last executing test programs: 59.835532976s ago: executing program 0 (id=1608): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x4, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000500)={[0x3, 0x5, 0x0, 0x40, 0x2, 0x1000, 0xffffffffffffffff, 0x80000001, 0xfffffd, 0x208, 0x8, 0x10000, 0x8, 0x3, 0x0, 0x9], 0x40000, 0x2144}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x800000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 59.304019102s ago: executing program 0 (id=1612): socket$nl_netfilter(0x10, 0x3, 0xc) signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000004"], 0x50) io_uring_enter(r0, 0x2219, 0x7721, 0x33, 0x0, 0x0) 58.8836592s ago: executing program 0 (id=1615): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1, 0x200000005c832, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0xa, 0x204031, 0xffffffffffffffff, 0xc9751000) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 58.561138599s ago: executing program 0 (id=1617): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x51) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x81899, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount(0x0, &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)='./file0/../file0\x00', 0x0, 0x18f881, 0x0) mount$tmpfs(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) 58.30431755s ago: executing program 0 (id=1620): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 57.071427029s ago: executing program 0 (id=1628): r0 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r0, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@wrmsr={0x65, 0x20, {0x40000000, 0x3}}, @wrmsr={0x65, 0x20, {0x40000001, 0x3f}}], 0x40}) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x3, 0x31237648, 0x6, 0x2, 0x80}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x7, 0x40, 0x2, 0x208, 0x3, 0x8, 0x80, 0x11, 0x68, 0x8000000000000000, 0x2, 0x0, 0x7fff, 0x4, 0x3, 0xffffffffffffffff], 0x0, 0x194d40}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 56.698738355s ago: executing program 32 (id=1628): r0 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r0, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@wrmsr={0x65, 0x20, {0x40000000, 0x3}}, @wrmsr={0x65, 0x20, {0x40000001, 0x3f}}], 0x40}) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x3, 0x31237648, 0x6, 0x2, 0x80}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x7, 0x40, 0x2, 0x208, 0x3, 0x8, 0x80, 0x11, 0x68, 0x8000000000000000, 0x2, 0x0, 0x7fff, 0x4, 0x3, 0xffffffffffffffff], 0x0, 0x194d40}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 26.690335875s ago: executing program 5 (id=1844): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x100000040, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) 24.505876785s ago: executing program 5 (id=1856): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x6) unshare(0xc040400) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x1f, 'pcbc(fcrypt)\x00'}, 0x58) ftruncate(r1, 0x2000000) fcntl$addseals(r1, 0x409, 0x7) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x1f, 0x0, 0x1000000}) 24.340198506s ago: executing program 5 (id=1858): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) landlock_restrict_self(0xffffffffffffffff, 0xc) landlock_restrict_self(0xffffffffffffffff, 0xc) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) 21.699801845s ago: executing program 5 (id=1881): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x80000, 0x12d) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 21.44182715s ago: executing program 5 (id=1883): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fsetxattr$security_capability(r0, &(0x7f0000000000), &(0x7f0000000080)=@v3={0x3000000, [{0x8, 0x6000}, {0x5, 0x8000}]}, 0x18, 0x3) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 20.97339404s ago: executing program 5 (id=1884): madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@func={0x1, 0x0, 0x0, 0xc, 0x2}, @func_proto={0x0, 0x200000000000013d, 0x0, 0xd, 0x0, [{0xf}, {0x0, 0x2}]}]}}, 0x0, 0x42}, 0x28) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x3, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYRES32=r2, @ANYBLOB='/'], 0x20) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680)) r3 = syz_clone(0x980000, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r3, 0x22) 20.451329099s ago: executing program 33 (id=1884): madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@func={0x1, 0x0, 0x0, 0xc, 0x2}, @func_proto={0x0, 0x200000000000013d, 0x0, 0xd, 0x0, [{0xf}, {0x0, 0x2}]}]}}, 0x0, 0x42}, 0x28) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x3, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYRES32=r2, @ANYBLOB='/'], 0x20) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680)) r3 = syz_clone(0x980000, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r3, 0x22) 6.701712003s ago: executing program 6 (id=1956): r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000)={0x20000000}) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) sendmsg$kcm(r3, &(0x7f0000000d80)={0x0, 0x0, 0x0}, 0x0) 6.468283143s ago: executing program 4 (id=1960): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) syz_emit_ethernet(0x86, &(0x7f0000000600)=ANY=[], 0x0) r1 = gettid() r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0) read$FUSE(r2, &(0x7f0000001b40)={0x2020}, 0x205c) tkill(r1, 0xb) 6.318751222s ago: executing program 4 (id=1961): r0 = epoll_create1(0x80000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000700)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x47, 0x5, 0x8, 0x5, 0x0, 0x9, 0x0, 0x57c73f3a, 0xfa11, 0xffffffff}, 0x0) poll(&(0x7f0000000140)=[{r2, 0x2cfc08c20dafc34e}, {r0, 0xf102}], 0x2, 0x8000007) 5.597226779s ago: executing program 6 (id=1964): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x2000800) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x2c, 0x24, 0xd0f, 0xfffffffd, 0xffffffff, {0x60, 0x0, 0x0, 0x0, {0xffe0, 0x2}, {0xfff2, 0x10}, {0xfff3, 0xfff2}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x4c}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000844}, 0x2000c8d1) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0xfffffffd, 0xffffffffffffffff, 0x4}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x10, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000ff070000000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r0) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0500000003f01f00660000007f00000001000000", @ANYRES32, @ANYRES32], 0x48) ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"}) 5.538909509s ago: executing program 3 (id=1965): write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x5, 0xfffffffffd110f4f, 0xe, 0x285, 0xf7b, 0x6, 0x0, 0x0, 0x21, 0x5}}, 0x50) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x3f, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4.761858151s ago: executing program 6 (id=1967): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000025000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0xb8, 0x18, 0xa01, 0xfffffffc, 0x0, {0xa}, [@typed={0xa1, 0x10a, 0x0, 0x0, @binary="564571dee3d941ce62315adcd2aa88875f12474ed450e26d77bb01959975c0f7dcd2ae476f86c0a6595286cd967cf4cd3b872fafefc27738be448120959547a26ab80d266602183aa155953e6a5ff3ba07b5700d3d262ee630edc8644aa7a3eadf99ba113aca36f3e935b5d976af4887c193f30dd198661198c2bf8216328f2b609e3f0fdc00fab4766eebd63449c2a973b4d7a72abd5af371bd823d8e"}]}, 0xb8}}, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f7f"], 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.522086771s ago: executing program 3 (id=1968): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x3, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x0, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8003, 0x0, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x800004, 0x200, 0x2, 0x4, 0xe, 0xe, 0x1, 0x6f, 0x8, 0x9, 0x1, 0x8001, 0x6, 0x2, 0x9, 0xfffbffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x1, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x6, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0xf, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x8, 0x800, 0x7, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x411, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x4d, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x8000e3, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x7, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x400, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x5d7, 0x7], [0x108e, 0xffff, 0x7, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x4c, 0x2, 0x763, 0xb, 0x402, 0x1, 0x9, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x2, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20006, 0x8a5, 0x86, 0x44, 0x409, 0x3, 0x4, 0x4, 0x10, 0xe, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff9, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x7fffffff]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x29}], 0x1) 4.455992152s ago: executing program 1 (id=1969): clock_gettime(0xfffffffffffffff5, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/power/pm_freeze_timeout', 0xea241, 0x0) r2 = socket$packet(0x11, 0xa, 0x300) getpeername$packet(r2, 0x0, 0x0) syz_usb_connect$uac1(0x5, 0x84, &(0x7f0000000300)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x8e4, 0x17f, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x72, 0x3, 0x1, 0x14, 0x48, 0x7, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xc, 0xa}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x2, 0xe7, 0xb0, {0x7, 0x25, 0x1, 0x4, 0x5, 0x8001}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0xa1, 0xf8, 0x1}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x6, 0x1, 'N', '3r'}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0xe4, 0xea, 0xa, {0x7, 0x25, 0x1, 0x4, 0x7, 0xdae}}}}}}}}]}}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) 4.133851635s ago: executing program 6 (id=1970): socket$inet_sctp(0x2, 0x5, 0x84) syz_open_dev$vim2m(&(0x7f0000000100), 0x2, 0x2) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x8, 0x2, 0xfffffffffffffffd, 0x1}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x4, 0x0, 0x1136f858, 0x0, 0xffffffffffffffff}, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 3.44109012s ago: executing program 3 (id=1971): socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$inet(0x2, 0x1, 0x0) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 3.272753447s ago: executing program 2 (id=1973): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000000001010400000000141a000002000010240001801400018008000100e000000108000200e00000010c00028005000100000000001800028014000180080001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a1b000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000000001010400000000141a000002000010240001801400018008000100e000000108000200e00000010c00028005000100000000001800028014000180080001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a1b000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) 3.041180125s ago: executing program 2 (id=1974): syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x141101) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec778000) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r1, 0x40045542, &(0x7f0000000b00)) syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x40002) 2.881104071s ago: executing program 2 (id=1975): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) getsockopt$IP_SET_OP_GET_BYINDEX(r0, 0x1, 0x53, &(0x7f0000000200)={0x7, 0x7, 0x1}, &(0x7f0000000240)=0x28) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r2, &(0x7f00000000c0)=0x1ff, 0xa, 0x8) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002b40)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) 2.736466174s ago: executing program 1 (id=1976): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000001a00)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000080)=0x6, 0x4) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x3, &(0x7f0000002480)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) writev(r0, &(0x7f0000000100)=[{&(0x7f00000000c0)="02", 0x1}, {&(0x7f0000000140)="1a36c585f338", 0x6}], 0x2) 2.442183679s ago: executing program 1 (id=1977): r0 = socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) syz_emit_ethernet(0x6a, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "4b3f7633015aff9fa5e73369ed3ed4f938752184f1af2029", "14ef0f501fd4f4fc0d232b48a86ef0222fb6364766977f816acb8f51148dba1a"}}}}}}, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'lblcr\x00', 0x28, 0xc, 0x71}, 0x2c) 2.400970707s ago: executing program 6 (id=1978): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10c) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1000485, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_INIT(r1, 0x0, 0x0) lchown(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) sendmsg$netlink(r0, &(0x7f0000002dc0)={0x0, 0x0, &(0x7f0000002c00), 0x0, 0x0, 0x0, 0x4000}, 0x880) 2.37269007s ago: executing program 4 (id=1979): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x4040080}, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r1) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) 2.269868759s ago: executing program 2 (id=1980): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc211, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x20, "", [{{0x9, 0x4, 0x0, 0x0, 0x7, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x8, 0x0, 0x1, {0x22, 0x28}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0xf, 0xfe}}}}}]}}]}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x20008820) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000000)={0x0, 0xffffffffffffffef, &(0x7f0000000040)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a076b876c1d0048007ea60864160af36504001a0038001d00", 0x28}, {&(0x7f00000000c0)="83d2ff5f00000080d2898a0cc6d6703b87eb28f77b09bc7e64f918fa3be4664d327d90424d5503002800"/52, 0x34}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r3, 0x400442c8, &(0x7f0000000340)=ANY=[@ANYRES32=r2]) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="000b020100000223f70ba381030000000000000000cb4fdca0560fb30d54f3"], 0x0, 0x0, 0x0, 0x0}, 0x0) 2.144286204s ago: executing program 6 (id=1981): socket$inet_udp(0x2, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r3, 0x48212b8952c3aff5, 0x70bd25, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x700) 1.572278699s ago: executing program 2 (id=1982): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r3, 0x1, 0x2a, &(0x7f0000000100)=0xfffe, 0x4) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000240)="3d4077e50823a7746c0ee30dd0afdfb5ff2a258d495dc9d2c2a25bc7dc0b11bde0d15d0770675db17901", 0x2a}, {&(0x7f0000000080)="b28231adddba8ed6f23bf98ca8caa015ab797f57", 0x14}], 0x2, 0x0) recvmmsg(r3, &(0x7f0000001440)=[{{&(0x7f0000000280)=@un=@abs, 0x0, &(0x7f0000001400)=[{&(0x7f0000001480)=""/1}, {&(0x7f0000000300)=""/102}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/111}]}}], 0x700, 0x40002002, 0x0) write$binfmt_misc(r2, &(0x7f0000000040), 0xffc1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 1.542009746s ago: executing program 3 (id=1983): r0 = socket(0x11, 0x2, 0x0) setsockopt(r0, 0x107, 0x17, &(0x7f0000000080)='\x00\x00', 0x2) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x500) ioctl$EVIOCSREP(r1, 0x40084503, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000580)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="380000005500e50226bd70000100000007000000", @ANYRES32=r3, @ANYBLOB="200001"], 0x38}, 0x1, 0x0, 0x0, 0x2000c844}, 0x20000150) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, 0x0, 0x0) 1.310563607s ago: executing program 4 (id=1984): r0 = landlock_create_ruleset(&(0x7f00000001c0)={0x3050, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = landlock_create_ruleset(&(0x7f00000000c0)={0x3, 0x1, 0x1}, 0x18, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) landlock_restrict_self(r3, 0xd) r4 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000100)={0x2, r4}) sendmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b5", 0x1}], 0x1}, 0x240408c1) 1.257591476s ago: executing program 1 (id=1985): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e21, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) r3 = dup(r0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000600)={0x0, @in6={{0xa, 0x4e23, 0x7, @empty, 0x2001}}, 0x6, 0x6}, 0x90) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e33, @empty}}, 0x1000000, 0xce, 0xfbff1896, 0x3, 0xd5, 0x1900, 0x1f}, 0x9c) 1.175324419s ago: executing program 3 (id=1986): socket(0x10, 0x803, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e0000000400000004"], 0x48) r0 = socket(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x8d0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd23, 0x25dfdbf8, {0x0, 0x0, 0x0, 0x0, 0x35a38, 0x4522f}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PRIMARY={0x8}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x20040044) 1.15233112s ago: executing program 2 (id=1987): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) remap_file_pages(&(0x7f00003e3000/0x7000)=nil, 0x7000, 0x0, 0x4, 0x1000) r0 = io_uring_setup(0x5594, &(0x7f0000000100)={0x0, 0x10000000, 0x1, 0x1, 0x21e}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) prlimit64(0x0, 0xe, 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0xa2f01, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 900.798849ms ago: executing program 1 (id=1988): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8001}, 0x20000c40) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@newtfilter={0x88, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xc, 0xfff3}, {}, {0x8, 0x10}}, [@filter_kind_options=@f_basic={{0xa}, {0x58, 0x2, [@TCA_BASIC_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0x202, 0x10000000, 0x1000, 0x8}, 0x1}}]}, {0x3c}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x8080) 860.965599ms ago: executing program 4 (id=1989): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmmsg$alg(r1, &(0x7f0000002300)=[{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f00000003c0)="aa7742d1fd451005faed417201883804b19abd7cc919ab4713e3458f4f82db64ec", 0x21}], 0x1, 0x0, 0x0, 0x40014}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}], 0x2, 0x10) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x403, 0x58bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646, 0x20}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}]}, 0x50}, 0x1, 0x0, 0x0, 0x600}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4408}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 273.529541ms ago: executing program 3 (id=1990): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioprio_get$uid(0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_buf(r0, 0x1, 0x4a, 0x0, &(0x7f0000000000)) r1 = socket$inet_smc(0x2b, 0x1, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001540)={0x24, 0x2, 0x6, 0x201, 0x0, 0x0, {0xc, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}]}, 0x24}}, 0x0) getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f0000000040)={'nat\x00', 0x0, 0x0, 0x0, [0x4, 0x10, 0xe540, 0x3a8e5b7e, 0xc, 0x8000000000000000]}, &(0x7f0000000200)=0x78) 69.092297ms ago: executing program 4 (id=1991): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20040040) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff}, 0x800) r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000000080)={{}, {0x77359400}}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x8004, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) clock_adjtime(0x0, &(0x7f0000000280)={0xc979, 0x1, 0xbf, 0x8, 0x8, 0x1, 0x0, 0x4, 0xf27, 0x80000000, 0x6, 0x3ff, 0x8a8, 0x6, 0x5, 0x413, 0x69, 0x2, 0x6, 0x6, 0x10000, 0x168, 0x2cbf, 0x7, 0xe, 0x5}) 0s ago: executing program 1 (id=1992): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000000), 0x400, 0x8000) ioctl$MON_IOCG_STATS(r1, 0x80089203, &(0x7f0000000040)) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'bond0\x00', 0x0}) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @multicast1}, {0x0, 0x17c1, 0x8}}}}}, 0x0) getsockopt$sock_buf(r4, 0x1, 0x1c, 0x0, &(0x7f0000002180)) sendmsg$nl_route(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001600)=@newlink={0x3c, 0x10, 0x1, 0x70bd28, 0x25dfdbfa, {0x0, 0x0, 0x0, r3, 0x19013, 0x100}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x24000000) kernel console output (not intermixed with test programs): tes leftover after parsing attributes in process `syz.0.1069'. [ 193.512421][ T5797] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 193.686389][ T5797] usb 3-1: Using ep0 maxpacket: 32 [ 193.701760][ T5797] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 193.717926][ T5797] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 193.736705][ T5797] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 193.749302][ T5797] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 193.778410][ T5797] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.6a [ 193.804174][ T5797] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.823179][ T5797] usb 3-1: Product: syz [ 193.852926][ T5797] usb 3-1: Manufacturer: syz [ 193.880876][ T5797] usb 3-1: SerialNumber: syz [ 193.930132][ C1] imon 3-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 193.946585][ T5797] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input24 [ 194.172562][ T5797] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 194.194283][ T5797] (id 0x00) [ 194.203842][ T5735] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 194.312406][ T5797] rc_core: IR keymap rc-imon-pad not found [ 194.328937][ T5797] Registered IR keymap rc-empty [ 194.342684][ T5797] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 194.372378][ T5797] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 194.372991][ T5735] usb 2-1: Using ep0 maxpacket: 32 [ 194.405488][ T5735] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1056, setting to 1024 [ 194.422353][ T5735] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 7 [ 194.423657][ T5797] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0 [ 194.447329][ T5735] usb 2-1: New USB device found, idVendor=1235, idProduct=8203, bcdDevice= 0.40 [ 194.463004][ T5735] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.478924][ T5735] usb 2-1: Product: syz [ 194.479174][ T5797] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0/input25 [ 194.492344][ T5735] usb 2-1: Manufacturer: syz [ 194.502350][ T5735] usb 2-1: SerialNumber: syz [ 194.529765][ T5797] imon 3-1:155.0: iMON device (15c2:ffdc, intf0) on usb<3:13> initialized [ 194.759456][ T5735] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 194.787525][ T5735] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 194.808224][ T5735] usb 2-1: Focusrite Scarlett Gen 2 Mixer Driver enabled (pid=0x8203); report any issues to https://github.com/geoffreybennett/scarlett-gen2/issues [ 194.829083][ T10] usb 3-1: USB disconnect, device number 13 [ 194.830205][ T8815] imon:send_packet: packet tx failed (-71) [ 194.840782][ T5735] usb 2-1: Error initialising Scarlett Gen 2 Mixer Driver: -22 [ 194.863007][ T8815] imon:vfd_write: send packet #0 failed [ 194.873523][ T30] audit: type=1400 audit(1779883989.612:542): avc: denied { setopt } for pid=8826 comm="syz.4.1087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 194.925680][ T5735] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 194.976219][ T5735] usb 2-1: USB disconnect, device number 17 [ 195.059854][ T5923] udevd[5923]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 196.151673][ T30] audit: type=1804 audit(1779883990.892:543): pid=8846 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.1093" name="/newroot/203/file1" dev="tmpfs" ino=1115 res=1 errno=0 [ 196.661530][ T8864] syzkaller1: entered promiscuous mode [ 196.675766][ T8864] syzkaller1: entered allmulticast mode [ 196.854813][ T30] audit: type=1400 audit(1779883991.602:544): avc: denied { read } for pid=8867 comm="syz.2.1104" name="event1" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 197.167911][ T8877] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 197.362389][ T30] audit: type=1326 audit(1779883992.102:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8881 comm="syz.0.1110" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1842d9ce59 code=0x7ffc0000 [ 197.444936][ T30] audit: type=1326 audit(1779883992.102:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8881 comm="syz.0.1110" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1842d9ce59 code=0x7ffc0000 [ 197.511850][ T30] audit: type=1326 audit(1779883992.132:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8881 comm="syz.0.1110" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f1842d9ce59 code=0x7ffc0000 [ 197.542128][ T30] audit: type=1326 audit(1779883992.102:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8881 comm="syz.0.1110" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1842d9ce59 code=0x7ffc0000 [ 197.572263][ T30] audit: type=1326 audit(1779883992.222:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8881 comm="syz.0.1110" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1842d9ce59 code=0x7ffc0000 [ 197.604258][ T30] audit: type=1326 audit(1779883992.222:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8881 comm="syz.0.1110" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1842d9ce59 code=0x7ffc0000 [ 197.667471][ T30] audit: type=1326 audit(1779883992.272:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8881 comm="syz.0.1110" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f1842d9ce59 code=0x7ffc0000 [ 197.700114][ T30] audit: type=1326 audit(1779883992.272:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8881 comm="syz.0.1110" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f1842d9ce59 code=0x7ffc0000 [ 197.870188][ T8893] netlink: 'syz.3.1114': attribute type 1 has an invalid length. [ 197.901136][ T8893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1114'. [ 198.103038][ T8899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 198.156373][ T8902] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8902 comm=syz.3.1118 [ 198.172053][ T8902] netlink: 'syz.3.1118': attribute type 1 has an invalid length. [ 198.274446][ T8902] bond4: (slave bridge1): making interface the new active one [ 198.282923][ T8902] bond4: (slave bridge1): Enslaving as an active interface with an up link [ 198.473716][ T8914] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1122'. [ 198.521810][ T8914] 8021q: adding VLAN 0 to HW filter on device bond5 [ 198.531429][ T8917] netlink: 'syz.2.1132': attribute type 4 has an invalid length. [ 198.770503][ T8923] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1125'. [ 198.879272][ T8923] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1125'. [ 199.632842][ T10] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 199.792319][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 199.799645][ T10] usb 1-1: config index 0 descriptor too short (expected 5924, got 36) [ 199.808727][ T10] usb 1-1: config 250 has an invalid interface number: 228 but max is -1 [ 199.817684][ T10] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 199.828836][ T10] usb 1-1: config 250 has no interface number 0 [ 199.843064][ T10] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 199.862035][ T10] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 199.870713][ T8966] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1140'. [ 199.873776][ T10] usb 1-1: config 250 interface 228 altsetting 255 has an endpoint descriptor with address 0xA2, changing to 0x82 [ 199.896251][ T10] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 100 [ 199.907634][ T10] usb 1-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 199.922117][ T10] usb 1-1: config 250 interface 228 has no altsetting 0 [ 199.930961][ T10] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 199.940431][ T10] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 199.949040][ T10] usb 1-1: Product: syz [ 199.954283][ T10] usb 1-1: SerialNumber: syz [ 199.979228][ T10] hub 1-1:250.228: bad descriptor, ignoring hub [ 199.995886][ T10] hub 1-1:250.228: probe with driver hub failed with error -5 [ 200.201745][ T10] usblp 1-1:250.228: usblp0: USB Bidirectional printer dev 18 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 200.630544][ T8975] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.1143'. [ 200.652041][ T8977] netlink: 'syz.4.1144': attribute type 11 has an invalid length. [ 200.662000][ T57] wlan1: Trigger new scan to find an IBSS to join [ 200.883645][ T8945] usb 1-1: reset high-speed USB device number 18 using dummy_hcd [ 201.288022][ C0] usblp0: nonzero read bulk status received: -71 [ 201.528568][ T5735] usb 1-1: USB disconnect, device number 18 [ 201.557522][ T5735] usblp0: removed [ 203.276470][ T9036] netlink: 'syz.0.1163': attribute type 10 has an invalid length. [ 203.291484][ T9036] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.378715][ T9036] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 203.398109][ T9036] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 203.415638][ T9036] bond0 (unregistering): Released all slaves [ 203.622339][ T5735] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 203.785642][ T5735] usb 3-1: Using ep0 maxpacket: 16 [ 203.795750][ T5735] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 203.813237][ T5735] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 203.832354][ T5735] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.855705][ T5735] usb 3-1: Product: syz [ 203.873658][ T5735] usb 3-1: Manufacturer: syz [ 203.878341][ T5735] usb 3-1: SerialNumber: syz [ 203.890944][ T5735] usb 3-1: config 0 descriptor?? [ 203.905623][ T5735] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 203.923893][ T5735] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 204.220773][ T9058] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1173'. [ 204.285695][ T9061] fuse: Bad value for 'fd' [ 204.453402][ T9064] overlayfs: failed to clone upperpath [ 204.516442][ T5735] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 204.655790][ T9076] netlink: 2028 bytes leftover after parsing attributes in process `syz.4.1179'. [ 204.686747][ T9076] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1179'. [ 204.691491][ T9078] binder: 9077:9078 ioctl c0306201 200000000040 returned -11 [ 204.711018][ T9078] binder: 9077:9078 ioctl c0306201 200000000640 returned -22 [ 204.772346][ T10] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 204.932373][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 204.939937][ T10] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 204.948661][ T10] usb 2-1: config 0 has no interface number 0 [ 204.960071][ T10] usb 2-1: config 0 interface 184 has no altsetting 0 [ 204.970927][ T10] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 204.981418][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.993782][ T10] usb 2-1: Product: syz [ 204.998119][ T10] usb 2-1: Manufacturer: syz [ 205.003067][ T10] usb 2-1: SerialNumber: syz [ 205.015753][ T10] usb 2-1: config 0 descriptor?? [ 205.370284][ T5735] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 205.380736][ T5735] em28xx 3-1:0.0: board has no eeprom [ 205.442365][ T5735] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 205.450852][ T5735] em28xx 3-1:0.0: dvb set to bulk mode. [ 205.457605][ T1219] em28xx 3-1:0.0: Binding DVB extension [ 205.480566][ T5735] usb 3-1: USB disconnect, device number 14 [ 205.516115][ T5735] em28xx 3-1:0.0: Disconnecting em28xx [ 205.614313][ T1006] wlan1: Trigger new scan to find an IBSS to join [ 205.628517][ T10] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 205.649377][ T1219] em28xx 3-1:0.0: Registering input extension [ 205.662802][ T10] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 205.676781][ T5735] em28xx 3-1:0.0: Closing input extension [ 205.836559][ T5735] em28xx 3-1:0.0: Freeing device [ 205.898164][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 205.898191][ T30] audit: type=1326 audit(1779884000.642:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9093 comm="syz.3.1189" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628719ce59 code=0x7ffc0000 [ 205.992494][ T30] audit: type=1326 audit(1779884000.662:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9093 comm="syz.3.1189" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628719ce59 code=0x7ffc0000 [ 206.082939][ T30] audit: type=1326 audit(1779884000.662:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9093 comm="syz.3.1189" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628719ce59 code=0x7ffc0000 [ 206.166886][ T30] audit: type=1326 audit(1779884000.662:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9093 comm="syz.3.1189" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628719ce59 code=0x7ffc0000 [ 206.212410][ T30] audit: type=1326 audit(1779884000.682:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9093 comm="syz.3.1189" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f628719ce59 code=0x7ffc0000 [ 206.243743][ T30] audit: type=1326 audit(1779884000.682:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9093 comm="syz.3.1189" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628719ce59 code=0x7ffc0000 [ 206.272755][ T30] audit: type=1326 audit(1779884000.712:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9093 comm="syz.3.1189" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f628715d68e code=0x7ffc0000 [ 206.334968][ T30] audit: type=1326 audit(1779884000.712:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9093 comm="syz.3.1189" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f628715d68e code=0x7ffc0000 [ 206.422350][ T30] audit: type=1326 audit(1779884000.722:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9093 comm="syz.3.1189" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f628715d68e code=0x7ffc0000 [ 206.500265][ T10] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 206.510958][ T30] audit: type=1326 audit(1779884000.722:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9093 comm="syz.3.1189" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f628715d68e code=0x7ffc0000 [ 206.521015][ T10] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 206.558733][ T3297] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.609286][ T10] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 206.625733][ T10] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 206.651445][ T10] usb 2-1: USB disconnect, device number 18 [ 207.125302][ T9111] xt_hashlimit: size too large, truncated to 1048576 [ 207.539468][ T9121] netlink: 'syz.3.1197': attribute type 10 has an invalid length. [ 207.594299][ T9121] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 207.623271][ T9121] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.660488][ T9121] bond0 (unregistering): Released all slaves [ 208.986936][ T9147] netlink: 'syz.3.1207': attribute type 13 has an invalid length. [ 209.017034][ T9149] fuse: fd is not a fuse device [ 209.242794][ T10] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 209.254677][ T9154] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 209.280795][ T9154] syzkaller0: entered promiscuous mode [ 209.294718][ T9161] loop2: detected capacity change from 0 to 7 [ 209.297456][ T9154] syzkaller0: entered allmulticast mode [ 209.316018][ T9161] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 209.328026][ T9161] ldm_validate_privheads(): Cannot find PRIVHEAD 1. ./file0[ 209.336445][ T9161] Dev loop2: unable to read RDB block 7 [ 209.351519][ T9161] loop2: unable to read partition table [ 209.360236][ T9161] loop2: partition table beyond EOD, truncated [ 209.370087][ T9161] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5)  @   /dev/fusefd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000[ 209.432667][ T10] usb 2-1: Using ep0 maxpacket: 32 000,group_id=00000000000000000000[ 209.444197][ T10] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 P)̆@s[ 209.465285][ T10] usb 2-1: config 0 has no interface number 0  [ 209.498876][ T10] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 209.523375][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.548835][ T10] usb 2-1: Product: syz [ 209.557364][ T10] usb 2-1: Manufacturer: syz [ 209.573561][ T10] usb 2-1: SerialNumber: syz [ 209.584619][ T10] usb 2-1: config 0 descriptor?? [ 209.611662][ T10] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected ./file0/file0[ 209.836398][ T10] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 209.871589][ T10] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 210.163955][ T9182] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1221'. [ 210.311680][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 210.320716][ T10] usb 2-1: USB disconnect, device number 19 [ 210.345078][ T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 210.386266][ T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 210.421931][ T10] quatech2 2-1:0.51: device disconnected [ 210.434540][ T5735] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 210.602630][ T5735] usb 3-1: Using ep0 maxpacket: 8 [ 210.613813][ T5735] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 210.630091][ T5735] usb 3-1: config 0 has no interface number 0 [ 210.646046][ T5735] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 210.666982][ T5735] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.686656][ T5735] usb 3-1: Product: syz [ 210.691707][ T5735] usb 3-1: Manufacturer: syz [ 210.697310][ T5735] usb 3-1: SerialNumber: syz [ 210.707697][ T5735] usb 3-1: config 0 descriptor?? [ 210.800611][ T9202] fuse: fd is not a fuse device [ 210.945966][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 210.945983][ T30] audit: type=1400 audit(1779884005.692:625): avc: denied { connect } for pid=9183 comm="syz.2.1222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 211.175402][ T9211] usb usb8: usbfs: process 9211 (syz.2.1222) did not claim interface 0 before use [ 211.271811][ T5735] uvcvideo 3-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 211.313736][ T5735] usb 3-1: USB disconnect, device number 15 [ 211.972372][ T30] audit: type=1400 audit(1779884006.712:626): avc: denied { write } for pid=9223 comm="syz.3.1236" name="usbmon9" dev="devtmpfs" ino=744 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 212.108959][ T30] audit: type=1400 audit(1779884006.742:627): avc: denied { append } for pid=9223 comm="syz.3.1236" name="001" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 213.947933][ T5747] IPVS: starting estimator thread 0... [ 214.044111][ T9243] IPVS: using max 45 ests per chain, 108000 per kthread [ 215.426786][ T9266] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1251'. [ 215.715017][ T30] audit: type=1400 audit(1779884010.462:628): avc: denied { setopt } for pid=9273 comm="syz.0.1252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 215.826989][ T30] audit: type=1400 audit(1779884010.572:629): avc: denied { bind } for pid=9273 comm="syz.0.1252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 216.460805][ T30] audit: type=1400 audit(1779884011.202:630): avc: denied { mounton } for pid=9295 comm="syz.2.1254" path="/251/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 217.933362][ T30] audit: type=1800 audit(1779884012.672:631): pid=9309 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1268" name="bus" dev="tmpfs" ino=1305 res=0 errno=0 [ 218.817371][ T9336] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1267'. [ 218.856803][ T30] audit: type=1400 audit(1779884013.592:632): avc: denied { mounton } for pid=9337 comm="syz.1.1269" path="/225/file0" dev="tmpfs" ino=1229 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 220.345056][ T5797] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 220.458363][ T9384] overlayfs: failed to clone upperpath [ 220.512466][ T5797] usb 4-1: Using ep0 maxpacket: 32 [ 220.524759][ T5797] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 220.539988][ T5797] usb 4-1: config 0 has no interface number 0 [ 220.554928][ T5797] usb 4-1: config 0 interface 12 has no altsetting 0 [ 220.572269][ T5797] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 220.584958][ T5797] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.594186][ T5797] usb 4-1: Product: syz [ 220.598878][ T5797] usb 4-1: Manufacturer: syz [ 220.605666][ T5797] usb 4-1: SerialNumber: syz [ 220.631852][ T5797] usb 4-1: config 0 descriptor?? [ 221.080384][ T30] audit: type=1400 audit(1779884015.822:633): avc: denied { setopt } for pid=9393 comm="syz.0.1298" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 221.157731][ T30] audit: type=1400 audit(1779884015.902:634): avc: denied { create } for pid=9395 comm="syz.0.1289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 221.203990][ T30] audit: type=1400 audit(1779884015.922:635): avc: denied { ioctl } for pid=9395 comm="syz.0.1289" path="socket:[28830]" dev="sockfs" ino=28830 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 222.071647][ T30] audit: type=1400 audit(1779884016.812:636): avc: denied { setopt } for pid=9406 comm="syz.2.1293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 222.137787][ T9409] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1294'. [ 222.261805][ T5797] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 222.289134][ T5797] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 222.312466][ T5797] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 222.328152][ T9414] netlink: 348 bytes leftover after parsing attributes in process `syz.1.1296'. [ 222.330818][ T5797] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 222.391250][ T5797] usb 4-1: USB disconnect, device number 20 [ 222.683530][ T5747] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 222.844452][ T5747] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 222.859111][ T5747] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 222.875069][ T5747] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 222.885210][ T5747] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 222.897637][ T5747] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 222.910989][ T5747] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 222.925422][ T30] audit: type=1400 audit(1779884017.672:637): avc: denied { read write } for pid=9432 comm="syz.3.1304" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 222.948981][ T5747] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 222.969241][ T5735] hid-generic 0006:0008:0001.000C: unknown main item tag 0x0 [ 222.980998][ T5747] usb 1-1: Product: syz [ 222.989611][ T5747] usb 1-1: Manufacturer: syz [ 223.003376][ T5735] hid-generic 0006:0008:0001.000C: unknown main item tag 0x0 [ 223.012696][ T5747] cdc_wdm 1-1:1.0: skipping garbage [ 223.020412][ T5747] cdc_wdm 1-1:1.0: skipping garbage [ 223.025862][ T30] audit: type=1400 audit(1779884017.672:638): avc: denied { open } for pid=9432 comm="syz.3.1304" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 223.051439][ T5735] hid-generic 0006:0008:0001.000C: unknown main item tag 0x0 [ 223.060009][ T5735] hid-generic 0006:0008:0001.000C: unknown main item tag 0x0 [ 223.067823][ T5747] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 223.074344][ T5747] cdc_wdm 1-1:1.0: Unknown control protocol [ 223.083487][ T5735] hid-generic 0006:0008:0001.000C: unknown main item tag 0x0 [ 223.097459][ T5735] hid-generic 0006:0008:0001.000C: unknown main item tag 0x0 [ 223.106506][ T5735] hid-generic 0006:0008:0001.000C: unknown main item tag 0x0 [ 223.121498][ T5735] hid-generic 0006:0008:0001.000C: unknown main item tag 0x0 [ 223.141525][ T9435] fuse: fd is not a fuse device [ 223.146620][ T5735] hid-generic 0006:0008:0001.000C: unknown main item tag 0x0 [ 223.160822][ T5735] hid-generic 0006:0008:0001.000C: unknown main item tag 0x0 [ 223.226773][ T5735] hid-generic 0006:0008:0001.000C: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0 [ 223.283716][ T5797] usb 1-1: USB disconnect, device number 19 [ 224.807390][ T30] audit: type=1400 audit(1779884019.552:639): avc: denied { bind } for pid=9460 comm="syz.0.1314" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 224.833775][ T9465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 224.872170][ T9465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 225.662351][ T5747] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 225.825932][ T5747] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 225.859866][ T5747] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 225.899488][ T5747] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 225.933146][ T5747] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 225.974259][ T5747] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 226.013594][ T5747] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.049114][ T5747] usb 1-1: config 0 descriptor?? [ 226.557176][ T5747] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 226.683543][ T9504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1328'. [ 226.781070][ T9491] A link change request failed with some changes committed already. Interface eth0 may have been left with an inconsistent configuration, please check. [ 227.097320][ T30] audit: type=1326 audit(1779884021.842:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9513 comm="syz.4.1331" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f394419ce59 code=0x0 [ 227.191177][ T9520] tipc: Started in network mode [ 227.201537][ T9520] tipc: Node identity aecfed290d97, cluster identity 4711 [ 227.211067][ T9520] tipc: Enabled bearer , priority 0 [ 227.228608][ T9520] syzkaller0: MTU too low for tipc bearer [ 227.235417][ T9520] tipc: Disabling bearer [ 227.432122][ T30] audit: type=1400 audit(1779884022.172:641): avc: denied { mounton } for pid=9528 comm="syz.3.1335" path="/bus" dev="ramfs" ino=28297 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 227.437536][ T9529] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 227.463853][ T9529] overlayfs: failed to set xattr on upper [ 227.470147][ T9529] overlayfs: ...falling back to redirect_dir=nofollow. [ 227.472314][ T1219] usb 1-1: USB disconnect, device number 20 [ 227.478829][ T9529] overlayfs: ...falling back to index=off. [ 227.501791][ T9529] overlayfs: ...falling back to uuid=null. [ 227.509893][ T9529] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 227.974749][ T9535] netlink: 'syz.3.1337': attribute type 11 has an invalid length. [ 228.056682][ T9538] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 228.160993][ T9538] virt_wifi0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 228.225238][ T9538] veth0_to_team: entered promiscuous mode [ 228.264507][ T9538] batadv0: entered promiscuous mode [ 228.288653][ T9538] 8021q: adding VLAN 0 to HW filter on device macsec1 [ 228.319538][ T9538] 8021q: adding VLAN 0 to HW filter on device bond4 [ 228.396148][ T9535] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 228.430765][ T9535] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 228.658879][ T3297] wlan1: Trigger new scan to find an IBSS to join [ 230.243598][ T5747] usb 4-1: new low-speed USB device number 21 using dummy_hcd [ 230.417331][ T5747] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 230.451469][ T5747] usb 4-1: config 0 has no interface number 0 [ 230.481196][ T5747] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 230.527649][ T5747] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 230.550340][ T5747] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 230.585551][ T5747] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.631903][ T5747] usb 4-1: config 0 descriptor?? [ 230.671565][ T9582] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 230.706308][ T30] audit: type=1400 audit(1779884025.442:642): avc: denied { ioctl } for pid=9590 comm="syz.0.1358" path="net:[4026532945]" dev="nsfs" ino=4026532945 ioctlcmd=0x4c0a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 230.772643][ T5747] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 230.817491][ T9593] fuse: fd is not a fuse device [ 230.860620][ T9595] xt_hashlimit: size too large, truncated to 1048576 [ 231.008922][ T5747] usb 4-1: USB disconnect, device number 21 [ 231.014942][ C0] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 231.812395][ T803] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 232.095429][ T803] usb 3-1: Using ep0 maxpacket: 8 [ 232.114366][ T803] usb 3-1: config 0 interface 0 altsetting 224 endpoint 0x81 has an invalid bInterval 196, changing to 11 [ 232.155821][ T803] usb 3-1: config 0 interface 0 altsetting 224 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 232.201194][ T803] usb 3-1: config 0 interface 0 has no altsetting 0 [ 232.233895][ T803] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 232.244428][ T803] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.263688][ T803] usb 3-1: config 0 descriptor?? [ 232.340827][ T9627] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1369'. [ 233.135554][ T803] hid_parser_main: 7 callbacks suppressed [ 233.135601][ T803] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x3 [ 233.161270][ T803] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0 [ 233.186075][ T803] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0 [ 233.217454][ T803] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0 [ 233.250193][ T803] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0 [ 233.274442][ T803] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0 [ 233.282005][ T803] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0 [ 233.290369][ T803] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0 [ 233.298345][ T803] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0 [ 233.309898][ T803] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0 [ 233.320915][ T803] hid-steam 0003:28DE:1102.000E: : USB HID v0.04 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0 [ 233.410809][ T803] hid-steam 0003:28DE:1102.000E: Steam Controller 'XXXXXXXXXX' connected [ 233.450045][ T803] input: Steam Controller as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28DE:1102.000E/input/input28 [ 234.008825][ T803] hid-steam 0003:28DE:1102.000F: hidraw0: USB HID v0.04 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0 [ 234.098795][ T30] audit: type=1400 audit(1779884028.842:643): avc: denied { mount } for pid=9646 comm="syz.2.1376" name="/" dev="hugetlbfs" ino=28463 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 234.153768][ T803] usb 3-1: USB disconnect, device number 16 [ 234.194527][ T9654] netlink: 'syz.0.1378': attribute type 11 has an invalid length. [ 234.331280][ T9651] fido_id[9651]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 234.363784][ T803] hid-steam 0003:28DE:1102.000E: Steam Controller 'XXXXXXXXXX' disconnected [ 234.498175][ T30] audit: type=1400 audit(1779884029.242:644): avc: denied { unmount } for pid=5613 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 234.612350][ T1219] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 234.645953][ T9656] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.786174][ T1219] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 234.841485][ T1219] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 234.904660][ T1219] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 234.951019][ T1219] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.993350][ T1219] usb 4-1: config 0 descriptor?? [ 235.057114][ T9658] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode [ 235.080685][ T9658] mac80211_hwsim hwsim7 wlan0: entered allmulticast mode [ 235.563122][ T1219] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0010/input/input29 [ 235.688082][ T1219] cm6533_jd 0003:0D8C:0022.0010: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 235.867779][ T1219] usb 4-1: USB disconnect, device number 22 [ 235.960245][ T9677] fido_id[9677]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 237.337473][ T30] audit: type=1400 audit(1779884032.082:645): avc: denied { create } for pid=9712 comm="syz.4.1395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 237.390915][ T30] audit: type=1400 audit(1779884032.132:646): avc: denied { setopt } for pid=9712 comm="syz.4.1395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 237.489882][ T30] audit: type=1400 audit(1779884032.232:647): avc: denied { create } for pid=9717 comm="syz.2.1397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 237.520435][ T30] audit: type=1400 audit(1779884032.262:648): avc: denied { write } for pid=9717 comm="syz.2.1397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 238.053835][ T9740] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1406'. [ 239.233358][ T9776] netlink: 'syz.2.1418': attribute type 8 has an invalid length. [ 239.833521][ T30] audit: type=1400 audit(1779884034.582:649): avc: denied { read } for pid=9785 comm="syz.3.1422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 240.301040][ T9793] fuse: fd is not a fuse device [ 240.618812][ T9801] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1428'. [ 240.851447][ T9807] fuse: fd is not a fuse device [ 241.687461][ T9826] netlink: 'syz.4.1436': attribute type 11 has an invalid length. [ 241.876251][ T9829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.065288][ T9829] A link change request failed with some changes committed already. Interface syzkaller0 may have been left with an inconsistent configuration, please check. [ 242.229923][ T9826] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode [ 242.243581][ T9826] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 242.293294][ T5747] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 242.465657][ T5747] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 242.551455][ T5747] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 242.595494][ T5747] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 242.641370][ T5747] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 242.686977][ T5747] usb 1-1: SerialNumber: syz [ 242.755290][ T5747] usb 1-1: 0:2 : does not exist [ 243.009661][ T9853] netlink: 'syz.0.1440': attribute type 32 has an invalid length. [ 243.587269][ T9868] syzkaller1: entered promiscuous mode [ 243.613788][ T9868] syzkaller1: entered allmulticast mode [ 244.717113][ T9890] fuse: fd is not a fuse device [ 244.865072][ T9894] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1460'. [ 245.158246][ T803] usb 1-1: USB disconnect, device number 21 [ 245.302700][ T5747] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 245.498661][ T5747] usb 4-1: unable to get BOS descriptor or descriptor too short [ 245.523851][ T5747] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 245.546072][ T5747] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 245.580109][ T5747] usb 4-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 245.595026][ T5747] usb 4-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 245.621360][ T5747] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 245.632624][ T5747] usb 4-1: config 1 interface 1 has no altsetting 0 [ 245.675600][ T5747] usb 4-1: string descriptor 0 read error: -22 [ 245.692338][ T5747] usb 4-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 245.711914][ T5747] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.988855][ T803] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 246.160882][ T803] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 246.183261][ T803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.192016][ T803] usb 1-1: Product: syz [ 246.197364][ T803] usb 1-1: Manufacturer: syz [ 246.214751][ T803] usb 1-1: SerialNumber: syz [ 246.234693][ T803] usb 1-1: config 0 descriptor?? [ 246.517092][ T803] usb 1-1: USB disconnect, device number 22 [ 246.902441][ T5747] usb 4-1: USB disconnect, device number 23 [ 249.189366][ T5798] kernel write not supported for file /input/mice (pid: 5798 comm: kworker/1:6) [ 249.269147][ T9944] netlink: 'syz.2.1475': attribute type 11 has an invalid length. [ 249.409241][ T30] audit: type=1400 audit(1779884044.152:650): avc: denied { ioctl } for pid=9946 comm="syz.1.1478" path="socket:[30959]" dev="sockfs" ino=30959 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 249.686425][ T9948] batman_adv: batadv0: Adding interface: dummy0 [ 249.702602][ T9948] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 249.740728][ T9964] netlink: 'syz.4.1483': attribute type 1 has an invalid length. [ 249.758355][ T9948] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 249.785781][ T9951] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 249.798138][ T9951] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 249.852060][ T9966] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1483'. [ 249.891425][ T9966] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1483'. [ 249.975691][ T9964] bond0: entered promiscuous mode [ 249.991889][ T9964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.053150][ T9972] xt_hashlimit: size too large, truncated to 1048576 [ 250.150999][ T9968] bond0: (slave bridge3): making interface the new active one [ 250.165623][ T9968] bridge3: entered promiscuous mode [ 250.181474][ T9968] bond0: (slave bridge3): Enslaving as an active interface with an up link [ 250.336734][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 250.344955][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 250.829278][ T9998] netlink: 'syz.2.1495': attribute type 1 has an invalid length. [ 251.051624][ T30] audit: type=1400 audit(1779884045.792:651): avc: denied { write } for pid=10000 comm="syz.1.1497" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 255.162557][ T9998] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 255.286428][T10025] batman_adv: batadv0: Adding interface: dummy0 [ 255.333671][T10025] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 255.376269][T10025] batman_adv: batadv0: Interface activated: dummy0 [ 255.434265][T10028] batadv0: mtu less than device minimum [ 255.473880][T10028] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 255.486929][T10028] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 255.498231][T10028] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 255.509518][T10028] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 255.520808][T10028] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 255.532121][T10028] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 255.543387][T10028] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 255.554680][T10028] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 255.565975][T10028] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 255.715690][ T30] audit: type=1400 audit(1779884050.462:652): avc: denied { mounton } for pid=10049 comm="syz.3.1513" path="/287/file0" dev="tmpfs" ino=1511 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 255.870924][ T30] audit: type=1400 audit(1779884050.612:653): avc: denied { bind } for pid=10055 comm="syz.2.1515" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 256.275142][T10073] fuse: fd is not a fuse device [ 256.406631][ T30] audit: type=1400 audit(1779884051.152:654): avc: denied { connect } for pid=10077 comm="syz.2.1521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 258.215026][T10119] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1537'. [ 258.653616][ T7349] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 259.071645][T10129] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1541'. [ 259.265044][ T30] audit: type=1400 audit(1779884053.962:655): avc: denied { shutdown } for pid=10135 comm="syz.1.1544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 259.325033][ T30] audit: type=1400 audit(1779884053.962:656): avc: denied { read } for pid=10135 comm="syz.1.1544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 260.352123][T10158] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1551'. [ 261.468488][T10178] fuse: fd is not a fuse device [ 262.592844][T10090] net_ratelimit: 10 callbacks suppressed [ 262.592863][T10090] Set syz1 is full, maxelem 65536 reached [ 263.562704][T10216] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1572'. [ 263.597632][T10216] netlink: 'syz.4.1572': attribute type 13 has an invalid length. [ 263.612216][T10216] netlink: 'syz.4.1572': attribute type 17 has an invalid length. [ 263.644586][T10216] gretap0: refused to change device tx_queue_len [ 263.653624][T10216] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 264.000557][T10230] overlayfs: failed to clone upperpath [ 264.645440][ T30] audit: type=1326 audit(1779884059.392:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10239 comm="syz.3.1582" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628719ce59 code=0x7fc00000 [ 265.166546][ T30] audit: type=1326 audit(1779884059.912:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10239 comm="syz.3.1582" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6287196bd7 code=0x7fc00000 [ 265.264546][T10254] netlink: 264 bytes leftover after parsing attributes in process `syz.4.1589'. [ 265.275113][T10256] batman_adv: batadv0: Adding interface: dummy0 [ 265.303015][T10256] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 265.312551][T10254] netlink: 264 bytes leftover after parsing attributes in process `syz.4.1589'. [ 265.381038][T10256] batman_adv: batadv0: Interface activated: dummy0 [ 265.492006][T10258] batadv0: mtu less than device minimum [ 265.541356][T10258] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 265.552712][T10258] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 265.564028][T10258] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 265.575298][T10258] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 265.586572][T10258] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 265.597851][T10258] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 265.609124][T10258] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 267.459779][ T30] audit: type=1400 audit(1779884062.202:659): avc: denied { mounton } for pid=10283 comm="syz.1.1597" path="/file0" dev="bpf" ino=32205 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1 [ 267.509206][T10284] overlayfs: upper fs does not support tmpfile. [ 267.890866][T10296] fuse: fd is not a fuse device [ 268.122337][ T1219] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 268.278252][ T1219] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 268.321297][ T1219] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 268.363684][ T1219] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 268.391847][ T1219] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.406469][ T30] audit: type=1400 audit(1779884063.152:660): avc: denied { accept } for pid=10271 comm="syz.3.1593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 268.435842][T10297] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 268.537379][ T1219] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 269.108350][ T30] audit: type=1400 audit(1779884063.852:661): avc: denied { append } for pid=10316 comm="syz.3.1611" name="event0" dev="devtmpfs" ino=919 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 269.284834][ T1219] usb 3-1: USB disconnect, device number 17 [ 270.091860][ T30] audit: type=1400 audit(1779884064.832:662): avc: denied { setopt } for pid=10335 comm="syz.2.1619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 270.265576][ T30] audit: type=1400 audit(1779884065.002:663): avc: denied { read } for pid=10335 comm="syz.2.1619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 270.847872][ T5618] Bluetooth: hci1: unexpected event for opcode 0x1004 [ 270.997491][ T7356] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 271.052901][ T7356] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.254873][ T30] audit: type=1400 audit(1779884066.002:664): avc: denied { map } for pid=10348 comm="syz.3.1625" path="socket:[32325]" dev="sockfs" ino=32325 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 271.346679][ T30] audit: type=1400 audit(1779884066.002:665): avc: denied { accept } for pid=10348 comm="syz.3.1625" path="socket:[32325]" dev="sockfs" ino=32325 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 271.417648][ T30] audit: type=1400 audit(1779884066.112:666): avc: denied { watch watch_reads } for pid=10354 comm="syz.4.1627" path="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 271.461683][ T7356] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 271.499019][ T7356] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.626085][ T7356] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 271.641541][ T7356] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.969017][ T5627] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 271.986758][ T5627] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 271.998170][ T7356] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 272.010183][ T5627] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 272.017936][ T7356] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.037278][ T5627] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 272.047568][ T5627] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 272.396290][ T5618] Bluetooth: hci2: Malformed LE Event: 0x02 [ 272.520596][T10385] fuse: fd is not a fuse device [ 272.527976][ T30] audit: type=1400 audit(1779884067.272:667): avc: denied { read } for pid=5278 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 272.781796][ T7356] bridge_slave_1: left allmulticast mode [ 272.797053][ T7356] bridge_slave_1: left promiscuous mode [ 272.813616][ T7356] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.844273][ T7356] bridge_slave_0: left allmulticast mode [ 272.857206][ T7356] bridge_slave_0: left promiscuous mode [ 272.869334][ T7356] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.006540][T10399] netlink: 'syz.4.1642': attribute type 1 has an invalid length. [ 273.391867][ T30] audit: type=1400 audit(1779884068.132:668): avc: denied { write } for pid=10393 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 273.422079][T10413] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10413 comm=syz.3.1645 [ 273.474681][T10413] netlink: 'syz.3.1645': attribute type 1 has an invalid length. [ 273.572583][ T30] audit: type=1400 audit(1779884068.322:669): avc: denied { write } for pid=10418 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 273.758898][ T7356] bond1 (unregistering): Released all slaves [ 273.830163][T10399] 8021q: adding VLAN 0 to HW filter on device bond4 [ 273.953285][T10402] bond4: (slave veth7): Enslaving as an active interface with a down link [ 274.000694][T10404] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 274.013770][T10404] bond4: (slave batadv1): making interface the new active one [ 274.025006][T10404] batadv1: entered promiscuous mode [ 274.030767][T10404] bond4: (slave batadv1): Enslaving as an active interface with an up link [ 274.092837][ T5618] Bluetooth: hci0: command tx timeout [ 274.346527][T10419] batman_adv: batadv0: Interface deactivated: dummy0 [ 274.511984][ T30] audit: type=1400 audit(1779884069.252:670): avc: denied { ioctl } for pid=10439 comm="syz.1.1651" path="/304/file0/file0" dev="fuse" ino=64 ioctlcmd=0x1269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 274.809582][T10419] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 274.832124][T10419] mac80211_hwsim hwsim2 wlan0: left allmulticast mode [ 274.894971][ T5618] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 274.909418][ T5618] Bluetooth: hci1: Injecting HCI hardware error event [ 274.920506][ T5627] Bluetooth: hci1: hardware error 0x00 [ 274.960122][T10413] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR [ 274.964405][ T5278] 8021q: adding VLAN 0 to HW filter on device eth1 [ 275.098558][T10460] netlink: 'syz.2.1655': attribute type 7 has an invalid length. [ 275.115781][ T7349] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.167434][ T7349] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.207130][ T7349] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.268201][ T7349] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.416322][ T7356] hsr_slave_0: left promiscuous mode [ 275.429516][ T7356] hsr_slave_1: left promiscuous mode [ 275.444788][ T7356] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 275.463807][ T7356] net_ratelimit: 12 callbacks suppressed [ 275.463823][ T7356] batadv0: mtu less than device minimum [ 275.491018][ T7356] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 275.504791][ T7356] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 275.516188][ T7356] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 275.527430][ T7356] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 275.538787][ T7356] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 275.550154][ T7356] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 275.561516][ T7356] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 275.574673][ T7356] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 275.586007][ T7356] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 275.640750][ T5797] libceph: connect (1)[c::]:6789 error -101 [ 275.646392][ T7356] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 275.662519][ T7356] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 275.674728][ T5797] libceph: mon0 (1)[c::]:6789 connect error [ 275.688018][ T7356] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 275.696319][ T7356] batman_adv: batadv0: Interface deactivated: dummy0 [ 275.709274][ T5797] libceph: connect (1)[c::]:6789 error -101 [ 275.723432][ T7356] batman_adv: batadv0: Removing interface: dummy0 [ 275.733787][T10468] ceph: No mds server is up or the cluster is laggy [ 275.753370][ T5797] libceph: mon0 (1)[c::]:6789 connect error [ 275.767261][ T7356] veth1_macvtap: left promiscuous mode [ 275.775868][ T7356] veth0_macvtap: left promiscuous mode [ 275.781904][ T7356] veth1_vlan: left promiscuous mode [ 275.787669][ T7356] veth0_vlan: left promiscuous mode [ 276.181300][ T5618] Bluetooth: hci0: command tx timeout [ 276.231146][T10486] netlink: 'syz.1.1659': attribute type 1 has an invalid length. [ 276.384685][ T30] audit: type=1400 audit(1779884071.132:671): avc: denied { write } for pid=10472 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 276.425876][T10492] overlay: filesystem on ./file1 not supported [ 276.459319][ T30] audit: type=1400 audit(1779884071.172:672): avc: denied { mounton } for pid=10490 comm="syz.2.1663" path="/bus" dev="autofs" ino=32668 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 276.687342][T10504] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1664'. [ 276.689424][ T30] audit: type=1400 audit(1779884071.432:673): avc: denied { write } for pid=10498 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 276.708750][T10504] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1664'. [ 276.726330][T10502] fuse: fd is not a fuse device [ 276.854381][ T7356] team0 (unregistering): Port device team_slave_1 removed [ 276.934442][ T7356] team0 (unregistering): Port device team_slave_0 removed [ 276.988298][ T5627] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 277.068952][T10518] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1670'. [ 277.153662][T10486] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 277.239117][ T5278] 8021q: adding VLAN 0 to HW filter on device eth2 [ 277.595966][T10528] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1672'. [ 277.686580][T10535] bridge0: entered allmulticast mode [ 277.694982][T10535] bridge_slave_1: left allmulticast mode [ 277.709803][T10535] bridge_slave_1: left promiscuous mode [ 277.735537][T10535] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.796261][ T30] audit: type=1400 audit(1779884072.542:674): avc: denied { connect } for pid=10539 comm="syz.2.1673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 277.887281][T10535] bridge_slave_0: left allmulticast mode [ 277.906892][T10535] bridge_slave_0: left promiscuous mode [ 277.934527][T10535] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.196535][ T30] audit: type=1400 audit(1779884072.942:675): avc: denied { write } for pid=10525 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 278.252691][ T5627] Bluetooth: hci0: command tx timeout [ 278.259607][ T30] audit: type=1400 audit(1779884072.972:676): avc: denied { read } for pid=10555 comm="syz.3.1677" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 278.472387][ T30] audit: type=1400 audit(1779884073.212:677): avc: denied { write } for pid=10560 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 278.600876][ T30] audit: type=1400 audit(1779884073.342:678): avc: denied { create } for pid=10561 comm="syz.3.1678" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 278.626606][ T30] audit: type=1400 audit(1779884073.372:679): avc: denied { write } for pid=10561 comm="syz.3.1678" path="socket:[33051]" dev="sockfs" ino=33051 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 278.685039][ T5278] 8021q: adding VLAN 0 to HW filter on device eth3 [ 278.778640][ T7356] IPVS: stop unused estimator thread 0... [ 279.040255][T10368] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.066905][T10368] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.095743][T10368] bridge_slave_0: entered allmulticast mode [ 279.122426][T10368] bridge_slave_0: entered promiscuous mode [ 279.163366][T10368] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.193091][T10368] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.224771][T10368] bridge_slave_1: entered allmulticast mode [ 279.237001][T10368] bridge_slave_1: entered promiscuous mode [ 279.336114][T10368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 279.371817][T10368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 279.454810][T10584] netlink: 'syz.1.1682': attribute type 21 has an invalid length. [ 279.481095][T10584] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1682'. [ 279.500804][T10368] team0: Port device team_slave_0 added [ 279.518743][T10368] team0: Port device team_slave_1 added [ 279.564920][T10584] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1682'. [ 279.615898][T10368] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 279.643713][T10368] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 279.741054][T10368] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 279.760744][ T30] audit: type=1400 audit(1779884074.502:680): avc: denied { write } for pid=10572 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 279.872528][T10368] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 279.921007][T10368] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 280.070104][T10368] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 280.193049][T10600] fuse: fd is not a fuse device [ 280.279800][T10368] hsr_slave_0: entered promiscuous mode [ 280.304164][T10368] hsr_slave_1: entered promiscuous mode [ 280.333284][ T5627] Bluetooth: hci0: command tx timeout [ 280.340114][T10368] debugfs: 'hsr0' already exists in 'hsr' [ 280.363058][T10368] Cannot create hsr debugfs directory [ 280.371669][ T5278] 8021q: adding VLAN 0 to HW filter on device eth4 [ 281.464910][T10619] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10619 comm=syz.3.1690 [ 281.684973][T10368] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 281.733047][T10368] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 281.767093][T10368] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 281.853406][T10368] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 281.893953][T10368] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 281.938864][T10368] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 281.948773][T10368] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 281.979746][T10368] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 282.283925][T10368] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.363942][T10368] 8021q: adding VLAN 0 to HW filter on device team0 [ 282.385581][ T3297] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.392770][ T3297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.616945][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.625621][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.102677][ T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 283.322418][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 283.330958][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 283.350524][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 283.384712][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 283.400420][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.427353][ T9] usb 2-1: Product: syz [ 283.445042][ T9] usb 2-1: Manufacturer: syz [ 283.455927][ T9] usb 2-1: SerialNumber: syz [ 283.475131][ T9] usb 2-1: config 0 descriptor?? [ 283.499141][ T9] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 283.510283][ T9] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 284.015882][T10368] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 284.116664][ T9] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 284.129017][ T9] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 284.397380][T10691] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1707'. [ 284.526769][T10691] hsr_slave_1 (unregistering): left promiscuous mode [ 284.639944][T10368] veth0_vlan: entered promiscuous mode [ 284.668117][T10368] veth1_vlan: entered promiscuous mode [ 284.801440][T10368] veth0_macvtap: entered promiscuous mode [ 284.837159][T10368] veth1_macvtap: entered promiscuous mode [ 284.926831][T10368] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 284.955048][ T9] em28xx 2-1:0.0: Unknown AC97 audio processor detected! [ 284.973064][T10368] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 285.003122][ T9] em28xx 2-1:0.0: couldn't setup AC97 register 2 [ 285.028073][ T9] em28xx 2-1:0.0: couldn't setup AC97 register 4 [ 285.055014][ T9] em28xx 2-1:0.0: couldn't setup AC97 register 6 [ 285.057698][ T7356] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.090037][ T9] em28xx 2-1:0.0: couldn't setup AC97 register 54 [ 285.101644][ T7356] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.131528][ T9] em28xx 2-1:0.0: couldn't setup AC97 register 56 [ 285.153292][ T7356] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.215882][ T7356] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.218990][ T9] usb 2-1: USB disconnect, device number 20 [ 285.430101][ T7356] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.442571][ T7353] batadv1: left promiscuous mode [ 285.461264][ T7356] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.566181][T10707] fuse: Bad value for 'fd' [ 285.611185][ T3297] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.652388][ T3297] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.706050][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 285.706078][ T30] audit: type=1400 audit(1779884080.452:682): avc: denied { mounton } for pid=10368 comm="syz-executor" path="/root/syzkaller.VU1wuZ/syz-tmp" dev="sda1" ino=2048 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 285.822731][ T30] audit: type=1400 audit(1779884080.492:683): avc: denied { mounton } for pid=10368 comm="syz-executor" path="/root/syzkaller.VU1wuZ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 285.882413][ T30] audit: type=1400 audit(1779884080.502:684): avc: denied { mounton } for pid=10368 comm="syz-executor" path="/root/syzkaller.VU1wuZ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=33490 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 285.985850][ T30] audit: type=1400 audit(1779884080.512:685): avc: denied { mounton } for pid=10368 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2786 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 286.362078][ T30] audit: type=1400 audit(1779884081.102:686): avc: denied { listen } for pid=10719 comm="syz.5.1716" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 286.958558][T10734] netlink: 'syz.4.1722': attribute type 4 has an invalid length. [ 287.102828][T10740] bond1: left promiscuous mode [ 287.123110][T10740] ip6gre2: left promiscuous mode [ 287.133296][T10740] bond2: left promiscuous mode [ 287.163614][T10740] vcan1: left promiscuous mode [ 287.177963][ T30] audit: type=1400 audit(1779884081.922:687): avc: denied { write } for pid=10736 comm="syz.5.1724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 287.633353][ T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 287.792472][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 287.812187][ T9] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 287.843444][ T9] usb 4-1: config 0 has no interface number 0 [ 287.868139][ T9] usb 4-1: config 0 interface 184 has no altsetting 0 [ 287.900979][ T9] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 287.937614][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.955923][ T9] usb 4-1: Product: syz [ 287.964411][ T9] usb 4-1: Manufacturer: syz [ 287.970726][ T9] usb 4-1: SerialNumber: syz [ 287.995429][ T9] usb 4-1: config 0 descriptor?? [ 288.639667][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 288.671506][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 288.692999][ T5798] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 288.720684][T10794] fuse: Bad value for 'fd' [ 288.862490][ T5798] usb 2-1: Using ep0 maxpacket: 8 [ 288.885186][ T5798] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 288.885232][ T5798] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.885266][ T5798] usb 2-1: Product: syz [ 288.885293][ T5798] usb 2-1: Manufacturer: syz [ 288.952399][ T5798] usb 2-1: SerialNumber: syz [ 288.963612][ T5798] usb 2-1: config 0 descriptor?? [ 289.184115][ T5798] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 289.390455][ T30] audit: type=1400 audit(1779884084.132:688): avc: denied { create } for pid=10798 comm="syz.5.1744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 289.391942][T10799] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1744'. [ 289.466516][ T30] audit: type=1400 audit(1779884084.132:689): avc: denied { write } for pid=10798 comm="syz.5.1744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 289.641433][ T5798] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 289.669028][ T5798] usb 2-1: USB disconnect, device number 21 [ 289.712931][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 289.755831][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to write PMT_CTL: -71 [ 289.791223][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 289.813023][ T9] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 289.829414][ T9] usb 4-1: USB disconnect, device number 24 [ 290.982247][ T0] NOHZ tick-stop error: local softirq work is pending, handler #06!!! [ 291.078288][ T3297] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 291.282805][ T30] audit: type=1400 audit(1779884086.022:690): avc: denied { read } for pid=10814 comm="syz.4.1750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 291.586892][ T30] audit: type=1400 audit(1779884086.322:691): avc: denied { write } for pid=10820 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 291.919762][ T30] audit: type=1400 audit(1779884086.662:692): avc: denied { write } for pid=10850 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 292.036053][ T30] audit: type=1400 audit(1779884086.712:693): avc: denied { remount } for pid=10855 comm="syz.3.1756" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 292.117687][ T30] audit: type=1400 audit(1779884086.732:694): avc: denied { getopt } for pid=10855 comm="syz.3.1756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 292.141677][T10863] xt_hashlimit: size too large, truncated to 1048576 [ 292.202634][ T30] audit: type=1400 audit(1779884086.812:695): avc: denied { read } for pid=10856 comm="syz.2.1757" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 292.422923][ T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 292.586674][ T9] usb 4-1: New USB device found, idVendor=0763, idProduct=2003, bcdDevice= 0.40 [ 292.618364][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.651000][ T9] usb 4-1: Product: syz [ 292.674317][ T9] usb 4-1: Manufacturer: syz [ 292.690595][ T9] usb 4-1: SerialNumber: syz [ 292.710028][ T5798] IPVS: starting estimator thread 0... [ 292.783102][T10893] net_ratelimit: 30 callbacks suppressed [ 292.783120][T10893] IPVS: sh: FWM 3 0x00000003 - no destination available [ 292.822854][T10890] IPVS: using max 44 ests per chain, 105600 per kthread [ 292.936918][ T9] usb 4-1: 1:1: invalid format type 0x1002 is detected, processed as PCM [ 292.976721][ T9] usb 4-1: 1:1 : invalid UAC_FORMAT_TYPE desc [ 292.995062][ T9] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 293.032077][ T30] audit: type=1400 audit(1779884087.772:696): avc: denied { write } for pid=10874 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 293.186890][ T9] usb 4-1: USB disconnect, device number 25 [ 293.277636][ T5923] udevd[5923]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 293.408426][ T30] audit: type=1400 audit(1779884088.152:697): avc: denied { write } for pid=10905 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 293.832350][ T9] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 293.993952][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 294.034239][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 294.077881][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 294.145089][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 294.217431][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 294.268791][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.287825][T10919] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1772'. [ 294.325490][ T9] usb 4-1: config 0 descriptor?? [ 294.514861][T10919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 294.572093][T10919] 8021q: adding VLAN 0 to HW filter on device team0 [ 294.618123][T10919] batman_adv: batadv0: Interface activated: dummy0 [ 294.650458][T10919] batadv0: mtu less than device minimum [ 294.703947][T10919] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 294.715882][T10919] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 294.727778][T10919] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 294.739658][T10919] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 294.751248][T10919] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 294.763548][T10919] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 294.775446][T10919] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 294.787830][T10919] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 294.894046][ T9] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 294.938581][T10919] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 295.155834][T10919] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 295.227182][ T30] audit: type=1400 audit(1779884089.972:698): avc: denied { setopt } for pid=10931 comm="syz.4.1774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 295.294829][T10919] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 295.424442][ T30] audit: type=1400 audit(1779884090.162:699): avc: denied { write } for pid=10917 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 295.455479][T10919] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 295.531583][T10919] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 295.636627][T10919] veth1_vlan: left promiscuous mode [ 295.674247][T10919] veth0_vlan: left promiscuous mode [ 295.699937][T10919] veth0_vlan: entered promiscuous mode [ 295.729861][T10919] veth1_vlan: entered promiscuous mode [ 295.765519][ T9] usb 4-1: USB disconnect, device number 26 [ 295.793978][T10919] veth1_macvtap: left promiscuous mode [ 295.827736][T10919] veth0_macvtap: left promiscuous mode [ 295.858679][T10919] veth0_macvtap: entered promiscuous mode [ 295.885261][T10919] veth1_macvtap: entered promiscuous mode [ 295.930316][T10919] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 295.984325][T10919] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 296.018557][T10919] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 296.049233][T10919] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 296.076292][T10919] 8021q: adding VLAN 0 to HW filter on device bond1 [ 296.094183][T10919] 8021q: adding VLAN 0 to HW filter on device bond3 [ 296.114780][T10919] 8021q: adding VLAN 0 to HW filter on device bond2 [ 296.125689][ T9] libceph: connect (1)[c::]:6789 error -101 [ 296.139378][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 296.213557][T10952] ceph: No mds server is up or the cluster is laggy [ 296.431793][T10940] batman_adv: batadv0: Adding interface: gretap1 [ 296.439267][T10940] batman_adv: batadv0: The MTU of interface gretap1 is too small (1424) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 296.478980][T10940] batman_adv: batadv0: Interface activated: gretap1 [ 296.526630][ T7356] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.533612][T10962] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 296.583835][ T7356] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.601915][ T57] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 296.635658][ T9] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 296.647208][ T57] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 296.677749][ T7356] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.718687][ T7356] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.933147][ T1219] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 297.042865][ T1219] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 297.277317][T10985] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1787'. [ 297.324841][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 297.324870][ T30] audit: type=1400 audit(1779884092.072:701): avc: denied { write } for pid=10963 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 297.480834][T10985] macvlan2: entered promiscuous mode [ 297.487717][T10993] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=10993 comm=syz.3.1788 [ 297.499534][T10985] macvlan2: entered allmulticast mode [ 297.509210][T10985] bond5: entered promiscuous mode [ 297.542722][T10985] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 297.551445][T10998] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1789'. [ 297.569136][ T30] audit: type=1400 audit(1779884092.312:702): avc: denied { write } for pid=10996 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 297.616922][T10985] bond5: left promiscuous mode [ 297.858424][ T30] audit: type=1326 audit(1779884092.602:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11014 comm="syz.3.1795" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f628719ce59 code=0x0 [ 297.907860][T10998] 8021q: adding VLAN 0 to HW filter on device bond4 [ 297.977251][ T30] audit: type=1400 audit(1779884092.722:704): avc: denied { watch } for pid=11017 comm="syz.2.1796" path="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 298.010500][T11005] bond4: (slave wireguard0): refused to change device type [ 298.127577][T11026] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1798'. [ 298.162959][ T7356] net_ratelimit: 60 callbacks suppressed [ 298.163003][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 298.185365][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 298.397142][ T30] audit: type=1400 audit(1779884093.142:705): avc: denied { dac_override } for pid=11030 comm="syz.4.1799" capability=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 298.586614][ T30] audit: type=1400 audit(1779884093.332:706): avc: denied { read } for pid=11040 comm="syz.5.1804" path="socket:[35891]" dev="sockfs" ino=35891 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 298.712706][ T6980] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 298.728417][ T6980] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 298.796627][ T30] audit: type=1400 audit(1779884093.542:707): avc: denied { name_bind } for pid=11051 comm="syz.2.1810" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 298.841683][T11054] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 298.859117][T11056] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 299.282784][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 299.295647][ T30] audit: type=1400 audit(1779884094.032:708): avc: denied { getopt } for pid=11065 comm="syz.3.1816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 299.298399][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 299.862419][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 299.876918][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 300.443952][ T57] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 300.459457][ T57] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 300.770611][ T30] audit: type=1400 audit(1779884095.512:709): avc: denied { execute } for pid=11110 comm="syz.1.1833" path="/blkio.bfq.io_wait_time" dev="ramfs" ino=35161 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 300.812370][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 301.470383][T11128] overlayfs: failed to clone upperpath [ 301.840613][T11140] tipc: Started in network mode [ 301.854530][T11140] tipc: Node identity 76657468115f, cluster identity 4711 [ 301.882842][T11140] tipc: Enabled bearer , priority 0 [ 301.915161][T11143] bond0: entered promiscuous mode [ 301.935625][T11143] batadv0: entered promiscuous mode [ 301.977143][T11143] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 302.004284][T11143] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 302.062710][T11143] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 302.141878][T11143] bond0: left promiscuous mode [ 302.160815][T11143] batadv0: left promiscuous mode [ 302.555389][T11151] fuse: Bad value for 'fd' [ 302.851582][T11153] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11153 comm=syz.2.1850 [ 302.924096][T11153] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1850'. [ 303.094080][T11153] 8021q: adding VLAN 0 to HW filter on device bond1 [ 303.130913][ T803] tipc: Node number set to 1731884136 [ 303.259947][T11155] bond1: (slave vlan3): Error -34 calling dev_set_mtu [ 303.549258][T11161] fuse: Bad value for 'fd' [ 303.558227][ T1043] net_ratelimit: 10 callbacks suppressed [ 303.558244][ T1043] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 303.578399][ T1043] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 303.650192][T11163] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1853'. [ 303.890162][T11167] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11167 comm=syz.1.1855 [ 303.942534][T11170] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1855'. [ 303.979616][T11172] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1857'. [ 304.048411][T11175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1857'. [ 304.129982][T11167] vlan3: entered allmulticast mode [ 304.135976][ T57] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 304.151527][ T57] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 304.179238][T11167] bond5: entered allmulticast mode [ 304.242564][T11180] netlink: 'syz.2.1859': attribute type 4 has an invalid length. [ 304.262368][ T3297] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 304.275290][T11175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1857'. [ 304.291992][ T3297] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 304.322002][ T3297] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 304.360061][ T3297] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 304.743657][ T57] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 304.759223][ T57] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 304.857436][ T30] audit: type=1400 audit(1779884099.602:710): avc: denied { connect } for pid=11192 comm="syz.1.1863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 305.320879][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 305.335807][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 305.359974][T11198] tipc: Enabling of bearer rejected, failed to enable media [ 305.589010][T11209] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1868'. [ 305.639472][T11209] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1868'. [ 305.857816][ T7346] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 305.873345][ T7346] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 305.937572][T11218] gretap0: entered promiscuous mode [ 306.205703][ T30] audit: type=1400 audit(1779884100.952:711): avc: denied { map } for pid=11227 comm="syz.1.1875" path="socket:[36118]" dev="sockfs" ino=36118 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 306.355435][T11235] netlink: 'syz.4.1878': attribute type 4 has an invalid length. [ 308.118766][T11248] xt_hashlimit: size too large, truncated to 1048576 [ 308.167995][ T30] audit: type=1400 audit(1779884102.912:712): avc: denied { connect } for pid=11247 comm="syz.4.1888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 308.246746][ T5618] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 308.266020][ T30] audit: type=1400 audit(1779884103.012:713): avc: denied { execute } for pid=11249 comm="syz.2.1887" path=2F6D656D66643A14A3BB07202864656C6574656429 dev="hugetlbfs" ino=35511 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 308.292585][ T5618] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 308.315979][ T5618] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 308.341273][ T5618] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 308.355218][ T5618] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 309.002770][ T7356] net_ratelimit: 10 callbacks suppressed [ 309.002787][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 309.024193][T11268] overlayfs: failed to clone upperpath [ 309.024838][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 309.680142][ T1043] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 309.694719][ T1043] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 309.855501][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 310.379265][ T3297] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 310.393757][ T3297] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 310.413338][ T5627] Bluetooth: hci0: command tx timeout [ 311.006266][T11254] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.020995][T11254] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.033417][ T3297] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 311.047784][ T3297] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 311.062637][T11254] bridge_slave_0: entered allmulticast mode [ 311.083601][T11254] bridge_slave_0: entered promiscuous mode [ 311.111004][T11254] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.148006][T11254] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.169534][T11254] bridge_slave_1: entered allmulticast mode [ 311.193135][T11254] bridge_slave_1: entered promiscuous mode [ 311.317613][T11254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 311.352193][T11254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 311.597656][T11254] team0: Port device team_slave_0 added [ 311.631117][T11254] team0: Port device team_slave_1 added [ 311.665736][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 311.680746][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 311.795816][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 311.802600][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 311.884115][T11254] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 311.919677][T11254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 311.921891][T11312] fuse: fd is not a fuse device [ 312.026442][T11254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 312.062772][T11254] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 312.090000][T11254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 312.160032][T11254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 312.258778][T11254] hsr_slave_0: entered promiscuous mode [ 312.277162][T11254] hsr_slave_1: entered promiscuous mode [ 312.294449][T11254] debugfs: 'hsr0' already exists in 'hsr' [ 312.305348][T11254] Cannot create hsr debugfs directory [ 312.494128][ T5627] Bluetooth: hci0: command tx timeout [ 313.305890][T11254] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 313.334109][T11254] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 313.356995][T11254] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 313.393896][T11254] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 313.419265][T11254] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 313.456610][T11254] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 313.478872][T11254] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 313.511372][T11254] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 313.748630][T11254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 313.809187][T11254] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.846504][ T6980] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.853690][ T6980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 313.896937][ T6980] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.904124][ T6980] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.150506][T11345] vlan0: entered promiscuous mode [ 314.302769][ T6980] net_ratelimit: 8 callbacks suppressed [ 314.302788][ T6980] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 314.322800][ T6980] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 314.572515][ T5627] Bluetooth: hci0: command tx timeout [ 314.734180][T11356] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1916'. [ 314.924370][ T1043] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 314.938931][ T1043] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 315.554497][T11365] batman_adv: batadv0: Adding interface: gretap1 [ 315.574551][T11365] batman_adv: batadv0: The MTU of interface gretap1 is too small (1424) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 315.629590][T11365] batman_adv: batadv0: Interface activated: gretap1 [ 315.685566][T11254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 315.717776][T11366] 9pnet: p9_errstr2errno: server reported unknown error [ 315.766248][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 315.781779][ T7356] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 315.912690][T11382] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1923'. [ 316.105181][T11254] veth0_vlan: entered promiscuous mode [ 316.146618][T11254] veth1_vlan: entered promiscuous mode [ 316.397950][ T57] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 316.412492][ T57] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 316.502752][T11254] veth0_macvtap: entered promiscuous mode [ 316.627983][T11254] veth1_macvtap: entered promiscuous mode [ 316.653884][ T5627] Bluetooth: hci0: command tx timeout [ 317.121381][T11254] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 317.169924][T11254] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 317.183673][ T57] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 317.198067][ T57] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 317.269390][ T3297] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.292374][ T3297] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.381646][ T30] audit: type=1400 audit(1779884112.112:714): avc: denied { read write } for pid=11398 comm="syz.1.1926" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 317.414396][ T3297] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.436022][ T3297] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.484244][ T30] audit: type=1400 audit(1779884112.112:715): avc: denied { open } for pid=11398 comm="syz.1.1926" path="/356/file0/file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 317.648985][ T7346] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.658502][ T7346] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.744399][ T7346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.753026][ T7346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.661747][T11418] fuse: Bad value for 'fd' [ 319.382412][ T7349] net_ratelimit: 6 callbacks suppressed [ 319.382446][ T7349] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 319.403219][ T7349] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 319.932426][ T7349] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 319.948026][ T7349] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 320.300981][T11450] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1945'. [ 320.338143][T11450] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1945'. [ 320.476865][ T30] audit: type=1804 audit(1779884115.222:716): pid=11442 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.1942" name="/newroot/364/file1" dev="tmpfs" ino=1912 res=1 errno=0 [ 320.526728][ T6980] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 320.542263][ T6980] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 320.617001][T11459] netlink: 'syz.2.1950': attribute type 1 has an invalid length. [ 320.710680][T11459] 8021q: adding VLAN 0 to HW filter on device bond2 [ 320.878553][T11462] vlan3: entered allmulticast mode [ 320.930391][T11462] bond2: entered allmulticast mode [ 321.076660][T11464] bond2: (slave geneve2): making interface the new active one [ 321.100320][T11464] geneve2: entered allmulticast mode [ 321.134144][ T7346] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 321.148539][ T7346] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 321.189846][T11464] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 321.200326][ T7349] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.239660][ T7349] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.281894][ T7349] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.314336][ T7349] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.519721][T11472] netlink: 'syz.3.1954': attribute type 1 has an invalid length. [ 321.583732][T11472] 8021q: adding VLAN 0 to HW filter on device bond0 [ 321.682663][ T7349] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 321.698624][ T7349] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 321.784828][T11472] bond0: (slave veth9): Enslaving as an active interface with a down link [ 321.856240][T11479] bond0: (slave dummy0): making interface the new active one [ 321.894948][T11479] dummy0: entered promiscuous mode [ 321.908927][T11479] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 321.951397][T11487] bond0 (unregistering): (slave veth9): Releasing active interface [ 321.986923][T11487] bond0 (unregistering): (slave dummy0): Releasing active interface [ 322.069387][T11487] bond0 (unregistering): Released all slaves [ 322.652724][ T7349] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 322.691641][T11503] syz.2.1963: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 322.812163][T11503] CPU: 0 UID: 0 PID: 11503 Comm: syz.2.1963 Tainted: G L syzkaller #0 PREEMPT(full) [ 322.812206][T11503] Tainted: [L]=SOFTLOCKUP [ 322.812212][T11503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 322.812223][T11503] Call Trace: [ 322.812230][T11503] [ 322.812238][T11503] dump_stack_lvl+0x100/0x190 [ 322.812267][T11503] warn_alloc.cold+0x95/0x1c1 [ 322.812289][T11503] ? __pfx_warn_alloc+0x10/0x10 [ 322.812320][T11503] ? stack_depot_save_flags+0x27/0x9d0 [ 322.812345][T11503] ? __lock_acquire+0x4a5/0x2630 [ 322.812374][T11503] ? xskq_create+0xfb/0x1d0 [ 322.812395][T11503] __vmalloc_node_range_noprof+0x136c/0x1630 [ 322.812427][T11503] ? xskq_create+0xfb/0x1d0 [ 322.812452][T11503] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 322.812485][T11503] ? xskq_create+0xfb/0x1d0 [ 322.812504][T11503] vmalloc_user_noprof+0x9e/0xe0 [ 322.812526][T11503] ? xskq_create+0xfb/0x1d0 [ 322.812544][T11503] xskq_create+0xfb/0x1d0 [ 322.812564][T11503] xsk_setsockopt+0x743/0xab0 [ 322.812583][T11503] ? __pfx_xsk_setsockopt+0x10/0x10 [ 322.812602][T11503] ? find_held_lock+0x2b/0x80 [ 322.812617][T11503] ? __fget_files+0x215/0x3d0 [ 322.812642][T11503] ? selinux_socket_setsockopt+0x6a/0x80 [ 322.812667][T11503] ? __pfx_xsk_setsockopt+0x10/0x10 [ 322.812686][T11503] do_sock_setsockopt+0xf3/0x1d0 [ 322.812709][T11503] __sys_setsockopt+0x195/0x220 [ 322.812740][T11503] __x64_sys_setsockopt+0xbd/0x160 [ 322.812765][T11503] ? do_syscall_64+0x90/0x870 [ 322.812788][T11503] ? lockdep_hardirqs_on+0x78/0x100 [ 322.812810][T11503] do_syscall_64+0x115/0x870 [ 322.812832][T11503] ? clear_bhb_loop+0x40/0x90 [ 322.812853][T11503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.812871][T11503] RIP: 0033:0x7f9d4d99ce59 [ 322.812887][T11503] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 322.812903][T11503] RSP: 002b:00007f9d4e8c8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 322.812921][T11503] RAX: ffffffffffffffda RBX: 00007f9d4dc15fa0 RCX: 00007f9d4d99ce59 [ 322.812932][T11503] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 322.812943][T11503] RBP: 00007f9d4da32d6f R08: 0000000000000004 R09: 0000000000000000 [ 322.812954][T11503] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.812964][T11503] R13: 00007f9d4dc16038 R14: 00007f9d4dc15fa0 R15: 00007ffc9bc58ec8 [ 322.812988][T11503] [ 323.132951][T11503] Mem-Info: [ 323.172233][ T0] NOHZ tick-stop error: local softirq work is pending, handler #06!!! [ 323.284168][T11490] kexec: Could not allocate control_code_buffer [ 323.327993][T11503] active_anon:45898 inactive_anon:0 isolated_anon:0 [ 323.327993][T11503] active_file:19096 inactive_file:41097 isolated_file:0 [ 323.327993][T11503] unevictable:768 dirty:585 writeback:0 [ 323.327993][T11503] slab_reclaimable:11623 slab_unreclaimable:108814 [ 323.327993][T11503] mapped:30697 shmem:35232 pagetables:1612 [ 323.327993][T11503] sec_pagetables:0 bounce:0 [ 323.327993][T11503] kernel_misc_reclaimable:0 [ 323.327993][T11503] free:1231328 free_pcp:28172 free_cma:0 [ 323.496105][T11503] Node 0 active_anon:183892kB inactive_anon:0kB active_file:76384kB inactive_file:164188kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:122788kB dirty:2336kB writeback:0kB shmem:139392kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14700kB pagetables:6432kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 323.662104][T11503] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 323.745552][T11503] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 323.843767][T11503] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 323.874881][T11503] Node 0 DMA32 free:970480kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:184200kB inactive_anon:0kB active_file:76384kB inactive_file:164196kB unevictable:1536kB writepending:2360kB zspages:0kB present:3129332kB managed:2537340kB mlocked:0kB bounce:0kB free_pcp:105532kB local_pcp:87512kB free_cma:0kB [ 323.970799][T11503] lowmem_reserve[]: 0 0 1 1 1 [ 323.987712][T11503] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1100kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 324.023387][T11519] input: syz1 as /devices/virtual/input/input31 [ 324.079517][T11503] lowmem_reserve[]: 0 0 0 0 0 [ 324.104094][T11503] Node 1 Normal free:3942696kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:2704kB local_pcp:0kB free_cma:0kB [ 324.204978][T11503] lowmem_reserve[]: 0 0 0 0 0 [ 324.220803][T11503] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 324.259327][T11503] Node 0 DMA32: 1072*4kB (UME) 510*8kB (UME) 119*16kB (UM) 399*32kB (UME) 349*64kB (ME) 195*128kB (UME) 121*256kB (UME) 87*512kB (UM) 53*1024kB (UM) 10*2048kB (UME) 183*4096kB (UM) = 970176kB [ 324.300893][T11503] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 324.312783][T10445] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 324.342868][T11503] Node 1 Normal: 4*4kB (UM) 7*8kB (UM) 10*16kB (UM) 2*32kB (M) 6*64kB (UM) 7*128kB (UM) 5*256kB (UM) 3*512kB (UM) 2*1024kB (M) 4*2048kB (UM) 959*4096kB (M) = 3942696kB [ 324.396486][T11503] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 324.416171][T11503] Node 0 hugepages_total=6 hugepages_free=0 hugepages_surp=4 hugepages_size=2048kB [ 324.428270][ T6980] net_ratelimit: 8 callbacks suppressed [ 324.428288][ T6980] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 324.448320][ T6980] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 324.473118][T11503] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 324.483396][T10445] usb 2-1: Using ep0 maxpacket: 16 [ 324.505994][T11503] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 324.520496][T10445] usb 2-1: unable to get BOS descriptor or descriptor too short [ 324.558860][T10445] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 228, changing to 7 [ 324.603261][T10445] usb 2-1: New USB device found, idVendor=08e4, idProduct=017f, bcdDevice= 0.40 [ 324.615654][T10445] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.630787][T11503] 95424 total pagecache pages [ 324.635815][T10445] usb 2-1: Product: syz [ 324.640245][T10445] usb 2-1: Manufacturer: syz [ 324.645237][T10445] usb 2-1: SerialNumber: syz [ 324.669656][T11503] 0 pages in swap cache [ 324.682601][T11503] Free swap = 124996kB [ 324.699619][T11503] Total swap = 124996kB [ 324.725764][T11503] 2097051 pages RAM [ 324.751048][T11503] 0 pages HighMem/MovableOnly [ 324.777391][T11503] 430826 pages reserved [ 324.797713][T11503] 0 pages cma reserved [ 324.945723][T10445] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 325.124582][ T7346] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 325.139527][ T7346] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 325.565539][T10445] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 325.617773][T10445] usb 2-1: USB disconnect, device number 22 [ 325.767454][ T3297] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 325.782056][ T3297] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 325.817562][ T5606] udevd[5606]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 326.149958][T11551] netlink: 'syz.2.1980': attribute type 29 has an invalid length. [ 326.228396][T10445] IPVS: starting estimator thread 0... [ 326.322291][T11554] IPVS: using max 44 ests per chain, 105600 per kthread [ 326.472477][ T3297] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 326.486854][ T3297] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 326.502441][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 327.083366][ T6980] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 327.097844][ T6980] batman_adv: batadv0: Local translation table size (72) exceeds maximum packet size (-304); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 327.423056][T11569] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 327.643929][T11577] netlink: 'syz.4.1989': attribute type 1 has an invalid length. [ 327.653945][T11569] bond0 (unregistering): Released all slaves [ 327.803388][T11577] 8021q: adding VLAN 0 to HW filter on device bond6 [ 328.024440][T11585] bond6: (slave geneve2): making interface the new active one [ 328.070318][T11585] bond6: (slave geneve2): Enslaving as an active interface with an up link [ 358.492494][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 424.413116][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 433.362167][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 433.369136][ C0] rcu: 1-...!: (0 ticks this GP) idle=4be4/0/0x1 softirq=56287/56287 fqs=0 [ 433.378745][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P11591/1:b..l P11590/2:b..l [ 433.387973][ C0] rcu: (detected by 0, t=10502 jiffies, g=64561, q=464 ncpus=2) [ 433.395677][ C0] Sending NMI from CPU 0 to CPUs 1: [ 433.395704][ C1] NMI backtrace for cpu 1 [ 433.395718][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 433.395737][ C1] Tainted: [L]=SOFTLOCKUP [ 433.395742][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 433.395750][ C1] RIP: 0010:lock_acquire+0x4a/0x370 [ 433.395773][ C1] Code: 65 4c 8b 3d 60 34 25 12 4c 89 7c 24 30 4d 89 cf 66 90 65 8b 05 7b 34 25 12 83 f8 07 0f 87 d9 02 00 00 48 0f a3 05 86 95 f2 0e <0f> 82 a4 02 00 00 8b 35 0e c9 f2 0e 85 f6 0f 85 bf 00 00 00 48 8b [ 433.395787][ C1] RSP: 0018:ffffc90000a08cd0 EFLAGS: 00000097 [ 433.395798][ C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 433.395806][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9b3ee688 [ 433.395814][ C1] RBP: ffffffff9b3ee688 R08: 0000000000000001 R09: 0000000000000000 [ 433.395823][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 433.395831][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 433.395840][ C1] FS: 0000000000000000(0000) GS:ffff888124486000(0000) knlGS:0000000000000000 [ 433.395854][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 433.395863][ C1] CR2: 0000200000025000 CR3: 00000000467d0000 CR4: 00000000003526f0 [ 433.395872][ C1] Call Trace: [ 433.395878][ C1] [ 433.395884][ C1] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 433.395900][ C1] ? do_raw_spin_lock+0x128/0x260 [ 433.395920][ C1] _raw_spin_lock_irqsave+0x3a/0x60 [ 433.395935][ C1] ? debug_object_activate+0x144/0x490 [ 433.395950][ C1] debug_object_activate+0x144/0x490 [ 433.395966][ C1] ? __pfx_debug_object_activate+0x10/0x10 [ 433.395982][ C1] ? do_raw_spin_lock+0x128/0x260 [ 433.396003][ C1] enqueue_hrtimer+0x75/0x2f0 [ 433.396023][ C1] __hrtimer_run_queues+0x73d/0xa00 [ 433.396045][ C1] hrtimer_interrupt+0x3e5/0x940 [ 433.396069][ C1] __sysvec_apic_timer_interrupt+0x10b/0x460 [ 433.396089][ C1] sysvec_apic_timer_interrupt+0x9e/0xc0 [ 433.396106][ C1] [ 433.396111][ C1] [ 433.396116][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 433.396132][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 433.396148][ C1] Code: 35 93 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 03 a1 22 00 fb f4 fc 43 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 433.396159][ C1] RSP: 0018:ffffc90000197df0 EFLAGS: 00000246 [ 433.396170][ C1] RAX: 00000000009d2a55 RBX: ffff88801e2f2540 RCX: ffffffff8b88f285 [ 433.396179][ C1] RDX: 0000000000000000 RSI: ffffffff8df0e6a5 RDI: ffffffff8c1c4480 [ 433.396187][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10170a67b5 [ 433.396195][ C1] R10: ffff8880b8533dab R11: 0000000000000000 R12: 0000000000000001 [ 433.396203][ C1] R13: ffffed1003c5e4a8 R14: 0000000000000001 R15: ffffffff90d70150 [ 433.396214][ C1] ? ct_kernel_exit+0x125/0x180 [ 433.396233][ C1] default_idle+0x9/0x10 [ 433.396250][ C1] default_idle_call+0x6c/0xb0 [ 433.396268][ C1] do_idle+0x464/0x590 [ 433.396288][ C1] ? __pfx_do_idle+0x10/0x10 [ 433.396306][ C1] ? finish_task_switch.isra.0+0x152/0x1010 [ 433.396330][ C1] cpu_startup_entry+0x4f/0x60 [ 433.396342][ C1] start_secondary+0x21d/0x2d0 [ 433.396357][ C1] ? __pfx_start_secondary+0x10/0x10 [ 433.396374][ C1] common_startup_64+0x13e/0x148 [ 433.396398][ C1] [ 433.396697][ C0] task:syz.3.1990 state:R running task stack:27160 pid:11590 tgid:11589 ppid:5615 task_flags:0x400140 flags:0x00080000 [ 433.741894][ C0] Call Trace: [ 433.745159][ C0] [ 433.748083][ C0] __schedule+0x1295/0x67a0 [ 433.752595][ C0] ? __pfx___schedule+0x10/0x10 [ 433.757439][ C0] ? mark_held_locks+0x40/0x70 [ 433.762197][ C0] preempt_schedule_irq+0x50/0x90 [ 433.767213][ C0] irqentry_exit+0x205/0x970 [ 433.771796][ C0] ? trace_reschedule_exit.constprop.0+0x6b/0x220 [ 433.778214][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 433.783662][ C0] RIP: 0010:get_mem_cgroup_from_objcg+0x10b/0x1f0 [ 433.790072][ C0] Code: b8 00 00 00 00 00 fc ff df 48 8d 7b 10 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 d6 00 00 00 48 8b 43 10 a8 03 75 58 65 48 ff 00 e0 cd ff ff e8 db cd ff ff 48 89 d8 5b 5d 41 5c 41 5d c3 cc cc [ 433.809666][ C0] RSP: 0018:ffffc900069175c0 EFLAGS: 00000202 [ 433.815719][ C0] RAX: 0000607edb8f2538 RBX: ffff88805873b700 RCX: 0000000000000003 [ 433.823677][ C0] RDX: 1ffff1100b0e76e2 RSI: ffffffff8c1c4400 RDI: ffff88805873b710 [ 433.831635][ C0] RBP: ffff88802d555300 R08: 000000008bd35769 R09: 0000000000000007 [ 433.839591][ C0] R10: 0000000000000200 R11: 0000000000000000 R12: dffffc0000000000 [ 433.847576][ C0] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000000 [ 433.855558][ C0] __memcg_slab_post_alloc_hook+0x428/0xff0 [ 433.861463][ C0] ? kasan_unpoison+0x27/0x60 [ 433.866158][ C0] __kmalloc_node_track_caller_noprof+0x66e/0x850 [ 433.872579][ C0] ? neigh_sysctl_register+0xb4/0x660 [ 433.877982][ C0] kmemdup_noprof+0x29/0x60 [ 433.882477][ C0] neigh_sysctl_register+0xb4/0x660 [ 433.887674][ C0] ? __pfx_neigh_sysctl_register+0x10/0x10 [ 433.893476][ C0] ? inetdev_init+0x245/0x570 [ 433.898145][ C0] ? inetdev_event+0x7fa/0x17f0 [ 433.902987][ C0] ? notifier_call_chain+0x99/0x400 [ 433.908178][ C0] ? copy_net_ns+0x46f/0x7c0 [ 433.912755][ C0] ? create_new_namespaces+0x3ea/0xac0 [ 433.918212][ C0] ? unshare_nsproxy_namespaces+0xf2/0x220 [ 433.924015][ C0] ? ksys_unshare+0x438/0xab0 [ 433.928696][ C0] ? __x64_sys_unshare+0x31/0x40 [ 433.933620][ C0] ? do_syscall_64+0x115/0x870 [ 433.938375][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.944434][ C0] devinet_sysctl_register+0xb6/0x210 [ 433.949804][ C0] inetdev_init+0x2b8/0x570 [ 433.954300][ C0] inetdev_event+0x7fa/0x17f0 [ 433.958974][ C0] ? ib_netdevice_event+0xfc/0x330 [ 433.964086][ C0] ? __pfx_inetdev_event+0x10/0x10 [ 433.969191][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 433.975084][ C0] notifier_call_chain+0x99/0x400 [ 433.980105][ C0] call_netdevice_notifiers_info+0xbe/0x110 [ 433.985989][ C0] register_netdevice+0x18fe/0x24b0 [ 433.991180][ C0] ? __pfx_register_netdevice+0x10/0x10 [ 433.996719][ C0] __ip_tunnel_create+0x52b/0x670 [ 434.001741][ C0] ? __pfx___ip_tunnel_create+0x10/0x10 [ 434.007278][ C0] ? net_generic+0xea/0x2a0 [ 434.011778][ C0] ip_tunnel_init_net+0x230/0x780 [ 434.016797][ C0] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 434.022351][ C0] ? __kmalloc_noprof+0x320/0x850 [ 434.027375][ C0] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 434.032909][ C0] ops_init+0x1e2/0x5f0 [ 434.037062][ C0] setup_net+0x118/0x3a0 [ 434.041296][ C0] ? __pfx_setup_net+0x10/0x10 [ 434.046048][ C0] ? mutex_init_lockdep+0xf1/0x120 [ 434.051168][ C0] copy_net_ns+0x46f/0x7c0 [ 434.055577][ C0] create_new_namespaces+0x3ea/0xac0 [ 434.060864][ C0] unshare_nsproxy_namespaces+0xf2/0x220 [ 434.066503][ C0] ksys_unshare+0x438/0xab0 [ 434.071009][ C0] ? kcov_ioctl+0x16a/0x720 [ 434.075589][ C0] ? kfree+0x1dd/0x6c0 [ 434.079654][ C0] ? __pfx_ksys_unshare+0x10/0x10 [ 434.084669][ C0] ? kcov_ioctl+0x16a/0x720 [ 434.089167][ C0] __x64_sys_unshare+0x31/0x40 [ 434.093939][ C0] do_syscall_64+0x115/0x870 [ 434.098523][ C0] ? clear_bhb_loop+0x40/0x90 [ 434.103194][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.109076][ C0] RIP: 0033:0x7f628719ce59 [ 434.113479][ C0] RSP: 002b:00007f628807e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 434.121882][ C0] RAX: ffffffffffffffda RBX: 00007f6287415fa0 RCX: 00007f628719ce59 [ 434.129841][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000 [ 434.137815][ C0] RBP: 00007f6287232d6f R08: 0000000000000000 R09: 0000000000000000 [ 434.145772][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 434.153743][ C0] R13: 00007f6287416038 R14: 00007f6287415fa0 R15: 00007fff1637d928 [ 434.161714][ C0] [ 434.164723][ C0] task:syz.3.1990 state:R running task stack:25848 pid:11591 tgid:11589 ppid:5615 task_flags:0x400040 flags:0x00080000 [ 434.178204][ C0] Call Trace: [ 434.181468][ C0] [ 434.184393][ C0] __schedule+0x1295/0x67a0 [ 434.188892][ C0] ? mark_held_locks+0x40/0x70 [ 434.193664][ C0] ? __pfx___schedule+0x10/0x10 [ 434.198507][ C0] ? folio_mark_accessed+0xf3/0x1040 [ 434.203780][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 434.209151][ C0] preempt_schedule_common+0x42/0xc0 [ 434.214427][ C0] preempt_schedule_thunk+0x16/0x30 [ 434.219624][ C0] _raw_spin_unlock+0x3e/0x50 [ 434.224291][ C0] follow_page_pte+0x496/0x13f0 [ 434.229140][ C0] ? __pfx_follow_page_pte+0x10/0x10 [ 434.234415][ C0] ? __pfx___might_resched+0x10/0x10 [ 434.239698][ C0] __get_user_pages+0x741/0x32a0 [ 434.244636][ C0] ? __pfx___get_user_pages+0x10/0x10 [ 434.250008][ C0] populate_vma_page_range+0x267/0x3f0 [ 434.255461][ C0] ? __pfx_populate_vma_page_range+0x10/0x10 [ 434.261429][ C0] ? __pfx_find_vma_intersection+0x10/0x10 [ 434.267224][ C0] ? do_mmap+0x93f/0x12f0 [ 434.271558][ C0] __mm_populate+0x107/0x3a0 [ 434.276142][ C0] ? __pfx___mm_populate+0x10/0x10 [ 434.281263][ C0] ? up_write+0x28c/0x4f0 [ 434.285591][ C0] vm_mmap_pgoff+0x37f/0x470 [ 434.290178][ C0] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 434.295285][ C0] ? rcu_is_watching+0x12/0xc0 [ 434.300053][ C0] ? irqentry_exit+0x24d/0x970 [ 434.304814][ C0] ? lockdep_hardirqs_on+0x78/0x100 [ 434.310018][ C0] ksys_mmap_pgoff+0xe4/0x610 [ 434.314690][ C0] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 434.319966][ C0] ? __x64_sys_ioctl+0xec/0x210 [ 434.324811][ C0] __x64_sys_mmap+0x125/0x190 [ 434.329496][ C0] do_syscall_64+0x115/0x870 [ 434.334080][ C0] ? clear_bhb_loop+0x40/0x90 [ 434.338750][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.344630][ C0] RIP: 0033:0x7f628719ce59 [ 434.349041][ C0] RSP: 002b:00007f628805d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 434.357442][ C0] RAX: ffffffffffffffda RBX: 00007f6287416090 RCX: 00007f628719ce59 [ 434.365401][ C0] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000200000000000 [ 434.373383][ C0] RBP: 00007f6287232d6f R08: ffffffffffffffff R09: 0000000000000000 [ 434.381341][ C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 434.389298][ C0] R13: 00007f6287416128 R14: 00007f6287416090 R15: 00007fff1637d928 [ 434.397268][ C0] [ 434.400272][ C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g64561 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 434.411452][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 434.421402][ C0] rcu: RCU grace-period kthread stack dump: [ 434.427271][ C0] task:rcu_preempt state:R running task stack:28216 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 434.440755][ C0] Call Trace: [ 434.444023][ C0] [ 434.446945][ C0] __schedule+0x1295/0x67a0 [ 434.451457][ C0] ? __pfx___schedule+0x10/0x10 [ 434.456299][ C0] ? find_held_lock+0x2b/0x80 [ 434.460991][ C0] ? schedule+0x2bf/0x390 [ 434.465314][ C0] schedule+0xdd/0x390 [ 434.469372][ C0] schedule_timeout+0x127/0x280 [ 434.474210][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 434.479572][ C0] ? __pfx_process_timeout+0x10/0x10 [ 434.484852][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 434.490648][ C0] ? prepare_to_swait_event+0xdf/0x4a0 [ 434.496118][ C0] rcu_gp_fqs_loop+0x1a9/0x900 [ 434.500871][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 434.506148][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 434.511077][ C0] ? __pfx_rcu_gp_cleanup+0x10/0x10 [ 434.516268][ C0] rcu_gp_kthread+0x179/0x230 [ 434.520941][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 434.526126][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 434.531926][ C0] ? __kthread_parkme+0x18c/0x230 [ 434.536956][ C0] ? kthread+0x13a/0x450 [ 434.541190][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 434.546376][ C0] kthread+0x370/0x450 [ 434.550437][ C0] ? __pfx_kthread+0x10/0x10 [ 434.555018][ C0] ret_from_fork+0x72b/0xd50 [ 434.559603][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 434.564705][ C0] ? __switch_to+0x800/0x1100 [ 434.569378][ C0] ? __pfx_kthread+0x10/0x10 [ 434.573960][ C0] ret_from_fork_asm+0x1a/0x30 [ 434.578734][ C0] [ 434.581738][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 434.588046][ C0] CPU: 0 UID: 0 PID: 11594 Comm: syz.4.1991 Tainted: G L syzkaller #0 PREEMPT(full) [ 434.598966][ C0] Tainted: [L]=SOFTLOCKUP [ 434.603274][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 434.613312][ C0] RIP: 0010:smp_call_function_many_cond+0x58e/0x1700 [ 434.619978][ C0] Code: 00 fc ff df 48 8b 54 24 08 49 89 d5 49 89 d4 49 c1 ed 03 41 83 e4 07 49 01 c5 41 83 c4 03 e8 39 84 0c 00 f3 90 41 0f b6 45 00 <41> 38 c4 7c 08 84 c0 0f 85 63 0f 00 00 8b 45 08 31 ff 83 e0 01 41 [ 434.639573][ C0] RSP: 0018:ffffc90004ebfa00 EFLAGS: 00000246 [ 434.645626][ C0] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffc9000f611000 [ 434.653581][ C0] RDX: 0000000000080000 RSI: ffffffff81fc0ce7 RDI: ffff888075894a80 [ 434.661539][ C0] RBP: ffff8880b8540f80 R08: 0000000000000005 R09: 0000000000000000 [ 434.669491][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003 [ 434.677449][ C0] R13: ffffed10170a81f1 R14: 0000000000000001 R15: ffff8880b843c600 [ 434.685404][ C0] FS: 00007f39450c16c0(0000) GS:ffff888124386000(0000) knlGS:0000000000000000 [ 434.694319][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 434.700891][ C0] CR2: 00007f39450c0ff8 CR3: 000000004358d000 CR4: 00000000003526f0 [ 434.708852][ C0] Call Trace: [ 434.712116][ C0] [ 434.715036][ C0] ? __pfx_retrigger_next_event+0x10/0x10 [ 434.720757][ C0] ? clock_was_set+0x1c3/0x870 [ 434.725514][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 434.731838][ C0] ? mark_held_locks+0x40/0x70 [ 434.736594][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 434.742392][ C0] clock_was_set+0x62b/0x870 [ 434.746986][ C0] ? __pfx_clock_was_set+0x10/0x10 [ 434.752099][ C0] do_adjtimex+0x302/0x370 [ 434.756521][ C0] ? __pfx_do_adjtimex+0x10/0x10 [ 434.761466][ C0] ? __pfx_posix_clock_realtime_adj+0x10/0x10 [ 434.767528][ C0] __do_sys_clock_adjtime+0x177/0x290 [ 434.772894][ C0] ? __pfx___do_sys_clock_adjtime+0x10/0x10 [ 434.778808][ C0] ? kcov_ioctl+0x16a/0x720 [ 434.783316][ C0] ? rcu_is_watching+0x12/0xc0 [ 434.788081][ C0] do_syscall_64+0x115/0x870 [ 434.792662][ C0] ? clear_bhb_loop+0x40/0x90 [ 434.797334][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.803228][ C0] RIP: 0033:0x7f394419ce59 [ 434.807631][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 434.827225][ C0] RSP: 002b:00007f39450c1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000131 [ 434.835640][ C0] RAX: ffffffffffffffda RBX: 00007f3944416090 RCX: 00007f394419ce59 [ 434.843599][ C0] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000000 [ 434.851556][ C0] RBP: 00007f3944232d6f R08: 0000000000000000 R09: 0000000000000000 [ 434.859523][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 434.867489][ C0] R13: 00007f3944416128 R14: 00007f3944416090 R15: 00007fff9e698088 [ 434.875460][ C0]