last executing test programs: 39.500362588s ago: executing program 2 (id=358): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f}}, 0x20) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001980)=@deltclass={0x24, 0x29, 0x200, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xffe0}, {0x3, 0xfff3}, {0x6, 0xd}}}, 0x24}}, 0x0) recvmmsg(r3, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000640)=""/222, 0xde}], 0x1}, 0x1}], 0x1, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r5, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r6, 0x10, 0x0, @in={0x2, 0x4e21, @loopback}}}, 0x90) close_range(r4, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) chdir(&(0x7f0000000180)='./file0\x00') write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x0, {0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x80000000}, r6}}, 0x38) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mbind(&(0x7f0000365000/0x4000)=nil, 0x4000, 0x4000, 0x0, 0xfffffffffffffffc, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r8 = socket$unix(0x1, 0x5, 0x0) r9 = dup2(r8, r7) getsockopt$bt_hci(r4, 0x0, 0x3, &(0x7f0000000240)=""/125, &(0x7f00000002c0)=0x7d) close_range(r9, 0xffffffffffffffff, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS2(r9, 0x4068aea3, &(0x7f0000000040)={0xd5, 0x0, 0x11}) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000600)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x30, 0x30, 0x0, @ib={0x1b, 0x4, 0x80, {"9754808c5546849e871f1cd0f4a8a3ef"}, 0x1800000000, 0x100, 0x80000000}, @ib={0x1b, 0xffff, 0x0, {"0ee800a6d7567900"}}}}, 0x118) 32.940280666s ago: executing program 2 (id=358): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f}}, 0x20) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001980)=@deltclass={0x24, 0x29, 0x200, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xffe0}, {0x3, 0xfff3}, {0x6, 0xd}}}, 0x24}}, 0x0) recvmmsg(r3, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000640)=""/222, 0xde}], 0x1}, 0x1}], 0x1, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r5, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r6, 0x10, 0x0, @in={0x2, 0x4e21, @loopback}}}, 0x90) close_range(r4, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) chdir(&(0x7f0000000180)='./file0\x00') write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x0, {0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x80000000}, r6}}, 0x38) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mbind(&(0x7f0000365000/0x4000)=nil, 0x4000, 0x4000, 0x0, 0xfffffffffffffffc, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r8 = socket$unix(0x1, 0x5, 0x0) r9 = dup2(r8, r7) getsockopt$bt_hci(r4, 0x0, 0x3, &(0x7f0000000240)=""/125, &(0x7f00000002c0)=0x7d) close_range(r9, 0xffffffffffffffff, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS2(r9, 0x4068aea3, &(0x7f0000000040)={0xd5, 0x0, 0x11}) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000600)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x30, 0x30, 0x0, @ib={0x1b, 0x4, 0x80, {"9754808c5546849e871f1cd0f4a8a3ef"}, 0x1800000000, 0x100, 0x80000000}, @ib={0x1b, 0xffff, 0x0, {"0ee800a6d7567900"}}}}, 0x118) 26.400748561s ago: executing program 2 (id=358): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f}}, 0x20) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001980)=@deltclass={0x24, 0x29, 0x200, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xffe0}, {0x3, 0xfff3}, {0x6, 0xd}}}, 0x24}}, 0x0) recvmmsg(r3, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000640)=""/222, 0xde}], 0x1}, 0x1}], 0x1, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r5, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r6, 0x10, 0x0, @in={0x2, 0x4e21, @loopback}}}, 0x90) close_range(r4, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) chdir(&(0x7f0000000180)='./file0\x00') write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x0, {0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x80000000}, r6}}, 0x38) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mbind(&(0x7f0000365000/0x4000)=nil, 0x4000, 0x4000, 0x0, 0xfffffffffffffffc, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r8 = socket$unix(0x1, 0x5, 0x0) r9 = dup2(r8, r7) getsockopt$bt_hci(r4, 0x0, 0x3, &(0x7f0000000240)=""/125, &(0x7f00000002c0)=0x7d) close_range(r9, 0xffffffffffffffff, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS2(r9, 0x4068aea3, &(0x7f0000000040)={0xd5, 0x0, 0x11}) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000600)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x30, 0x30, 0x0, @ib={0x1b, 0x4, 0x80, {"9754808c5546849e871f1cd0f4a8a3ef"}, 0x1800000000, 0x100, 0x80000000}, @ib={0x1b, 0xffff, 0x0, {"0ee800a6d7567900"}}}}, 0x118) 19.680476392s ago: executing program 2 (id=358): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f}}, 0x20) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001980)=@deltclass={0x24, 0x29, 0x200, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xffe0}, {0x3, 0xfff3}, {0x6, 0xd}}}, 0x24}}, 0x0) recvmmsg(r3, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000640)=""/222, 0xde}], 0x1}, 0x1}], 0x1, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r5, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r6, 0x10, 0x0, @in={0x2, 0x4e21, @loopback}}}, 0x90) close_range(r4, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) chdir(&(0x7f0000000180)='./file0\x00') write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x0, {0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x80000000}, r6}}, 0x38) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mbind(&(0x7f0000365000/0x4000)=nil, 0x4000, 0x4000, 0x0, 0xfffffffffffffffc, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r8 = socket$unix(0x1, 0x5, 0x0) r9 = dup2(r8, r7) getsockopt$bt_hci(r4, 0x0, 0x3, &(0x7f0000000240)=""/125, &(0x7f00000002c0)=0x7d) close_range(r9, 0xffffffffffffffff, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS2(r9, 0x4068aea3, &(0x7f0000000040)={0xd5, 0x0, 0x11}) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000600)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x30, 0x30, 0x0, @ib={0x1b, 0x4, 0x80, {"9754808c5546849e871f1cd0f4a8a3ef"}, 0x1800000000, 0x100, 0x80000000}, @ib={0x1b, 0xffff, 0x0, {"0ee800a6d7567900"}}}}, 0x118) 12.778413978s ago: executing program 2 (id=358): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f}}, 0x20) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001980)=@deltclass={0x24, 0x29, 0x200, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xffe0}, {0x3, 0xfff3}, {0x6, 0xd}}}, 0x24}}, 0x0) recvmmsg(r3, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000640)=""/222, 0xde}], 0x1}, 0x1}], 0x1, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r5, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r6, 0x10, 0x0, @in={0x2, 0x4e21, @loopback}}}, 0x90) close_range(r4, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) chdir(&(0x7f0000000180)='./file0\x00') write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x0, {0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x80000000}, r6}}, 0x38) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mbind(&(0x7f0000365000/0x4000)=nil, 0x4000, 0x4000, 0x0, 0xfffffffffffffffc, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r8 = socket$unix(0x1, 0x5, 0x0) r9 = dup2(r8, r7) getsockopt$bt_hci(r4, 0x0, 0x3, &(0x7f0000000240)=""/125, &(0x7f00000002c0)=0x7d) close_range(r9, 0xffffffffffffffff, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS2(r9, 0x4068aea3, &(0x7f0000000040)={0xd5, 0x0, 0x11}) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000600)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x30, 0x30, 0x0, @ib={0x1b, 0x4, 0x80, {"9754808c5546849e871f1cd0f4a8a3ef"}, 0x1800000000, 0x100, 0x80000000}, @ib={0x1b, 0xffff, 0x0, {"0ee800a6d7567900"}}}}, 0x118) 5.859131031s ago: executing program 2 (id=358): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f}}, 0x20) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001980)=@deltclass={0x24, 0x29, 0x200, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xffe0}, {0x3, 0xfff3}, {0x6, 0xd}}}, 0x24}}, 0x0) recvmmsg(r3, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000640)=""/222, 0xde}], 0x1}, 0x1}], 0x1, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r5, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r6, 0x10, 0x0, @in={0x2, 0x4e21, @loopback}}}, 0x90) close_range(r4, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) chdir(&(0x7f0000000180)='./file0\x00') write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x0, {0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x80000000}, r6}}, 0x38) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mbind(&(0x7f0000365000/0x4000)=nil, 0x4000, 0x4000, 0x0, 0xfffffffffffffffc, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r8 = socket$unix(0x1, 0x5, 0x0) r9 = dup2(r8, r7) getsockopt$bt_hci(r4, 0x0, 0x3, &(0x7f0000000240)=""/125, &(0x7f00000002c0)=0x7d) close_range(r9, 0xffffffffffffffff, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS2(r9, 0x4068aea3, &(0x7f0000000040)={0xd5, 0x0, 0x11}) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000600)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x30, 0x30, 0x0, @ib={0x1b, 0x4, 0x80, {"9754808c5546849e871f1cd0f4a8a3ef"}, 0x1800000000, 0x100, 0x80000000}, @ib={0x1b, 0xffff, 0x0, {"0ee800a6d7567900"}}}}, 0x118) 2.53080354s ago: executing program 3 (id=1101): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x48882, 0x0) r1 = dup(r0) r2 = add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r3 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0) pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb) 2.459364497s ago: executing program 3 (id=1102): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) r1 = dup(r0) r2 = add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000000)=@assoc_value, 0x8) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r4, 0x400455c8, 0x4) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x33) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000080)=@assoc_value, &(0x7f00000000c0)=0x8) keyctl$read(0xb, r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) r5 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r5, 0x40305652, &(0x7f00000000c0)={0x0, 0x1, 0x4, 0x0, 0x0, 0x8fc0, 0x65f40}) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r6 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0) r7 = fsopen(&(0x7f0000000040)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r8 = fsmount(r7, 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r9, 0x0) r10 = openat(r8, &(0x7f0000000040)='./file2\x00', 0x14b042, 0x0) pwritev2(r10, 0x0, 0x0, 0x5405, 0x0, 0x0) write$cgroup_devices(r10, &(0x7f0000000080)=ANY=[], 0xffdd) pwritev2(r6, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb) 2.300427924s ago: executing program 1 (id=1103): r0 = syz_clone(0x88200, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_pidfd_open(r0, 0x0) pidfd_getfd(r1, r1, 0x0) 2.300095129s ago: executing program 1 (id=1104): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x3c, 0x0, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x1}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8040010}, 0x10) sendfile(r1, r0, &(0x7f0000000000)=0x7, 0x1) pipe(&(0x7f0000000080)) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000100)) r4 = syz_open_pts(r3, 0x60c40) dup3(r4, r3, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r7, 0x4004ae99, &(0x7f0000000000)=0x2) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0xc1105517, &(0x7f0000000140)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x1, 0x4, 0x0, 0x1, 0x80000, 'syz1\x00', &(0x7f0000001540)=['/dev/snd/controlC#\x00\x00\xea\xfb\x0f\xa7\xde\xf9\xb3\x8b\xd4P7\xad\x7f\x9f\x13\xf7-\x9e\xff\x1cB\xd7\xa0\x1au=\xb7\xef\xc6f\xb2g\x81A8\x84M2\x8c\xc7\xfb\xef\x83\x8e\xca\x86\xf2\xd7\x88\x19\xa9QgF6\xe1[\xe8\x17\xcf\xe3\xb4\xeb\xbc~\x1fI\xd6\xf0\xc49\xbev\xde\xcc\xdf\xe5yh\x91\x9b\xbaB\xdb\x1c\xf0#\x1fTC[\xde\xb9\x9d\xdc\xab\xe0\xd6\"\xc0\xd4\xa9\x0eh\x84\xdbt\xcfyvjBW\x0e\x13\xaeU\xc9\xff\xff\a\x1a\x14\xa3\xca_\xcfQ.-\xd2\xd2\x99\xe8\xea\xdd\xf1\xbb\xe9\x11\xa4z\x7f\xb4\xa6\bO%\xc6\xbe\xb1\xc7\x8c!\x00G\x19\xeb\x1a\xa9\x9e'], 0xb5}) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r9, 0x800448f0, &(0x7f00000000c0)={0x0, 0x0, "a4cd91", 0x9}) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r10, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r10, &(0x7f0000000040)="05000000010000", 0x7) r11 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r11) 1.655781827s ago: executing program 0 (id=1106): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, 0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/36, @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x4, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x8940) writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000100)="5fc908", 0x3}], 0x1) 1.430892236s ago: executing program 0 (id=1107): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001240)=@deltfilter={0x34, 0x2d, 0x1, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x8}, {0xfff8}, {0xffff}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}}, 0x20048040) 1.430572859s ago: executing program 0 (id=1108): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, 0x0, &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r0 = socket$inet6(0xa, 0x3, 0x5) r1 = socket$l2tp6(0xa, 0x2, 0x73) dup3(r1, r0, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='./file1\x00', r3, &(0x7f0000000100)='./file0\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, &(0x7f0000000180)) ioctl$AUTOFS_IOC_READY(r3, 0x9360, 0x800000000000001) syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000086b1d010140000102030109025f"], 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef502"], 0xf8) openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) mount(&(0x7f0000000300)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280)='gadgetfs\x00', 0x2221000, &(0x7f0000000240)='\x006\xbc\xf1\xd8{\xa5\xb6+\xe8\b\xf3\xe2M\x06\xd3\x0eD\xb7\xfc\x83\x91\xcbB\x81\aM\x7f\xe9\xae\x19') 1.300953979s ago: executing program 1 (id=1109): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001240)=@deltfilter={0x34, 0x2d, 0x1, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x8}, {0xfff8}, {0xffff}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}}, 0x20048040) (fail_nth: 2) 1.190700878s ago: executing program 1 (id=1110): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x88}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = accept4(r0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) faccessat(r4, &(0x7f0000000000)='./file0\x00', 0x5) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r5) sendmsg$NL80211_CMD_SET_REG(r5, &(0x7f0000000080)={0xfffffffffffffffe, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x24, r6, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_REG_RULES={0x8, 0x22, 0x0, 0x1, [{0x4}]}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4082) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_ABORT_SCAN(r3, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="04060000000003dcdf257600000008000300", @ANYRES32=r7, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) recvmsg$can_raw(r1, &(0x7f0000001880)={0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000006c0)=""/249, 0xf9}], 0x1}, 0x0) 1.110704229s ago: executing program 1 (id=1111): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r0 = socket$inet6(0xa, 0x3, 0x5) r1 = socket$l2tp6(0xa, 0x2, 0x73) dup3(r1, r0, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='./file1\x00', r3, &(0x7f0000000100)='./file0\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, &(0x7f0000000180)) ioctl$AUTOFS_IOC_READY(r3, 0x9360, 0x800000000000001) syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000086b1d010140000102030109025f"], 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef502"], 0xf8) openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) mount(&(0x7f0000000300)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280)='gadgetfs\x00', 0x2221000, &(0x7f0000000240)='\x006\xbc\xf1\xd8{\xa5\xb6+\xe8\b\xf3\xe2M\x06\xd3\x0eD\xb7\xfc\x83\x91\xcbB\x81\aM\x7f\xe9\xae\x19') 290.393574ms ago: executing program 3 (id=1112): r0 = socket(0x10, 0x80002, 0x0) clock_gettime(0x4, &(0x7f0000000000)) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001240)=@deltfilter={0x34, 0x2d, 0x1, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x8}, {0xfff8}, {0xffff}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}}, 0x20048040) 289.98208ms ago: executing program 3 (id=1113): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_hsr\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c00000010000905000000000000ffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b0001006d616373656300001c000280050007000000000005000a0000000000050009000000000008000500", @ANYRES32=r1], 0x5c}}, 0x0) 289.780289ms ago: executing program 0 (id=1114): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = syz_open_dev$video4linux(&(0x7f0000000100), 0x1, 0x183600) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6005, &(0x7f0000000040)=0x7, 0x7, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00') read$FUSE(r1, &(0x7f0000002140)={0x2020}, 0x2020) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000140)={0x0, 0x0, '\x00', @raw_data=[0xff, 0x4, 0x4, 0x3, 0x3, 0x7f, 0x2, 0x400, 0x9, 0x7, 0xffffffff, 0x6, 0x4, 0x229, 0xfffffff5, 0x8000, 0x7, 0x5, 0x80000000, 0x9, 0x40, 0x1ff, 0xd, 0x0, 0x4, 0x34c, 0x67, 0x800, 0x10, 0x3, 0x13d, 0x8]}) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=5']) r2 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000280)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001040)={0x24, r5, 0x1, 0x70bd2b, 0x0, {{0x6c}, {@val={0x8, 0x3, r7}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1644}]]}, 0x24}, 0x1, 0x0, 0x0, 0x2004c080}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r3, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000080)={0x1c, r5, 0x400, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8) ioctl$KDFONTOP_SET(r4, 0x4b72, &(0x7f0000000440)={0x0, 0x0, 0x18, 0x1e, 0x200, &(0x7f0000000480)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550cb66afa9307f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1094fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7e8e15cce995f74fb97a63bf62d61f78c062f959119ab50c1f706a9301f45420aab330f521ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856068f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) write$binfmt_script(r3, &(0x7f00000000c0), 0x6db6e559) 289.663217ms ago: executing program 3 (id=1115): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0), 0x0, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/36, @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x4, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x8940) writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000100)="5fc908", 0x3}], 0x1) 210.25058ms ago: executing program 0 (id=1116): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket(0x1a, 0x800, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000080)={0x2}) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)={0xffff, 0x81, 0x0, 0x5, 0x23c5, 0x7}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001001030400000000fbdbdf2500007400", @ANYRES32=0x0, @ANYBLOB="00080000075005001c0012800b00010062726964676500000c0002800600270018010000"], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0) r3 = syz_clone(0x40000, &(0x7f00000003c0)="27eb531e5865718ee84387990d7f7a3c14dcad9e8d8048726fc4de24382aa8406684de36ec956551d840594254891495e61c6a803bfc440ba024d1351a081e848352fd1a09367ee6c7d303e31b434a7d82a2e35e30f5a45bf85e5fc55edae660e9f341795bde277a2048f08427508977b302e49378eb677e11d63f90eb8b72091fffd793d2f8a5a8fac85550140279b0ce0081cf752485f0a9", 0x99, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000500)="4fc5b396f4e170270b15c27956d37695e99f24f9b5b36a352cd8e76aefcc982d5cf78bd98c9ff980267af4781f481ed9c0e2511ee0d3d4ea26cb5947843cd6f8bc9766c1995f8c263c4fc83ee7eb2a6a89b0a4bed8a09c05e3ab9917bd8538db8e07ad760cf9797e1c5102b240ea7679f82c75eeb5016c5638284a84fdaf23979e5d4c00") setpriority(0x1, r3, 0xf) 150.693448ms ago: executing program 0 (id=1117): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x3c, 0x0, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x1}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8040010}, 0x10) sendfile(r1, r0, &(0x7f0000000000)=0x7, 0x1) pipe(&(0x7f0000000080)) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000100)) r4 = syz_open_pts(r3, 0x60c40) dup3(r4, r3, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r7, 0x4004ae99, &(0x7f0000000000)=0x2) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0xc1105517, &(0x7f0000000140)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x1, 0x4, 0x0, 0x1, 0x80000, 'syz1\x00', &(0x7f0000001540)=['/dev/snd/controlC#\x00\x00\xea\xfb\x0f\xa7\xde\xf9\xb3\x8b\xd4P7\xad\x7f\x9f\x13\xf7-\x9e\xff\x1cB\xd7\xa0\x1au=\xb7\xef\xc6f\xb2g\x81A8\x84M2\x8c\xc7\xfb\xef\x83\x8e\xca\x86\xf2\xd7\x88\x19\xa9QgF6\xe1[\xe8\x17\xcf\xe3\xb4\xeb\xbc~\x1fI\xd6\xf0\xc49\xbev\xde\xcc\xdf\xe5yh\x91\x9b\xbaB\xdb\x1c\xf0#\x1fTC[\xde\xb9\x9d\xdc\xab\xe0\xd6\"\xc0\xd4\xa9\x0eh\x84\xdbt\xcfyvjBW\x0e\x13\xaeU\xc9\xff\xff\a\x1a\x14\xa3\xca_\xcfQ.-\xd2\xd2\x99\xe8\xea\xdd\xf1\xbb\xe9\x11\xa4z\x7f\xb4\xa6\bO%\xc6\xbe\xb1\xc7\x8c!\x00G\x19\xeb\x1a\xa9\x9e'], 0xb5}) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r9, 0x800448f0, &(0x7f00000000c0)={0x0, 0x0, "a4cd91", 0x9}) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r10, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r10, &(0x7f0000000040)="05000000010000", 0x7) r11 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r11) 259.8µs ago: executing program 3 (id=1118): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'geneve0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="5800fe0010000300000000000000002000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000c00010000001c001a8018000a8014000700fc"], 0x58}, 0x1, 0x2}, 0x0) 0s ago: executing program 1 (id=1119): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000bc0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="25000000faffffffffff0500000008000380", @ANYRES32=r2], 0x24}}, 0x0) r3 = syz_open_dev$vivid(&(0x7f0000000040), 0x3, 0x2) ioctl$VIDIOC_DBG_G_CHIP_INFO(r3, 0xc0c85666, &(0x7f0000000100)={{0x0, @name="83eaaa16a26a8b718ff42b34253f7af744a06571a0928150e09be8807f5c328c"}, "fa932513e7e76e73f72fc05d595af0b8b998d3d188ecdc715d968432ffe4c076", 0x1}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r7, 0x400448ca, 0x0) bind$bt_hci(r7, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) write(r7, &(0x7f0000000080)="b7f872a2406b", 0x6) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="25003300d0650400080211000001080211000000505050505050"], 0x44}}, 0x0) kernel console output (not intermixed with test programs): New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.231823][ T4192] usb 5-1: Product: syz [ 84.232859][ T4192] usb 5-1: Manufacturer: syz [ 84.234072][ T4192] usb 5-1: SerialNumber: syz [ 84.240966][ T4192] usb 5-1: config 0 descriptor?? [ 84.246859][ T1138] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.332753][ T1138] bridge_slave_1: left allmulticast mode [ 84.334335][ T1138] bridge_slave_1: left promiscuous mode [ 84.335949][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.339021][ T1138] bridge_slave_0: left allmulticast mode [ 84.340499][ T1138] bridge_slave_0: left promiscuous mode [ 84.342002][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.447321][ T30] usb 5-1: USB disconnect, device number 13 [ 84.551717][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 84.555427][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 84.559087][ T1138] bond0 (unregistering): Released all slaves [ 84.808923][ T39] audit: type=1400 audit(1732105854.932:414): avc: denied { bind } for pid=7791 comm="syz.3.618" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 84.815155][ T39] audit: type=1400 audit(1732105854.932:415): avc: denied { name_bind } for pid=7791 comm="syz.3.618" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 84.820793][ T39] audit: type=1400 audit(1732105854.932:416): avc: denied { node_bind } for pid=7791 comm="syz.3.618" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 84.858828][ T1138] hsr_slave_0: left promiscuous mode [ 84.860587][ T1138] hsr_slave_1: left promiscuous mode [ 84.862366][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.864336][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.867334][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.869425][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.886951][ T1138] veth1_macvtap: left promiscuous mode [ 84.888558][ T1138] veth0_macvtap: left promiscuous mode [ 84.890058][ T1138] veth1_vlan: left promiscuous mode [ 84.891459][ T1138] veth0_vlan: left promiscuous mode [ 84.958700][ T5953] Bluetooth: hci2: command tx timeout [ 85.397643][ T1138] team0 (unregistering): Port device team_slave_1 removed [ 85.457909][ T1138] team0 (unregistering): Port device team_slave_0 removed [ 85.520060][ T5953] Bluetooth: hci0: command 0x040f tx timeout [ 85.880989][ T7799] bond0: entered promiscuous mode [ 85.882354][ T7799] bond_slave_0: entered promiscuous mode [ 85.883831][ T7799] bond_slave_1: entered promiscuous mode [ 85.913394][ T39] kauditd_printk_skb: 4 callbacks suppressed [ 85.913405][ T39] audit: type=1400 audit(1732105856.032:421): avc: denied { create } for pid=7807 comm="syz.3.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 85.928475][ T39] audit: type=1400 audit(1732105856.042:422): avc: denied { setopt } for pid=7807 comm="syz.3.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 85.932966][ T7745] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 85.937703][ T7745] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 85.946445][ T7745] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 85.959355][ T7745] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 86.002948][ T7745] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.007722][ T39] audit: type=1400 audit(1732105856.122:423): avc: denied { sqpoll } for pid=7824 comm="syz.3.626" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 86.012892][ T7745] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.014942][ T1200] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.016808][ T1200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.022388][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.024276][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.032728][ T7826] netlink: 'syz.3.626': attribute type 19 has an invalid length. [ 86.041182][ T7826] netlink: 'syz.3.626': attribute type 10 has an invalid length. [ 86.041675][ T7831] autofs: Bad value for 'fd' [ 86.047814][ T7826] batman_adv: batadv0: Adding interface: team0 [ 86.050400][ T7826] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.056823][ T7826] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 86.069249][ T7826] netlink: 'syz.3.626': attribute type 10 has an invalid length. [ 86.071295][ T7826] netlink: 2 bytes leftover after parsing attributes in process `syz.3.626'. [ 86.073595][ T7826] team0: entered promiscuous mode [ 86.074926][ T7826] team_slave_0: entered promiscuous mode [ 86.076424][ T7826] team_slave_1: entered promiscuous mode [ 86.078386][ T7826] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.080355][ T7826] batman_adv: batadv0: Interface activated: team0 [ 86.082071][ T7826] batman_adv: batadv0: Interface deactivated: team0 [ 86.083793][ T7826] batman_adv: batadv0: Removing interface: team0 [ 86.085808][ T7826] bridge0: port 3(team0) entered blocking state [ 86.087582][ T7826] bridge0: port 3(team0) entered disabled state [ 86.089786][ T7826] team0: entered allmulticast mode [ 86.091217][ T7826] team_slave_0: entered allmulticast mode [ 86.092748][ T7826] team_slave_1: entered allmulticast mode [ 86.095087][ T7826] bridge0: port 3(team0) entered blocking state [ 86.096726][ T7826] bridge0: port 3(team0) entered forwarding state [ 86.144910][ T7836] tmpfs: Bad value for 'nr_blocks' [ 86.172965][ T7745] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.189424][ T7745] veth0_vlan: entered promiscuous mode [ 86.193287][ T7745] veth1_vlan: entered promiscuous mode [ 86.206430][ T7745] veth0_macvtap: entered promiscuous mode [ 86.209437][ T7745] veth1_macvtap: entered promiscuous mode [ 86.215275][ T7745] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.218012][ T7745] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.222323][ T7745] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.225038][ T7745] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.227608][ T7745] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.230401][ T7745] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.233688][ T7745] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.239019][ T7745] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.241671][ T7745] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.244130][ T7745] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.246867][ T7745] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.249758][ T7745] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.252828][ T7745] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.256181][ T7745] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.260369][ T7745] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.262842][ T7745] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.266457][ T7745] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.269093][ T7745] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.294449][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.296532][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.298355][ T1014] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 86.306108][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.310135][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.458332][ T1014] usb 5-1: Using ep0 maxpacket: 8 [ 86.460983][ T1014] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 86.463664][ T1014] usb 5-1: config 0 has no interfaces? [ 86.466501][ T1014] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 86.469094][ T1014] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.471193][ T1014] usb 5-1: Product: syz [ 86.472307][ T1014] usb 5-1: Manufacturer: syz [ 86.473751][ T1014] usb 5-1: SerialNumber: syz [ 86.475980][ T1014] usb 5-1: config 0 descriptor?? [ 86.640845][ T7849] netlink: 'syz.3.631': attribute type 12 has an invalid length. [ 86.682812][ T4192] usb 5-1: USB disconnect, device number 14 [ 87.587630][ T39] audit: type=1400 audit(1732105857.702:424): avc: denied { read } for pid=7871 comm="syz.0.641" path="socket:[21183]" dev="sockfs" ino=21183 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 87.598420][ T5953] Bluetooth: hci0: command 0x040f tx timeout [ 87.672898][ T39] audit: type=1400 audit(1732105857.792:425): avc: denied { accept } for pid=7871 comm="syz.0.641" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 87.767260][ T7877] autofs: Unknown parameter '0x0000000000000000' [ 88.018374][ T4192] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 88.178503][ T4192] usb 8-1: Using ep0 maxpacket: 8 [ 88.182538][ T4192] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 88.185590][ T4192] usb 8-1: config 0 has no interfaces? [ 88.188677][ T4192] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 88.191029][ T4192] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.193325][ T4192] usb 8-1: Product: syz [ 88.194858][ T4192] usb 8-1: Manufacturer: syz [ 88.196319][ T4192] usb 8-1: SerialNumber: syz [ 88.198627][ T4192] usb 8-1: config 0 descriptor?? [ 88.403049][ T4192] usb 8-1: USB disconnect, device number 6 [ 88.543922][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.116061][ T7888] netlink: 84 bytes leftover after parsing attributes in process `syz.3.647'. [ 89.119732][ T7888] netlink: 24 bytes leftover after parsing attributes in process `syz.3.647'. [ 89.164296][ T39] audit: type=1400 audit(1732105859.282:426): avc: denied { getopt } for pid=7889 comm="syz.3.648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 89.201119][ T65] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.204446][ T65] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.206987][ T65] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.211592][ T65] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.213793][ T65] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 89.215805][ T65] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.280447][ T7892] chnl_net:caif_netlink_parms(): no params data found [ 89.351437][ T7892] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.353360][ T7892] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.355505][ T7892] bridge_slave_0: entered allmulticast mode [ 89.357687][ T7892] bridge_slave_0: entered promiscuous mode [ 89.360856][ T7892] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.366606][ T7892] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.368859][ T7892] bridge_slave_1: entered allmulticast mode [ 89.372652][ T7892] bridge_slave_1: entered promiscuous mode [ 89.398098][ T7892] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.403461][ T7892] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.408516][ T7908] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 89.432918][ T7892] team0: Port device team_slave_0 added [ 89.436127][ T7892] team0: Port device team_slave_1 added [ 89.462348][ T7892] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.464901][ T7892] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.472076][ T7908] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 89.472521][ T7892] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.477319][ T7892] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.479421][ T7892] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.486201][ T7892] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.492719][ T39] audit: type=1400 audit(1732105859.612:427): avc: denied { write } for pid=7910 comm="syz.0.652" name="card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 89.512606][ T7892] hsr_slave_0: entered promiscuous mode [ 89.515519][ T7892] hsr_slave_1: entered promiscuous mode [ 89.518032][ T7892] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.520653][ T7892] Cannot create hsr debugfs directory [ 89.688483][ T65] Bluetooth: hci0: command 0x040f tx timeout [ 89.690805][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 90.185527][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.204777][ T7921] autofs: Unknown parameter '0x0000000000000000' [ 90.255605][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.323538][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.397527][ T7927] netlink: 8 bytes leftover after parsing attributes in process `syz.0.659'. [ 90.431717][ T12] bridge_slave_1: left allmulticast mode [ 90.433590][ T12] bridge_slave_1: left promiscuous mode [ 90.435568][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.439455][ T12] bridge_slave_0: left allmulticast mode [ 90.441315][ T12] bridge_slave_0: left promiscuous mode [ 90.443308][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.478468][ T1336] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 90.648466][ T1336] usb 6-1: Using ep0 maxpacket: 8 [ 90.650998][ T1336] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 90.653635][ T1336] usb 6-1: config 0 has no interfaces? [ 90.662667][ T1336] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 90.664996][ T1336] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.667038][ T1336] usb 6-1: Product: syz [ 90.668105][ T1336] usb 6-1: Manufacturer: syz [ 90.669454][ T1320] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 90.671394][ T1336] usb 6-1: SerialNumber: syz [ 90.674628][ T1336] usb 6-1: config 0 descriptor?? [ 90.676399][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 90.683304][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 90.686908][ T12] bond0 (unregistering): Released all slaves [ 90.831298][ T1320] usb 8-1: Using ep0 maxpacket: 8 [ 90.833900][ T1320] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 90.836657][ T1320] usb 8-1: config 0 has no interfaces? [ 90.840876][ T1320] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 90.843252][ T1320] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.845321][ T1320] usb 8-1: Product: syz [ 90.846468][ T1320] usb 8-1: Manufacturer: syz [ 90.848158][ T1320] usb 8-1: SerialNumber: syz [ 90.853567][ T1320] usb 8-1: config 0 descriptor?? [ 90.879542][ T8] usb 6-1: USB disconnect, device number 10 [ 91.057348][ T1320] usb 8-1: USB disconnect, device number 7 [ 91.073396][ T12] hsr_slave_0: left promiscuous mode [ 91.075884][ T12] hsr_slave_1: left promiscuous mode [ 91.078030][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 91.080041][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 91.082270][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 91.084163][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 91.101934][ T12] veth1_macvtap: left promiscuous mode [ 91.103416][ T12] veth0_macvtap: left promiscuous mode [ 91.104830][ T12] veth1_vlan: left promiscuous mode [ 91.108793][ T12] veth0_vlan: left promiscuous mode [ 91.257165][ T7961] netlink: 40 bytes leftover after parsing attributes in process `syz.0.660'. [ 91.281381][ T5953] Bluetooth: hci2: command tx timeout [ 91.666893][ T12] team0 (unregistering): Port device team_slave_1 removed [ 91.726064][ T12] team0 (unregistering): Port device team_slave_0 removed [ 91.768431][ T5953] Bluetooth: hci0: command 0x040f tx timeout [ 92.138904][ T7966] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 92.184007][ T7892] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.197220][ T7892] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.202088][ T7892] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.207368][ T7892] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.257901][ T7892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.265445][ T7892] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.269231][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.271115][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.290255][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.290550][ T7981] netlink: 'syz.1.668': attribute type 9 has an invalid length. [ 92.292165][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.296218][ T7981] netlink: 134672 bytes leftover after parsing attributes in process `syz.1.668'. [ 92.298728][ T7981] openvswitch: netlink: Key 2 has unexpected len 20 expected 4 [ 92.388182][ T7892] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.402458][ T7892] veth0_vlan: entered promiscuous mode [ 92.406262][ T7892] veth1_vlan: entered promiscuous mode [ 92.417355][ T7892] veth0_macvtap: entered promiscuous mode [ 92.423643][ T7892] veth1_macvtap: entered promiscuous mode [ 92.430331][ T7892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.433106][ T7892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.435627][ T7892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.441571][ T7892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.444136][ T7892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.446817][ T7892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.450336][ T7892] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.452424][ T7991] tc_dump_action: action bad kind [ 92.456919][ T7892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.459735][ T7892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.462225][ T7892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.465012][ T7892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.467293][ T7992] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 92.467785][ T7892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.472741][ T7892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.475912][ T7892] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.481644][ T7892] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.483968][ T7892] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.486240][ T7892] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.489123][ T7892] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.525200][ T7992] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 92.527055][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.531246][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.543982][ T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.546549][ T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.359205][ T8013] netlink: 40 bytes leftover after parsing attributes in process `syz.1.678'. [ 93.363992][ T8015] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4624 sclass=netlink_route_socket pid=8015 comm=syz.3.679 [ 93.398063][ T8019] netlink: 'syz.3.681': attribute type 9 has an invalid length. [ 93.400395][ T8019] netlink: 134672 bytes leftover after parsing attributes in process `syz.3.681'. [ 93.402911][ T8019] openvswitch: netlink: Key 2 has unexpected len 20 expected 4 [ 93.557472][ T8035] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 93.710296][ T8039] Option 'Í'M•O§±' to dns_resolver key: bad/missing value [ 93.739684][ T8042] netlink: 40 bytes leftover after parsing attributes in process `syz.3.689'. [ 93.848404][ T65] Bluetooth: hci0: command 0x040f tx timeout [ 93.849952][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 93.905057][ T8049] sctp: [Deprecated]: syz.3.692 (pid 8049) Use of struct sctp_assoc_value in delayed_ack socket option. [ 93.905057][ T8049] Use struct sctp_sack_info instead [ 94.273644][ T8035] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 94.355464][ T8051] xfrm0: entered allmulticast mode [ 94.405950][ T39] audit: type=1400 audit(1732105864.522:428): avc: denied { ioctl } for pid=8054 comm="syz.0.695" path="socket:[26983]" dev="sockfs" ino=26983 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 94.416955][ T39] audit: type=1400 audit(1732105864.532:429): avc: denied { create } for pid=8056 comm="syz.1.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 94.421978][ T39] audit: type=1400 audit(1732105864.542:430): avc: denied { getopt } for pid=8056 comm="syz.1.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 94.431045][ T39] audit: type=1400 audit(1732105864.552:431): avc: denied { read } for pid=8056 comm="syz.1.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 94.547210][ T8067] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7952 sclass=netlink_route_socket pid=8067 comm=syz.1.701 [ 94.555599][ T8069] netlink: 40 bytes leftover after parsing attributes in process `syz.0.702'. [ 94.746832][ T8072] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 94.808695][ T8072] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 94.843873][ T39] audit: type=1400 audit(1732105864.962:432): avc: denied { create } for pid=8084 comm="syz.3.707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 95.034798][ T8101] Cannot find del_set index 0 as target [ 95.120687][ T45] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.764097][ T8110] netlink: 456 bytes leftover after parsing attributes in process `syz.3.716'. [ 95.777569][ T39] audit: type=1400 audit(1732105865.892:433): avc: denied { nlmsg_read } for pid=8107 comm="syz.1.715" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 95.778238][ T8113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.717'. [ 95.844774][ T5954] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.848721][ T5954] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.851829][ T5954] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.858750][ T5954] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.861690][ T5954] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 95.864216][ T5954] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.872762][ T8125] netlink: 'syz.3.722': attribute type 32 has an invalid length. [ 95.918790][ T5954] Bluetooth: hci0: command 0x040f tx timeout [ 95.918956][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 96.002836][ T8118] chnl_net:caif_netlink_parms(): no params data found [ 96.078535][ T8141] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 96.088782][ T8143] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=8143 comm=syz.3.726 [ 96.095748][ T8118] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.095803][ T8118] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.095865][ T8118] bridge_slave_0: entered allmulticast mode [ 96.096522][ T8118] bridge_slave_0: entered promiscuous mode [ 96.097671][ T8118] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.097721][ T8118] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.097773][ T8118] bridge_slave_1: entered allmulticast mode [ 96.098249][ T8118] bridge_slave_1: entered promiscuous mode [ 96.121624][ T8118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.125727][ T8118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.131767][ T8141] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 96.150143][ T8118] team0: Port device team_slave_0 added [ 96.151573][ T8118] team0: Port device team_slave_1 added [ 96.175534][ T8118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.177699][ T8118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.186419][ T8118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.190493][ T8118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.192325][ T8118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.199937][ T8118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.227513][ T8118] hsr_slave_0: entered promiscuous mode [ 96.230966][ T8118] hsr_slave_1: entered promiscuous mode [ 96.233056][ T8118] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.234961][ T8118] Cannot create hsr debugfs directory [ 96.462202][ T39] audit: type=1400 audit(1732105866.582:434): avc: denied { append } for pid=8157 comm="syz.3.731" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 96.462244][ T8159] random: crng reseeded on system resumption [ 96.622216][ T39] audit: type=1400 audit(1732105866.742:435): avc: denied { ioctl } for pid=8157 comm="syz.3.731" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x330f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 96.681645][ T39] audit: type=1400 audit(1732105866.802:436): avc: denied { create } for pid=8168 comm="syz.0.735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 96.686907][ T39] audit: type=1400 audit(1732105866.802:437): avc: denied { write } for pid=8168 comm="syz.0.735" path="socket:[26174]" dev="sockfs" ino=26174 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 96.760483][ T8178] tc_dump_action: action bad kind [ 96.786636][ T8180] netlink: 84 bytes leftover after parsing attributes in process `syz.0.739'. [ 96.789378][ T8180] netlink: 24 bytes leftover after parsing attributes in process `syz.0.739'. [ 96.814516][ T8182] IPv6: sit1: Disabled Multicast RS [ 96.857441][ T45] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.933344][ T5954] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 96.933373][ T5954] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 96.944185][ T45] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.041626][ T45] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.120527][ T45] bridge_slave_1: left allmulticast mode [ 97.122414][ T45] bridge_slave_1: left promiscuous mode [ 97.123894][ T8205] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 97.124268][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.132213][ T45] bridge_slave_0: left allmulticast mode [ 97.134136][ T45] bridge_slave_0: left promiscuous mode [ 97.135875][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.345219][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 97.349190][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 97.352399][ T45] bond0 (unregistering): Released all slaves [ 97.617639][ T45] hsr_slave_0: left promiscuous mode [ 97.621834][ T45] hsr_slave_1: left promiscuous mode [ 97.624207][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.626954][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.630121][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.632861][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 97.652293][ T45] veth1_macvtap: left promiscuous mode [ 97.653940][ T45] veth0_macvtap: left promiscuous mode [ 97.655394][ T45] veth1_vlan: left promiscuous mode [ 97.656756][ T45] veth0_vlan: left promiscuous mode [ 97.918450][ T5954] Bluetooth: hci2: command tx timeout [ 97.998561][ T5954] Bluetooth: hci0: command 0x040f tx timeout [ 98.001174][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 98.002896][ T8205] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 98.031670][ T8235] netlink: 36 bytes leftover after parsing attributes in process `syz.1.751'. [ 98.201262][ T45] team0 (unregistering): Port device team_slave_1 removed [ 98.269383][ T45] team0 (unregistering): Port device team_slave_0 removed [ 98.854616][ T8254] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=16144 sclass=netlink_route_socket pid=8254 comm=syz.0.757 [ 98.860342][ T8118] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.871100][ T8118] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.881185][ T8118] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.888390][ T8118] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.935592][ T8118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.944852][ T8118] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.953693][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.955536][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.977673][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.979525][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.000236][ T8118] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 99.065063][ T8283] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 99.101115][ T8118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.116286][ T8118] veth0_vlan: entered promiscuous mode [ 99.120184][ T8283] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 99.121011][ T8118] veth1_vlan: entered promiscuous mode [ 99.130510][ T8118] veth0_macvtap: entered promiscuous mode [ 99.135750][ T8118] veth1_macvtap: entered promiscuous mode [ 99.141468][ T8118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.141479][ T8118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.141485][ T8118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.141492][ T8118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.141497][ T8118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.141503][ T8118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.142029][ T8118] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.144147][ T8118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.144157][ T8118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.144161][ T8118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.144168][ T8118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.144179][ T8118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.144186][ T8118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.144627][ T8118] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.146193][ T8118] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.184713][ T8118] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.184732][ T8118] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.184746][ T8118] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.221430][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.221442][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.231762][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.231808][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.455343][ T39] kauditd_printk_skb: 7 callbacks suppressed [ 99.455353][ T39] audit: type=1400 audit(1732105869.572:445): avc: denied { ioctl } for pid=8293 comm="syz.3.765" path="/dev/fb0" dev="devtmpfs" ino=637 ioctlcmd=0x4604 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 99.485927][ T8298] Cannot find del_set index 0 as target [ 99.618889][ T8303] zonefs (nullb0) ERROR: Not a zoned block device [ 99.779843][ T8313] tc_dump_action: action bad kind [ 99.837412][ T8317] netlink: 84 bytes leftover after parsing attributes in process `syz.1.773'. [ 99.840464][ T8317] netlink: 24 bytes leftover after parsing attributes in process `syz.1.773'. [ 100.034720][ T8341] netlink: 8 bytes leftover after parsing attributes in process `syz.1.784'. [ 100.078555][ T5953] Bluetooth: hci0: command 0x040f tx timeout [ 100.080447][ T5954] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 100.187634][ T8356] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 100.252679][ T8356] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 100.297183][ T8361] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=19472 sclass=netlink_route_socket pid=8361 comm=syz.1.789 [ 100.331981][ T39] audit: type=1400 audit(1732105870.452:446): avc: denied { create } for pid=8362 comm="syz.1.790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 100.339447][ T39] audit: type=1400 audit(1732105870.462:447): avc: denied { setopt } for pid=8362 comm="syz.1.790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 100.805277][ T8378] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8378 comm=syz.1.795 [ 100.809024][ T8378] netlink: 100 bytes leftover after parsing attributes in process `syz.1.795'. [ 101.083995][ T8395] tc_dump_action: action bad kind [ 101.132579][ T8401] netlink: 84 bytes leftover after parsing attributes in process `syz.3.805'. [ 101.134864][ T8401] netlink: 24 bytes leftover after parsing attributes in process `syz.3.805'. [ 101.196041][ T8405] overlay: Bad value for 'workdir' [ 101.231882][ T39] audit: type=1400 audit(1732105871.352:448): avc: denied { read } for pid=8406 comm="syz.0.807" name="btrfs-control" dev="devtmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 101.239167][ T39] audit: type=1400 audit(1732105871.352:449): avc: denied { open } for pid=8406 comm="syz.0.807" path="/dev/btrfs-control" dev="devtmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 101.245572][ T39] audit: type=1400 audit(1732105871.352:450): avc: denied { ioctl } for pid=8406 comm="syz.0.807" path="/dev/btrfs-control" dev="devtmpfs" ino=1335 ioctlcmd=0x9405 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 101.251811][ T39] audit: type=1400 audit(1732105871.352:451): avc: denied { read } for pid=8406 comm="syz.0.807" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 101.258470][ T39] audit: type=1400 audit(1732105871.352:452): avc: denied { open } for pid=8406 comm="syz.0.807" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 101.258489][ T39] audit: type=1400 audit(1732105871.352:453): avc: denied { ioctl } for pid=8406 comm="syz.0.807" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x9379 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 101.302224][ T8410] kvm: kvm [8406]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x40000018) = 0x6 [ 101.489080][ T8424] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 101.647739][ T8431] fuse: Bad value for 'group_id' [ 101.649374][ T8431] fuse: Bad value for 'group_id' [ 101.671747][ T1138] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.158491][ T5953] Bluetooth: hci0: command 0x040f tx timeout [ 102.160530][ T5954] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 102.165104][ T8407] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 102.197791][ T8424] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 102.442407][ T8437] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=24592 sclass=netlink_route_socket pid=8437 comm=syz.3.819 [ 102.517860][ T39] audit: type=1400 audit(1732105872.632:454): avc: denied { create } for pid=8448 comm="syz.1.822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 102.527816][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 102.530534][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 102.533079][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 102.538818][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 102.541993][ T5953] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 102.543944][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 102.625376][ T8466] netlink: 12 bytes leftover after parsing attributes in process `syz.3.826'. [ 102.630423][ T8452] chnl_net:caif_netlink_parms(): no params data found [ 102.683032][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.683252][ T8452] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.683680][ T8452] bridge_slave_0: entered allmulticast mode [ 102.684668][ T8452] bridge_slave_0: entered promiscuous mode [ 102.686198][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.686247][ T8452] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.686299][ T8452] bridge_slave_1: entered allmulticast mode [ 102.687260][ T8452] bridge_slave_1: entered promiscuous mode [ 102.717625][ T8452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.720452][ T8452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.747509][ T8452] team0: Port device team_slave_0 added [ 102.749032][ T8452] team0: Port device team_slave_1 added [ 102.774518][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.774533][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.774552][ T8452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.775682][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.775692][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.775710][ T8452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.814838][ T8452] hsr_slave_0: entered promiscuous mode [ 102.815362][ T8452] hsr_slave_1: entered promiscuous mode [ 102.815690][ T8452] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.815741][ T8452] Cannot create hsr debugfs directory [ 102.822641][ T8478] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 102.895952][ T8478] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 103.036888][ T8485] netlink: 36 bytes leftover after parsing attributes in process `syz.1.831'. [ 103.340999][ T8501] tc_dump_action: action bad kind [ 103.401099][ T8505] netlink: 84 bytes leftover after parsing attributes in process `syz.1.837'. [ 103.403377][ T8505] netlink: 24 bytes leftover after parsing attributes in process `syz.1.837'. [ 103.515401][ T8511] Process accounting resumed [ 103.651953][ T1138] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.719975][ T1138] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.777437][ T1138] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.902523][ T1138] bridge_slave_1: left allmulticast mode [ 103.904051][ T1138] bridge_slave_1: left promiscuous mode [ 103.905790][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.911146][ T1138] bridge_slave_0: left allmulticast mode [ 103.912687][ T1138] bridge_slave_0: left promiscuous mode [ 103.914188][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.977921][ T8554] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 104.021898][ T8556] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31248 sclass=netlink_route_socket pid=8556 comm=syz.3.856 [ 104.157414][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.162415][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.165719][ T1138] bond0 (unregistering): Released all slaves [ 104.532839][ T1138] hsr_slave_0: left promiscuous mode [ 104.535153][ T1138] hsr_slave_1: left promiscuous mode [ 104.537230][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 104.541757][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 104.544104][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.545924][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 104.568954][ T5953] Bluetooth: hci2: command tx timeout [ 104.576418][ T1138] veth1_macvtap: left promiscuous mode [ 104.577918][ T1138] veth0_macvtap: left promiscuous mode [ 104.579465][ T1138] veth1_vlan: left promiscuous mode [ 104.580826][ T1138] veth0_vlan: left promiscuous mode [ 104.637240][ T8590] netlink: 32 bytes leftover after parsing attributes in process `syz.1.866'. [ 104.968654][ T5954] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 104.973182][ T8554] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 105.015903][ T8599] netlink: 84 bytes leftover after parsing attributes in process `syz.0.867'. [ 105.156953][ T1138] team0 (unregistering): Port device team_slave_1 removed [ 105.214888][ T1138] team0 (unregistering): Port device team_slave_0 removed [ 105.621732][ T8587] tc_dump_action: action bad kind [ 105.635544][ T8595] netlink: 558 bytes leftover after parsing attributes in process `syz.1.866'. [ 105.638721][ T8599] netlink: 24 bytes leftover after parsing attributes in process `syz.0.867'. [ 105.658394][ T8452] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 105.661861][ T8452] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 105.664687][ T8452] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 105.667538][ T8452] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 105.676041][ T8605] netlink: 404 bytes leftover after parsing attributes in process `syz.3.870'. [ 105.685053][ T39] kauditd_printk_skb: 7 callbacks suppressed [ 105.685062][ T39] audit: type=1400 audit(1732105875.802:462): avc: denied { ioctl } for pid=8603 comm="syz.3.870" path="socket:[31042]" dev="sockfs" ino=31042 ioctlcmd=0x8923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 105.685400][ T8605] @: renamed from vlan0 (while UP) [ 105.717873][ T8452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.728859][ T8452] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.733223][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.735689][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.742576][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.744372][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.763302][ T8452] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 105.857189][ T8452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.880037][ T8452] veth0_vlan: entered promiscuous mode [ 105.883936][ T8452] veth1_vlan: entered promiscuous mode [ 105.894272][ T8452] veth0_macvtap: entered promiscuous mode [ 105.897271][ T8452] veth1_macvtap: entered promiscuous mode [ 105.903911][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.906461][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.909282][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.911775][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.914187][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.916783][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.919915][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.922904][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.925453][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.927980][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.931241][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.933606][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.936146][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.939509][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.942326][ T8630] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 105.948131][ T8452] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.950394][ T8452] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.952514][ T8452] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.954614][ T8452] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.983740][ T8632] netlink: 40 bytes leftover after parsing attributes in process `syz.0.879'. [ 105.985430][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.989963][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.003343][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.005331][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.008720][ T8630] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 106.217370][ T8642] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 106.217393][ T39] audit: type=1400 audit(1732105876.332:463): avc: denied { getattr } for pid=8639 comm="syz.0.882" name="/" dev="9p" ino=37617749 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 106.229647][ T39] audit: type=1400 audit(1732105876.352:464): avc: denied { rename } for pid=8639 comm="syz.0.882" name="file0" dev="overlay" ino=37617750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 106.235225][ T39] audit: type=1400 audit(1732105876.352:465): avc: denied { write open } for pid=8639 comm="syz.0.882" path=2F202864656C6574656429 dev="tmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 106.241569][ T39] audit: type=1400 audit(1732105876.352:466): avc: denied { setattr } for pid=8639 comm="syz.0.882" name="#1335" dev="tmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 106.246958][ T39] audit: type=1400 audit(1732105876.352:467): avc: denied { read } for pid=8639 comm="syz.0.882" dev="tmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 106.252443][ T39] audit: type=1400 audit(1732105876.352:468): avc: denied { link } for pid=8639 comm="syz.0.882" name="#1335" dev="tmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 106.257750][ T39] audit: type=1400 audit(1732105876.352:469): avc: denied { rename } for pid=8639 comm="syz.0.882" name="file0" dev="tmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 106.877636][ T8654] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=49936 sclass=netlink_route_socket pid=8654 comm=syz.1.887 [ 107.009966][ T39] audit: type=1400 audit(1732105877.132:470): avc: denied { unlink } for pid=5959 comm="syz-executor" name="bus" dev="tmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 107.052017][ T8666] Cannot find del_set index 0 as target [ 107.085159][ T39] audit: type=1400 audit(1732105877.202:471): avc: denied { read } for pid=8667 comm="syz.1.895" name="mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 107.184997][ T8678] tc_dump_action: action bad kind [ 107.233425][ T8681] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 107.360376][ T8686] x_tables: ip_tables: icmp.0 match: invalid size 8 (kernel) != (user) 56 [ 107.482991][ T8692] dccp_invalid_packet: P.Data Offset(0) too small [ 107.701888][ T8705] __nla_validate_parse: 2 callbacks suppressed [ 107.701905][ T8705] netlink: 8 bytes leftover after parsing attributes in process `syz.1.908'. [ 107.759150][ T8709] Illegal XDP return value 4294967274 on prog (id 105) dev N/A, expect packet loss! [ 108.078456][ T5954] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 108.080349][ T8681] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 108.217155][ T1138] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.117036][ T8744] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=58384 sclass=netlink_route_socket pid=8744 comm=syz.1.919 [ 109.160017][ T8748] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=123 sclass=netlink_route_socket pid=8748 comm=syz.1.922 [ 109.197573][ T8755] tc_dump_action: action bad kind [ 109.213815][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 109.216992][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 109.219366][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 109.222907][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 109.224988][ T5953] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 109.226862][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 109.240846][ T8764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.928'. [ 109.252851][ T8764] bridge0: port 3(team0) entered disabled state [ 109.329708][ T8764] team0 (unregistering): left allmulticast mode [ 109.329725][ T8764] team_slave_0: left allmulticast mode [ 109.329734][ T8764] team_slave_1: left allmulticast mode [ 109.329775][ T8764] bridge0: port 3(team0) entered disabled state [ 109.336145][ T8764] team_slave_0: left promiscuous mode [ 109.349925][ T8764] team0 (unregistering): Port device team_slave_0 removed [ 109.350065][ T8764] team_slave_1: left promiscuous mode [ 109.356229][ T8764] team0 (unregistering): Port device team_slave_1 removed [ 109.357758][ T8765] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 109.423737][ T8757] chnl_net:caif_netlink_parms(): no params data found [ 109.427144][ T8765] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 109.513124][ T8757] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.513182][ T8757] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.513239][ T8757] bridge_slave_0: entered allmulticast mode [ 109.513650][ T8757] bridge_slave_0: entered promiscuous mode [ 109.514673][ T8757] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.514719][ T8757] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.514807][ T8757] bridge_slave_1: entered allmulticast mode [ 109.515221][ T8757] bridge_slave_1: entered promiscuous mode [ 109.544879][ T8781] netlink: 84 bytes leftover after parsing attributes in process `syz.1.930'. [ 109.547638][ T8781] netlink: 24 bytes leftover after parsing attributes in process `syz.1.930'. [ 109.549102][ T8757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.550449][ T8757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.586018][ T8757] team0: Port device team_slave_0 added [ 109.594389][ T8757] team0: Port device team_slave_1 added [ 109.620869][ T8757] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.624139][ T8757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.633581][ T8757] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.638489][ T8757] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.640866][ T8757] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.649166][ T8757] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.652726][ T8785] netlink: 8 bytes leftover after parsing attributes in process `syz.1.932'. [ 109.655024][ T8785] netlink: 12 bytes leftover after parsing attributes in process `syz.1.932'. [ 109.657269][ T8785] netlink: 'syz.1.932': attribute type 7 has an invalid length. [ 109.662971][ T8785] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled [ 109.666496][ T8785] overlay: Bad value for 'workdir' [ 109.688753][ T8757] hsr_slave_0: entered promiscuous mode [ 109.690860][ T8757] hsr_slave_1: entered promiscuous mode [ 109.692985][ T8757] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.695194][ T8757] Cannot create hsr debugfs directory [ 109.745134][ T8792] netlink: 8 bytes leftover after parsing attributes in process `syz.1.935'. [ 109.813053][ T8801] erofs: (device loop0): erofs_read_superblock: cannot find valid erofs superblock [ 109.944057][ T8803] netlink: 20 bytes leftover after parsing attributes in process `syz.1.940'. [ 110.086776][ T8814] netlink: 'syz.3.942': attribute type 10 has an invalid length. [ 110.144052][ T8815] team_slave_1: left promiscuous mode [ 110.146042][ T8815] team_slave_1: left allmulticast mode [ 110.159462][ T8815] team0: Port device team_slave_1 removed [ 110.239452][ T1138] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.287440][ T1138] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.380000][ T1138] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.457712][ T1138] bridge_slave_1: left allmulticast mode [ 110.459479][ T1138] bridge_slave_1: left promiscuous mode [ 110.461790][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.465136][ T1138] bridge_slave_0: left allmulticast mode [ 110.466933][ T1138] bridge_slave_0: left promiscuous mode [ 110.469203][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.702139][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 110.706143][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 110.711049][ T1138] bond0 (unregistering): Released all slaves [ 110.763746][ T8828] tmpfs: Bad value for 'mpol' [ 110.854867][ T8837] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64528 sclass=netlink_route_socket pid=8837 comm=syz.1.949 [ 111.020974][ T1138] hsr_slave_0: left promiscuous mode [ 111.024328][ T1138] hsr_slave_1: left promiscuous mode [ 111.026647][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 111.029201][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 111.032879][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.035274][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.038245][ T8853] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 111.061647][ T1138] veth1_macvtap: left promiscuous mode [ 111.063304][ T1138] veth0_macvtap: left promiscuous mode [ 111.065092][ T1138] veth1_vlan: left promiscuous mode [ 111.066615][ T1138] veth0_vlan: left promiscuous mode [ 111.204222][ T8857] Cannot find del_set index 0 as target [ 111.290245][ T5954] Bluetooth: hci2: command tx timeout [ 111.426536][ T8864] Bluetooth: (null): Invalid header checksum [ 111.438371][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 111.685676][ T1138] team0 (unregistering): Port device team_slave_1 removed [ 111.715394][ T8853] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 111.753577][ T1138] team0 (unregistering): Port device team_slave_0 removed [ 111.818678][ T8870] netlink: 84 bytes leftover after parsing attributes in process `syz.1.958'. [ 112.240895][ T8859] tc_dump_action: action bad kind [ 112.249761][ T8870] netlink: 24 bytes leftover after parsing attributes in process `syz.1.958'. [ 112.411120][ T8757] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 112.416249][ T8757] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 112.430036][ T8757] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 112.434471][ T8757] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 112.503663][ T8757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 112.508600][ T8757] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.514151][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.519606][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.524517][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.524548][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.620150][ T8919] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 112.621336][ T8757] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.640189][ T8757] veth0_vlan: entered promiscuous mode [ 112.644017][ T8757] veth1_vlan: entered promiscuous mode [ 112.657584][ T8757] veth0_macvtap: entered promiscuous mode [ 112.663573][ T8757] veth1_macvtap: entered promiscuous mode [ 112.671646][ T8757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 112.674814][ T8757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 112.677448][ T8757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 112.681301][ T8919] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 112.681435][ T8757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 112.685510][ T8757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 112.685520][ T8757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 112.686838][ T8757] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.695190][ T8757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 112.698756][ T8757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 112.701288][ T8757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 112.704373][ T8757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 112.706939][ T8757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 112.709703][ T8757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 112.712837][ T8757] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.717219][ T8757] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.720117][ T8757] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.722417][ T8757] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.724654][ T8757] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.746537][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.753131][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.762726][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.764770][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.052207][ T8941] __nla_validate_parse: 2 callbacks suppressed [ 113.052217][ T8941] netlink: 200 bytes leftover after parsing attributes in process `syz.1.976'. [ 113.056893][ T8941] netlink: 4272 bytes leftover after parsing attributes in process `syz.1.976'. [ 113.059431][ T8941] netlink: 'syz.1.976': attribute type 3 has an invalid length. [ 113.061460][ T8941] netlink: 105 bytes leftover after parsing attributes in process `syz.1.976'. [ 113.111450][ T8945] netlink: 8 bytes leftover after parsing attributes in process `syz.1.978'. [ 113.678400][ T35] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 113.682042][ T8953] autofs: Unknown parameter '0x0000000000000000' [ 113.848493][ T35] usb 5-1: Using ep0 maxpacket: 8 [ 113.851006][ T35] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 113.853621][ T35] usb 5-1: config 0 has no interfaces? [ 113.856506][ T35] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 113.859089][ T35] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.861146][ T35] usb 5-1: Product: syz [ 113.862249][ T35] usb 5-1: Manufacturer: syz [ 113.863457][ T35] usb 5-1: SerialNumber: syz [ 113.866130][ T35] usb 5-1: config 0 descriptor?? [ 113.918393][ T57] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 114.068450][ T57] usb 8-1: Using ep0 maxpacket: 8 [ 114.078879][ T57] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 114.081703][ T57] usb 8-1: config 0 has no interfaces? [ 114.082285][ T9] usb 5-1: USB disconnect, device number 15 [ 114.084669][ T57] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 114.087589][ T57] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.089855][ T57] usb 8-1: Product: syz [ 114.090956][ T57] usb 8-1: Manufacturer: syz [ 114.092166][ T57] usb 8-1: SerialNumber: syz [ 114.094246][ T57] usb 8-1: config 0 descriptor?? [ 114.301695][ T57] usb 8-1: USB disconnect, device number 8 [ 114.728425][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 114.756508][ T8967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.986'. [ 114.934665][ T1044] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.946113][ T8981] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 115.003894][ T8981] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 115.900773][ T8987] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65040 sclass=netlink_route_socket pid=8987 comm=syz.3.992 [ 115.904404][ T8989] No control pipe specified [ 115.950239][ T39] kauditd_printk_skb: 12 callbacks suppressed [ 115.950250][ T39] audit: type=1400 audit(1732105886.072:484): avc: denied { getopt } for pid=8995 comm="syz.0.997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 115.982488][ T65] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 115.985991][ T65] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 115.990241][ T65] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 115.994434][ T65] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 115.997985][ T65] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 116.002733][ T65] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 116.004989][ T9005] autofs: Unknown parameter '0x0000000000000000' [ 116.068233][ T9000] chnl_net:caif_netlink_parms(): no params data found [ 116.107252][ T9000] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.111464][ T9000] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.113895][ T9000] bridge_slave_0: entered allmulticast mode [ 116.116193][ T9000] bridge_slave_0: entered promiscuous mode [ 116.119075][ T9000] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.120982][ T9000] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.122899][ T9000] bridge_slave_1: entered allmulticast mode [ 116.124927][ T9000] bridge_slave_1: entered promiscuous mode [ 116.143908][ T9000] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.147471][ T9000] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.158480][ T6011] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 116.171160][ T9000] team0: Port device team_slave_0 added [ 116.174793][ T9000] team0: Port device team_slave_1 added [ 116.194921][ T9000] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.197262][ T9000] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.205416][ T9000] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.209133][ T9000] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.211471][ T9000] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.220300][ T9000] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.246191][ T9000] hsr_slave_0: entered promiscuous mode [ 116.248380][ T9000] hsr_slave_1: entered promiscuous mode [ 116.248944][ T8] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 116.252543][ T9000] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 116.255079][ T9000] Cannot create hsr debugfs directory [ 116.328395][ T6011] usb 6-1: Using ep0 maxpacket: 8 [ 116.331783][ T6011] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 116.334384][ T6011] usb 6-1: config 0 has no interfaces? [ 116.337346][ T6011] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 116.339776][ T6011] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.341797][ T6011] usb 6-1: Product: syz [ 116.342904][ T6011] usb 6-1: Manufacturer: syz [ 116.344111][ T6011] usb 6-1: SerialNumber: syz [ 116.350449][ T6011] usb 6-1: config 0 descriptor?? [ 116.398391][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 116.401552][ T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 116.404805][ T8] usb 5-1: config 0 has no interfaces? [ 116.408605][ T8] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 116.411978][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.414545][ T8] usb 5-1: Product: syz [ 116.415648][ T8] usb 5-1: Manufacturer: syz [ 116.416867][ T8] usb 5-1: SerialNumber: syz [ 116.419637][ T8] usb 5-1: config 0 descriptor?? [ 116.554260][ T6011] usb 6-1: USB disconnect, device number 11 [ 116.623334][ T30] usb 5-1: USB disconnect, device number 16 [ 116.733757][ T1044] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.795222][ T1044] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.876737][ T1044] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.983033][ T1044] bridge_slave_1: left allmulticast mode [ 116.984551][ T1044] bridge_slave_1: left promiscuous mode [ 116.986086][ T1044] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.989785][ T1044] bridge_slave_0: left allmulticast mode [ 116.991314][ T1044] bridge_slave_0: left promiscuous mode [ 116.992859][ T1044] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.001272][ T9016] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 117.038347][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 117.061668][ T9016] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 117.249995][ T1044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 117.253734][ T1044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 117.256997][ T1044] bond0 (unregistering): Released all slaves [ 117.302860][ T9028] tc_dump_action: action bad kind [ 117.305383][ T9029] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1005'. [ 117.307738][ T9029] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1005'. [ 117.404369][ T9042] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1006'. [ 117.406976][ T9042] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1006'. [ 117.413788][ T39] audit: type=1400 audit(1732105887.532:485): avc: denied { setattr } for pid=9032 comm="syz.1.1006" name="NETLINK" dev="sockfs" ino=31725 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 117.568633][ T1044] hsr_slave_0: left promiscuous mode [ 117.570596][ T1044] hsr_slave_1: left promiscuous mode [ 117.572609][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.574580][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 117.577185][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.580490][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.610777][ T1044] veth1_macvtap: left promiscuous mode [ 117.612386][ T1044] veth0_macvtap: left promiscuous mode [ 117.613949][ T1044] veth1_vlan: left promiscuous mode [ 117.615441][ T1044] veth0_vlan: left promiscuous mode [ 117.792538][ T9058] No control pipe specified [ 118.048403][ T1320] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 118.080786][ T5954] Bluetooth: hci2: command tx timeout [ 118.188173][ T9060] autofs: Unknown parameter '0x0000000000000000' [ 118.218373][ T1320] usb 8-1: Using ep0 maxpacket: 8 [ 118.222851][ T1320] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.224342][ T1044] team0 (unregistering): Port device team_slave_1 removed [ 118.225572][ T1320] usb 8-1: config 0 has no interfaces? [ 118.227138][ T1320] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 118.231628][ T1320] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.234031][ T1320] usb 8-1: Product: syz [ 118.235128][ T1320] usb 8-1: Manufacturer: syz [ 118.236524][ T1320] usb 8-1: SerialNumber: syz [ 118.240313][ T1320] usb 8-1: config 0 descriptor?? [ 118.300901][ T1044] team0 (unregistering): Port device team_slave_0 removed [ 118.448750][ T35] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 118.450228][ T1320] usb 8-1: USB disconnect, device number 9 [ 118.618344][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 118.620795][ T35] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.623473][ T35] usb 6-1: config 0 has no interfaces? [ 118.626259][ T35] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 118.629130][ T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.631459][ T35] usb 6-1: Product: syz [ 118.632608][ T35] usb 6-1: Manufacturer: syz [ 118.633823][ T35] usb 6-1: SerialNumber: syz [ 118.637066][ T35] usb 6-1: config 0 descriptor?? [ 118.845980][ T6011] usb 6-1: USB disconnect, device number 12 [ 118.913446][ T9071] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1013'. [ 118.934529][ T9000] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 118.959432][ T9000] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 118.973164][ T9000] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 118.993766][ T9000] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 118.996019][ T9078] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1014'. [ 119.069695][ T9000] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.084630][ T9000] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.093702][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.095587][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.102447][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.104567][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.128363][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 119.178568][ T9000] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.194146][ T9000] veth0_vlan: entered promiscuous mode [ 119.197932][ T9000] veth1_vlan: entered promiscuous mode [ 119.204032][ T9106] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 119.210857][ T9000] veth0_macvtap: entered promiscuous mode [ 119.213781][ T9000] veth1_macvtap: entered promiscuous mode [ 119.220174][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.222942][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.225489][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.229072][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.231656][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.234405][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.237913][ T9000] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.243394][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.246144][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.249050][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.252515][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.255101][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.257819][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.261078][ T9000] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.263579][ T9106] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 119.264896][ T9000] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.267859][ T9000] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.267876][ T9000] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.267890][ T9000] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.299460][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.301537][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.309398][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.311486][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.034275][ T39] audit: type=1400 audit(1732105890.152:486): avc: denied { write } for pid=9118 comm="syz.3.1022" path="socket:[33189]" dev="sockfs" ino=33189 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 120.047045][ T39] audit: type=1400 audit(1732105890.162:487): avc: denied { listen } for pid=9118 comm="syz.3.1022" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 120.052336][ T39] audit: type=1400 audit(1732105890.172:488): avc: denied { accept } for pid=9118 comm="syz.3.1022" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 120.324609][ T9126] No control pipe specified [ 120.568495][ T1320] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 120.728389][ T1320] usb 8-1: Using ep0 maxpacket: 8 [ 120.731065][ T1320] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 120.733999][ T1320] usb 8-1: config 0 has no interfaces? [ 120.737368][ T1320] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 120.739884][ T1320] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.742258][ T1320] usb 8-1: Product: syz [ 120.743617][ T1320] usb 8-1: Manufacturer: syz [ 120.744890][ T1320] usb 8-1: SerialNumber: syz [ 120.747886][ T1320] usb 8-1: config 0 descriptor?? [ 120.935198][ T9133] autofs: Unknown parameter 'fd0x0000000000000000' [ 120.954364][ T57] usb 8-1: USB disconnect, device number 10 [ 121.188399][ T1320] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 121.278415][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 121.338387][ T1320] usb 5-1: Using ep0 maxpacket: 8 [ 121.340969][ T1320] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 121.343584][ T1320] usb 5-1: config 0 has no interfaces? [ 121.346390][ T1320] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 121.348864][ T1320] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.351019][ T1320] usb 5-1: Product: syz [ 121.352137][ T1320] usb 5-1: Manufacturer: syz [ 121.353366][ T1320] usb 5-1: SerialNumber: syz [ 121.355516][ T1320] usb 5-1: config 0 descriptor?? [ 121.560204][ T9] usb 5-1: USB disconnect, device number 17 [ 121.631145][ T9150] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 121.689392][ T9150] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 121.856687][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.917685][ T9161] FAULT_INJECTION: forcing a failure. [ 122.917685][ T9161] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 122.921327][ T9161] CPU: 1 UID: 0 PID: 9161 Comm: syz.3.1036 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 [ 122.921343][ T9161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 122.921349][ T9161] Call Trace: [ 122.921353][ T9161] [ 122.921357][ T9161] dump_stack_lvl+0x16c/0x1f0 [ 122.921394][ T9161] should_fail_ex+0x497/0x5b0 [ 122.921419][ T9161] ? fs_reclaim_acquire+0xae/0x150 [ 122.921440][ T9161] should_fail_alloc_page+0xe7/0x130 [ 122.921456][ T9161] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 122.921468][ T9161] ? mark_lock+0xb5/0xc60 [ 122.921480][ T9161] __alloc_pages_noprof+0x190/0x25a0 [ 122.921493][ T9161] ? find_held_lock+0x2d/0x110 [ 122.921508][ T9161] ? is_bpf_text_address+0x8a/0x1a0 [ 122.921519][ T9161] ? __pfx_lock_release+0x10/0x10 [ 122.921528][ T9161] ? trace_lock_acquire+0x14a/0x1d0 [ 122.921542][ T9161] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 122.921555][ T9161] ? is_bpf_text_address+0x30/0x1a0 [ 122.921566][ T9161] ? __pfx_mark_lock+0x10/0x10 [ 122.921580][ T9161] ? __lock_acquire+0x15a9/0x3c40 [ 122.921601][ T9161] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 122.921620][ T9161] ? policy_nodemask+0xea/0x4e0 [ 122.921639][ T9161] alloc_pages_mpol_noprof+0x2c9/0x610 [ 122.921649][ T9161] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 122.921663][ T9161] get_free_pages_noprof+0xc/0x40 [ 122.921673][ T9161] vcs_write+0x11b/0xdb0 [ 122.921684][ T9161] ? copy_iovec_from_user+0x138/0x170 [ 122.921700][ T9161] ? iovec_from_user.part.0+0x7e/0x130 [ 122.921722][ T9161] ? inode_security+0x101/0x130 [ 122.921742][ T9161] ? __pfx_vcs_write+0x10/0x10 [ 122.921768][ T9161] ? bpf_lsm_file_permission+0x9/0x10 [ 122.921786][ T9161] ? security_file_permission+0x71/0x210 [ 122.921807][ T9161] ? __pfx_vcs_write+0x10/0x10 [ 122.921826][ T9161] vfs_writev+0x6da/0xdd0 [ 122.921841][ T9161] ? find_held_lock+0x2d/0x110 [ 122.921866][ T9161] ? __pfx_vfs_writev+0x10/0x10 [ 122.921883][ T9161] ? find_held_lock+0x2d/0x110 [ 122.921908][ T9161] ? __pfx_lock_release+0x10/0x10 [ 122.921923][ T9161] ? trace_lock_acquire+0x14a/0x1d0 [ 122.921940][ T9161] ? __fget_files+0x206/0x3a0 [ 122.921954][ T9161] ? do_writev+0x133/0x340 [ 122.921963][ T9161] do_writev+0x133/0x340 [ 122.921973][ T9161] ? __pfx_do_writev+0x10/0x10 [ 122.921985][ T9161] do_syscall_64+0xcd/0x250 [ 122.921996][ T9161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.922013][ T9161] RIP: 0033:0x7f687817e819 [ 122.922023][ T9161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.922032][ T9161] RSP: 002b:00007f6878fe6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 122.922044][ T9161] RAX: ffffffffffffffda RBX: 00007f6878335fa0 RCX: 00007f687817e819 [ 122.922056][ T9161] RDX: 0000000000000004 RSI: 0000000020000a40 RDI: 0000000000000003 [ 122.922063][ T9161] RBP: 00007f6878fe6090 R08: 0000000000000000 R09: 0000000000000000 [ 122.922069][ T9161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.922075][ T9161] R13: 0000000000000000 R14: 00007f6878335fa0 R15: 00007ffcacd63e98 [ 122.922087][ T9161] [ 123.007436][ T65] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 123.016968][ T65] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 123.020263][ T65] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 123.028541][ T65] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 123.032873][ T65] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 123.035073][ T65] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 123.098418][ T9172] set match dimension is over the limit! [ 123.183039][ T9168] chnl_net:caif_netlink_parms(): no params data found [ 123.208478][ T1320] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 123.261418][ T9168] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.263364][ T9168] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.265221][ T9168] bridge_slave_0: entered allmulticast mode [ 123.267141][ T9168] bridge_slave_0: entered promiscuous mode [ 123.269783][ T9168] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.271622][ T9168] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.273520][ T9168] bridge_slave_1: entered allmulticast mode [ 123.275599][ T9168] bridge_slave_1: entered promiscuous mode [ 123.295548][ T9168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 123.299611][ T9168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 123.320187][ T9191] autofs: Unknown parameter 'fd0x0000000000000000' [ 123.332829][ T9168] team0: Port device team_slave_0 added [ 123.336755][ T9168] team0: Port device team_slave_1 added [ 123.361307][ T9189] wg2: entered promiscuous mode [ 123.362592][ T9189] wg2: entered allmulticast mode [ 123.369228][ T9168] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 123.371096][ T9168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 123.377649][ T9168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 123.378378][ T1320] usb 6-1: Using ep0 maxpacket: 8 [ 123.381308][ T9168] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 123.382716][ T1320] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 123.383361][ T9168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 123.385811][ T1320] usb 6-1: config 0 has no interfaces? [ 123.392559][ T9168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 123.399688][ T1320] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 123.402751][ T1320] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.404858][ T1320] usb 6-1: Product: syz [ 123.405898][ T1320] usb 6-1: Manufacturer: syz [ 123.407106][ T1320] usb 6-1: SerialNumber: syz [ 123.410879][ T1320] usb 6-1: config 0 descriptor?? [ 123.429484][ T9168] hsr_slave_0: entered promiscuous mode [ 123.432244][ T9168] hsr_slave_1: entered promiscuous mode [ 123.434061][ T9168] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 123.436778][ T9168] Cannot create hsr debugfs directory [ 123.447052][ T9195] FAULT_INJECTION: forcing a failure. [ 123.447052][ T9195] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 123.455649][ T9195] CPU: 2 UID: 0 PID: 9195 Comm: syz.0.1043 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 [ 123.458546][ T9195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 123.461298][ T9195] Call Trace: [ 123.462175][ T9195] [ 123.462952][ T9195] dump_stack_lvl+0x16c/0x1f0 [ 123.464191][ T9195] should_fail_ex+0x497/0x5b0 [ 123.465412][ T9195] _copy_to_user+0x32/0xd0 [ 123.466598][ T9195] simple_read_from_buffer+0xd0/0x160 [ 123.468016][ T9195] proc_fail_nth_read+0x198/0x270 [ 123.469779][ T9195] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 123.471769][ T9195] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 123.473295][ T9195] vfs_read+0x1df/0xbe0 [ 123.474383][ T9195] ? __fget_files+0x1fc/0x3a0 [ 123.475650][ T9195] ? __pfx___mutex_lock+0x10/0x10 [ 123.476974][ T9195] ? __pfx_vfs_read+0x10/0x10 [ 123.478501][ T9195] ? __fget_files+0x206/0x3a0 [ 123.480068][ T9195] ksys_read+0x12b/0x250 [ 123.481371][ T9195] ? __pfx_ksys_read+0x10/0x10 [ 123.482633][ T9195] do_syscall_64+0xcd/0x250 [ 123.483812][ T9195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.485323][ T9195] RIP: 0033:0x7f548037d25c [ 123.486447][ T9195] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 123.492425][ T9195] RSP: 002b:00007f54811ea030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 123.494552][ T9195] RAX: ffffffffffffffda RBX: 00007f5480536080 RCX: 00007f548037d25c [ 123.496561][ T9195] RDX: 000000000000000f RSI: 00007f54811ea0a0 RDI: 0000000000000007 [ 123.498554][ T9195] RBP: 00007f54811ea090 R08: 0000000000000000 R09: 000000000000000b [ 123.500509][ T9195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.502537][ T9195] R13: 0000000000000000 R14: 00007f5480536080 R15: 00007ffcef1c7428 [ 123.504583][ T9195] [ 123.558523][ T35] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 123.617997][ T1320] usb 6-1: USB disconnect, device number 13 [ 123.648071][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.679328][ T9200] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 123.708351][ T35] usb 8-1: Using ep0 maxpacket: 8 [ 123.710793][ T35] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 123.713299][ T35] usb 8-1: config 0 has no interfaces? [ 123.716093][ T35] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 123.718646][ T35] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.720627][ T35] usb 8-1: Product: syz [ 123.721689][ T35] usb 8-1: Manufacturer: syz [ 123.722892][ T35] usb 8-1: SerialNumber: syz [ 123.725697][ T35] usb 8-1: config 0 descriptor?? [ 123.739559][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.758572][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 123.811120][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.893060][ T11] bridge_slave_1: left allmulticast mode [ 123.894563][ T11] bridge_slave_1: left promiscuous mode [ 123.896116][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.899096][ T11] bridge_slave_0: left allmulticast mode [ 123.900515][ T11] bridge_slave_0: left promiscuous mode [ 123.901950][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.930323][ T57] usb 8-1: USB disconnect, device number 11 [ 124.137825][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 124.144913][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 124.148216][ T11] bond0 (unregistering): Released all slaves [ 124.385773][ T9200] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 124.512972][ T11] hsr_slave_0: left promiscuous mode [ 124.515408][ T11] hsr_slave_1: left promiscuous mode [ 124.518130][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.520417][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 124.523442][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.525281][ T39] audit: type=1400 audit(1732105894.642:489): avc: denied { compute_member } for pid=9230 comm="syz.0.1047" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 124.525754][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 124.572171][ T11] veth1_macvtap: left promiscuous mode [ 124.573758][ T11] veth0_macvtap: left promiscuous mode [ 124.575217][ T11] veth1_vlan: left promiscuous mode [ 124.576627][ T11] veth0_vlan: left promiscuous mode [ 124.601688][ T9244] FAULT_INJECTION: forcing a failure. [ 124.601688][ T9244] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.605954][ T9244] CPU: 2 UID: 0 PID: 9244 Comm: syz.0.1050 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 [ 124.609231][ T9244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.612564][ T9244] Call Trace: [ 124.613627][ T9244] [ 124.614657][ T9244] dump_stack_lvl+0x16c/0x1f0 [ 124.616249][ T9244] should_fail_ex+0x497/0x5b0 [ 124.617822][ T9244] _copy_from_user+0x2e/0xd0 [ 124.619528][ T9244] copy_msghdr_from_user+0x99/0x160 [ 124.621394][ T9244] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 124.623498][ T9244] ___sys_sendmsg+0xff/0x1e0 [ 124.625166][ T9244] ? __pfx____sys_sendmsg+0x10/0x10 [ 124.627146][ T9244] ? __pfx_lock_release+0x10/0x10 [ 124.628604][ T9244] ? trace_lock_acquire+0x14a/0x1d0 [ 124.629933][ T9244] ? __fget_files+0x206/0x3a0 [ 124.631265][ T9244] __sys_sendmsg+0x16e/0x220 [ 124.632460][ T9244] ? __pfx___sys_sendmsg+0x10/0x10 [ 124.633884][ T9244] do_syscall_64+0xcd/0x250 [ 124.635308][ T9244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.637031][ T9244] RIP: 0033:0x7f548037e819 [ 124.638434][ T9244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.643698][ T9244] RSP: 002b:00007f548120b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 124.646310][ T9244] RAX: ffffffffffffffda RBX: 00007f5480535fa0 RCX: 00007f548037e819 [ 124.648500][ T9244] RDX: 0000000020048040 RSI: 0000000020000100 RDI: 0000000000000003 [ 124.650459][ T9244] RBP: 00007f548120b090 R08: 0000000000000000 R09: 0000000000000000 [ 124.652470][ T9244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.654453][ T9244] R13: 0000000000000000 R14: 00007f5480535fa0 R15: 00007ffcef1c7428 [ 124.656433][ T9244] [ 124.702317][ T39] audit: type=1400 audit(1732105894.822:490): avc: denied { getopt } for pid=9251 comm="syz.0.1051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 124.715133][ T9252] SELinux: Context system_u:object_r:var_spool_t:s0 is not valid (left unmapped). [ 124.718124][ T39] audit: type=1400 audit(1732105894.832:491): avc: denied { relabelto } for pid=9251 comm="syz.0.1051" name="file1" dev="tmpfs" ino=1619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:var_spool_t:s0" [ 124.728489][ T39] audit: type=1400 audit(1732105894.842:492): avc: denied { associate } for pid=9251 comm="syz.0.1051" name="file1" dev="tmpfs" ino=1619 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:var_spool_t:s0" [ 124.761976][ T39] audit: type=1400 audit(1732105894.872:493): avc: denied { rmdir } for pid=5959 comm="syz-executor" name="file1" dev="tmpfs" ino=1619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:var_spool_t:s0" [ 124.775365][ T39] audit: type=1326 audit(1732105894.892:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9255 comm="syz.0.1052" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f548037e819 code=0x0 [ 125.129013][ T5953] Bluetooth: hci2: command tx timeout [ 125.235537][ T11] team0 (unregistering): Port device team_slave_1 removed [ 125.310159][ T11] team0 (unregistering): Port device team_slave_0 removed [ 125.341091][ T1320] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 125.488351][ T1320] usb 6-1: Using ep0 maxpacket: 8 [ 125.500723][ T1320] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 125.503731][ T1320] usb 6-1: config 0 has no interfaces? [ 125.521638][ T1320] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 125.527426][ T1320] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.530122][ T1320] usb 6-1: Product: syz [ 125.531190][ T1320] usb 6-1: Manufacturer: syz [ 125.532330][ T1320] usb 6-1: SerialNumber: syz [ 125.534887][ T1320] usb 6-1: config 0 descriptor?? [ 125.639705][ T9261] autofs: Unknown parameter 'fd0x0000000000000000' [ 125.744366][ T39] audit: type=1400 audit(1732105895.862:495): avc: denied { mounton } for pid=9258 comm="syz.1.1053" path="/323/file1" dev="autofs" ino=34188 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 125.756328][ T1336] usb 6-1: USB disconnect, device number 14 [ 125.841784][ T9168] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 125.846219][ T9168] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 125.852486][ T9168] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 125.856767][ T9168] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 125.879857][ T1320] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 125.904221][ T9168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 125.912230][ T9168] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.917491][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.919533][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.925218][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.927036][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.965432][ T9272] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 126.020502][ T9168] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.023098][ T9272] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 126.033690][ T9168] veth0_vlan: entered promiscuous mode [ 126.038361][ T1320] usb 5-1: Using ep0 maxpacket: 8 [ 126.038591][ T9168] veth1_vlan: entered promiscuous mode [ 126.040854][ T1320] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 126.043827][ T1320] usb 5-1: config 0 has no interfaces? [ 126.047361][ T1320] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 126.049670][ T1320] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.051667][ T1320] usb 5-1: Product: syz [ 126.052718][ T1320] usb 5-1: Manufacturer: syz [ 126.053885][ T1320] usb 5-1: SerialNumber: syz [ 126.054904][ T9168] veth0_macvtap: entered promiscuous mode [ 126.059908][ T9168] veth1_macvtap: entered promiscuous mode [ 126.060076][ T1320] usb 5-1: config 0 descriptor?? [ 126.066544][ T9168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.070267][ T9168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.073224][ T9168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.076507][ T9168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.079441][ T9168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.082824][ T9168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.086895][ T9168] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 126.091421][ T9168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.094114][ T9168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.096555][ T9168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.099269][ T9168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.102025][ T9168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.104638][ T9168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.107603][ T9168] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.111535][ T9168] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.113708][ T9168] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.115805][ T9168] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.118104][ T9168] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.145012][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.149417][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.157200][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.159389][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.267840][ T1320] usb 5-1: USB disconnect, device number 18 [ 126.282225][ T9278] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1056'. [ 126.750854][ T9291] Cannot find del_set index 0 as target [ 126.797370][ T9297] tc_dump_action: action bad kind [ 126.819192][ T9299] binder: 9298:9299 ioctl c0306201 20000480 returned -14 [ 126.831040][ T9301] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1067'. [ 126.833316][ T9301] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1067'. [ 126.878213][ T39] audit: type=1400 audit(1732105896.992:496): avc: denied { append } for pid=9305 comm="syz.1.1069" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 127.038500][ T6011] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 127.068413][ T5992] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 127.188391][ T6011] usb 5-1: Using ep0 maxpacket: 8 [ 127.191109][ T6011] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 127.194029][ T6011] usb 5-1: config 0 has no interfaces? [ 127.197514][ T6011] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 127.200054][ T6011] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.202202][ T6011] usb 5-1: Product: syz [ 127.203339][ T6011] usb 5-1: Manufacturer: syz [ 127.204899][ T6011] usb 5-1: SerialNumber: syz [ 127.207120][ T6011] usb 5-1: config 0 descriptor?? [ 127.219484][ T5992] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 127.221838][ T5992] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.225946][ T5992] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 127.228349][ T5992] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 127.230487][ T5992] usb 8-1: Manufacturer: syz [ 127.233104][ T5992] usb 8-1: config 0 descriptor?? [ 127.268384][ T5992] rc_core: IR keymap rc-hauppauge not found [ 127.269898][ T5992] Registered IR keymap rc-empty [ 127.272468][ T5992] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 127.275656][ T5992] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input6 [ 127.281764][ T39] audit: type=1400 audit(1732105897.402:497): avc: denied { read } for pid=5348 comm="acpid" name="event4" dev="devtmpfs" ino=2893 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 127.287619][ T39] audit: type=1400 audit(1732105897.402:498): avc: denied { open } for pid=5348 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2893 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 127.412490][ T6011] usb 5-1: USB disconnect, device number 19 [ 127.440605][ T5992] usb 8-1: USB disconnect, device number 12 [ 127.937577][ T9317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1072'. [ 127.975307][ T9324] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0 [ 127.975617][ T9323] netlink: 'syz.3.1075': attribute type 1 has an invalid length. [ 127.979934][ T9323] netlink: 'syz.3.1075': attribute type 1 has an invalid length. [ 127.981891][ T9323] netlink: 9108 bytes leftover after parsing attributes in process `syz.3.1075'. [ 127.984167][ T9323] netlink: 'syz.3.1075': attribute type 1 has an invalid length. [ 127.986113][ T9323] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1075'. [ 128.065148][ T9331] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 128.078432][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 128.122626][ T9331] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 128.219980][ T35] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 128.367031][ T9339] netlink: 'syz.3.1080': attribute type 32 has an invalid length. [ 128.368352][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 128.369496][ T9340] netlink: 'syz.3.1080': attribute type 32 has an invalid length. [ 128.371555][ T35] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 128.375099][ T35] usb 6-1: config 0 has no interfaces? [ 128.377816][ T35] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 128.380554][ T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.382649][ T35] usb 6-1: Product: syz [ 128.383750][ T35] usb 6-1: Manufacturer: syz [ 128.384965][ T35] usb 6-1: SerialNumber: syz [ 128.387169][ T35] usb 6-1: config 0 descriptor?? [ 128.591497][ T35] usb 6-1: USB disconnect, device number 15 [ 128.688471][ T9] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 128.777919][ T45] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.848354][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 128.850889][ T9] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 128.853509][ T9] usb 8-1: config 0 has no interfaces? [ 128.856346][ T9] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 128.859083][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.861208][ T9] usb 8-1: Product: syz [ 128.862324][ T9] usb 8-1: Manufacturer: syz [ 128.863550][ T9] usb 8-1: SerialNumber: syz [ 128.866243][ T9] usb 8-1: config 0 descriptor?? [ 129.074090][ T35] usb 8-1: USB disconnect, device number 13 [ 129.930393][ T9348] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1084'. [ 130.010946][ T5954] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 130.013655][ T5954] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 130.018555][ T5954] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 130.021529][ T5954] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 130.023724][ T5954] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 130.025623][ T5954] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 130.076234][ T39] kauditd_printk_skb: 1 callbacks suppressed [ 130.076244][ T39] audit: type=1400 audit(1732105900.192:500): avc: denied { module_request } for pid=9357 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 130.089297][ T9357] chnl_net:caif_netlink_parms(): no params data found [ 130.125588][ T9357] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.128400][ T9357] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.130381][ T9357] bridge_slave_0: entered allmulticast mode [ 130.132332][ T9357] bridge_slave_0: entered promiscuous mode [ 130.136460][ T9357] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.139998][ T9357] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.142536][ T9357] bridge_slave_1: entered allmulticast mode [ 130.145455][ T9357] bridge_slave_1: entered promiscuous mode [ 130.167903][ T9357] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.168429][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 130.171673][ T9357] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.192798][ T9357] team0: Port device team_slave_0 added [ 130.197182][ T9357] team0: Port device team_slave_1 added [ 130.217878][ T9357] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 130.220507][ T9357] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.227639][ T9357] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 130.231829][ T9357] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 130.233659][ T9357] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.243989][ T9357] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 130.266837][ T9357] hsr_slave_0: entered promiscuous mode [ 130.269018][ T9357] hsr_slave_1: entered promiscuous mode [ 130.270865][ T9357] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 130.272785][ T9357] Cannot create hsr debugfs directory [ 130.443199][ T9378] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 130.500117][ T9378] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 130.697539][ T45] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.768110][ T45] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.849348][ T45] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.879679][ T9383] FAULT_INJECTION: forcing a failure. [ 130.879679][ T9383] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 130.883138][ T9383] CPU: 0 UID: 0 PID: 9383 Comm: syz.1.1093 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 [ 130.885878][ T9383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 130.889756][ T9383] Call Trace: [ 130.891031][ T9383] [ 130.892070][ T9383] dump_stack_lvl+0x16c/0x1f0 [ 130.893352][ T9383] should_fail_ex+0x497/0x5b0 [ 130.894577][ T9383] _copy_from_user+0x2e/0xd0 [ 130.895899][ T9383] vcs_write+0x2f2/0xdb0 [ 130.897401][ T9383] ? inode_security+0x101/0x130 [ 130.898764][ T9383] ? __pfx_vcs_write+0x10/0x10 [ 130.900046][ T9383] ? bpf_lsm_file_permission+0x9/0x10 [ 130.901537][ T9383] ? security_file_permission+0x71/0x210 [ 130.903050][ T9383] ? __pfx_vcs_write+0x10/0x10 [ 130.904331][ T9383] vfs_writev+0x6da/0xdd0 [ 130.905536][ T9383] ? find_held_lock+0x2d/0x110 [ 130.907173][ T9383] ? __pfx_vfs_writev+0x10/0x10 [ 130.908992][ T9383] ? find_held_lock+0x2d/0x110 [ 130.910495][ T9383] ? __pfx_lock_release+0x10/0x10 [ 130.911832][ T9383] ? trace_lock_acquire+0x14a/0x1d0 [ 130.913230][ T9383] ? __fget_files+0x206/0x3a0 [ 130.914503][ T9383] ? do_writev+0x133/0x340 [ 130.915774][ T9383] do_writev+0x133/0x340 [ 130.917252][ T9383] ? __pfx_do_writev+0x10/0x10 [ 130.919164][ T9383] do_syscall_64+0xcd/0x250 [ 130.920484][ T9383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.922029][ T9383] RIP: 0033:0x7f557d57e819 [ 130.923237][ T9383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.928436][ T9383] RSP: 002b:00007f557e428038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 130.930687][ T9383] RAX: ffffffffffffffda RBX: 00007f557d735fa0 RCX: 00007f557d57e819 [ 130.932784][ T9383] RDX: 0000000000000004 RSI: 0000000020000a40 RDI: 0000000000000003 [ 130.934896][ T9383] RBP: 00007f557e428090 R08: 0000000000000000 R09: 0000000000000000 [ 130.937091][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.939134][ T9383] R13: 0000000000000000 R14: 00007f557d735fa0 R15: 00007ffdb38db768 [ 130.941736][ T9383] [ 130.980129][ T9385] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1094'. [ 130.999901][ T45] bridge_slave_1: left allmulticast mode [ 131.001572][ T45] bridge_slave_1: left promiscuous mode [ 131.003690][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.009970][ T45] bridge_slave_0: left allmulticast mode [ 131.011642][ T45] bridge_slave_0: left promiscuous mode [ 131.013215][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.048430][ T1336] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 131.218475][ T1336] usb 8-1: Using ep0 maxpacket: 8 [ 131.221115][ T1336] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.223743][ T1336] usb 8-1: config 0 has no interfaces? [ 131.226573][ T1336] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 131.229348][ T1336] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.231449][ T1336] usb 8-1: Product: syz [ 131.232577][ T1336] usb 8-1: Manufacturer: syz [ 131.233841][ T1336] usb 8-1: SerialNumber: syz [ 131.236804][ T1336] usb 8-1: config 0 descriptor?? [ 131.292591][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 131.299133][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 131.303859][ T45] bond0 (unregistering): Released all slaves [ 131.358475][ T1320] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 131.445597][ T8] usb 8-1: USB disconnect, device number 14 [ 131.518818][ T1320] usb 6-1: Using ep0 maxpacket: 8 [ 131.521354][ T1320] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.523998][ T1320] usb 6-1: config 0 has no interfaces? [ 131.526814][ T1320] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 131.529560][ T1320] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.531673][ T1320] usb 6-1: Product: syz [ 131.532760][ T1320] usb 6-1: Manufacturer: syz [ 131.533987][ T1320] usb 6-1: SerialNumber: syz [ 131.536149][ T1320] usb 6-1: config 0 descriptor?? [ 131.604023][ T45] hsr_slave_0: left promiscuous mode [ 131.605909][ T45] hsr_slave_1: left promiscuous mode [ 131.610065][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 131.612085][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 131.614499][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 131.616426][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 131.635607][ T45] veth1_macvtap: left promiscuous mode [ 131.637105][ T45] veth0_macvtap: left promiscuous mode [ 131.639964][ T45] veth1_vlan: left promiscuous mode [ 131.641478][ T45] veth0_vlan: left promiscuous mode [ 131.661292][ T9416] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 131.741501][ T1320] usb 6-1: USB disconnect, device number 16 [ 132.029501][ T9423] Process accounting resumed [ 132.080411][ T65] Bluetooth: hci2: command tx timeout [ 132.168231][ T9428] sctp: [Deprecated]: syz.3.1102 (pid 9428) Use of struct sctp_assoc_value in delayed_ack socket option. [ 132.168231][ T9428] Use struct sctp_sack_info instead [ 132.207322][ T9428] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 132.229383][ T9428] sctp: [Deprecated]: syz.3.1102 (pid 9428) Use of struct sctp_assoc_value in delayed_ack socket option. [ 132.229383][ T9428] Use struct sctp_sack_info instead [ 132.229423][ T1138] Bluetooth: hci4: Frame reassembly failed (-84) [ 132.257838][ T45] team0 (unregistering): Port device team_slave_1 removed [ 132.282138][ T9430] ptrace attach of "/syz-executor exec"[9431] was attempted by "/syz-executor exec"[9430] [ 132.330458][ T45] team0 (unregistering): Port device team_slave_0 removed [ 132.436650][ T9436] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 132.490368][ T1413] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.495784][ T1413] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.558447][ T5953] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 132.561306][ T9416] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 132.838135][ T9357] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 132.842840][ T9357] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 132.849448][ T9357] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 132.859824][ T9357] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 132.916500][ T9357] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.925891][ T9357] 8021q: adding VLAN 0 to HW filter on device team0 [ 132.930271][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.932131][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.936799][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.938749][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.037660][ T9357] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.061792][ T9357] veth0_vlan: entered promiscuous mode [ 133.065597][ T9357] veth1_vlan: entered promiscuous mode [ 133.078710][ T9357] veth0_macvtap: entered promiscuous mode [ 133.081633][ T9357] veth1_macvtap: entered promiscuous mode [ 133.087620][ T9357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.090641][ T9357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.093332][ T9357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.096111][ T9357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.098941][ T9357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.101600][ T9357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.104745][ T9357] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 133.123302][ T9357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.126277][ T9357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.129216][ T9357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.131865][ T9357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.134376][ T9357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.137098][ T9357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.141054][ T9357] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 133.141343][ T9436] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 133.144265][ T9357] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.147423][ T9357] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.150443][ T9357] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.152694][ T9357] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.182592][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.184638][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.197310][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.200065][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.283851][ T9458] FAULT_INJECTION: forcing a failure. [ 133.283851][ T9458] name failslab, interval 1, probability 0, space 0, times 0 [ 133.287949][ T9458] CPU: 3 UID: 0 PID: 9458 Comm: syz.1.1109 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 [ 133.291335][ T9458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.294810][ T9458] Call Trace: [ 133.295897][ T9458] [ 133.296908][ T9458] dump_stack_lvl+0x16c/0x1f0 [ 133.298516][ T9458] should_fail_ex+0x497/0x5b0 [ 133.300162][ T9458] ? fs_reclaim_acquire+0xae/0x150 [ 133.301856][ T9458] should_failslab+0xc2/0x120 [ 133.303403][ T9458] kmem_cache_alloc_node_noprof+0x71/0x310 [ 133.305312][ T9458] ? __alloc_skb+0x2b1/0x380 [ 133.306836][ T9458] __alloc_skb+0x2b1/0x380 [ 133.308309][ T9458] ? __pfx___alloc_skb+0x10/0x10 [ 133.310099][ T9458] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 133.312165][ T9458] netlink_alloc_large_skb+0x69/0x130 [ 133.314030][ T9458] netlink_sendmsg+0x689/0xd70 [ 133.315717][ T9458] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.317568][ T9458] ____sys_sendmsg+0xaaf/0xc90 [ 133.319232][ T9458] ? copy_msghdr_from_user+0x10b/0x160 [ 133.321114][ T9458] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.322971][ T9458] ___sys_sendmsg+0x135/0x1e0 [ 133.324603][ T9458] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.326417][ T9458] ? __pfx_lock_release+0x10/0x10 [ 133.328159][ T9458] ? trace_lock_acquire+0x14a/0x1d0 [ 133.329986][ T9458] ? __fget_files+0x206/0x3a0 [ 133.331643][ T9458] __sys_sendmsg+0x16e/0x220 [ 133.333254][ T9458] ? __pfx___sys_sendmsg+0x10/0x10 [ 133.334954][ T9458] do_syscall_64+0xcd/0x250 [ 133.336465][ T9458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.338514][ T9458] RIP: 0033:0x7f557d57e819 [ 133.340059][ T9458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.346616][ T9458] RSP: 002b:00007f557e428038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 133.349422][ T9458] RAX: ffffffffffffffda RBX: 00007f557d735fa0 RCX: 00007f557d57e819 [ 133.352002][ T9458] RDX: 0000000020048040 RSI: 0000000020000100 RDI: 0000000000000003 [ 133.354725][ T9458] RBP: 00007f557e428090 R08: 0000000000000000 R09: 0000000000000000 [ 133.357437][ T9458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.360132][ T9458] R13: 0000000000000000 R14: 00007f557d735fa0 R15: 00007ffdb38db768 [ 133.362874][ T9458] [ 133.418369][ T69] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 133.441352][ T39] audit: type=1400 audit(1732105903.562:501): avc: denied { ioctl } for pid=9459 comm="syz.1.1110" path="socket:[39968]" dev="sockfs" ino=39968 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 133.568696][ T69] usb 5-1: Using ep0 maxpacket: 8 [ 133.571307][ T69] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 133.573923][ T69] usb 5-1: config 0 has no interfaces? [ 133.576741][ T69] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 133.579228][ T69] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.581292][ T69] usb 5-1: Product: syz [ 133.582390][ T69] usb 5-1: Manufacturer: syz [ 133.583603][ T69] usb 5-1: SerialNumber: syz [ 133.585691][ T69] usb 5-1: config 0 descriptor?? [ 133.698373][ T1320] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 133.789536][ T69] usb 5-1: USB disconnect, device number 20 [ 133.848380][ T1320] usb 6-1: Using ep0 maxpacket: 8 [ 133.851725][ T1320] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 133.854969][ T1320] usb 6-1: config 0 has no interfaces? [ 133.857800][ T1320] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 133.860354][ T1320] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.862579][ T1320] usb 6-1: Product: syz [ 133.863678][ T1320] usb 6-1: Manufacturer: syz [ 133.865059][ T1320] usb 6-1: SerialNumber: syz [ 133.867566][ T1320] usb 6-1: config 0 descriptor?? [ 133.904936][ C2] IPv4: Oversized IP packet from 172.20.20.24 [ 134.071473][ T8] usb 6-1: USB disconnect, device number 17 [ 134.238473][ T5953] Bluetooth: hci4: command 0x1003 tx timeout [ 134.240405][ T65] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 134.302968][ T9469] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1113'. [ 134.372897][ T9476] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=272 sclass=netlink_route_socket pid=9476 comm=syz.0.1116 [ 134.582494][ T9483] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 134.609625][ T9487] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1119'. [ 134.632657][ T9489] mmap: syz.3.1120 (9489) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 134.635856][ T9489] binder_alloc_mmap_handler: 4 callbacks suppressed [ 134.635864][ T9489] binder_alloc: binder_alloc_mmap_handler: 9488 20ffc000-20ffd000 already mapped failed -16 [ 134.644063][ T9483] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 134.647533][ T65] ================================================================== [ 134.649671][ T65] BUG: KASAN: slab-use-after-free in set_powered_sync+0xc1/0xd0 [ 134.649689][ T65] Read of size 8 at addr ffff88810b9b3d98 by task kworker/u33:0/65 [ 134.649698][ T65] [ 134.649702][ T65] CPU: 1 UID: 0 PID: 65 Comm: kworker/u33:0 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 [ 134.649713][ T65] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 134.649720][ T65] Workqueue: hci0 hci_cmd_sync_work [ 134.649735][ T65] Call Trace: [ 134.649739][ T65] [ 134.649744][ T65] dump_stack_lvl+0x116/0x1f0 [ 134.667006][ T65] print_report+0xc3/0x620 [ 134.668650][ T65] ? __virt_addr_valid+0x5e/0x590 [ 134.670124][ T65] ? __phys_addr+0xc6/0x150 [ 134.671349][ T65] kasan_report+0xd9/0x110 [ 134.672571][ T65] ? set_powered_sync+0xc1/0xd0 [ 134.673879][ T65] ? set_powered_sync+0xc1/0xd0 [ 134.675290][ T65] set_powered_sync+0xc1/0xd0 [ 134.676640][ T65] hci_cmd_sync_work+0x1a4/0x410 [ 134.677942][ T65] process_one_work+0x9c5/0x1ba0 [ 134.679245][ T65] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 134.680731][ T65] ? __pfx_process_one_work+0x10/0x10 [ 134.682151][ T65] ? assign_work+0x1a0/0x250 [ 134.683360][ T65] worker_thread+0x6c8/0xf00 [ 134.684570][ T65] ? __pfx_worker_thread+0x10/0x10 [ 134.686251][ T65] kthread+0x2c1/0x3a0 [ 134.687764][ T65] ? _raw_spin_unlock_irq+0x23/0x50 [ 134.689378][ T65] ? __pfx_kthread+0x10/0x10 [ 134.690625][ T65] ret_from_fork+0x45/0x80 [ 134.691798][ T65] ? __pfx_kthread+0x10/0x10 [ 134.693019][ T65] ret_from_fork_asm+0x1a/0x30 [ 134.694293][ T65] [ 134.695134][ T65] [ 134.695764][ T65] Allocated by task 9490: [ 134.697136][ T65] kasan_save_stack+0x33/0x60 [ 134.698370][ T65] kasan_save_track+0x14/0x30 [ 134.699622][ T65] __kasan_kmalloc+0xaa/0xb0 [ 134.700833][ T65] mgmt_pending_new+0x5b/0x290 [ 134.702083][ T65] mgmt_pending_add+0x36/0x160 [ 134.703279][ T65] set_powered+0x28c/0x5c0 [ 134.704395][ T65] hci_sock_sendmsg+0x1528/0x25e0 [ 134.705903][ T65] sock_write_iter+0x4fe/0x5b0 [ 134.707589][ T65] vfs_write+0x5ae/0x1150 [ 134.709000][ T65] ksys_write+0x207/0x250 [ 134.710090][ T65] do_syscall_64+0xcd/0x250 [ 134.711250][ T65] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.712746][ T65] [ 134.713350][ T65] Freed by task 9487: [ 134.714357][ T65] kasan_save_stack+0x33/0x60 [ 134.715763][ T65] kasan_save_track+0x14/0x30 [ 134.717008][ T65] kasan_save_free_info+0x3b/0x60 [ 134.718315][ T65] __kasan_slab_free+0x51/0x70 [ 134.719562][ T65] kfree+0x14f/0x4b0 [ 134.720583][ T65] settings_rsp+0x257/0x400 [ 134.721766][ T65] mgmt_pending_foreach+0xdf/0x140 [ 134.723104][ T65] __mgmt_power_off+0xc8/0x2c0 [ 134.724355][ T65] hci_dev_close_sync+0xcbb/0x11b0 [ 134.725713][ T65] hci_dev_do_close+0x2e/0x90 [ 134.726959][ T65] hci_dev_close+0x183/0x1e0 [ 134.728163][ T65] hci_sock_ioctl+0x28c/0x880 [ 134.729403][ T65] sock_do_ioctl+0x116/0x280 [ 134.730622][ T65] sock_ioctl+0x228/0x6c0 [ 134.731749][ T65] __x64_sys_ioctl+0x190/0x200 [ 134.733025][ T65] do_syscall_64+0xcd/0x250 [ 134.734221][ T65] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.735951][ T65] [ 134.736605][ T65] The buggy address belongs to the object at ffff88810b9b3d80 [ 134.736605][ T65] which belongs to the cache kmalloc-96 of size 96 [ 134.740312][ T65] The buggy address is located 24 bytes inside of [ 134.740312][ T65] freed 96-byte region [ffff88810b9b3d80, ffff88810b9b3de0) [ 134.743975][ T65] [ 134.744633][ T65] The buggy address belongs to the physical page: [ 134.746352][ T65] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10b9b3 [ 134.748727][ T65] ksm flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff) [ 134.750747][ T65] page_type: f5(slab) [ 134.751843][ T65] raw: 057ff00000000000 ffff88801b042280 ffffea00013ae7c0 dead000000000003 [ 134.754139][ T65] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000 [ 134.756830][ T65] page dumped because: kasan: bad access detected [ 134.759012][ T65] page_owner tracks the page as allocated [ 134.760480][ T65] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x352800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 9357, tgid 9357 (syz-executor), ts 130055003812, free_ts 120526251440 [ 134.765974][ T65] post_alloc_hook+0x2d1/0x350 [ 134.767237][ T65] get_page_from_freelist+0xfce/0x2f80 [ 134.768649][ T65] __alloc_pages_noprof+0x223/0x25a0 [ 134.770018][ T65] new_slab+0xca/0x410 [ 134.771097][ T65] ___slab_alloc+0xdac/0x1880 [ 134.772322][ T65] __slab_alloc.constprop.0+0x56/0xb0 [ 134.773902][ T65] __kmalloc_cache_node_noprof+0xf1/0x350 [ 134.775520][ T65] __alloc_workqueue+0x506/0x1810 [ 134.776909][ T65] alloc_workqueue+0xd3/0x200 [ 134.778151][ T65] tipc_crypto_start+0x669/0x9e0 [ 134.779451][ T65] tipc_init_net+0x2dd/0x430 [ 134.780665][ T65] ops_init+0x1df/0x5f0 [ 134.782174][ T65] setup_net+0x21f/0x860 [ 134.783344][ T65] copy_net_ns+0x2b4/0x6b0 [ 134.784502][ T65] create_new_namespaces+0x3ea/0xad0 [ 134.786104][ T65] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 134.787596][ T65] page last free pid 5949 tgid 5949 stack trace: [ 134.789296][ T65] free_unref_page+0x661/0x1080 [ 134.790611][ T65] qlist_free_all+0x4e/0x120 [ 134.791850][ T65] kasan_quarantine_reduce+0x195/0x1e0 [ 134.793293][ T65] __kasan_slab_alloc+0x69/0x90 [ 134.794597][ T65] kmem_cache_alloc_lru_noprof+0x121/0x2f0 [ 134.796191][ T65] sock_alloc_inode+0x25/0x1c0 [ 134.797469][ T65] alloc_inode+0x5d/0x230 [ 134.798777][ T65] sock_alloc+0x40/0x280 [ 134.800260][ T65] __sock_create+0xc0/0x840 [ 134.801769][ T65] __sys_socket+0x14f/0x260 [ 134.802978][ T65] __x64_sys_socket+0x72/0xb0 [ 134.804210][ T65] do_syscall_64+0xcd/0x250 [ 134.805456][ T65] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.807009][ T65] [ 134.807634][ T65] Memory state around the buggy address: [ 134.809123][ T65] ffff88810b9b3c80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 134.811203][ T65] ffff88810b9b3d00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 134.813278][ T65] >ffff88810b9b3d80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 134.815461][ T65] ^ [ 134.817210][ T65] ffff88810b9b3e00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 134.819695][ T65] ffff88810b9b3e80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 134.821745][ T65] ================================================================== [ 134.823863][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.826710][ T65] Kernel panic - not syncing: KASAN: panic_on_warn set ... SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 134.828613][ T65] CPU: 1 UID: 0 PID: 65 Comm: kworker/u33:0 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 [ 134.831388][ T65] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 134.834154][ T65] Workqueue: hci0 hci_cmd_sync_work [ 134.835525][ T65] Call Trace: [ 134.836434][ T65] [ 134.837317][ T65] dump_stack_lvl+0x3d/0x1f0 [ 134.838558][ T65] panic+0x71d/0x800 [ 134.839593][ T65] ? __pfx_panic+0x10/0x10 [ 134.840764][ T65] ? irqentry_exit+0x3b/0x90 [ 134.841982][ T65] ? lockdep_hardirqs_on+0x7c/0x110 [ 134.843355][ T65] ? preempt_schedule_thunk+0x1a/0x30 [ 134.844752][ T65] ? preempt_schedule_common+0x44/0xc0 [ 134.846209][ T65] ? check_panic_on_warn+0x1f/0xb0 [ 134.847585][ T65] check_panic_on_warn+0xab/0xb0 [ 134.848878][ T65] end_report+0x117/0x180 [ 134.850093][ T65] kasan_report+0xe9/0x110 [ 134.851264][ T65] ? set_powered_sync+0xc1/0xd0 [ 134.852540][ T65] ? set_powered_sync+0xc1/0xd0 [ 134.853809][ T65] set_powered_sync+0xc1/0xd0 [ 134.855038][ T65] hci_cmd_sync_work+0x1a4/0x410 [ 134.856386][ T65] process_one_work+0x9c5/0x1ba0 [ 134.858079][ T65] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 134.859615][ T65] ? __pfx_process_one_work+0x10/0x10 [ 134.861010][ T65] ? assign_work+0x1a0/0x250 [ 134.862220][ T65] worker_thread+0x6c8/0xf00 [ 134.863427][ T65] ? __pfx_worker_thread+0x10/0x10 [ 134.864758][ T65] kthread+0x2c1/0x3a0 [ 134.865819][ T65] ? _raw_spin_unlock_irq+0x23/0x50 [ 134.867635][ T65] ? __pfx_kthread+0x10/0x10 [ 134.868847][ T65] ret_from_fork+0x45/0x80 [ 134.870000][ T65] ? __pfx_kthread+0x10/0x10 [ 134.871452][ T65] ret_from_fork_asm+0x1a/0x30 [ 134.873206][ T65] [ 134.875006][ T65] Kernel Offset: disabled [ 134.876584][ T65] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:31:44 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000001 RBX=1ffff920009cad93 RCX=ffffc90004e56cd8 RDX=1ffff11004d0f15a RSI=ffffffff8b6cdac0 RDI=ffffffff8bd1db80 RBP=383a54364e699879 RSP=ffffc90004e56c80 R8 =0000000000000000 R9 =fffffbfff20bfe52 R10=ffffffff905ff297 R11=0000000000000004 R12=0000000000000004 R13=0000000000000005 R14=ffff888026878ad8 R15=ffff888026878000 RIP=ffffffff816ac3c6 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f548120b6c0 ffffffff 00c01300 GS =0000 ffff88806a600000 ffffffff 00c01300 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2fb1cff8 CR3=000000004bf6a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001030001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 19aee97f4d078142 cb9183fcb7440ed3 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f557d5f25fb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f557d5f2608 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f557d5f2602 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f557d5f2616 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f557d5f269c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f557d5f277a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e776f6e6b6e7500 6f6c6c3332302500 657a697320740004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b524a4b4e4b5000 4a49491617150000 405f4c560551464a 5751560541444700 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000000d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff850d5855 RDI=ffffffff9ab02400 RBP=ffffffff9ab023c0 RSP=ffffc90000d27588 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3031383838666666 R12=0000000000000000 R13=000000000000000d R14=ffffffff850d57f0 R15=0000000000000000 RIP=ffffffff850d587f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020001800 CR3=000000004d746000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000007 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00307265646e6962 2f73667265646e69 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f25fb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f2608 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f2602 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f2616 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f269c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f277a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f687830c488 00007f687830c480 00007f687830c478 00007f687830c450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6878e6d100 00007f687830c440 00007f6878300004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f687830c498 00007f687830c490 00007f687830c488 00007f687830c480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88806a746ae0 RCX=ffffffff818188fc RDX=ffff888024bd2440 RSI=ffffffff818188d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900032577b8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffed100d4e8d5d R13=0000000000000001 R14=ffff88806a746ae8 R15=ffff88806a840140 RIP=ffffffff818188d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f54811a6f98 CR3=0000000048de6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000010000 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcacd64230 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f25fb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f2608 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f2602 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f2616 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f269c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f68781f277a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000f845b RBX=0000000000000003 RCX=ffffffff8b2663e9 RDX=0000000000000000 RSI=ffffffff8b6cd7c0 RDI=ffffffff8bd1db80 RBP=ffffed1003b5a488 RSP=ffffc900001a7e08 R8 =0000000000000001 R9 =ffffed100d527025 R10=ffff88806a93812b R11=0000000000000000 R12=0000000000000003 R13=ffff88801dad2440 R14=ffffffff905ff290 R15=0000000000000000 RIP=ffffffff8b2677cf RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2f81dff8 CR3=0000000052e18000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f54803f25fb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f54803f2608 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f54803f2602 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f54803f2616 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f54803f269c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f54803f277a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f548050c488 00007f548050c480 00007f548050c478 00007f548050c450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f548106d100 00007f548050c440 00007f5480500004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f548050c498 00007f548050c490 00007f548050c488 00007f548050c480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9ea91aeb19470021 8cc7b1bec6254f08 a6b47f7aa411e9bb f1ddeae899d2d22d ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e51cf5fcaa3141a 07ffffc955ae130e 57426a7679cf74db 84680ea9d4c022d6 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e0abdc9db9de5b43 541f23f01cdb42ba 9b916879e5dfccde 76be39c4f0d6491f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7ebcebb4e3cf17e8 5be136466751a919 88d7f286ca8e83ef fbc78c324d843841 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000