [ 120.948047][ T3718] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.962140][ T3718] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.970655][ T3718] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.978205][ T3718] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.998814][ T3719] device veth0_macvtap entered promiscuous mode [ 121.013056][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 121.020425][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 121.029546][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 121.037476][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 121.053115][ T3719] device veth1_macvtap entered promiscuous mode [ 121.070503][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 121.109680][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 121.116669][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 121.132887][ T3714] device veth0_macvtap entered promiscuous mode [ 121.148073][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 121.154493][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 121.166703][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 121.174789][ T3719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.184175][ T3719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.195498][ T3719] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 121.224777][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 121.234468][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 121.244204][ T3719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.254756][ T3719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.267115][ T3719] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 121.278455][ T3714] device veth1_macvtap entered promiscuous mode [ 121.298925][ T3714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.309709][ T3714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.322131][ T3714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.330595][ T3714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.342858][ T3714] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 121.353605][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 121.360822][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 121.367757][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 121.374958][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 121.381496][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 121.388774][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 121.396482][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 121.407025][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 121.414144][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 121.447002][ T3719] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.454709][ T3719] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.461780][ T3719] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.470395][ T3719] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.479478][ T3711] device veth0_vlan entered promiscuous mode [ 121.489802][ T3714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.501449][ T3714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.509821][ T3714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.510407][ T3715] Bluetooth: hci1: command 0x040f tx timeout [ 121.510947][ T3723] Bluetooth: hci2: command 0x040f tx timeout [ 121.510977][ T3723] Bluetooth: hci0: command 0x040f tx timeout [ 121.518335][ T3714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.543228][ T3714] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 121.558174][ T3714] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.566878][ T3714] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.575713][ T3714] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.585237][ T3714] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.602809][ T3772] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 121.603171][ T63] Bluetooth: hci3: command 0x040f tx timeout [ 121.611061][ T3772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 121.670861][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.676589][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.697634][ T3711] device veth1_vlan entered promiscuous mode [ 121.706266][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 121.712260][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 121.822112][ T3745] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.831609][ T3745] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.844777][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.855447][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.868944][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 121.875692][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 121.882964][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 121.895762][ T3711] device veth0_macvtap entered promiscuous mode [ 121.904450][ T39] audit: type=1400 audit(1668242676.349:98): avc: denied { mounton } for pid=3718 comm="syz-executor.2" path="/dev/binderfs" dev="devtmpfs" ino=2385 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 121.905329][ T3711] device veth1_macvtap entered promiscuous mode [ 121.923348][ T39] audit: type=1400 audit(1668242676.349:99): avc: denied { mount } for pid=3718 comm="syz-executor.2" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 121.949036][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 121.955639][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 121.962587][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 121.973660][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 122.000995][ T3780] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.009819][ T3711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.012266][ T3780] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.023095][ T3711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.036243][ T39] audit: type=1400 audit(1668242676.489:100): avc: denied { read write } for pid=3718 comm="syz-executor.2" name="loop2" dev="devtmpfs" ino=659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 122.036425][ T3711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.058606][ T39] audit: type=1400 audit(1668242676.489:101): avc: denied { open } for pid=3718 comm="syz-executor.2" path="/dev/loop2" dev="devtmpfs" ino=659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 122.068258][ T3711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.078621][ T3782] netlink: 'syz-executor.2': attribute type 1 has an invalid length. 08:44:36 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x4}, @CTA_PROTONAT_PORT_MAX={0x6}]}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0xac}}, 0x0) [ 122.089361][ T39] audit: type=1400 audit(1668242676.489:102): avc: denied { ioctl } for pid=3718 comm="syz-executor.2" path="/dev/loop2" dev="devtmpfs" ino=659 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 122.095227][ T3711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.125838][ T39] audit: type=1400 audit(1668242676.519:103): avc: denied { create } for pid=3781 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 08:44:36 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x4}, @CTA_PROTONAT_PORT_MAX={0x6}]}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0xac}}, 0x0) [ 122.126011][ T3784] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 122.128515][ T3711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.151490][ T39] audit: type=1400 audit(1668242676.529:104): avc: denied { write } for pid=3781 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 122.158798][ T3786] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 122.166300][ T3711] batman_adv: batadv0: Interface activated: batadv_slave_0 08:44:36 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x4}, @CTA_PROTONAT_PORT_MAX={0x6}]}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0xac}}, 0x0) [ 122.198326][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 122.221298][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 122.221572][ T3788] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 122.228165][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 122.261795][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.268032][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.288940][ T3711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.305900][ T3711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 08:44:36 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x4}, @CTA_PROTONAT_PORT_MAX={0x6}]}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0xac}}, 0x0) [ 122.317303][ T3711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.325115][ T3711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.332877][ T3790] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 122.334126][ T3711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.346368][ T3711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.357310][ T3711] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.370996][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 122.379179][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 122.387350][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 122.428952][ T3711] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.436552][ T3711] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.444042][ T3711] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.450501][ T3711] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.476438][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.485160][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:44:36 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x4}, @CTA_PROTONAT_PORT_MAX={0x6}]}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0xac}}, 0x0) [ 122.509478][ T3794] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 122.525472][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 122.601436][ T39] audit: type=1400 audit(1668242677.059:105): avc: denied { read } for pid=3116 comm="syslogd" name="log" dev="sda1" ino=1125 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 122.618079][ T3796] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 122.619235][ T39] audit: type=1400 audit(1668242677.059:106): avc: denied { read } for pid=3795 comm="syz-executor.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 122.654333][ T3745] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.655870][ T3749] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.661918][ T3745] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.667879][ T3749] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.677605][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 122.687372][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 08:44:37 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[], 0x208e24b) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 08:44:37 executing program 0: socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[], 0x19fc0}}, 0x48001) recvfrom$inet(r1, 0x0, 0x2, 0x3, 0x0, 0x0) 08:44:37 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x4}, @CTA_PROTONAT_PORT_MAX={0x6}]}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0xac}}, 0x0) 08:44:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="5400ddd136cb4b99cdb5061c66b5508f87a0ea000000000000003b7e5f0072287f636d927288fc09678eb43669401e166450c5c8eece3c00000000000200a4265042e0e8af98f49b0a00813fc2b0439aa8c6ed137f7f"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 123.504632][ T3808] netlink: 'syz-executor.2': attribute type 1 has an invalid length. 08:44:37 executing program 0: socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[], 0x19fc0}}, 0x48001) recvfrom$inet(r1, 0x0, 0x2, 0x3, 0x0, 0x0) 08:44:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="5400ddd136cb4b99cdb5061c66b5508f87a0ea000000000000003b7e5f0072287f636d927288fc09678eb43669401e166450c5c8eece3c00000000000200a4265042e0e8af98f49b0a00813fc2b0439aa8c6ed137f7f"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:44:38 executing program 0: socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[], 0x19fc0}}, 0x48001) recvfrom$inet(r1, 0x0, 0x2, 0x3, 0x0, 0x0) [ 123.590169][ T3715] Bluetooth: hci1: command 0x0419 tx timeout [ 123.595495][ T3715] Bluetooth: hci0: command 0x0419 tx timeout [ 123.598164][ T63] Bluetooth: hci2: command 0x0419 tx timeout 08:44:38 executing program 0: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r1, 0xc0049364, 0x7fffffffefff) [ 123.670343][ T3723] Bluetooth: hci3: command 0x0419 tx timeout 08:44:38 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[], 0x208e24b) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 08:44:38 executing program 0: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r1, 0xc0049364, 0x7fffffffefff) 08:44:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="5400ddd136cb4b99cdb5061c66b5508f87a0ea000000000000003b7e5f0072287f636d927288fc09678eb43669401e166450c5c8eece3c00000000000200a4265042e0e8af98f49b0a00813fc2b0439aa8c6ed137f7f"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:44:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="5400ddd136cb4b99cdb5061c66b5508f87a0ea000000000000003b7e5f0072287f636d927288fc09678eb43669401e166450c5c8eece3c00000000000200a4265042e0e8af98f49b0a00813fc2b0439aa8c6ed137f7f"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:44:38 executing program 0: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r1, 0xc0049364, 0x7fffffffefff) 08:44:38 executing program 0: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r1, 0xc0049364, 0x7fffffffefff) 08:44:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x5}, @val={0xc}}}}, 0x28}}, 0x0) 08:44:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x5}, @val={0xc}}}}, 0x28}}, 0x0) 08:44:39 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[], 0x208e24b) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 08:44:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x5}, @val={0xc}}}}, 0x28}}, 0x0) 08:44:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="5400ddd136cb4b99cdb5061c66b5508f87a0ea000000000000003b7e5f0072287f636d927288fc09678eb43669401e166450c5c8eece3c00000000000200a4265042e0e8af98f49b0a00813fc2b0439aa8c6ed137f7f"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:44:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="5400ddd136cb4b99cdb5061c66b5508f87a0ea000000000000003b7e5f0072287f636d927288fc09678eb43669401e166450c5c8eece3c00000000000200a4265042e0e8af98f49b0a00813fc2b0439aa8c6ed137f7f"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:44:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x5}, @val={0xc}}}}, 0x28}}, 0x0) 08:44:40 executing program 0: io_setup(0x5, &(0x7f0000000180)=0x0) r1 = socket$rds(0x15, 0x5, 0x0) io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) [ 125.570370][ T39] kauditd_printk_skb: 6 callbacks suppressed [ 125.570389][ T39] audit: type=1400 audit(1668242680.029:113): avc: denied { create } for pid=3864 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 08:44:40 executing program 0: io_setup(0x5, &(0x7f0000000180)=0x0) r1 = socket$rds(0x15, 0x5, 0x0) io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 08:44:40 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x80}], 0x1, 0x0, 0x0, 0x800000000000000) [ 125.851904][ T39] audit: type=1400 audit(1668242680.309:114): avc: denied { name_bind } for pid=3871 comm="syz-executor.2" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 08:44:40 executing program 0: io_setup(0x5, &(0x7f0000000180)=0x0) r1 = socket$rds(0x15, 0x5, 0x0) io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 08:44:40 executing program 1: mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r1, 0x208200) r2 = socket$inet6(0xa, 0x401000000001, 0x0) close(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1145042, 0x0) sendfile(r2, r3, 0x0, 0xffffdffa) sendfile(r3, r2, 0x0, 0x800000a1) [ 126.371151][ T39] audit: type=1800 audit(1668242680.809:115): pid=3877 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1162 res=0 errno=0 08:44:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@newtaction={0x6c, 0x30, 0x981042155ef99c7, 0x0, 0x0, {}, [{0x58, 0x1, [@m_gact={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x0, 0x20000000}}, @TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 08:44:40 executing program 0: io_setup(0x5, &(0x7f0000000180)=0x0) r1 = socket$rds(0x15, 0x5, 0x0) io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 08:44:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@newtaction={0x6c, 0x30, 0x981042155ef99c7, 0x0, 0x0, {}, [{0x58, 0x1, [@m_gact={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x0, 0x20000000}}, @TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 08:44:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@newtaction={0x6c, 0x30, 0x981042155ef99c7, 0x0, 0x0, {}, [{0x58, 0x1, [@m_gact={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x0, 0x20000000}}, @TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 08:44:41 executing program 0: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:41 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x80}], 0x1, 0x0, 0x0, 0x800000000000000) 08:44:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@newtaction={0x6c, 0x30, 0x981042155ef99c7, 0x0, 0x0, {}, [{0x58, 0x1, [@m_gact={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x0, 0x20000000}}, @TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) [ 126.733133][ T39] audit: type=1400 audit(1668242681.189:116): avc: denied { bpf } for pid=3888 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 126.758477][ T39] audit: type=1400 audit(1668242681.199:117): avc: denied { name_bind } for pid=3888 comm="syz-executor.0" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 126.801543][ T39] audit: type=1400 audit(1668242681.199:118): avc: denied { node_bind } for pid=3888 comm="syz-executor.0" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 08:44:41 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x80}], 0x1, 0x0, 0x0, 0x800000000000000) 08:44:41 executing program 0: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:41 executing program 1: mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r1, 0x208200) r2 = socket$inet6(0xa, 0x401000000001, 0x0) close(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1145042, 0x0) sendfile(r2, r3, 0x0, 0xffffdffa) sendfile(r3, r2, 0x0, 0x800000a1) [ 127.186004][ T39] audit: type=1800 audit(1668242681.629:119): pid=3902 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1162 res=0 errno=0 08:44:41 executing program 0: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:42 executing program 0: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:42 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x80}], 0x1, 0x0, 0x0, 0x800000000000000) 08:44:42 executing program 0: mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r1, 0x208200) r2 = socket$inet6(0xa, 0x401000000001, 0x0) close(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1145042, 0x0) sendfile(r2, r3, 0x0, 0xffffdffa) sendfile(r3, r2, 0x0, 0x800000a1) [ 127.807187][ T39] audit: type=1800 audit(1668242682.259:120): pid=3918 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1164 res=0 errno=0 08:44:42 executing program 1: mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r1, 0x208200) r2 = socket$inet6(0xa, 0x401000000001, 0x0) close(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1145042, 0x0) sendfile(r2, r3, 0x0, 0xffffdffa) sendfile(r3, r2, 0x0, 0x800000a1) [ 127.975318][ T39] audit: type=1800 audit(1668242682.429:121): pid=3921 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1162 res=0 errno=0 08:44:42 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x80}], 0x1, 0x0, 0x0, 0x800000000000000) 08:44:42 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x80}], 0x1, 0x0, 0x0, 0x800000000000000) 08:44:43 executing program 0: mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r1, 0x208200) r2 = socket$inet6(0xa, 0x401000000001, 0x0) close(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1145042, 0x0) sendfile(r2, r3, 0x0, 0xffffdffa) sendfile(r3, r2, 0x0, 0x800000a1) [ 128.785066][ T39] audit: type=1800 audit(1668242683.239:122): pid=3932 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1164 res=0 errno=0 08:44:43 executing program 1: mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r1, 0x208200) r2 = socket$inet6(0xa, 0x401000000001, 0x0) close(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1145042, 0x0) sendfile(r2, r3, 0x0, 0xffffdffa) sendfile(r3, r2, 0x0, 0x800000a1) 08:44:43 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x80}], 0x1, 0x0, 0x0, 0x800000000000000) 08:44:43 executing program 2: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:44 executing program 2: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:44 executing program 0: mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r1, 0x208200) r2 = socket$inet6(0xa, 0x401000000001, 0x0) close(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1145042, 0x0) sendfile(r2, r3, 0x0, 0xffffdffa) sendfile(r3, r2, 0x0, 0x800000a1) 08:44:44 executing program 1: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:44 executing program 2: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:44 executing program 3: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:44 executing program 1: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:44 executing program 2: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:44 executing program 3: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:44 executing program 0: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:45 executing program 1: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:45 executing program 2: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:45 executing program 3: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:45 executing program 0: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:45 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x80}], 0x1, 0x0, 0x0, 0x800000000000000) 08:44:45 executing program 2: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) 08:44:45 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) [ 131.112177][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 131.112194][ T39] audit: type=1400 audit(1668242685.569:125): avc: denied { wake_alarm } for pid=3992 comm="syz-executor.3" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 08:44:45 executing program 0: unshare(0x6c060000) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x20010400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) pipe(0x0) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x28}}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="ef9f2f06426bcc851ec77000431722c63a3ff25f3240a9d7ac3c", 0x1a, 0x40000, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000a1d000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/49, 0x31, 0x0, 0x0}, &(0x7f00000000c0)=0x40) [ 131.119110][ C1] hrtimer: interrupt took 170035 ns 08:44:45 executing program 2: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) [ 131.375310][ T3992] [ 131.377044][ T3992] ====================================================== [ 131.387381][ T3992] WARNING: possible circular locking dependency detected [ 131.392175][ T3992] 6.1.0-rc4-syzkaller-00356-g8f2975c2bb4c #0 Not tainted [ 131.398690][ T3992] ------------------------------------------------------ [ 131.406386][ T3992] syz-executor.3/3992 is trying to acquire lock: [ 131.410968][ T3992] ffffffff8c0c2268 (zonelist_update_seq.seqcount){...-}-{0:0}, at: __alloc_pages+0x4a6/0x5a0 [ 131.419426][ T3992] [ 131.419426][ T3992] but task is already holding lock: [ 131.425632][ T3992] ffff88802c828418 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x5a/0x1f0 [ 131.432894][ T3992] [ 131.432894][ T3992] which lock already depends on the new lock. [ 131.432894][ T3992] [ 131.440925][ T3992] [ 131.440925][ T3992] the existing dependency chain (in reverse order) is: [ 131.447850][ T3992] [ 131.447850][ T3992] -> #4 (&base->lock){-.-.}-{2:2}: [ 131.453848][ T3992] _raw_spin_lock_irqsave+0x39/0x50 [ 131.458818][ T3992] lock_timer_base+0x5a/0x1f0 [ 131.463683][ T3992] __mod_timer+0x398/0xe30 [ 131.467952][ T3992] __queue_delayed_work+0x1a7/0x270 [ 131.472749][ T3992] queue_delayed_work_on+0x105/0x120 [ 131.478383][ T3992] psi_task_change+0x1bb/0x2f0 [ 131.482663][ T3992] enqueue_task+0x1ec/0x3a0 [ 131.486746][ T3992] wake_up_new_task+0x62e/0xda0 [ 131.491028][ T3992] kernel_clone+0x225/0x980 [ 131.495127][ T3992] user_mode_thread+0xad/0xe0 [ 131.499412][ T3992] rest_init+0x23/0x270 [ 131.502805][ T3992] arch_call_rest_init+0xf/0x14 [ 131.507104][ T3992] start_kernel+0x478/0x499 [ 131.511255][ T3992] secondary_startup_64_no_verify+0xce/0xdb [ 131.516799][ T3992] [ 131.516799][ T3992] -> #3 (&rq->__lock){-.-.}-{2:2}: [ 131.522840][ T3992] _raw_spin_lock_nested+0x30/0x40 [ 131.527732][ T3992] raw_spin_rq_lock_nested+0x2b/0x120 [ 131.532326][ T3992] task_fork_fair+0x68/0x520 [ 131.537084][ T3992] sched_cgroup_fork+0x3cd/0x540 [ 131.542570][ T3992] copy_process+0x4351/0x7190 [ 131.546963][ T3992] kernel_clone+0xe7/0x980 [ 131.550841][ T3992] user_mode_thread+0xad/0xe0 [ 131.555009][ T3992] rest_init+0x23/0x270 [ 131.558727][ T3992] arch_call_rest_init+0xf/0x14 [ 131.562987][ T3992] start_kernel+0x478/0x499 [ 131.567896][ T3992] secondary_startup_64_no_verify+0xce/0xdb [ 131.573305][ T3992] [ 131.573305][ T3992] -> #2 (&p->pi_lock){-.-.}-{2:2}: [ 131.579867][ T3992] _raw_spin_lock_irqsave+0x39/0x50 [ 131.584346][ T3992] try_to_wake_up+0xb2/0x20f0 [ 131.587573][ T3992] up+0x75/0xb0 [ 131.590472][ T3992] __up_console_sem+0xa4/0xc0 [ 131.593818][ T3992] console_unlock+0x4ca/0x600 [ 131.597550][ T3992] vga_remove_vgacon.cold+0x99/0x9e [ 131.601803][ T3992] virtio_gpu_probe.cold+0xe3/0x15d [ 131.606167][ T3992] virtio_dev_probe+0x577/0x870 [ 131.609960][ T3992] really_probe+0x249/0xb90 [ 131.613735][ T3992] __driver_probe_device+0x1df/0x4d0 [ 131.617484][ T3992] driver_probe_device+0x4c/0x1a0 [ 131.621202][ T3992] __driver_attach+0x1d0/0x550 [ 131.625060][ T3992] bus_for_each_dev+0x147/0x1d0 [ 131.628425][ T3992] bus_add_driver+0x4c9/0x640 [ 131.631828][ T3992] driver_register+0x220/0x3a0 [ 131.635268][ T3992] do_one_initcall+0x13d/0x780 [ 131.638704][ T3992] kernel_init_freeable+0x6ff/0x788 [ 131.642896][ T3992] kernel_init+0x1a/0x1d0 [ 131.646056][ T3992] ret_from_fork+0x1f/0x30 [ 131.648996][ T3992] [ 131.648996][ T3992] -> #1 ((console_sem).lock){-...}-{2:2}: [ 131.653426][ T3992] _raw_spin_lock_irqsave+0x39/0x50 [ 131.656688][ T3992] down_trylock+0xe/0x60 [ 131.659371][ T3992] __down_trylock_console_sem+0x40/0x120 [ 131.663355][ T3992] vprintk_emit+0x167/0x5f0 [ 131.666525][ T3992] vprintk+0x80/0x90 [ 131.669349][ T3992] _printk+0xba/0xed [ 131.672555][ T3992] build_zonelists+0x2e7/0x400 [ 131.676713][ T3992] __build_all_zonelists+0x122/0x180 [ 131.680440][ T3992] build_all_zonelists_init+0x35/0x12f [ 131.684405][ T3992] build_all_zonelists+0x11f/0x140 [ 131.687910][ T3992] start_kernel+0xb9/0x499 [ 131.691000][ T3992] secondary_startup_64_no_verify+0xce/0xdb [ 131.695197][ T3992] [ 131.695197][ T3992] -> #0 (zonelist_update_seq.seqcount){...-}-{0:0}: [ 131.702765][ T3992] __lock_acquire+0x2a43/0x56d0 [ 131.706495][ T3992] lock_acquire+0x1df/0x630 [ 131.710049][ T3992] __alloc_pages_slowpath.constprop.0+0x1ae/0x23d0 [ 131.715793][ T3992] __alloc_pages+0x4a6/0x5a0 [ 131.720646][ T3992] cache_grow_begin+0x75/0x360 [ 131.725230][ T3992] cache_alloc_refill+0x27f/0x380 [ 131.729384][ T3992] kmem_cache_alloc+0x35c/0x450 [ 131.733422][ T3992] fill_pool+0x264/0x5c0 [ 131.737357][ T3992] __debug_object_init+0x7a/0xd10 [ 131.741532][ T3992] debug_object_activate+0x32c/0x3e0 [ 131.745620][ T3992] __mod_timer+0x77d/0xe30 [ 131.749115][ T3992] __queue_delayed_work+0x1a7/0x270 [ 131.754117][ T3992] queue_delayed_work_on+0x105/0x120 [ 131.758997][ T3992] __static_key_slow_dec_deferred+0xb1/0x100 [ 131.763857][ T3992] kvm_free_lapic+0x14c/0x1a0 [ 131.768238][ T3992] kvm_arch_vcpu_destroy+0x130/0x330 [ 131.772564][ T3992] kvm_destroy_vcpus+0x113/0x290 [ 131.776953][ T3992] kvm_arch_destroy_vm+0x2e8/0x470 [ 131.780921][ T3992] kvm_put_kvm+0x4fa/0xb70 [ 131.784505][ T3992] kvm_vcpu_release+0x4d/0x70 [ 131.788361][ T3992] __fput+0x27c/0xa90 [ 131.792070][ T3992] task_work_run+0x16b/0x270 [ 131.796140][ T3992] exit_to_user_mode_prepare+0x23c/0x250 [ 131.800777][ T3992] syscall_exit_to_user_mode+0x19/0x50 [ 131.805377][ T3992] do_syscall_64+0x42/0xb0 [ 131.809096][ T3992] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 131.813194][ T3992] [ 131.813194][ T3992] other info that might help us debug this: [ 131.813194][ T3992] [ 131.820977][ T3992] Chain exists of: [ 131.820977][ T3992] zonelist_update_seq.seqcount --> &rq->__lock --> &base->lock [ 131.820977][ T3992] [ 131.830843][ T3992] Possible unsafe locking scenario: [ 131.830843][ T3992] [ 131.837565][ T3992] CPU0 CPU1 [ 131.841942][ T3992] ---- ---- [ 131.846212][ T3992] lock(&base->lock); [ 131.849776][ T3992] lock(&rq->__lock); [ 131.855572][ T3992] lock(&base->lock); [ 131.860676][ T3992] lock(zonelist_update_seq.seqcount); [ 131.865563][ T3992] [ 131.865563][ T3992] *** DEADLOCK *** [ 131.865563][ T3992] [ 131.872167][ T3992] 1 lock held by syz-executor.3/3992: [ 131.875453][ T3992] #0: ffff88802c828418 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x5a/0x1f0 [ 131.881705][ T3992] [ 131.881705][ T3992] stack backtrace: [ 131.885761][ T3992] CPU: 0 PID: 3992 Comm: syz-executor.3 Not tainted 6.1.0-rc4-syzkaller-00356-g8f2975c2bb4c #0 [ 131.894320][ T3992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 [ 131.901569][ T3992] Call Trace: [ 131.903953][ T3992] [ 131.906398][ T3992] dump_stack_lvl+0xcd/0x134 [ 131.910525][ T3992] check_noncircular+0x25f/0x2e0 [ 131.914216][ T3992] ? print_circular_bug+0x1e0/0x1e0 [ 131.917641][ T3992] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 131.923888][ T3992] ? save_trace+0x43/0xa00 [ 131.927305][ T3992] ? _find_first_zero_bit+0x90/0xb0 [ 131.931059][ T3992] __lock_acquire+0x2a43/0x56d0 [ 131.934418][ T3992] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 131.939461][ T3992] lock_acquire+0x1df/0x630 [ 131.943086][ T3992] ? __alloc_pages+0x4a6/0x5a0 [ 131.947538][ T3992] ? lock_release+0x810/0x810 [ 131.951048][ T3992] ? __alloc_pages+0x4a6/0x5a0 [ 131.954902][ T3992] ? lock_downgrade+0x6e0/0x6e0 [ 131.959560][ T3992] ? __zone_watermark_ok+0x271/0x450 [ 131.964025][ T3992] __alloc_pages_slowpath.constprop.0+0x1ae/0x23d0 [ 131.968868][ T3992] ? __alloc_pages+0x4a6/0x5a0 [ 131.972406][ T3992] ? warn_alloc+0x180/0x180 [ 131.975564][ T3992] ? kasan_save_stack+0x31/0x40 [ 131.979020][ T3992] ? __zone_watermark_ok+0x450/0x450 [ 131.982929][ T3992] ? prepare_alloc_pages+0x417/0x570 [ 131.986839][ T3992] ? kvm_free_lapic+0x14c/0x1a0 [ 131.990560][ T3992] ? kvm_arch_vcpu_destroy+0x130/0x330 [ 131.995505][ T3992] ? kvm_destroy_vcpus+0x113/0x290 [ 132.000157][ T3992] __alloc_pages+0x4a6/0x5a0 [ 132.003262][ T3992] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 132.006806][ T3992] ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0 [ 132.010951][ T3992] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 132.015112][ T3992] ? mark_lock.part.0+0xee/0x1910 [ 132.018945][ T3992] ? lock_chain_count+0x20/0x20 [ 132.023596][ T3992] cache_grow_begin+0x75/0x360 [ 132.026978][ T3992] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 132.030911][ T3992] cache_alloc_refill+0x27f/0x380 [ 132.034397][ T3992] kmem_cache_alloc+0x35c/0x450 [ 132.037475][ T3992] fill_pool+0x264/0x5c0 [ 132.040147][ T3992] ? __list_del_entry_valid+0x110/0x110 [ 132.044893][ T3992] __debug_object_init+0x7a/0xd10 [ 132.049466][ T3992] ? debug_object_activate+0x1b3/0x3e0 [ 132.053830][ T3992] ? lock_downgrade+0x6e0/0x6e0 [ 132.057008][ T3992] ? debug_object_free+0x350/0x350 [ 132.060162][ T3992] debug_object_activate+0x32c/0x3e0 [ 132.064594][ T3992] ? kasan_save_free_info+0x27/0x40 [ 132.068837][ T3992] ? debug_object_assert_init+0x2e0/0x2e0 [ 132.072854][ T3992] ? kvm_destroy_vcpus+0x113/0x290 [ 132.076550][ T3992] ? get_nohz_timer_target+0x1d/0x690 [ 132.080493][ T3992] ? lock_timer_base+0x174/0x1f0 [ 132.084160][ T3992] __mod_timer+0x77d/0xe30 [ 132.087301][ T3992] ? enqueue_timer+0x660/0x660 [ 132.090226][ T3992] ? find_held_lock+0x2d/0x110 [ 132.093236][ T3992] ? __kmem_cache_free+0x2ed/0x3a0 [ 132.097270][ T3992] __queue_delayed_work+0x1a7/0x270 [ 132.101918][ T3992] queue_delayed_work_on+0x105/0x120 [ 132.107054][ T3992] __static_key_slow_dec_deferred+0xb1/0x100 [ 132.111283][ T3992] kvm_free_lapic+0x14c/0x1a0 [ 132.114613][ T3992] kvm_arch_vcpu_destroy+0x130/0x330 [ 132.118332][ T3992] kvm_destroy_vcpus+0x113/0x290 [ 132.121944][ T3992] ? kvm_get_stat_per_vcpu+0x260/0x260 [ 132.126311][ T3992] ? __phys_addr+0xc4/0x140 [ 132.129455][ T3992] kvm_arch_destroy_vm+0x2e8/0x470 [ 132.132885][ T3992] ? kvm_arch_pre_destroy_vm+0x20/0x20 [ 132.136094][ T3992] kvm_put_kvm+0x4fa/0xb70 [ 132.139331][ T3992] kvm_vcpu_release+0x4d/0x70 [ 132.143065][ T3992] __fput+0x27c/0xa90 [ 132.146637][ T3992] ? kvm_vm_release+0x50/0x50 [ 132.150213][ T3992] task_work_run+0x16b/0x270 [ 132.153887][ T3992] ? task_work_cancel+0x30/0x30 [ 132.157363][ T3992] exit_to_user_mode_prepare+0x23c/0x250 [ 132.161109][ T3992] syscall_exit_to_user_mode+0x19/0x50 [ 132.165012][ T3992] do_syscall_64+0x42/0xb0 [ 132.168082][ T3992] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 132.172390][ T3992] RIP: 0033:0x7ff81383d40b [ 132.175649][ T3992] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 132.190307][ T3992] RSP: 002b:00007ffd5f0ec4e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 132.195965][ T3992] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007ff81383d40b [ 132.201782][ T3992] RDX: 00007ff813400d38 RSI: ffffffffffffffff RDI: 0000000000000006 [ 132.208601][ T3992] RBP: 00007ff8139ad980 R08: 0000000000000000 R09: 00007ff813400000 [ 132.215194][ T3992] R10: 00007ff813400d40 R11: 0000000000000293 R12: 000000000001ffa7 [ 132.221912][ T3992] R13: 00007ffd5f0ec5e0 R14: 00007ff8139abf80 R15: 0000000000000032 [ 132.229079][ T3992] 08:44:46 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x80}], 0x1, 0x0, 0x0, 0x800000000000000) 08:44:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0) [ 132.319083][ T39] audit: type=1400 audit(1668242686.769:126): avc: denied { read write } for pid=4000 comm="syz-executor.2" name="udmabuf" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 08:44:46 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) [ 132.341851][ T39] audit: type=1400 audit(1668242686.769:127): avc: denied { open } for pid=4000 comm="syz-executor.2" path="/dev/udmabuf" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 08:44:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0) 08:44:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0) 08:44:46 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0) 08:44:46 executing program 2: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:47 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x80}], 0x1, 0x0, 0x0, 0x800000000000000) 08:44:47 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:47 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:47 executing program 2: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:47 executing program 3: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:47 executing program 3: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:47 executing program 3: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:47 executing program 3: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:48 executing program 3: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:48 executing program 2: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:48 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:48 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0) 08:44:48 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0) 08:44:48 executing program 3: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:48 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0) 08:44:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:48 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:48 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:48 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000000a) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1c1042, 0x0) pwrite64(r3, &(0x7f0000000000)='+', 0x1, 0x4010000bffd) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) sendfile(r4, r5, &(0x7f0000000180)=0x9, 0xe32) r6 = open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0) fallocate(r6, 0x3, 0x0, 0x4010000bffe) 08:44:48 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x65a9}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) timerfd_settime(r0, 0x2, &(0x7f0000000580)={{0x0, 0x989680}}, &(0x7f00000005c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x68) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xea) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000140)={{}, {0x0, 0x989680}}, &(0x7f0000000540)) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$KVM_GET_NESTED_STATE(r2, 0x4138ae84, &(0x7f0000003680)={{0x0, 0x0, 0x80}}) 08:44:52 executing program 3: r0 = timerfd_create(0x0, 0x800) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{}, {0x0, 0x3938700}}, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x8) 08:44:52 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x80002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'\x00', 0x4019}) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000080)=0x1) write$tun(r0, &(0x7f0000000080)=ANY=[], 0xfce) 08:44:52 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000001000850000000e000000850000002a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) select(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) 08:44:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f3, &(0x7f0000000100)={'sit0\x00', &(0x7f0000002540)=ANY=[@ANYBLOB='erspan0\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="000000000000000068f292b845000000000000000089"]}) [ 138.379571][ T39] audit: type=1400 audit(1668242692.829:128): avc: denied { prog_load } for pid=4135 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 08:44:52 executing program 3: r0 = timerfd_create(0x0, 0x800) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{}, {0x0, 0x3938700}}, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x8) 08:44:52 executing program 0: r0 = timerfd_create(0x0, 0x800) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{}, {0x0, 0x3938700}}, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x8) 08:44:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f3, &(0x7f0000000100)={'sit0\x00', &(0x7f0000002540)=ANY=[@ANYBLOB='erspan0\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="000000000000000068f292b845000000000000000089"]}) [ 138.406007][ T39] audit: type=1400 audit(1668242692.829:129): avc: denied { perfmon } for pid=4135 comm="syz-executor.2" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 08:44:52 executing program 0: r0 = timerfd_create(0x0, 0x800) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{}, {0x0, 0x3938700}}, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x8) [ 138.426504][ T39] audit: type=1400 audit(1668242692.859:130): avc: denied { create } for pid=4140 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 08:44:52 executing program 3: r0 = timerfd_create(0x0, 0x800) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{}, {0x0, 0x3938700}}, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x8) [ 138.441669][ T39] audit: type=1400 audit(1668242692.859:131): avc: denied { ioctl } for pid=4140 comm="syz-executor.1" path="socket:[35848]" dev="sockfs" ino=35848 ioctlcmd=0x89f3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 08:44:52 executing program 3: r0 = timerfd_create(0x0, 0x800) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{}, {0x0, 0x3938700}}, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x8) [ 138.488553][ T39] audit: type=1400 audit(1668242692.939:132): avc: denied { prog_run } for pid=4135 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 08:44:52 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000001000850000000e000000850000002a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) select(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) 08:44:52 executing program 0: r0 = timerfd_create(0x0, 0x800) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{}, {0x0, 0x3938700}}, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x8) 08:44:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f3, &(0x7f0000000100)={'sit0\x00', &(0x7f0000002540)=ANY=[@ANYBLOB='erspan0\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="000000000000000068f292b845000000000000000089"]}) 08:44:52 executing program 3: r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000040)={0x3, @output}) 08:44:53 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x29306e421e8da9e7, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002e000b02d25a802d8c6394f90524fc601000064018001f00051682c137153e37024801800ff01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x400300}, 0x0) 08:44:53 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000e9000000000000000000c1030000030000002004000000000000800200000000000000000000808000005003000050030000500300ff4f030000500300000300000000f7ff0000000000fe8000000074cb8af296109f0f0000bbff020000800000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e65747063693000000000000000000000000000000000000000000000fe0000f3e5000000800000001d000000a2000000000000000000000000000050028002000000000100000000000000000064f700000000000000005001686173686c696d69740000000000000000000000000000000002010000027465616d5f736c6176655f3100080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000faff000000000000000000008000000000000000000000000001000000000000000000000800000000000000000000000000000000000000a160c480e474f2ac000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000090000000000a90c000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000400000000000020b61a000800000000000000000000000000005800686173686c696d69740000000000000000000000000000f3ffffff00000173797a6b616c6c657231000000000000000000000000000084000000000000000000000005000000a600000000000000005f0200000000003000434f4e4e4d41524b0000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f500400000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000969a2a6b0000000000000000000000040000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000212f00000000000000000000feffffff"], 0x1) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff84, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d3c}], 0x1, 0x0, 0x0, 0x6c06}, 0x4) 08:44:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f3, &(0x7f0000000100)={'sit0\x00', &(0x7f0000002540)=ANY=[@ANYBLOB='erspan0\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="000000000000000068f292b845000000000000000089"]}) 08:44:53 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000001000850000000e000000850000002a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) select(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) [ 138.551896][ T39] audit: type=1400 audit(1668242693.009:133): avc: denied { connect } for pid=4161 comm="syz-executor.0" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 138.561224][ T4162] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING 08:44:53 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x29306e421e8da9e7, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002e000b02d25a802d8c6394f90524fc601000064018001f00051682c137153e37024801800ff01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x400300}, 0x0) [ 138.565791][ T4164] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.3'. [ 138.571475][ T39] audit: type=1400 audit(1668242693.009:134): avc: denied { setopt } for pid=4161 comm="syz-executor.0" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 08:44:53 executing program 1: r0 = socket$phonet(0x23, 0x2, 0x1) sendto$phonet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x23, 0x8}, 0x10) 08:44:53 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000001000850000000e000000850000002a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) select(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) [ 138.629406][ T39] audit: type=1400 audit(1668242693.069:135): avc: denied { write } for pid=4161 comm="syz-executor.0" laddr=fe80::9090:77ff:fe55:aaaa lport=60 faddr=ff02::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 138.657186][ T4175] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.3'. 08:44:53 executing program 1: r0 = socket$phonet(0x23, 0x2, 0x1) sendto$phonet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x23, 0x8}, 0x10) [ 138.672164][ T39] audit: type=1400 audit(1668242693.079:136): avc: denied { create } for pid=4171 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 08:44:53 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x29306e421e8da9e7, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002e000b02d25a802d8c6394f90524fc601000064018001f00051682c137153e37024801800ff01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x400300}, 0x0) [ 138.690065][ T39] audit: type=1400 audit(1668242693.079:137): avc: denied { write } for pid=4171 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 08:44:53 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000e9000000000000000000c1030000030000002004000000000000800200000000000000000000808000005003000050030000500300ff4f030000500300000300000000f7ff0000000000fe8000000074cb8af296109f0f0000bbff020000800000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e65747063693000000000000000000000000000000000000000000000fe0000f3e5000000800000001d000000a2000000000000000000000000000050028002000000000100000000000000000064f700000000000000005001686173686c696d69740000000000000000000000000000000002010000027465616d5f736c6176655f3100080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000faff000000000000000000008000000000000000000000000001000000000000000000000800000000000000000000000000000000000000a160c480e474f2ac000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000090000000000a90c000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000400000000000020b61a000800000000000000000000000000005800686173686c696d69740000000000000000000000000000f3ffffff00000173797a6b616c6c657231000000000000000000000000000084000000000000000000000005000000a600000000000000005f0200000000003000434f4e4e4d41524b0000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f500400000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000969a2a6b0000000000000000000000040000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000212f00000000000000000000feffffff"], 0x1) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff84, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d3c}], 0x1, 0x0, 0x0, 0x6c06}, 0x4) 08:44:53 executing program 1: r0 = socket$phonet(0x23, 0x2, 0x1) sendto$phonet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x23, 0x8}, 0x10) [ 138.707475][ T4179] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.3'. 08:44:53 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000e9000000000000000000c1030000030000002004000000000000800200000000000000000000808000005003000050030000500300ff4f030000500300000300000000f7ff0000000000fe8000000074cb8af296109f0f0000bbff020000800000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e65747063693000000000000000000000000000000000000000000000fe0000f3e5000000800000001d000000a2000000000000000000000000000050028002000000000100000000000000000064f700000000000000005001686173686c696d69740000000000000000000000000000000002010000027465616d5f736c6176655f3100080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000faff000000000000000000008000000000000000000000000001000000000000000000000800000000000000000000000000000000000000a160c480e474f2ac000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000090000000000a90c000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000400000000000020b61a000800000000000000000000000000005800686173686c696d69740000000000000000000000000000f3ffffff00000173797a6b616c6c657231000000000000000000000000000084000000000000000000000005000000a600000000000000005f0200000000003000434f4e4e4d41524b0000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f500400000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000969a2a6b0000000000000000000000040000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000212f00000000000000000000feffffff"], 0x1) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff84, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d3c}], 0x1, 0x0, 0x0, 0x6c06}, 0x4) 08:44:53 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x29306e421e8da9e7, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002e000b02d25a802d8c6394f90524fc601000064018001f00051682c137153e37024801800ff01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x400300}, 0x0) 08:44:53 executing program 1: r0 = socket$phonet(0x23, 0x2, 0x1) sendto$phonet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x23, 0x8}, 0x10) [ 138.735493][ T4183] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 138.742199][ T4187] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING 08:44:53 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000e9000000000000000000c1030000030000002004000000000000800200000000000000000000808000005003000050030000500300ff4f030000500300000300000000f7ff0000000000fe8000000074cb8af296109f0f0000bbff020000800000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e65747063693000000000000000000000000000000000000000000000fe0000f3e5000000800000001d000000a2000000000000000000000000000050028002000000000100000000000000000064f700000000000000005001686173686c696d69740000000000000000000000000000000002010000027465616d5f736c6176655f3100080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000faff000000000000000000008000000000000000000000000001000000000000000000000800000000000000000000000000000000000000a160c480e474f2ac000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000090000000000a90c000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000400000000000020b61a000800000000000000000000000000005800686173686c696d69740000000000000000000000000000f3ffffff00000173797a6b616c6c657231000000000000000000000000000084000000000000000000000005000000a600000000000000005f0200000000003000434f4e4e4d41524b0000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f500400000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000969a2a6b0000000000000000000000040000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000212f00000000000000000000feffffff"], 0x1) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff84, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d3c}], 0x1, 0x0, 0x0, 0x6c06}, 0x4) [ 138.745604][ T4189] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.3'. [ 138.784802][ T4191] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING 08:44:53 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000080)=""/4096, &(0x7f0000000000)=0x1000) 08:44:53 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000080)=""/4096, &(0x7f0000000000)=0x1000) 08:44:53 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000e9000000000000000000c1030000030000002004000000000000800200000000000000000000808000005003000050030000500300ff4f030000500300000300000000f7ff0000000000fe8000000074cb8af296109f0f0000bbff020000800000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e65747063693000000000000000000000000000000000000000000000fe0000f3e5000000800000001d000000a2000000000000000000000000000050028002000000000100000000000000000064f700000000000000005001686173686c696d69740000000000000000000000000000000002010000027465616d5f736c6176655f3100080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000faff000000000000000000008000000000000000000000000001000000000000000000000800000000000000000000000000000000000000a160c480e474f2ac000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000090000000000a90c000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000400000000000020b61a000800000000000000000000000000005800686173686c696d69740000000000000000000000000000f3ffffff00000173797a6b616c6c657231000000000000000000000000000084000000000000000000000005000000a600000000000000005f0200000000003000434f4e4e4d41524b0000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f500400000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000969a2a6b0000000000000000000000040000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000212f00000000000000000000feffffff"], 0x1) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff84, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d3c}], 0x1, 0x0, 0x0, 0x6c06}, 0x4) 08:44:53 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000080)=""/4096, &(0x7f0000000000)=0x1000) 08:44:53 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000e9000000000000000000c1030000030000002004000000000000800200000000000000000000808000005003000050030000500300ff4f030000500300000300000000f7ff0000000000fe8000000074cb8af296109f0f0000bbff020000800000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e65747063693000000000000000000000000000000000000000000000fe0000f3e5000000800000001d000000a2000000000000000000000000000050028002000000000100000000000000000064f700000000000000005001686173686c696d69740000000000000000000000000000000002010000027465616d5f736c6176655f3100080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000faff000000000000000000008000000000000000000000000001000000000000000000000800000000000000000000000000000000000000a160c480e474f2ac000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000090000000000a90c000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000400000000000020b61a000800000000000000000000000000005800686173686c696d69740000000000000000000000000000f3ffffff00000173797a6b616c6c657231000000000000000000000000000084000000000000000000000005000000a600000000000000005f0200000000003000434f4e4e4d41524b0000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f500400000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000969a2a6b0000000000000000000000040000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000212f00000000000000000000feffffff"], 0x1) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff84, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d3c}], 0x1, 0x0, 0x0, 0x6c06}, 0x4) 08:44:53 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000e9000000000000000000c1030000030000002004000000000000800200000000000000000000808000005003000050030000500300ff4f030000500300000300000000f7ff0000000000fe8000000074cb8af296109f0f0000bbff020000800000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e65747063693000000000000000000000000000000000000000000000fe0000f3e5000000800000001d000000a2000000000000000000000000000050028002000000000100000000000000000064f700000000000000005001686173686c696d69740000000000000000000000000000000002010000027465616d5f736c6176655f3100080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000faff000000000000000000008000000000000000000000000001000000000000000000000800000000000000000000000000000000000000a160c480e474f2ac000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000090000000000a90c000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000400000000000020b61a000800000000000000000000000000005800686173686c696d69740000000000000000000000000000f3ffffff00000173797a6b616c6c657231000000000000000000000000000084000000000000000000000005000000a600000000000000005f0200000000003000434f4e4e4d41524b0000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f500400000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000969a2a6b0000000000000000000000040000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000212f00000000000000000000feffffff"], 0x1) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff84, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d3c}], 0x1, 0x0, 0x0, 0x6c06}, 0x4) 08:44:53 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000080)=""/4096, &(0x7f0000000000)=0x1000) [ 138.947005][ T4203] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING 08:44:53 executing program 3: io_setup(0x4, &(0x7f0000000300)=0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$key(0xf, 0x3, 0x2) io_submit(r0, 0x2, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x8, 0x0, r1, 0x0}]) [ 138.969312][ T4206] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 138.970071][ T4205] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING 08:44:53 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000e9000000000000000000c1030000030000002004000000000000800200000000000000000000808000005003000050030000500300ff4f030000500300000300000000f7ff0000000000fe8000000074cb8af296109f0f0000bbff020000800000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e65747063693000000000000000000000000000000000000000000000fe0000f3e5000000800000001d000000a2000000000000000000000000000050028002000000000100000000000000000064f700000000000000005001686173686c696d69740000000000000000000000000000000002010000027465616d5f736c6176655f3100080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000faff000000000000000000008000000000000000000000000001000000000000000000000800000000000000000000000000000000000000a160c480e474f2ac000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000090000000000a90c000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000400000000000020b61a000800000000000000000000000000005800686173686c696d69740000000000000000000000000000f3ffffff00000173797a6b616c6c657231000000000000000000000000000084000000000000000000000005000000a600000000000000005f0200000000003000434f4e4e4d41524b0000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f500400000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000969a2a6b0000000000000000000000040000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000212f00000000000000000000feffffff"], 0x1) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff84, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d3c}], 0x1, 0x0, 0x0, 0x6c06}, 0x4) 08:44:53 executing program 3: io_setup(0x4, &(0x7f0000000300)=0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$key(0xf, 0x3, 0x2) io_submit(r0, 0x2, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x8, 0x0, r1, 0x0}]) 08:44:53 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000e9000000000000000000c1030000030000002004000000000000800200000000000000000000808000005003000050030000500300ff4f030000500300000300000000f7ff0000000000fe8000000074cb8af296109f0f0000bbff020000800000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e65747063693000000000000000000000000000000000000000000000fe0000f3e5000000800000001d000000a2000000000000000000000000000050028002000000000100000000000000000064f700000000000000005001686173686c696d69740000000000000000000000000000000002010000027465616d5f736c6176655f3100080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000faff000000000000000000008000000000000000000000000001000000000000000000000800000000000000000000000000000000000000a160c480e474f2ac000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000090000000000a90c000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000400000000000020b61a000800000000000000000000000000005800686173686c696d69740000000000000000000000000000f3ffffff00000173797a6b616c6c657231000000000000000000000000000084000000000000000000000005000000a600000000000000005f0200000000003000434f4e4e4d41524b0000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f500400000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000969a2a6b0000000000000000000000040000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000212f00000000000000000000feffffff"], 0x1) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff84, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d3c}], 0x1, 0x0, 0x0, 0x6c06}, 0x4) [ 139.104583][ T4215] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 139.135382][ T4219] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING 08:44:53 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000e9000000000000000000c1030000030000002004000000000000800200000000000000000000808000005003000050030000500300ff4f030000500300000300000000f7ff0000000000fe8000000074cb8af296109f0f0000bbff020000800000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e65747063693000000000000000000000000000000000000000000000fe0000f3e5000000800000001d000000a2000000000000000000000000000050028002000000000100000000000000000064f700000000000000005001686173686c696d69740000000000000000000000000000000002010000027465616d5f736c6176655f3100080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000faff000000000000000000008000000000000000000000000001000000000000000000000800000000000000000000000000000000000000a160c480e474f2ac000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000090000000000a90c000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000400000000000020b61a000800000000000000000000000000005800686173686c696d69740000000000000000000000000000f3ffffff00000173797a6b616c6c657231000000000000000000000000000084000000000000000000000005000000a600000000000000005f0200000000003000434f4e4e4d41524b0000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f500400000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000969a2a6b0000000000000000000000040000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000212f00000000000000000000feffffff"], 0x1) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff84, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d3c}], 0x1, 0x0, 0x0, 0x6c06}, 0x4) 08:44:53 executing program 3: io_setup(0x4, &(0x7f0000000300)=0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$key(0xf, 0x3, 0x2) io_submit(r0, 0x2, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x8, 0x0, r1, 0x0}]) [ 139.228720][ T4223] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING 08:44:53 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000000)={0x70d, 0x8, [0x0, 0x0]}) 08:44:53 executing program 0: mkdir(&(0x7f0000002100)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002000), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f0000004340)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000000000)="9eda438838743bd4e9720bee57093515dc189a5ea685e9556c1c2c3cfc4df50d66d31a48aa312663b68d18c5826b5b55fb738208863dac0f10f423aee7a5d8ddc45ebdfeb7424bae859d7c37ecfc4b63914d5a56d91017dd22bc84f759a15969951aef9d5c88c96560896988fa18cd946cfcc3a0f1c993348377904eac32c980bdf7976ebca2b499cab63c4e841514277fc71d4620e29a92523402485de0e82896484c0ae497a4d686df23ca7b68c3fd5e624d3510d7f94838e54af877ca58a00c5a672bba11f5aa1ed1980dfef47b9973d0bf456ded5e72f1702b3dc5197fce39cba53a038d8dc0ec783ce70577107dc5e8b299e64a0b7f1191f0926bd25762370191710bab2f44e9069f55f8a3f87e4cb488a2fb3348c0bf3b3874291f83e4776b160ea73aafa3919c7c069c73c0052173a63158db8b65541d161f9c964926ad7f06bdd6cb6a32135b04e35701c2e13c49c1f75dc7a25d623378860692d172ec3f1e1f2d9dc77c015c13721efcb101c2390abb847e871132f472a37cc0163b39b1d575a5444e246a08a1afb1a696cabab29498a314429a3b9f44c43ba29f71fac1fbe0d01c3c16d22730932704bcfb0c1b7a432bc51dd3f5dd5afc3b342cbe6a6ff899039e28f9a51881b1d46fdcf31767cb6f5c5c69ab3c80615d77c4d1664fc4ec831b8cea2e752bbb7a9ce79df875b29f1e232751daf32a1a0c4ff8bd0688e2b8e2d668b8a77e20a9eb6ec2e2c23b94e507baeacbcfa31fb6e1ca3343668f43e3aa6d85e7c29bf0bb4dbdabddc92be7f4a6f5d21b19e6da17bfb6cc926e3847532fae29c7b62fb909130ec372d3c16cfe6aaf3ce2af0fe7610fde7aad61bc80d2f96b999c8ccf6d22cf903ca8ae8b879ec4a416f334982e9810c0140a18d4dc81b5edaae23e9f4abaf40ed71512aebbba5bb251545e188db789558a845a2877b14bdaeec3c738b7d730c0860531bf5517d4f0e8f95ed3571f8a35816d5116fcb8d7cbf42b7d5d5e65541508c898bb2e0fe96297d2ab7135662de39df099ebaed5871111f5346278cee5728cec512e6c0a0d65b51e3d627873195b84103341c2bc83b6c8fdd8ba17f5957413f61c69d618c9b9d0b1f08dc81921b6c662ee1da3bfa019b095e9a03c2db4d645ccb7364e895098cbf7d932c72d80663c7a1694d122f7348393079223c11d36c64a5856eae0397ab9a9d948204b74e56525a9d552dd0916de81cbb5af3c59b3d7f8f9154423ce2cb45a5bc808e24bef13212019a19545fe54ba84d01534358380192b8c7b0eda907810375bb66a578a58fec392b47991271c8367b91d710e8a176bc1a4e96f0e137d4c25fbb03eddc392f9f170dd744472b864fbbae7c93d86e682308b21b73c5652065d72cf02e1152b44024a90a3b52eb0bb3cb412e518d37a68aa4c7f46789c54ab30d3a73d0a8712fde612294cda2aa1ccf164930b9b1d17801d4fbb06e849d39bf2b5141330caa0d2618b616f1c67e1ca57080e79ed9092ba7a55e8121cfc825cd26a0199a479a7ab1b7b23d2a4dd82fa6d04ee41ca680435efc934f0451e865e8632ac2f1115f4cdd33b0fccb7a2326127faf20cba37c828613dba5a98f4e1ad25eb6b91078cf73d873df9ef91531476f64b83559ff7ccdc4c070d478b18196ea05fe8d4ea0216ee5273dfabbd04582f40f064c9781afd2cbf30901f28cd09cc934f1b2d50883778274177e3dba8af0a1b931d80ce1a6c4085780ea2195b65ecfd2953f78a5290fe560d0cd6a5e73890a5a82dc410b92a3ef2be05ec5607820fd4ca6b9c3aa258d59022fdcb21665f1ce4e8aad8fd918c43bd3c2afe3dc223ff9f48831d401c8b6996190793d1dd7551f8511b69283992398d8f9b4bd2b3398d3b8c6f3c5d8b802ca5282b70242df2b7be4b38e70c3065f8da888631375afcc05ce578089c4f783776b286b7a60d1b5e189e2742a3240c1036a953d886885422eef01413c38099b64505fd5a73488acb4e611820674c58ae74d6c64a885d4beda9bd7903bcdc71e3711e2a057c0eab2100c321050ab14c6e453c53182577ad3178603cd9afde40a701120e9a36074fd582428c74e02781318e6c65450f8f020bd22475696fe13b8c59260e53a06d16eabd135e887a0a6bbc8ad21be7661df76fec5b13844f68b8eed1a7379713738beac9f23c7a26520e19797a910cde9fb285179526889b908b7eb49bb06f70f6271fba8712c1a4269ebcf4b7d043e924e3d2c4c753fd7e547d95841e335179836f76424e728810d7f32b78256ea30c79d9238a6588426e1f2d4c0b03d5605bd826ed24f0f11326b4cf958632b86e017aa80e142db1580c44f76d9c98196f3f6852ab2bfc6a01a3553a130c2d171957f5a45c3550fbbc990ef8742a98a86b280a57b9f198ff436bc01161ada50e6f23026c3254adf2321bff7e20aa54080bbb57d8d52c6a6df6107706a2e5bc6da68f17b474c0edd39401d765086e885cf7992405f856557915603cbe8894676e996bbadbb649a5e7498b91f9bd2f697dd9ebbe4d386050258b9f4c94781e61c660651c3f1e3ae51f8c035eca365bf15d6db48ea9ce183515f4a208d010f7c23dcacbd6e225490d7e9c133525f5c9018d752b21b4897bf18b64b6a9936f538a0a8958fc934440aeeaad2b68ac844d76f0900a6c95bd0b353d85d4fb62eb88360112237fd8c636a80e3130b21d66ae8ec58a4b76cba0602f96da919f7e84fd37e3ec2379f58e389a39c78d2482e03c379e3c4649ad63a76e3707ecff07d2fcb0c9dfc524cab49e69a09c92e4f88714335cb57d3f6184d07bef9657280fb5c9fd2d8f940f7ac6c5407e3077aa2e4ba8e217e0ee19e302d6d90e3be05a86dade35d2e454e511afb5cf5936f1d11f2fa6be6ceaa817dbdc7a6aabf2fad8ff3efa8382a25099f0c5989d2ad56ae0f4968b2cfcfc67b4f1c161c75900b4848f59a3c0376dfcb7997bf28e9e85d6dd942a360516de38e1c1a038a796f9a77ff2b0c7e5e8f4932391a0e58e76dacc6f9764178a211dfde3e75d367d2911ff398126ffdf83cf2fbdf1ad5232bed9155f7a168638a572094a9e934d4969b358cf6e121d7fd2aeae2f499068b42c152f0e3403a230885d6f92f038ddaa23499f804ffb06abdbabb51f6c38c92fb1a6271a4b13d6d11125b8ec12efa5907dc65062797fb9cca15e2f254e76b182d3fcdb4e96ac4de36d6df7e7bba5c32f422286b1be3b79bffb6fd693761952d195a84ad9ceb07287a0fbefab9e0347b513c5f60233ccd4b52d90ec144a2f896d9dc7f279f8aa93038f3efa286e1c3006933a4d7183d952f8d28b141b28b2af355b5bd8198dfde1ffb8d09202aff0d16ca3fec194662892a49f829813970a4520f1228aa03d211a45bed3b2e05bf1f10b1a152761e7b6c6ddea863a3c02224256092c70ca70dc185c4c385dd98b09e2682661e1e66f71d9c4037048eb70e8a1cbe57de87ec43713abf5fdcf63b9c482f318e3bec37e878dadbae15a02d731e6c8574eb14c059d72f73be5174add786d06b585a28a06d349d8e434a491b34897b3c1ad786ec8280d7f57edd4fbc6aea5485d659b59d393e331cf91e6ed76f340fcf7cf460892fa7318fc42b883f61d888ad982a751accb613c66661fba5f3d6de751a6a9ef8a4700316aaad04e991aab7903f4ef012ec2a8c092234e74ef335daf360ae47bbd2bbc6ad8c1a4f81efe8bbd703cb55ef36b32b4e30cb5a3b165c02ba295d0e1c40ce6ff8f479a74f01275f113ebfa8ade37a59ce70e6ca2a6f48f1be085f61bf772e2c2da523a2cfe63e99c57bdb1ff23139d4fca49eff7547e9880eefd3f7511a677efa23b52098ba89037c48dfcda2e8c1cfb9f892161049e53f8cee55256279512aecab8c441600dae0fd957883273047cf5c66ba209f830aa2ce0cbe41ca08c0cef4aed7f4324009200661a7ce680e5a8df2d051c1d8b2f63d25d8d74d05c75c46c8f3f24d625539e63459650960498a54ec3b16225bbbf4d3930009df265839d72611f5332a904cdebada108236e4414a2909ad01ec44b9d7f75de4385ad7ca5152e890a0919b3639fd1bcbca3b737ebb8d9ae541b1271cf2166ba15830e66f3d3afd3b754a7f81ad4f0999704ae99c114907c5be4a4797f13b80564f234723a34dbe137dabfd7fa23562df679f54a6ab54def6d63deae9844f72fd73efd0413551f5c4b9ee826eb3b7faf92a59ea34a16723b4fea14d1c8815a4e2d39fc48d1dbce526a7c53f5a96d0ef6463a0cee73fd3505f5c764a264b83c4a21f80e8b61c82d24442d13da99d18dc1b2538e7a510f6093d9ef2bc5cc777d4f98411e93919eddfd69d6e20d227cb61c50f358ea227f4de941fb080c1cf6b1f6e25533768fe133dbfc3f9d29c603bed38aa3c5af5b81a706b0067b40b88f992610d04c7cc36b8f649697cd6a93fae51138161891ae75a7147780fc59af5a6e18c54f9d2a4fe7fa92314b399afba9a40d0cc24f70a2593acf8d179215e06b7a9a88224bafcb2cbf60caf5fe4ff38208a70793b5dc33cd572956260e1c86312d3ba9b3a4b2b44376f2e78c616a6c0880ac8dcbaa30b9f761d500fd03a8518dd0509157b184a2d95e0caf3ffc8ac2db6c54d80c71a1e5b9ea3bf51071e2118af204123daceeb04e4f6f31f32a4d3fbb76ee49440cabda2c121c1b99acab5b87cecc37c3f9066af34ab29d6598bbfd91047a2ac7ce3a8f3027ff5e6d743506f161087278896a98ed37122ba208b61cf54d3929555ab06b564cd5e4f46f4755a6cfa2ef2b30d29ea66f2749d4060d411fa9160c91b6f55cf071ac8222c6313df18759e2958cddfe3db4cbeb9cd39abcf5f0beaecae8437813995cb7ed0b87d42ca942ff7245ece204798d01361c5f008e0d82bdf76660515bc78f7f8f409ccf68614b2cb50f5af2615661326fd971bc57eeeade60ea906b8df1cb0dfafd318cd2c396309c329d0469ca192aa8f51d7c4227685440f073983255baf054b97b9d7be1d1470d7eabd5c09b2116b4e86b0567b7e97e088717a4fe3dbdd310a1c39136ea4d2c47492001f9885dba03bf97e7da376171d666441cdc2f999db137603d57df32b4260fa0165e82917bb1631ea314e7a7437e66fc68cef22cda8f456d6e583f6e3237e0bc79987a9103f7cf0918e26881f67ea582e1ff3a49177599d385bf6e42572a2547933aeddb826530e9adf30dd84c3a7fae5c4c26f6c6f3a9f0906decd314e2407825abef959c5416d18a92ff34e6c521a16e8a0a29937c77d4ee99b41d530a732acbe0bf5d274df9d496b47a9a624546bdcf9976cde12ec989cb2a70b33a7c8a3a77652023164695f9db30dfcf587f0cd4f73e385730bcbdd688f6dcb08ba0efbb9f579220afefa4acfea522e864fce9b1782ce9f14824d16e9d33a2609c23ba3c5a1af02549357a0dcc12e37819d778021762cf895abeac1125b744c8b8225a091e7be9ded9993cfa3ca9abb83e25c8f559009977a2ed9374a89619fae5ef6d164bb73d242004dc8428e44689b33ee3bbe88bb4962ab0a32a90e7aea044f08410752cb2d7aeaf3196648a3a99092665b478bb394b48f79b36db0efc7f50d6a5179c945f5298cfaac5e5dea715296f92abce7281d48a0c9c6b785a35ef5f1697c047ddb254fe9a8ab9f498b0c1ae09ffd01a3d8d427fee7e36c51e0e5c2fee2245fb8464626ab5c9857ebce91f7d22bf024d10c2d71021cd69268472de419e6cefd970cc3a8e4d1bbe6496799aa7f100411766e712aff08b731460f14f9d7356db12cf8e1c6121968dc68b1d81c086b325ca4ce6fe1f476707e08fa913144b757c6be17cf93150db29544d207f09a896f33b7335d9339215da751e7af2c6bdd19db6f521af2c8a5998dc607f97026d07111488741134c1c86eba123273d1fd5ee4b471e86f9ae9478a04c7482076ab34a1eca5c64f89e5106eed44bceec019c67c12fb4db4fdac153f4ac3b63ffeb6d30de58ec039e2dd3c181e254cd94d0a2b0b44490384cc5915b54ee1db2b6d059879bf8126c9ca976d0f7862da07ecd350930a081810a7afd72b2ad3f65b96ae9c7f91227a2b5513a559f36b90fe01be9ae5ad3ca65e2c26f358fc26b858a3633fda7ae49a5fb705220a5819b3cca41b1ccc21d7c40f5fa9c422288efa5394e4312675899d704a2aab62b8363f58fd4bc12a8bea6ffc45b4414237bf5f019321206dbba439acb5ef26641f30fdac20f964354bce94e4c9d73e137f9806deefaf6f4acaa0e76ad4fef9f6cb7fc01bbabda9612c05adbe46afcf94819e8a4b4b49ff764784fa432d47fb6d4230900043d1b4521cd6839fe8c5df4d1899fdfb13880e207cac73f0a29020bdd563bd9c2f6bcd1ec523b3e03ebf6164fc65af001830c51396f9df2d346f83a59cfc82201cf1150ea57259d579fc2ed199b3fbe42d5188c84e4354610743e5b23a265246313cc63913f17412fa00d98b379b80b96d936969572e11316bc8926cb23115186f3b2387b82c3898fa41bf16a308da62d5a3eb3609af1943fddde08a4036eb2a41b7292caad9eb082614b02a1fa255bc7abd4d0e3b4ec1801e131e68c7aa9da1a0ff10f9de87dec8fad1ad8bfa99caa49e203a7b9c33e044d4544a537471e7a452468b821959bc488c6b8cbf81e90081a26de273ad1203cc06adb6af242ab19f96c1c66b58c37e2c9309704fba63af99a8d9c5efc651afb631fe9f546b938cc3b8e526c4159e5c9f7afb29fd1d55fabf09367ce2a63a35e7a2062d1c772ed981fd77157a847f687a177cf9886ce41df8cc509302b46bc1e2ba896b1c1656a1bbfdf4cd9ac39cf8510d1c823075f16550fd044aacc8d42a56f03718f7b18475cdc3999faeb25ab3dd8a807ee04d8e5d831d08b4e309dff50330685138797e10c6362636f53f22bfc1f3d5090a5d369282d9de36bb4e2505411ccc6ea395afa1567b15a2fb4be2adeea7126b1a8e80034105e0d98bdd78e796ce1cdc06a4ae666fc0baec5c52614340ed997673e26ec47c88846c000bb7c9077337cd44f5c041fdcc64986e5e1c0f488148f0ee6f842c44c0b72e82109270341bba6e9080b70fcf930d0f10be5a36798e70111fed72727b72282ff164fc08319d74f1f57cde71b57cb397a9e753f87b97729bafba017a24cbfdee5dfe7fc296c112e93bb8fce560ca80a3afd8370baaa79ad783b51352b5440b144a47378c9ae22eda5794328e95bcca220fd07bb56915529b155c61858efe89ad36a79288e74c0e251addcfaf797432175a5562b46eff5e3aebeb74623e18beef85389383c604d8884431b07dc4bea0174aadc337ff41f558a63f16690feae47efa2a5d1318b7397e1e4ba398727d286791b71610e1d78d32800e7e113c12abf0f60b6ca4401ecd23b7aacd990633b2b017daf6bfef1b2361ece74b7dbcbb1a73d4bc1f9d2e5c9fb0b7980d25cc44d1b10c09ef5a6a05c84669294a5cadf0cd88ab449f9f0bcdd8c48590d416c5c1feaa494a2145949c2a3373df7c6014225f2745bbeb20ff294d22c0d96ca111e6926946207cab56a03162a49e68968e398f70690188ee3ca847ef421742d60b9a6ad029e8a3d607950b2bf8ad8ff297cb39acc94905635770436e134435e28205140331b5100d9f64469792fffac87bca0835cbc617446ff86a7b50418c305f32e658b32130e491e38709fd3697017ac8084cdf1ed81a28375aed092ab4e32ca88a933154dd3a9e99351acbada926b67b310c7070ac1a414a28c5abfe1f45476249a12f18ca2d981528d881ed3c5072e46a6eff3cdf37dcbc89c7f79c88a1f8d15d15beb66a0e4440c7b93e379c4e2bac1d5c8e85f1852887e2cfeb178fba1c67dc2adb0c87df8ca4444ca7f455509f492effb5001328b8cc696e2933207a2d78bbce8562ca34a248193c914406b161c8141479d891b0c6110ec1e25cad38299b489f2ec437017cadba67dcb58abd4933c95b3526f1d4747b8701a7d71e446e4b62e2941d4281faca0cf22914be5aad80f47100000000ceb24e82508fe55a92fb6db70d03d1c1ec09cfee31639341756a4630a0eaaecac7bfbddf9d30c42cbd45eb181d5bd341307ad26f496bb042e2b655c03ac3dcc587acbf50f79b5c239be9938b62d3251b199f8413b020605d5d0552cfd9c39c9132719d6d0a326b000e12fcb51bc274df79d11430060d05978cdd50583f1bca82c57dbee605e2d00fcb5414af13a596d35cb5ba62de6a28cbccc857d23547b1c7fd5ac8fbf6758d5b8451fa46d9acc00344dc2e565674b1dd3547eb8f8aa5fff99042f8d1d59e6ad2f53379211e6832fcb68f5777eb2db85b28f724f4e4ce6342cf55713ff7b0cb4f7f47dd12a6566b86709eaefae024373267ce72a89e7f3e42ab48edcccc96b5d0403fe93a927e5ccf470014f220b8257393226cd7b996f20e6a34f81206733a9fdce03b701943c1b560d3eab68c2c225cf7f7f2b56123be2bb173e9e5b37f4d3348f6b987764ad07c2acd44514ff264d7eda31e5e517a179414841ad4553d51c08f435e05f10aa82d74b97a9ba3a133e6c9175fdcd4f3dc9c16d3be1d5bbaf13240177081ac1d56681bfa988a93af09868afd608520c0bfd71d857a6661fdaf6f2e166987eb007449dd26334ae932c5003fefc0f983b9e49cbfcea325f2de16a9ae935caa46f5b3433957fb370971ed957f138f08a60fed5b84995e428e7ae7d5c22021ff016baef0e713a118344c016a99ad469313ba7f2452da0dd82e019f64aa229cf80a69b3e08ac5847f10d247179855546313232f23e055c2f74ecef14e0fdcc29a9bf0976fbb249bd5c7903183d2a53c70960a183630e7d4928daa7091a85ad987d2a4a5b8f6be6612fa72d9fbb33c67bb38eff19f2e784f94e0354cf6d35a5b2c62233c039de3734b38e97ec72bd673fef09fd56fec329818cc68cdf12cb52f7d37a8350c16e94208880bfcd3e895d7aa4489e3dd15db4a9026f0d2a46f1e89c35845dbd976a1992b87c15a0c7580e6424b8792a7bb7b933d7c5433d4133ba4dbbcf7995d6ed3feaa32f876a287feeb9cc6107778c1f83e0119d980b9e994c2a3ae3de24a103efb3cacb746b49d1ad85746b233ab4aaf0e988ec2a786bc93f32040d3bdc3008031634cdfded5ac95b2279e096243228296591e7ba53c4a127772cc4620e6b238ccad250629194533d0a669ff3366c52d64928693e0b0cbb0b8e2c6029089d4dfe2b4b6c5dcd85f1a02770611e65001e48a32a8b0431a3b9d77fa3a95be38a0436a704c05a8e0183f3214c25531a63796f679bf72885aa766468d42b2543542d7e82544efc5c5e81e6a91a0f5d4e68000cff687d63e45c9a11d4ef515050daa592c9a828ac7c0488e7cdb3d6fdaef5e9176ee68d981ea50d386d74df3b40660351736deb03bfceb721878cf9894b0302df15964242ab6b9f77f98ba1c7993735983d2b022600ab74a19e3636e1400d08ba45d3a5c2774cb06a1c358bbfc11d27efaf7ca53c2e7757c8c76da24707d91a4a5244262898d68083ff91c514d9b9b1ebaa0cb0b10254fda1b1e82b9a1a47f117b5b280ddbec1f6732d11117ef1a7a674699df87fe795d1243cb9c4527e364e2b711b6562a87fafc130ce0baf1701686639b05f0c8dc708f008b1e6ab89e8d623bb83f3d54b7bcdbdacd055ac4eccbd36bbe0af0f65a00e3d6dd985ae8851d176976cfb5816d1fc2a63d3546aecaa4e712ca6961d1f181315d553de6b53485faed0dcfcf819a1ba3badffe797377d3d1ddaed8e7a0acc0c3d277762262a139f94de49faca167b11bf04f2104a5ab9a73367a6461f7124c91a2c4229ef98e6ebde9aac283c7d029400d71293f488ba169b62c1e94689cf5b248ed4aea62b88d65bb764cfe27d5231a58486e7381df518f4ed81cb905108c54a5050a94ca0e94da20d3794bc5fab9127dc95b6404b1e27b4e28136fc27806f7be798444c33aca88ffd45b860eba0d5033839f5a092863954604f1952bd61dad23b11643fe14f3ade08116aa2c13eee701ccd13e506bd65a1060bf69579aea8c8143cd38c0891a3065f251eba0c20ab9c69ddf28e3bd6400cc203bac8de1882239ad4e1b97b0ae2f1abb7bac7c0d8ef82b97ebfb1f5577f06a3a1377b09ada4db87d342f20ab0eca4b9c206042471307511429cb57a578211f92d3647189861cad9145f5eb26ab696abe50a2a6c1b469df97da28aba4e79b586c348a430f5ea61c4be1032fa61d18581f05a07fb8707c8996e0fff1c3eda59b992687fa12483b9327e10224b20d42e8b3fc4670bf070ced602283273d6818acd1f6da567c44d3f5e1377065d43d87d889843ae48e7fa8ba1634815695b8c480ca271e6e833799c70da80fd79acc09b989667a2294de5da73f0363df9a33ad4dab8d27cf7bed0a06838672e3d07d52b6396e9b5576021d5e925abd533bf161c944795065fdd44e8462e3070c479f1c118276653488dd9b2f1a673f8cad3612ca1fab4388ec9c8f834a01a499adb7b3a9a977672f6d75b41bbdd7f91ceb7e7a88568d17bb432be9e4e96e115075bce197ef4754d2914c2c59e2d7f4c08f0dbe34d31f229428f211bf1d7e8f5c319ed4a8273cb6255eb318851ac4557b0278fac63107a54d407c42f300b843a12abd3b893b46c7efac2e388ab42b87aebe2543bd4c15f459bc50aad10ffe1c1196fb52c26e54bdaa7fbd52451f207ffb073ef4b3f71eedd7da40c89505019739e3fa733bcdc84ff4919e8fe2358129ef28291be1d6426b8bafe88463b1d3cd7273745381c7f65221898e6ad361e88b24c54ccc7ac9a830145b6dc096e2d71ef71ec4f03524cb870b724e08d223bdec2f6fdde6200217a13b5136004d455d66547f5a1793e0cad85677d49e5c558852107007c8136812cf021afaf6f7e8f59883371be46cda412dd9c6fcf187c31252ceb5758901d39cd5355ab386d9a7fe6ea46ebf277aaf809c3023211ea9aa189de4d422080ebb9fec50ffab6b95ba4ae5018accc497e79149ed6047ce561ccc10e9194cdccd5c9fb75175c8dbc9d0a916ad59288f010defbbb50d263041ab37aac0f93253bef6f898cd0825d99d27224f26181f9713b8979da64756c95e7505f25a2688960d6155c3613dcc31b6c337a6dbfc6b12cfde1db22b93bbd5e48534fb0bda8b212577a14dcf665c834b0bd24e5f624d2455fe048dbe930328d7cb632db3b0e244bb5d43390b420b15157a339487fc78976f867d3a361aafdd3f50a93c01882da7c220089a544381db22e2c86b228dc2be01820468460437588952a549d37498e529e62aa62bad1580546bcb1e9a6ed1870b7838d05d12f6e3a041e78b1bdb80894626f20889ccb3a468aa4fb24b9c87cbb28623ce59c6b3c6286db366d08004551a25fe4d8d194a2bb7c52e1c85a5fbe4cb15b171489da121bea1c469a6bb185d63213084e3a81ee54dc03a94dc5ecdda7bfaad1df68021aaf4627c9d529f13e5c81b5ee4dd228949ca16b9a61d186211d153294470907557e5e14ae665013f285fe4d3766e7b3d8ce5e2a14692072d4d8f79354bcc8db8a2a36c8bcd", 0x2000, &(0x7f00000069c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000066c0)={0x90, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x801}}}, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0\x00', 0x0, 0x0) close(r2) 08:44:53 executing program 2: syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4000000, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="00400000ec1f00001320000012000000000000000020000000010000470a352ee10000001e000000000000000010cc030200010052654973457233467300000001000000020001000200012000000000010000001231231212331233123112341341241273797a6b616c6c65720000000000000001001e006d1f1f63004eed00", 0x80, 0x10000}, {&(0x7f0000010080)="000000000000000000000000010000000300"/32, 0x20, 0x100c0}, {&(0x7f00000100a0)="ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0f00"/1056, 0x420, 0x11000}, {&(0x7f00000104c0)="ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x800, 0x11800}, {&(0x7f0000010cc0)="00000000000000000000000012000000000000000020000000010000470a352ee10000001e00"/64, 0x40, 0x2012000}, {&(0x7f0000010d00)="010002005c0f0000000000000000000000000000000000000100000002000000000000000000000000002c00d40f0100010000000200000001000000f401000002003000a40f00"/96, 0x60, 0x2013000}, {&(0x7f0000010d60)="0000000001000000010000000200000028000400020000000000000001000000200004002e2e0000000000002e00000000000000ed41000003000000300000000000000080761000535f01006d1f1f636d1f1f636d1f1f630100000000000000", 0x60, 0x2013fa0}], 0x0, &(0x7f0000010dc0), 0x1) 08:44:53 executing program 3: io_setup(0x4, &(0x7f0000000300)=0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$key(0xf, 0x3, 0x2) io_submit(r0, 0x2, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x8, 0x0, r1, 0x0}]) [ 139.308620][ T4230] fuse: Bad value for 'fd' 08:44:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000300)='./file0\x00', 0x8100000, 0x1, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c00000000732e66617400020101000240008000f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[], 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = open(&(0x7f0000000080)='./bus\x00', 0x40842, 0x0) r1 = open(&(0x7f0000000780)='./bus\x00', 0x4c03e, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) r2 = socket$inet6(0xa, 0x401000000001, 0x0) close(r2) r3 = open(&(0x7f0000000400)='./bus\x00', 0x104e042, 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r4, 0x2007ffe) sendfile(r3, r2, 0x0, 0xfffffff9) mmap(&(0x7f0000000000/0x600000)=nil, 0x60020d, 0x7ffffe, 0x4002011, r1, 0x0) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0x9) write$P9_RLOPEN(r1, &(0x7f0000000180)={0x18}, 0xfffffe0c) 08:44:53 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f00000006c0), 0x0, 0x0) ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x8000000000000001) 08:44:53 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000001200)=@base={0x7, 0x4, 0x10, 0x1ff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) 08:44:53 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000001200)=@base={0x7, 0x4, 0x10, 0x1ff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) 08:44:53 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000001200)=@base={0x7, 0x4, 0x10, 0x1ff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) 08:44:53 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000001200)=@base={0x7, 0x4, 0x10, 0x1ff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) 08:44:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000300)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0}]}]}, 0x54}}, 0x0) 08:44:53 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) chdir(&(0x7f0000000300)='./file0\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = open(&(0x7f0000000780)='./bus\x00', 0x4c03e, 0x1c0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r1, 0x800) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0) r3 = open(&(0x7f0000000400)='./bus\x00', 0x104e042, 0x0) sendfile(r3, r0, 0x0, 0xfffffffb) sendfile(r3, r2, 0x0, 0xfffd) r4 = socket$inet6(0xa, 0x3, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x400000, 0x40) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) sendmsg(r4, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000380)=[{0x0}], 0x1, 0x0, 0x0, 0x6c06}, 0x4) io_submit(0x0, 0x6, &(0x7f00000018c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, r1}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x142, 0xffffffffffffffff, &(0x7f0000001900)="6f52165c3a89b3bb6d9b0d806b0f4898f2516e8c1cdc0a72b3629eaf6f841c2f5d20705993b791fafb0807a03dd28e032e3102d919777c8ebe987b58097d54bca7b67699fb2dd9e951e70d093bf37e5b9a94d4eeabf7320199e99a72bd3a84b43af1f2a45399f10d2e356601f02df49f72f83fb7f5ffef37537efbcb8f8263defb3eaec311d8f94e9bacd56dc4ebdc7eab31ab7b624e281d765c1686f062965e28e7ee1bcab6492529d0732406c762ee1d57ec202aadc6cd008041019fd8d26a2abd9ee555949009528a1e8f029ec72cf66084ebdb04b6d9a4f2e46b0ebf6a1e944b3fcd4cd4ee8b25b537c298291b55a812f7caf894e2a4a5babd9a8fc717c77941d7f8e8a64130ae66c0670b6fbfeab2d7065b4fc523934d1041ea00d93b0ffc4bd55bd58fd853a8c3b8351fa8b46a0edb3949ba9deb85eeedfd203864e353720ccac721e4275de9bf0079bea7d692a95e0a3e2ce4f59c230d8bca091e623da678b73b47483b429c6b3ff7c5e VM DIAGNOSIS: 08:44:46 Registers: info registers vcpu 0 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff846304b1 RDI=ffffffff914d1720 RBP=ffffffff914d16e0 RSP=ffffc90003db6a70 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=63722d302e312e36 R12=0000000000000000 R13=0000000000000065 R14=ffffffff84630450 R15=0000000000000000 RIP=ffffffff846304db RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000555555c31400 ffffffff 00c00000 GS =0000 ffff88802c800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b33823000 CR3=000000006d6c1000 CR4=00152ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffff00ffffffffffffffff XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000003 RBX=0000000000000000 RCX=dffffc0000000000 RDX=0000000000000000 RSI=0000000000000003 RDI=ffff88802c828400 RBP=ffff88802c828400 RSP=ffffc900031af840 R8 =0000000000000001 R9 =ffff88802c828400 R10=ffffed1005905080 R11=000000000008c07e R12=0000000000000000 R13=ffffed1005905080 R14=0000000000000001 R15=ffff88802c93afc0 RIP=ffffffff813568d1 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c900000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b33824000 CR3=000000006da5d000 CR4=00152ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fef657877c000007fef657877c8 XMM02=00007fef657877e000007fef657877c0 XMM03=00007fef657877c800007fef657877c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=ffffed1005905080 RBX=ffffed1005905081 RCX=ffffffff8991f41c RDX=ffffed1005905081 RSI=0000000000000004 RDI=ffff88802c828400 RBP=ffffed1005905080 RSP=ffffc90003f37998 R8 =0000000000000000 R9 =ffff88802c828403 R10=ffffed1005905080 R11=0000000000000001 R12=ffffed1005905080 R13=0000000000000001 R14=0000000000000000 R15=ffff88802ca3afc0 RIP=ffffffff81c7694b RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 000fffff 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 000fffff 00000000 FS =0000 00005555555e5400 000fffff 00000000 GS =0000 ffff88802ca00000 000fffff 00000000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b3353e000 CR3=000000006d9d4000 CR4=00152ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffff00ffffffffffffffff XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=ffffffff915b9170 RBX=0000000000000001 RCX=ffffffff815ee8a5 RDX=0000000000000000 RSI=0000000000000008 RDI=ffffffff8de18250 RBP=ffffffff8897c720 RSP=ffffc900031efb20 R8 =0000000000000000 R9 =ffffffff8de18257 R10=0000000000000000 R11=1ffffffff17f2031 R12=ffffffff8da9dd60 R13=ffffc900031efca0 R14=dffffc0000000000 R15=000000000007704c RIP=ffffffff87dd5fd3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020b63fe4 CR3=0000000026da7000 CR4=00152ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ce739ca5f22d8b69a45d70a4a8e7774f XMM01=a5babddd6bc07e258d1480c502267093 XMM02=5fa0d84b4e900285ad52f3cf57f7d870 XMM03=bd803efaa1b8362115b2f3b84281a8b5 XMM04=0000000000000000000000000049e3d9 XMM05=0000000000000000010000000049e3fd XMM06=00000000000000000000000001000000 XMM07=010000000049e3fd0049e3d901000000 XMM08=ce00000068000000cc00000076000000 XMM09=00000000000000000000000000000000 XMM10=9405a284c814d7e39f8de07ca37b63cf XMM11=d67aa8e3a26869e1548a340b3738f43c XMM12=0d0c0f0e09080b0a0504070601000302 XMM13=0c0f0e0d080b0a090407060500030201 XMM14=0000000000000000000000000000afc0 XMM15=00000000000000000000000000000040