last executing test programs: 3.260150769s ago: executing program 2 (id=1991): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x2000, 0x0, 0x41}, 0x0) 2.36058284s ago: executing program 0 (id=1979): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000300)=ANY=[@ANYBLOB="7c0200001300290400000000000022000000000080ffffffffffffff00000000ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c40105"], 0x27c}, 0x1, 0x0, 0x0, 0x804}, 0x0) 2.288961405s ago: executing program 0 (id=1994): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000800000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a000000000005001d"], 0x44}, 0x1, 0x0, 0x0, 0x48000}, 0x0) r0 = accept4$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x800) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f00000001c0)=0x1, 0x4) pipe(&(0x7f0000000140)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000001c0)={0x73622a85, 0x10b, 0x8000000000002}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x2d, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @flat=@handle={0x73682a85, 0xb}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) socket$inet_udp(0x2, 0x2, 0x0) 2.288573691s ago: executing program 0 (id=1996): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002800000028000000020000000600000000000001e5ff0000080000000000000001000084060000000000000001"], 0x0, 0x42, 0x0, 0x3}, 0x28) 2.225924949s ago: executing program 0 (id=1997): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r0 = socket$netlink(0x10, 0x3, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000040)="6426c985ffca1a7aad96b90420dfc664a074b2cb9e37c8fb60cabe5a111b1d900fb5b4d402322c6a95e2b85390c7880baff39ccf9a69b20da6ff4a7951cdb8ea5993f9d81c712335f1fd57e74f4680a036039801cd5898c400520508bb85701cfcbbc1b46b6dd5d29255eaaa208df87df86b912cde9dc1c068699c1f", 0x7c, 0x0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000580)=ANY=[@ANYBLOB="f4060000", @ANYRES64=0x0, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0xa) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000080)=0xc) sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)={0x24, 0x2c, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r6}, @typed={0x8, 0xda, 0x0, 0x0, @fd=r0}, @nested={0x4, 0x1}]}, 0x24}], 0x1}, 0x4) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) preadv(r1, &(0x7f0000000900)=[{&(0x7f00000006c0)=""/178, 0xb2}, {&(0x7f0000000780)=""/133, 0x85}, {&(0x7f0000000840)=""/179, 0xb3}, {&(0x7f00000002c0)=""/2, 0x2}, {&(0x7f0000000600)=""/126, 0x7e}], 0x5, 0x5, 0x5) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='rdma.current\x00', 0x275a, 0x0) write$UHID_CREATE2(r8, &(0x7f0000000340)=ANY=[@ANYBLOB="40f9ad0deccaba89bb88f7ce15bb2f5ba6b00ec489371a65cea14084909682fc496e3b4b508e14136a3bf20a783cb875b423330df43ae22afade2dfa1bd3ad82e4409734e12d32ee6dced8a7d23aba57906c83b9618e7195f968c2215c64e1b06a55ec7931e662b11573e5ee18977b1c53160a190411dd8ec7b2bfe616d5597ac11d3d4ea3b3c846069e9e59b45721dfb81f4b59da58a8e0514e4bbe0f29fbc7ac0ce7cb14aeb8fe4e129011d79bd92ef2f6c5f6d621460d364a2ceaa1850c7640c7bafd8d3ffd2ef6ec8027", @ANYRES8=r8, @ANYBLOB="16a4912e25d2df24d3ba19d81ed1e57f9e998b7e51db9cf531135d84114661cd3257bee3719196d40a4ce03a5d331553ec229e1545c95ff1d804a3466861b0c9a486dde580d8d6906abf205d15642195dadd396697c9e7fd3ca99e904afd121487653e09f92c2f8ccf035d068bf7f529f0c4ed3be0b12d8d085a404feb7cf169d4687af449cf5c42be500715e60dcefbb9de50d0349f9a7fcbd1"], 0x118) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r8, 0x0) ioctl$KVM_X86_SETUP_MCE(r8, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x89727a31546dcc42, 0x4}) sendmmsg$inet6(r7, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 2.169963688s ago: executing program 0 (id=2000): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000840)={0x14, 0x1, 0x3, 0x301, 0x0, 0x0, {0xa, 0x0, 0x8000}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x4080) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=@newtaction={0x124, 0x30, 0x9e54f29ff072a93b, 0x0, 0x0, {}, [{0x110, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0xc0, 0xb, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file1\x00'}]}, {0x8b, 0x6, "b0efa7444e0f1630b65c8d3f2c03f3a03c2afa76bc7d2cd80a8d53acdc2f8e1112811c4949adc83d11b162f44b31b90e58a4006dfbb598974e706f9bf7931aa3c8ab11de75935944adefa597f570056ed9b36b98343c0910ada0dcd79760b41a8b455ee70f00be9da354081a3276d2bb5388d9c03f16586488164dbde9e7560893c2500bce0b5d"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}]}, 0x124}}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x48004}, 0x800) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000540), 0xf) r2 = syz_open_dev$video(&(0x7f0000000280), 0x101, 0xab02) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f0000000180)=0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a60000000060a000000000000000000000a0000010900010073797a3100000000340004802000018008000100666962001400028008000240000000000800034000000027100001800b00010072656a65637400000900020073797a3200000000140000001100010000000000000000000000000a0071543cc7f07dcb3d1ef6f3b6b08e4642b84ff46455970df944b7ee867a563f80cd42a48278bbcb45ae6031fc4c1b50f154eadbe054e0aff8c83a05e539f1a6bdf26a7da4562e6b47fdd7aad69e732ea3300b57e5c9a30972c85771f7d1b5f8f17d20deae9f8fdda7f8eae1a4cd40100f4ea5f6d307020acd0b2131da17d29dbf674dd4621caf14a369e51b4a73ec"], 0x88}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000340)={0x3, 0x980900, 0x2}) ioctl$VIDIOC_S_CROP(r2, 0x4014563c, &(0x7f0000000100)={0x9, {0xf8000002, 0x9, 0x8, 0xb}}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03080000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021440000000c0a09030000000000000000070000000900020073797a31000000000900010073797a300000000018000380140000800800034000000002050006405200000014000000110001"], 0xc8}}, 0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x10480, 0x0) ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000140)=0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f00000003c0)=@bpq0, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x32000, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) connect$rose(r5, &(0x7f0000000380)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast]}, 0x40) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r8], 0x3c}, 0x1, 0xba01, 0x0, 0x20000000}, 0x0) 2.110124346s ago: executing program 0 (id=2001): r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50) syz_usb_disconnect(0xffffffffffffffff) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) close_range(r0, 0xffffffffffffffff, 0x0) 1.099152438s ago: executing program 1 (id=2008): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.kill\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ftruncate(r0, 0xc17a) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000040)) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82) r2 = dup(r1) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x1c, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 1.02982783s ago: executing program 1 (id=2009): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000840)={0x14, 0x1, 0x3, 0x301, 0x0, 0x0, {0xa, 0x0, 0x8000}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x4080) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=@newtaction={0x124, 0x30, 0x9e54f29ff072a93b, 0x0, 0x0, {}, [{0x110, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0xc0, 0xb, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file1\x00'}]}, {0x8b, 0x6, "b0efa7444e0f1630b65c8d3f2c03f3a03c2afa76bc7d2cd80a8d53acdc2f8e1112811c4949adc83d11b162f44b31b90e58a4006dfbb598974e706f9bf7931aa3c8ab11de75935944adefa597f570056ed9b36b98343c0910ada0dcd79760b41a8b455ee70f00be9da354081a3276d2bb5388d9c03f16586488164dbde9e7560893c2500bce0b5d"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}]}, 0x124}}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x48004}, 0x800) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000540), 0xf) r2 = syz_open_dev$video(&(0x7f0000000280), 0x101, 0xab02) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f0000000180)=0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a60000000060a000000000000000000000a0000010900010073797a3100000000340004802000018008000100666962001400028008000240000000000800034000000027100001800b00010072656a65637400000900020073797a3200000000140000001100010000000000000000000000000a0071543cc7f07dcb3d1ef6f3b6b08e4642b84ff46455970df944b7ee867a563f80cd42a48278bbcb45ae6031fc4c1b50f154eadbe054e0aff8c83a05e539f1a6bdf26a7da4562e6b47fdd7aad69e732ea3300b57e5c9a30972c85771f7d1b5f8f17d20deae9f8fdda7f8eae1a4cd40100f4ea5f6d307020acd0b2131da17d29dbf674dd4621caf14a369e51b4a73ec"], 0x88}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000340)={0x3, 0x980900, 0x2}) ioctl$VIDIOC_S_CROP(r2, 0x4014563c, &(0x7f0000000100)={0x9, {0xf8000002, 0x9, 0x8, 0xb}}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03080000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021440000000c0a09030000000000000000070000000900020073797a31000000000900010073797a300000000018000380140000800800034000000002050006405200000014000000110001"], 0xc8}}, 0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x10480, 0x0) ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000140)=0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f00000003c0)=@bpq0, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x32000, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) connect$rose(r5, &(0x7f0000000380)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast]}, 0x40) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r8], 0x3c}, 0x1, 0xba01, 0x0, 0x20000000}, 0x0) 1.029362812s ago: executing program 1 (id=2010): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./file0\x00', 0x0, 0x841401, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000380)=ANY=[@ANYBLOB="0100000000000f00ff4d564b"]) 959.400854ms ago: executing program 2 (id=2012): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f00000000c0)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r1, 0xc02064cc, &(0x7f0000000080)={r2, r2, 0x0, 0x0, 0x2}) r3 = timerfd_create(0x0, 0x0) timerfd_settime(r3, 0x3, &(0x7f00000001c0), 0x0) ioctl$TFD_IOC_SET_TICKS(r3, 0x40085400, &(0x7f0000000080)=0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff02c}, {0x6}]}, 0x10) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e) connect$inet6(r5, &(0x7f0000000140)={0xa, 0x4e22, 0x9, @mcast1, 0x5}, 0x1c) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002cbd7010fddbdf2505000000080009000200000008000c00a80a0000060001000500000008000b"], 0x3c}, 0x1, 0x0, 0x0, 0x24000040}, 0x20000034) 899.568682ms ago: executing program 2 (id=2014): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) r3 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r1, r2}) sendmmsg$inet(r3, &(0x7f0000001500)=[{{0x0, 0xffffffcf, &(0x7f0000000b00)=[{&(0x7f00000002c0)="89", 0x34000}, {0x0}], 0x2, &(0x7f0000000e40)=ANY=[], 0xd0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) preadv(r0, &(0x7f00000014c0)=[{&(0x7f0000000340)=""/191, 0xfffffd90}], 0x1, 0x182, 0x0) 899.375274ms ago: executing program 1 (id=2015): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb0108180000000000000027474663e118f9a771fce0ae400091a09d5800000200009300000000000000030000000002000000020000000100"/95], 0x0, 0x5a, 0x0, 0x1}, 0x20) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000080)={0x6, 0x3, 0x2, 0x0, 0x5}) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000180)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r2, 0x40103e05, &(0x7f0000000140)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x1) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x2, 0x0, 0x4, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) getsockname(r3, 0x0, &(0x7f0000000180)) ppoll(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0x2) r5 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581) r6 = fcntl$dupfd(r5, 0x0, r5) r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r7, 0x10c, 0x3, &(0x7f00000001c0)=0x5, 0x4) r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r8, 0x80044dfd, &(0x7f0000001480)) ioctl$NBD_SET_SIZE(r6, 0xab02, 0x5) ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r6, 0x4004550d, &(0x7f0000000500)) r9 = openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x41) ioctl$TIOCSWINSZ(r9, 0x5414, &(0x7f0000000080)={0x2, 0x8, 0x8, 0xff76}) read$midi(r9, &(0x7f0000000140)=""/137, 0x89) 760.26971ms ago: executing program 3 (id=2017): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$smc(&(0x7f0000000040), r0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x18, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4, 0x0, 0x12}, [@nested={0x4, 0xd}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 723.342891ms ago: executing program 3 (id=2018): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r0, 0x0) syz_io_uring_setup(0x83, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500, 0x700, 0x352}, &(0x7f0000000240), &(0x7f0000001880)) 669.933066ms ago: executing program 3 (id=2019): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000840)={0x14, 0x1, 0x3, 0x301, 0x0, 0x0, {0xa, 0x0, 0x8000}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x4080) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=@newtaction={0x124, 0x30, 0x9e54f29ff072a93b, 0x0, 0x0, {}, [{0x110, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0xc0, 0xb, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file1\x00'}]}, {0x8b, 0x6, "b0efa7444e0f1630b65c8d3f2c03f3a03c2afa76bc7d2cd80a8d53acdc2f8e1112811c4949adc83d11b162f44b31b90e58a4006dfbb598974e706f9bf7931aa3c8ab11de75935944adefa597f570056ed9b36b98343c0910ada0dcd79760b41a8b455ee70f00be9da354081a3276d2bb5388d9c03f16586488164dbde9e7560893c2500bce0b5d"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}]}, 0x124}}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x48004}, 0x800) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000540), 0xf) r2 = syz_open_dev$video(&(0x7f0000000280), 0x101, 0xab02) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f0000000180)=0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a60000000060a000000000000000000000a0000010900010073797a3100000000340004802000018008000100666962001400028008000240000000000800034000000027100001800b00010072656a65637400000900020073797a3200000000140000001100010000000000000000000000000a0071543cc7f07dcb3d1ef6f3b6b08e4642b84ff46455970df944b7ee867a563f80cd42a48278bbcb45ae6031fc4c1b50f154eadbe054e0aff8c83a05e539f1a6bdf26a7da4562e6b47fdd7aad69e732ea3300b57e5c9a30972c85771f7d1b5f8f17d20deae9f8fdda7f8eae1a4cd40100f4ea5f6d307020acd0b2131da17d29dbf674dd4621caf14a369e51b4a73ec"], 0x88}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000340)={0x3, 0x980900, 0x2}) ioctl$VIDIOC_S_CROP(r2, 0x4014563c, &(0x7f0000000100)={0x9, {0xf8000002, 0x9, 0x8, 0xb}}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03080000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021440000000c0a09030000000000000000070000000900020073797a31000000000900010073797a300000000018000380140000800800034000000002050006405200000014000000110001"], 0xc8}}, 0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x10480, 0x0) ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000140)=0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f00000003c0)=@bpq0, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x32000, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) connect$rose(r5, &(0x7f0000000380)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast]}, 0x40) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r8], 0x3c}, 0x1, 0xba01, 0x0, 0x20000000}, 0x0) 609.12961ms ago: executing program 3 (id=2020): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="6c00000010001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYRES32], 0x6c}}, 0x40) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000040)={r3, 0x5}, 0x8) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff0000000003"], 0x34}, 0x1, 0x0, 0x0, 0x4000895}, 0xc000) ioctl$SIOCX25SCAUSEDIAG(0xffffffffffffffff, 0x89ec, &(0x7f0000000000)={0x4c, 0xf0}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r4, 0x5456, &(0x7f00000000c0)={0x9, 0x6, 0x0, 0x6, 0x19, "f44327189019f4ba9c2d666c378d75463e665e"}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) sendmsg$NL80211_CMD_DISASSOCIATE(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000428bd7000ffdbdf25287400b0897b506200401c00000000000600505050505050000004005f00"/51], 0x30}, 0x1, 0x0, 0x0, 0x20040001}, 0x20004800) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r0) sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)={0x22c, r6, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x38, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}]}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'netpci0\x00'}}]}, @TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x40}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb2c5}]}, @TIPC_NLA_NODE={0x68, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x200}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x8}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "baf4f9164630435f8d41527b5c78512facb02f0cb11473ee5e1ba2b2fdf4799c8addcec2"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3}]}, @TIPC_NLA_BEARER={0xd4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x5, @mcast2, 0xfffffff7}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}}}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}]}]}, 0x22c}, 0x1, 0x0, 0x0, 0x20040000}, 0x40085) 510.094027ms ago: executing program 3 (id=2021): bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1, 0x0, 0x0, 0xf0ff}, 0x0) 60.474511ms ago: executing program 2 (id=2022): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x3c, 0x9, 0x6, 0x801, 0xf9efffff, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 46.133524ms ago: executing program 1 (id=2023): socket$netlink(0x10, 0x3, 0x10) creat(&(0x7f00000002c0)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0xf9efffff, 0x1000000, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 45.784293ms ago: executing program 2 (id=2024): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @multicast2}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newqdisc={0x40, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x4}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000840}, 0x4048000) 320.636µs ago: executing program 2 (id=2025): r0 = syz_clone(0xa8200780, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xa4}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) ptrace$setsig(0x4203, r0, 0x1, &(0x7f0000000180)={0x31, 0x4, 0x3}) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) ptrace(0x10, r0) r2 = syz_open_procfs(r0, &(0x7f0000000040)='status\x00') bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="650a00000000000061118000000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) pread64(r2, &(0x7f0000000140)=""/15, 0xf, 0x4) 160.645µs ago: executing program 3 (id=2026): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000300)=ANY=[@ANYBLOB="7c02000013002904000000000000220000000000f0ffffffffffffff00000000ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c40105"], 0x27c}, 0x1, 0x0, 0x0, 0x804}, 0x0) 0s ago: executing program 1 (id=2027): r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000804) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0xa00, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800) recvmmsg(r2, &(0x7f0000007700), 0x318, 0xfc0, 0x0) syz_genetlink_get_family_id$ieee802154(0x0, r1) ioctl$sock_ifreq(0xffffffffffffffff, 0x8910, 0x0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4049}, 0x4c080) ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, 0x0) kernel console output (not intermixed with test programs): fa0 [ 132.578970][ T9435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.578980][ T9435] RIP: 0033:0x7f41ca18d9dc [ 132.578989][ T9435] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 132.578998][ T9435] RSP: 002b:00007f41cb060030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 132.579008][ T9435] RAX: ffffffffffffffda RBX: 00007f41ca3e5fa0 RCX: 00007f41ca18d9dc [ 132.579015][ T9435] RDX: 000000000000000f RSI: 00007f41cb0600a0 RDI: 0000000000000003 [ 132.579020][ T9435] RBP: 00007f41cb060090 R08: 0000000000000000 R09: 0000000000000000 [ 132.579026][ T9435] R10: 0000000000000046 R11: 0000000000000246 R12: 0000000000000001 [ 132.579037][ T9435] R13: 00007f41ca3e6038 R14: 00007f41ca3e5fa0 R15: 00007ffe2091fe58 [ 132.579051][ T9435] [ 132.644373][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.698969][ T9443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1356'. [ 133.486237][ T5936] block nbd2: Receive control failed (result -32) [ 133.486559][ T9443] block nbd2: shutting down sockets [ 133.544270][ T9460] binder: BINDER_SET_CONTEXT_MGR already set [ 133.546775][ T9460] binder: 9459:9460 ioctl 4018620d 200000000280 returned -16 [ 133.819088][ T9469] batadv3: entered allmulticast mode [ 133.821469][ T9469] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 133.824142][ T9469] bridge0: port 6(batadv3) entered blocking state [ 133.826952][ T9469] bridge0: port 6(batadv3) entered disabled state [ 133.832798][ T9469] batadv3: entered promiscuous mode [ 133.834861][ T9469] bridge0: port 6(batadv3) entered blocking state [ 133.836977][ T9469] bridge0: port 6(batadv3) entered forwarding state [ 134.041275][ T9477] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.101189][ T9477] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.167375][ T9477] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.210031][ T9471] hpfs: hpfs_map_sector(): read error [ 134.234234][ T9477] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.269783][ T9471] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 134.316417][ T62] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.325237][ T62] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.328448][ T13] batman_adv: batadv3: No IGMP Querier present - multicast optimizations disabled [ 134.331869][ T13] batman_adv: batadv3: No MLD Querier present - multicast optimizations disabled [ 134.332837][ T1146] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.345385][ T1146] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.380257][ T9483] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 134.587276][ T9496] binder: 9495:9496 ioctl d000943d 200000102bc0 returned -22 [ 134.591247][ T9496] binder: 9495:9496 ioctl d0009411 200000103bc0 returned -22 [ 134.594284][ T9496] binder: 9495:9496 ioctl c0709411 200000104bc0 returned -22 [ 134.597490][ T9496] binder: 9495:9496 ioctl 81f8943c 200000104c80 returned -22 [ 134.601301][ T9496] binder: 9495:9496 ioctl d0009411 200000104e80 returned -22 [ 134.604600][ T9496] binder: 9495:9496 ioctl d000943d 200000105e80 returned -22 [ 134.607933][ T9496] binder: 9495:9496 ioctl c0709411 200000106e80 returned -22 [ 134.611874][ T9496] binder: 9495:9496 ioctl d000943e 200000106f00 returned -22 [ 134.615294][ T9496] binder: 9495:9496 ioctl d000943d 200000107f00 returned -22 [ 134.618841][ T9496] binder: 9495:9496 ioctl d000943d 200000108f00 returned -22 [ 134.622453][ T9496] binder: 9495:9496 ioctl d000943d 200000109f00 returned -22 [ 134.625578][ T9496] binder: 9495:9496 ioctl 81f8943c 20000010af00 returned -22 [ 134.629260][ T9496] binder: 9495:9496 ioctl d000943d 20000010b100 returned -22 [ 134.631771][ T9496] binder: 9495:9496 ioctl 81f8943c 20000010c100 returned -22 [ 134.634247][ T9496] binder: 9495:9496 ioctl d000943e 20000010c300 returned -22 [ 134.636639][ T9496] binder: 9495:9496 ioctl d0009411 20000010d300 returned -22 [ 134.639160][ T9496] binder: 9495:9496 ioctl 81f8943c 20000010e300 returned -22 [ 134.641585][ T9496] binder: 9495:9496 ioctl d000943d 20000010e500 returned -22 [ 134.644036][ T9496] binder: 9495:9496 ioctl d000943e 20000010f500 returned -22 [ 134.646370][ T9496] binder: 9495:9496 ioctl 81f8943c 200000110500 returned -22 [ 134.648936][ T9496] binder: 9495:9496 ioctl d000943d 200000110700 returned -22 [ 134.651347][ T9496] binder: 9495:9496 ioctl d000943e 200000111700 returned -22 [ 134.653769][ T9496] binder: 9495:9496 ioctl 81f8943c 200000112700 returned -22 [ 134.656184][ T9496] binder: 9495:9496 ioctl d000943e 200000112900 returned -22 [ 134.658848][ T9496] binder: 9495:9496 ioctl d000943d 200000113900 returned -22 [ 134.829243][ T9501] sch_fq: defrate 4294967295 ignored. [ 134.885092][ T9505] FAULT_INJECTION: forcing a failure. [ 134.885092][ T9505] name failslab, interval 1, probability 0, space 0, times 0 [ 134.892547][ T9505] CPU: 1 UID: 0 PID: 9505 Comm: syz.1.1385 Not tainted syzkaller #0 PREEMPT(full) [ 134.892572][ T9505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 134.892583][ T9505] Call Trace: [ 134.892589][ T9505] [ 134.892596][ T9505] dump_stack_lvl+0x16c/0x1f0 [ 134.892627][ T9505] should_fail_ex+0x512/0x640 [ 134.892648][ T9505] ? __kmalloc_noprof+0xca/0x880 [ 134.892675][ T9505] should_failslab+0xc2/0x120 [ 134.892696][ T9505] __kmalloc_noprof+0xdd/0x880 [ 134.892721][ T9505] ? video_usercopy+0x1a0/0x1720 [ 134.892753][ T9505] ? video_usercopy+0x1a0/0x1720 [ 134.892777][ T9505] ? do_vfs_ioctl+0x128/0x14f0 [ 134.892816][ T9505] video_usercopy+0x1a0/0x1720 [ 134.892847][ T9505] ? __pfx___video_do_ioctl+0x10/0x10 [ 134.892872][ T9505] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 134.892895][ T9505] ? __pfx_video_usercopy+0x10/0x10 [ 134.892940][ T9505] v4l2_ioctl+0x1bd/0x250 [ 134.892965][ T9505] ? __pfx_v4l2_ioctl+0x10/0x10 [ 134.892997][ T9505] __x64_sys_ioctl+0x18e/0x210 [ 134.893047][ T9505] do_syscall_64+0xcd/0xfa0 [ 134.893078][ T9505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.893097][ T9505] RIP: 0033:0x7f1e5138efc9 [ 134.893112][ T9505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.893130][ T9505] RSP: 002b:00007f1e5215a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 134.893147][ T9505] RAX: ffffffffffffffda RBX: 00007f1e515e5fa0 RCX: 00007f1e5138efc9 [ 134.893159][ T9505] RDX: 00002000000004c0 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 134.893171][ T9505] RBP: 00007f1e5215a090 R08: 0000000000000000 R09: 0000000000000000 [ 134.893181][ T9505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 134.893191][ T9505] R13: 00007f1e515e6038 R14: 00007f1e515e5fa0 R15: 00007fff0abd74a8 [ 134.893217][ T9505] [ 134.960055][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.967788][ T9507] batadv0: entered allmulticast mode [ 134.970272][ T9507] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 134.972743][ T9507] bridge0: port 3(batadv0) entered blocking state [ 134.974767][ T9507] bridge0: port 3(batadv0) entered disabled state [ 134.977458][ T9507] batadv0: entered promiscuous mode [ 134.980716][ T9507] bridge0: port 3(batadv0) entered blocking state [ 134.983582][ T9507] bridge0: port 3(batadv0) entered forwarding state [ 135.045874][ T9518] binder: 9517:9518 unknown command 0 [ 135.048090][ T9518] binder: 9517:9518 ioctl c0306201 200000000080 returned -22 [ 135.055344][ T9518] binder: 9517:9518 ioctl c0306201 2000000003c0 returned -14 [ 135.478313][ T1146] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 135.482192][ T1146] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 135.550635][ T9538] hpfs: hpfs_map_sector(): read error [ 135.610946][ T40] kauditd_printk_skb: 111 callbacks suppressed [ 135.610960][ T40] audit: type=1400 audit(1761740939.582:1804): avc: denied { setopt } for pid=9543 comm="syz.0.1400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 135.619007][ T9538] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 135.657612][ T40] audit: type=1400 audit(1761740939.622:1805): avc: denied { read } for pid=9545 comm="syz.3.1401" name="card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 135.666421][ T40] audit: type=1400 audit(1761740939.622:1806): avc: denied { open } for pid=9545 comm="syz.3.1401" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 135.674767][ T40] audit: type=1400 audit(1761740939.622:1807): avc: denied { append } for pid=9545 comm="syz.3.1401" name="card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 135.684032][ T40] audit: type=1400 audit(1761740939.622:1808): avc: denied { write } for pid=9545 comm="syz.3.1401" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 135.826195][ T40] audit: type=1400 audit(1761740939.792:1809): avc: denied { map } for pid=9555 comm="syz.0.1405" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=33971 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 135.836294][ T40] audit: type=1400 audit(1761740939.792:1810): avc: denied { read write } for pid=9555 comm="syz.0.1405" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=33971 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 135.888195][ T841] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 135.947441][ T40] audit: type=1400 audit(1761740939.912:1811): avc: denied { read } for pid=9565 comm="syz.1.1410" dev="nsfs" ino=4026533312 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 135.955701][ T40] audit: type=1400 audit(1761740939.912:1812): avc: denied { open } for pid=9565 comm="syz.1.1410" path="net:[4026533312]" dev="nsfs" ino=4026533312 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 135.965663][ T40] audit: type=1400 audit(1761740939.912:1813): avc: denied { create } for pid=9565 comm="syz.1.1410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 136.048248][ T841] usb 8-1: Using ep0 maxpacket: 32 [ 136.051409][ T841] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 136.054114][ T841] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 136.056855][ T841] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 136.060014][ T841] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 136.063770][ T841] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 136.067517][ T841] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 136.072265][ T841] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 136.075186][ T841] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.081051][ T841] usb 8-1: config 0 descriptor?? [ 136.194651][ T9570] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.289514][ T9546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.292641][ T9546] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.448306][ T5936] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 136.448558][ T66] Bluetooth: hci4: command 0x1003 tx timeout [ 136.706856][ T841] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 136.714794][ T841] usb 8-1: USB disconnect, device number 17 [ 136.722990][ T841] usblp0: removed [ 136.731674][ T9588] __nla_validate_parse: 9 callbacks suppressed [ 136.731683][ T9588] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1419'. [ 136.745101][ T9590] 9pnet_fd: p9_fd_create_tcp (9590): problem connecting socket to 127.0.0.1 [ 136.754822][ T9590] binder: 9589:9590 ioctl c0306201 0 returned -14 [ 136.830585][ T9602] netlink: 'syz.2.1426': attribute type 10 has an invalid length. [ 136.844200][ T9602] 8021q: adding VLAN 0 to HW filter on device bond2 [ 136.852555][ T9602] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 136.857192][ T9602] bond1: (slave macvlan4): Enslaving as a backup interface with a down link [ 136.885832][ T9606] netlink: 'syz.2.1427': attribute type 5 has an invalid length. [ 136.910933][ T9608] binder: BINDER_SET_CONTEXT_MGR already set [ 136.912918][ T9608] binder: 9607:9608 ioctl 4018620d 200000000280 returned -16 [ 136.941076][ T9608] binder: 9607:9608 ioctl 400454dc 200000000480 returned -22 [ 137.020431][ T9621] openvswitch: netlink: Flow key attribute not present in set flow. [ 137.023495][ T9621] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 137.026170][ T9621] overlayfs: missing 'lowerdir' [ 137.068194][ T9627] batadv1: entered allmulticast mode [ 137.068238][ T24] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 137.070572][ T9627] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 137.075039][ T9627] bridge0: port 4(batadv1) entered blocking state [ 137.077120][ T9627] bridge0: port 4(batadv1) entered disabled state [ 137.080041][ T9627] batadv1: entered promiscuous mode [ 137.081975][ T9627] bridge0: port 4(batadv1) entered blocking state [ 137.084367][ T9627] bridge0: port 4(batadv1) entered forwarding state [ 137.118626][ T9631] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 137.121692][ T9631] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.159341][ T9635] 9pnet_fd: p9_fd_create_tcp (9635): problem connecting socket to 127.0.0.1 [ 137.194701][ T9631] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 137.198711][ T9631] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.218194][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 137.221276][ T24] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 137.224621][ T24] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 137.227923][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 137.231134][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 137.234241][ T24] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 137.237210][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 137.241514][ T24] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 137.245465][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.251237][ T24] usb 6-1: config 0 descriptor?? [ 137.264397][ T9631] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 137.268101][ T9631] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.284313][ T9643] netlink: 'syz.2.1445': attribute type 12 has an invalid length. [ 137.285237][ T9641] binder: 9640:9641 ioctl c0306201 0 returned -14 [ 137.322253][ T9631] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 137.325359][ T9631] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.326914][ T9647] binder: BINDER_SET_CONTEXT_MGR already set [ 137.331056][ T9647] binder: 9644:9647 ioctl 4018620d 2000000001c0 returned -16 [ 137.335616][ T9647] binder: 9644:9647 unknown command 0 [ 137.337641][ T9647] binder: 9644:9647 ioctl c0306201 200000000080 returned -22 [ 137.342354][ T9647] binder: BINDER_SET_CONTEXT_MGR already set [ 137.344432][ T9647] binder: 9644:9647 ioctl 4018620d 200000000040 returned -16 [ 137.346926][ T9647] binder: 9644:9647 ioctl c0306201 2000000003c0 returned -14 [ 137.386110][ T9649] batadv3: entered allmulticast mode [ 137.389224][ T9649] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 137.392556][ T9649] bridge0: port 5(batadv3) entered blocking state [ 137.395459][ T9649] bridge0: port 5(batadv3) entered disabled state [ 137.399649][ T9649] batadv3: entered promiscuous mode [ 137.402225][ T9649] bridge0: port 5(batadv3) entered blocking state [ 137.404936][ T9649] bridge0: port 5(batadv3) entered forwarding state [ 137.459411][ T24] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 137.468070][ T24] usb 6-1: USB disconnect, device number 16 [ 137.478016][ T24] usblp0: removed [ 137.483189][ T1146] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 2816 - 0 [ 137.488094][ T1146] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.500991][ T1146] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 2816 - 0 [ 137.503704][ T1146] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.511709][ T1146] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 2816 - 0 [ 137.515057][ T1146] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.530186][ T62] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 2816 - 0 [ 137.533083][ T62] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.568498][ T46] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 137.571818][ T46] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 137.684562][ T9674] tmpfs: Bad value for 'mpol' [ 137.690991][ T841] IPVS: starting estimator thread 0... [ 137.741959][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.744119][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.788370][ T9675] IPVS: using max 45 ests per chain, 108000 per kthread [ 137.898300][ T6164] batman_adv: batadv3: No IGMP Querier present - multicast optimizations disabled [ 137.901265][ T6164] batman_adv: batadv3: No MLD Querier present - multicast optimizations disabled [ 137.908455][ T24] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 137.908548][ T9679] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1462'. [ 138.068494][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 138.072595][ T24] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 138.076214][ T24] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 138.080979][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 138.084284][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 138.087361][ T24] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 138.090872][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 138.096214][ T24] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 138.100078][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.105884][ T24] usb 6-1: config 0 descriptor?? [ 138.313108][ T24] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 138.318617][ T24] usb 6-1: USB disconnect, device number 17 [ 138.323556][ T24] usblp0: removed [ 138.357476][ T5936] block nbd3: Receive control failed (result -32) [ 138.357749][ T9659] block nbd3: shutting down sockets [ 138.483658][ T9693] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1467'. [ 138.583357][ T9710] 9pnet_fd: p9_fd_create_tcp (9710): problem connecting socket to 127.0.0.1 [ 138.591709][ T9710] binder: 9709:9710 ioctl c0306201 0 returned -14 [ 138.671726][ T9720] batadv4: entered allmulticast mode [ 138.674178][ T9720] 8021q: adding VLAN 0 to HW filter on device batadv4 [ 138.676506][ T9720] bridge0: port 6(batadv4) entered blocking state [ 138.678793][ T9720] bridge0: port 6(batadv4) entered disabled state [ 138.682300][ T9720] batadv4: entered promiscuous mode [ 138.684903][ T9720] bridge0: port 6(batadv4) entered blocking state [ 138.687414][ T9720] bridge0: port 6(batadv4) entered forwarding state [ 138.887083][ T9745] binder: 9744:9745 ioctl c0306201 0 returned -14 [ 138.923957][ T9750] openvswitch: netlink: Duplicate or invalid key (type 0). [ 138.926507][ T9750] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 138.953958][ T9753] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 138.976027][ T9756] kernel profiling enabled (shift: 0) [ 139.179330][ T62] batman_adv: batadv4: No IGMP Querier present - multicast optimizations disabled [ 139.182491][ T62] batman_adv: batadv4: No MLD Querier present - multicast optimizations disabled [ 139.228345][ T9786] kAFS: No cell specified [ 139.241488][ T9793] FAULT_INJECTION: forcing a failure. [ 139.241488][ T9793] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 139.246114][ T9793] CPU: 0 UID: 0 PID: 9793 Comm: syz.3.1504 Not tainted syzkaller #0 PREEMPT(full) [ 139.246129][ T9793] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 139.246135][ T9793] Call Trace: [ 139.246139][ T9793] [ 139.246144][ T9793] dump_stack_lvl+0x16c/0x1f0 [ 139.246164][ T9793] should_fail_ex+0x512/0x640 [ 139.246179][ T9793] _copy_from_user+0x2e/0xd0 [ 139.246194][ T9793] io_uring_setup+0xb4/0x2170 [ 139.246210][ T9793] ? find_held_lock+0x2b/0x80 [ 139.246224][ T9793] ? __pfx_io_uring_setup+0x10/0x10 [ 139.246239][ T9793] ? avc_has_perm_noaudit+0x117/0x3b0 [ 139.246256][ T9793] ? avc_has_perm_noaudit+0x149/0x3b0 [ 139.246276][ T9793] ? ksys_write+0x1ac/0x250 [ 139.246287][ T9793] ? __pfx_ksys_write+0x10/0x10 [ 139.246299][ T9793] __x64_sys_io_uring_setup+0xc2/0x170 [ 139.246316][ T9793] do_syscall_64+0xcd/0xfa0 [ 139.246333][ T9793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.246345][ T9793] RIP: 0033:0x7f94aab8efc9 [ 139.246354][ T9793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.246364][ T9793] RSP: 002b:00007f94aba00fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 139.246374][ T9793] RAX: ffffffffffffffda RBX: 00007f94aade5fa0 RCX: 00007f94aab8efc9 [ 139.246381][ T9793] RDX: 0000200000001880 RSI: 0000200000000580 RDI: 0000000000000083 [ 139.246387][ T9793] RBP: 0000200000000580 R08: 0000000000000000 R09: 0000200000001880 [ 139.246394][ T9793] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 139.246400][ T9793] R13: 0000200000000240 R14: 0000000000000083 R15: 0000200000001880 [ 139.246414][ T9793] [ 139.298215][ T6001] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 139.458306][ T6001] usb 7-1: Using ep0 maxpacket: 32 [ 139.461270][ T6001] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 139.464294][ T6001] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 139.467097][ T6001] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 139.470117][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 139.473221][ T6001] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 139.476199][ T6001] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 139.480395][ T6001] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 139.483232][ T6001] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.487526][ T6001] usb 7-1: config 0 descriptor?? [ 139.694836][ T6001] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 139.708596][ T6001] usb 7-1: USB disconnect, device number 20 [ 139.715374][ T6001] usblp0: removed [ 139.989235][ T9811] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 140.228324][ T6001] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 140.378390][ T6001] usb 7-1: Using ep0 maxpacket: 32 [ 140.380675][ T896] usb 8-1: new low-speed USB device number 18 using dummy_hcd [ 140.386342][ T6001] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 140.389936][ T6001] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 140.393417][ T6001] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 140.397047][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 140.401105][ T6001] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 140.404577][ T6001] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 140.409927][ T6001] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 140.413585][ T6001] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.420291][ T6001] usb 7-1: config 0 descriptor?? [ 140.538168][ T896] usb 8-1: Invalid ep0 maxpacket: 64 [ 140.557638][ T9833] binder: 9832:9833 unknown command 0 [ 140.562837][ T9833] binder: 9832:9833 ioctl c0306201 200000000080 returned -22 [ 140.566779][ T9833] binder: 9832:9833 ioctl c0306201 2000000003c0 returned -14 [ 140.600487][ T9838] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 140.611008][ T9838] CIFS mount error: No usable UNC path provided in device string! [ 140.611008][ T9838] [ 140.615502][ T9838] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 140.636223][ T9841] FAULT_INJECTION: forcing a failure. [ 140.636223][ T9841] name failslab, interval 1, probability 0, space 0, times 0 [ 140.641939][ T9841] CPU: 1 UID: 0 PID: 9841 Comm: syz.1.1526 Not tainted syzkaller #0 PREEMPT(full) [ 140.641954][ T9841] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 140.641961][ T9841] Call Trace: [ 140.641964][ T9841] [ 140.641969][ T9841] dump_stack_lvl+0x16c/0x1f0 [ 140.642000][ T9841] should_fail_ex+0x512/0x640 [ 140.642014][ T9841] ? __kmalloc_cache_noprof+0x5f/0x780 [ 140.642031][ T9841] should_failslab+0xc2/0x120 [ 140.642043][ T9841] __kmalloc_cache_noprof+0x72/0x780 [ 140.642057][ T9841] ? io_uring_setup+0x278/0x2170 [ 140.642075][ T9841] ? io_uring_setup+0x278/0x2170 [ 140.642090][ T9841] io_uring_setup+0x278/0x2170 [ 140.642105][ T9841] ? find_held_lock+0x2b/0x80 [ 140.642118][ T9841] ? __pfx_io_uring_setup+0x10/0x10 [ 140.642132][ T9841] ? avc_has_perm_noaudit+0x117/0x3b0 [ 140.642148][ T9841] ? avc_has_perm_noaudit+0x149/0x3b0 [ 140.642167][ T9841] ? ksys_write+0x1ac/0x250 [ 140.642177][ T9841] ? __pfx_ksys_write+0x10/0x10 [ 140.642189][ T9841] __x64_sys_io_uring_setup+0xc2/0x170 [ 140.642209][ T9841] do_syscall_64+0xcd/0xfa0 [ 140.642225][ T9841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.642236][ T9841] RIP: 0033:0x7f1e5138efc9 [ 140.642245][ T9841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.642255][ T9841] RSP: 002b:00007f1e52159fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 140.642265][ T9841] RAX: ffffffffffffffda RBX: 00007f1e515e5fa0 RCX: 00007f1e5138efc9 [ 140.642271][ T9841] RDX: 0000200000001880 RSI: 0000200000000580 RDI: 0000000000000083 [ 140.642277][ T9841] RBP: 0000200000000580 R08: 0000000000000000 R09: 0000200000001880 [ 140.642283][ T9841] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 140.642289][ T9841] R13: 0000200000000240 R14: 0000000000000083 R15: 0000200000001880 [ 140.642303][ T9841] [ 140.653588][ T40] kauditd_printk_skb: 166 callbacks suppressed [ 140.653602][ T40] audit: type=1400 audit(1761740944.622:1980): avc: denied { prog_run } for pid=9842 comm="syz.0.1527" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 140.653825][ T9843] xt_limit: Overflow, try lower: 271964/0 [ 140.678271][ T896] usb 8-1: new low-speed USB device number 19 using dummy_hcd [ 140.735560][ T40] audit: type=1400 audit(1761740944.652:1981): avc: denied { read } for pid=9846 comm="syz.1.1528" name="card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 140.743226][ T40] audit: type=1400 audit(1761740944.652:1982): avc: denied { open } for pid=9846 comm="syz.1.1528" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 140.750918][ T40] audit: type=1400 audit(1761740944.652:1983): avc: denied { append } for pid=9846 comm="syz.1.1528" name="card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 140.828937][ T896] usb 8-1: Invalid ep0 maxpacket: 64 [ 140.831811][ T6001] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 21 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 140.836130][ T896] usb usb8-port1: attempt power cycle [ 140.840568][ T6001] usb 7-1: USB disconnect, device number 21 [ 140.846358][ T6001] usblp0: removed [ 140.865787][ T5936] Bluetooth: hci1: unexpected cc 0x0809 length: 68 > 4 [ 140.928317][ T9352] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 140.989006][ T40] audit: type=1400 audit(1761740944.962:1984): avc: denied { ioctl } for pid=9864 comm="syz.0.1535" path="socket:[33758]" dev="sockfs" ino=33758 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 140.992359][ T9865] batadv2: entered allmulticast mode [ 141.001589][ T9865] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 141.003951][ T9865] bridge0: port 5(batadv2) entered blocking state [ 141.006110][ T9865] bridge0: port 5(batadv2) entered disabled state [ 141.009989][ T9865] batadv2: entered promiscuous mode [ 141.012015][ T9865] bridge0: port 5(batadv2) entered blocking state [ 141.014240][ T9865] bridge0: port 5(batadv2) entered forwarding state [ 141.056496][ T40] audit: type=1400 audit(1761740945.022:1985): avc: denied { bind } for pid=9866 comm="syz.0.1536" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 141.065490][ T9867] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 141.070027][ T9867] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.098433][ T9352] usb 6-1: Using ep0 maxpacket: 32 [ 141.101974][ T9352] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 141.104586][ T9352] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 141.107557][ T9352] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 141.110418][ T9352] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 141.113370][ T9352] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 141.116248][ T9352] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 141.120179][ T9352] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 141.123011][ T9352] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.124518][ T9867] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 141.128009][ T9352] usb 6-1: config 0 descriptor?? [ 141.129699][ T9867] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.178235][ T896] usb 8-1: new low-speed USB device number 20 using dummy_hcd [ 141.197727][ T9867] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 141.198675][ T896] usb 8-1: Invalid ep0 maxpacket: 64 [ 141.202015][ T9867] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.262091][ T9867] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 141.265101][ T9867] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.328212][ T896] usb 8-1: new low-speed USB device number 21 using dummy_hcd [ 141.337033][ T9352] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 18 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 141.342544][ T9352] usb 6-1: USB disconnect, device number 18 [ 141.350880][ T9352] usblp0: removed [ 141.352714][ T896] usb 8-1: Invalid ep0 maxpacket: 64 [ 141.355222][ T896] usb usb8-port1: unable to enumerate USB device [ 141.370694][ T46] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 2816 - 0 [ 141.374172][ T46] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.383017][ T46] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 2816 - 0 [ 141.386524][ T46] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.398675][ T46] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 2816 - 0 [ 141.402083][ T46] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.413872][ T46] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 2816 - 0 [ 141.417313][ T46] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.418431][ T40] audit: type=1400 audit(1761740945.382:1986): avc: denied { mounton } for pid=9870 comm="syz.2.1538" path="/364/file0" dev="tmpfs" ino=1918 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 141.428186][ T40] audit: type=1400 audit(1761740945.392:1987): avc: denied { mount } for pid=9870 comm="syz.2.1538" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 141.492451][ T9876] netlink: 'syz.0.1540': attribute type 5 has an invalid length. [ 141.498341][ T46] batman_adv: batadv2: No IGMP Querier present - multicast optimizations disabled [ 141.501605][ T46] batman_adv: batadv2: No MLD Querier present - multicast optimizations disabled [ 141.564906][ T9881] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1542'. [ 141.568757][ T9881] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1542'. [ 141.579460][ T40] audit: type=1400 audit(1761740945.552:1988): avc: denied { ioctl } for pid=9880 comm="syz.0.1542" path="socket:[36030]" dev="sockfs" ino=36030 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 141.589282][ T40] audit: type=1400 audit(1761740945.552:1989): avc: denied { name_bind } for pid=9880 comm="syz.0.1542" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 141.603546][ T9881] ip6gretap1: entered promiscuous mode [ 141.605897][ T9881] ip6gretap1: entered allmulticast mode [ 141.768306][ T9352] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 141.918509][ T9352] usb 6-1: Using ep0 maxpacket: 32 [ 141.922009][ T9352] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 141.925306][ T9352] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 141.928904][ T9352] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 141.932374][ T9352] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 141.936103][ T9352] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 141.940052][ T9352] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 141.945009][ T9352] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 141.948726][ T9352] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.953241][ T9352] usb 6-1: config 0 descriptor?? [ 142.281095][ T9890] FAULT_INJECTION: forcing a failure. [ 142.281095][ T9890] name failslab, interval 1, probability 0, space 0, times 0 [ 142.285575][ T9890] CPU: 1 UID: 0 PID: 9890 Comm: syz.2.1546 Not tainted syzkaller #0 PREEMPT(full) [ 142.285590][ T9890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 142.285596][ T9890] Call Trace: [ 142.285600][ T9890] [ 142.285605][ T9890] dump_stack_lvl+0x16c/0x1f0 [ 142.285624][ T9890] should_fail_ex+0x512/0x640 [ 142.285636][ T9890] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 142.285649][ T9890] should_failslab+0xc2/0x120 [ 142.285662][ T9890] __kvmalloc_node_noprof+0x141/0x9c0 [ 142.285673][ T9890] ? io_uring_setup+0x3ad/0x2170 [ 142.285691][ T9890] ? io_uring_setup+0x3ad/0x2170 [ 142.285705][ T9890] io_uring_setup+0x3ad/0x2170 [ 142.285721][ T9890] ? __pfx_io_uring_setup+0x10/0x10 [ 142.285748][ T9890] ? avc_has_perm_noaudit+0x117/0x3b0 [ 142.285764][ T9890] ? avc_has_perm_noaudit+0x149/0x3b0 [ 142.285783][ T9890] ? ksys_write+0x1ac/0x250 [ 142.285793][ T9890] ? __pfx_ksys_write+0x10/0x10 [ 142.285805][ T9890] __x64_sys_io_uring_setup+0xc2/0x170 [ 142.285821][ T9890] do_syscall_64+0xcd/0xfa0 [ 142.285837][ T9890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.285848][ T9890] RIP: 0033:0x7f41ca18efc9 [ 142.285858][ T9890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.285872][ T9890] RSP: 002b:00007f41cb05ffc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 142.285887][ T9890] RAX: ffffffffffffffda RBX: 00007f41ca3e5fa0 RCX: 00007f41ca18efc9 [ 142.285897][ T9890] RDX: 0000200000001880 RSI: 0000200000000580 RDI: 0000000000000083 [ 142.285909][ T9890] RBP: 0000200000000580 R08: 0000000000000000 R09: 0000200000001880 [ 142.285918][ T9890] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 142.285928][ T9890] R13: 0000200000000240 R14: 0000000000000083 R15: 0000200000001880 [ 142.285951][ T9890] [ 142.353767][ C1] vkms_vblank_simulate: vblank timer overrun [ 142.359409][ T9352] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 19 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 142.364683][ T9352] usb 6-1: USB disconnect, device number 19 [ 142.371845][ T9352] usblp0: removed [ 142.382295][ T9892] FAULT_INJECTION: forcing a failure. [ 142.382295][ T9892] name failslab, interval 1, probability 0, space 0, times 0 [ 142.387294][ T9892] CPU: 2 UID: 0 PID: 9892 Comm: syz.2.1547 Not tainted syzkaller #0 PREEMPT(full) [ 142.387316][ T9892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 142.387326][ T9892] Call Trace: [ 142.387333][ T9892] [ 142.387341][ T9892] dump_stack_lvl+0x16c/0x1f0 [ 142.387370][ T9892] should_fail_ex+0x512/0x640 [ 142.387389][ T9892] ? fs_reclaim_acquire+0xae/0x150 [ 142.387410][ T9892] should_failslab+0xc2/0x120 [ 142.387430][ T9892] __kmalloc_noprof+0xdd/0x880 [ 142.387454][ T9892] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 142.387479][ T9892] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 142.387497][ T9892] tomoyo_realpath_from_path+0xc2/0x6e0 [ 142.387518][ T9892] ? tomoyo_profile+0x47/0x60 [ 142.387543][ T9892] tomoyo_path_number_perm+0x245/0x580 [ 142.387567][ T9892] ? tomoyo_path_number_perm+0x237/0x580 [ 142.387595][ T9892] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 142.387623][ T9892] ? find_held_lock+0x2b/0x80 [ 142.387666][ T9892] ? find_held_lock+0x2b/0x80 [ 142.387686][ T9892] ? hook_file_ioctl_common+0x145/0x410 [ 142.387714][ T9892] ? __fget_files+0x20e/0x3c0 [ 142.387736][ T9892] security_file_ioctl+0x9b/0x240 [ 142.387756][ T9892] __x64_sys_ioctl+0xb7/0x210 [ 142.387781][ T9892] do_syscall_64+0xcd/0xfa0 [ 142.387808][ T9892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.387825][ T9892] RIP: 0033:0x7f41ca18efc9 [ 142.387841][ T9892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.387857][ T9892] RSP: 002b:00007f41cb060038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 142.387881][ T9892] RAX: ffffffffffffffda RBX: 00007f41ca3e5fa0 RCX: 00007f41ca18efc9 [ 142.387891][ T9892] RDX: 0000000000000000 RSI: 0000000000004b72 RDI: 0000000000000003 [ 142.387902][ T9892] RBP: 00007f41cb060090 R08: 0000000000000000 R09: 0000000000000000 [ 142.387913][ T9892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.387922][ T9892] R13: 00007f41ca3e6038 R14: 00007f41ca3e5fa0 R15: 00007ffe2091fe58 [ 142.387947][ T9892] [ 142.387955][ T9892] ERROR: Out of memory at tomoyo_realpath_from_path. [ 142.971845][ T9922] batadv5: entered allmulticast mode [ 142.975356][ T9922] 8021q: adding VLAN 0 to HW filter on device batadv5 [ 142.978865][ T9922] bridge0: port 7(batadv5) entered blocking state [ 142.981583][ T9922] bridge0: port 7(batadv5) entered disabled state [ 142.985753][ T9922] batadv5: entered promiscuous mode [ 142.988610][ T9922] bridge0: port 7(batadv5) entered blocking state [ 142.991512][ T9922] bridge0: port 7(batadv5) entered forwarding state [ 143.055270][ T9925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.104595][ T9928] binder: 9927:9928 unknown command 0 [ 143.106763][ T9928] binder: 9927:9928 ioctl c0306201 200000000080 returned -22 [ 143.112146][ T9928] binder: 9927:9928 ioctl c0306201 2000000003c0 returned -14 [ 143.208615][ T9939] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 143.226819][ T9941] kvm: kvm [9940]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010000) = 0x9 [ 143.256453][ T9943] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1568'. [ 143.393819][ T9949] netlink: 'syz.3.1571': attribute type 10 has an invalid length. [ 143.404712][ T9949] bond2: (slave macvlan3): Error -98 calling set_mac_address [ 143.468261][ T6164] batman_adv: batadv5: No IGMP Querier present - multicast optimizations disabled [ 143.471194][ T6164] batman_adv: batadv5: No MLD Querier present - multicast optimizations disabled [ 143.578387][ T9960] FAULT_INJECTION: forcing a failure. [ 143.578387][ T9960] name failslab, interval 1, probability 0, space 0, times 0 [ 143.582663][ T9960] CPU: 2 UID: 0 PID: 9960 Comm: syz.3.1576 Not tainted syzkaller #0 PREEMPT(full) [ 143.582677][ T9960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 143.582684][ T9960] Call Trace: [ 143.582696][ T9960] [ 143.582700][ T9960] dump_stack_lvl+0x16c/0x1f0 [ 143.582732][ T9960] should_fail_ex+0x512/0x640 [ 143.582750][ T9960] ? __kmalloc_cache_noprof+0x5f/0x780 [ 143.582767][ T9960] should_failslab+0xc2/0x120 [ 143.582780][ T9960] __kmalloc_cache_noprof+0x72/0x780 [ 143.582794][ T9960] ? percpu_ref_init+0xec/0x410 [ 143.582807][ T9960] ? percpu_ref_init+0xec/0x410 [ 143.582816][ T9960] ? __pfx_io_ring_ctx_ref_free+0x10/0x10 [ 143.582826][ T9960] percpu_ref_init+0xec/0x410 [ 143.582837][ T9960] io_uring_setup+0x4a6/0x2170 [ 143.582853][ T9960] ? __pfx_io_uring_setup+0x10/0x10 [ 143.582867][ T9960] ? avc_has_perm_noaudit+0x117/0x3b0 [ 143.582888][ T9960] ? avc_has_perm_noaudit+0x149/0x3b0 [ 143.582907][ T9960] ? ksys_write+0x1ac/0x250 [ 143.582917][ T9960] ? __pfx_ksys_write+0x10/0x10 [ 143.582929][ T9960] __x64_sys_io_uring_setup+0xc2/0x170 [ 143.582945][ T9960] do_syscall_64+0xcd/0xfa0 [ 143.582960][ T9960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.582971][ T9960] RIP: 0033:0x7f94aab8efc9 [ 143.582979][ T9960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.582989][ T9960] RSP: 002b:00007f94aba00fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 143.582999][ T9960] RAX: ffffffffffffffda RBX: 00007f94aade5fa0 RCX: 00007f94aab8efc9 [ 143.583006][ T9960] RDX: 0000200000001880 RSI: 0000200000000580 RDI: 0000000000000083 [ 143.583012][ T9960] RBP: 0000200000000580 R08: 0000000000000000 R09: 0000200000001880 [ 143.583018][ T9960] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 143.583024][ T9960] R13: 0000200000000240 R14: 0000000000000083 R15: 0000200000001880 [ 143.583038][ T9960] [ 143.587241][ T9962] netlink: 276 bytes leftover after parsing attributes in process `syz.2.1577'. [ 143.742079][ T9972] netlink: 'syz.2.1581': attribute type 10 has an invalid length. [ 143.759729][ T9972] 8021q: adding VLAN 0 to HW filter on device bond3 [ 143.778972][ T9975] binder: 9974:9975 ioctl f518 0 returned -22 [ 143.781399][ T9975] binder: 9974:9975 ioctl c0306201 0 returned -14 [ 143.878220][ T1331] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 143.891450][ T9979] batadv0: entered promiscuous mode [ 143.895570][ T9979] IPVS: set_ctl: invalid protocol: 135 172.30.0.3:20002 [ 143.899016][ T9978] batadv0: left promiscuous mode [ 143.941099][ T9983] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048) [ 144.048467][ T1331] usb 8-1: Using ep0 maxpacket: 32 [ 144.054310][ T1331] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 144.059846][ T1331] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 144.063969][ T1331] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 144.068059][ T1331] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 144.073039][ T1331] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 144.078796][ T1331] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 144.082542][ T1331] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.089419][ T1331] usb 8-1: config 0 descriptor?? [ 144.295418][ T1331] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 22 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 144.358226][ T10] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 144.518213][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 144.521369][ T10] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 144.524030][ T10] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 144.526860][ T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 144.530378][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 144.534312][ T10] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 144.537543][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 144.542658][ T10] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 144.546036][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.552312][ T10] usb 6-1: config 0 descriptor?? [ 144.581009][T10003] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1595'. [ 144.589619][T10003] fuse: Unknown parameter 'all' [ 144.623161][T10006] netlink: 'syz.0.1596': attribute type 5 has an invalid length. [ 144.760125][ T10] usblp 6-1:0.0: usblp1: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 144.767583][ T10] usb 6-1: USB disconnect, device number 20 [ 144.775240][ T10] usblp1: removed [ 144.780364][T10013] overlayfs: failed to clone upperpath [ 144.793572][T10013] overlayfs: failed to clone upperpath [ 144.846863][T10016] netlink: 'syz.2.1600': attribute type 10 has an invalid length. [ 144.862978][T10016] 8021q: adding VLAN 0 to HW filter on device bond4 [ 144.895635][T10021] sctp: [Deprecated]: syz.2.1602 (pid 10021) Use of int in max_burst socket option. [ 144.895635][T10021] Use struct sctp_assoc_value instead [ 145.178276][T10040] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1609'. [ 145.228212][ T1331] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 145.242043][T10044] binder: BINDER_SET_CONTEXT_MGR already set [ 145.244312][T10044] binder: 10043:10044 ioctl 4018620d 2000000001c0 returned -16 [ 145.248772][T10044] binder: 10043:10044 unknown command 0 [ 145.250636][T10044] binder: 10043:10044 ioctl c0306201 200000000080 returned -22 [ 145.255139][T10044] binder: BINDER_SET_CONTEXT_MGR already set [ 145.257302][T10044] binder: 10043:10044 ioctl 4018620d 200000000040 returned -16 [ 145.260964][T10044] binder: 10043:10044 ioctl c0306201 2000000003c0 returned -14 [ 145.352648][T10048] binder: BINDER_SET_CONTEXT_MGR already set [ 145.354856][T10048] binder: 10047:10048 ioctl 4018620d 2000000001c0 returned -16 [ 145.359797][T10048] binder: 10047:10048 unknown command 0 [ 145.362186][T10048] binder: 10047:10048 ioctl c0306201 200000000080 returned -22 [ 145.367876][T10048] binder: BINDER_SET_CONTEXT_MGR already set [ 145.370799][T10048] binder: 10047:10048 ioctl 4018620d 200000000040 returned -16 [ 145.374699][T10048] binder: 10047:10048 ioctl c0306201 2000000003c0 returned -14 [ 145.388251][ T1331] usb 6-1: Using ep0 maxpacket: 32 [ 145.391563][ T1331] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 145.394975][ T1331] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 145.398828][ T1331] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 145.402548][ T1331] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 145.407107][ T1331] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 145.412142][ T1331] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 145.416915][ T1331] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 145.421193][ T1331] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.428858][ T1331] usb 6-1: config 0 descriptor?? [ 145.836027][ T40] kauditd_printk_skb: 130 callbacks suppressed [ 145.836042][ T40] audit: type=1400 audit(1761740949.802:2120): avc: denied { read write } for pid=9996 comm="syz.1.1592" name="lp0" dev="devtmpfs" ino=3156 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 145.853143][ T1331] usblp 6-1:0.0: usblp1: USB Bidirectional printer dev 21 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 145.860380][ T40] audit: type=1400 audit(1761740949.812:2121): avc: denied { open } for pid=9996 comm="syz.1.1592" path="/dev/usb/lp0" dev="devtmpfs" ino=3156 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 145.872679][ T1331] usb 6-1: USB disconnect, device number 21 [ 145.879632][ T1331] usblp1: removed [ 145.884494][T10065] netlink: 'syz.0.1618': attribute type 5 has an invalid length. [ 145.990324][ T40] audit: type=1400 audit(1761740949.962:2122): avc: denied { name_bind } for pid=10071 comm="syz.0.1620" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 145.998689][ T40] audit: type=1400 audit(1761740949.962:2123): avc: denied { node_bind } for pid=10071 comm="syz.0.1620" saddr=224.0.0.1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 146.005664][ T40] audit: type=1400 audit(1761740949.962:2124): avc: denied { create } for pid=10071 comm="syz.0.1620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 146.012241][ T40] audit: type=1400 audit(1761740949.962:2125): avc: denied { ioctl } for pid=10071 comm="syz.0.1620" path="socket:[37377]" dev="sockfs" ino=37377 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 146.020555][ T40] audit: type=1400 audit(1761740949.962:2126): avc: denied { write } for pid=10071 comm="syz.0.1620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 146.228949][ T40] audit: type=1400 audit(1761740950.202:2127): avc: denied { connect } for pid=10074 comm="syz.0.1621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 146.235404][ T40] audit: type=1400 audit(1761740950.202:2128): avc: denied { create } for pid=10074 comm="syz.0.1621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 146.241893][ T40] audit: type=1400 audit(1761740950.202:2129): avc: denied { write } for pid=10074 comm="syz.0.1621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 146.332594][T10082] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 146.632058][ T54] usb 8-1: USB disconnect, device number 22 [ 146.640105][ T54] usblp0: removed [ 146.700768][T10122] overlay: Unknown parameter 'pcr' [ 146.728535][T10120] kvm: kvm [10119]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0x0 [ 146.813991][T10133] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 146.878230][ T1331] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 146.879881][ T10] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 147.028311][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 147.032559][ T10] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 147.035996][ T10] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 147.038360][ T1331] usb 7-1: Using ep0 maxpacket: 32 [ 147.041177][ T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 147.044792][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 147.048891][ T1331] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 147.049313][ T10] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 147.051522][ T1331] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 147.055095][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 147.055123][ T10] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 147.055139][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.059762][ T10] usb 6-1: config 0 descriptor?? [ 147.063600][ T1331] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 147.072953][ T1331] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 147.076063][ T1331] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 147.079308][ T1331] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 147.083570][ T1331] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 147.086487][ T1331] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.091533][T10144] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1647'. [ 147.093926][ T1331] usb 7-1: config 0 descriptor?? [ 147.104701][T10144] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1794 sclass=netlink_route_socket pid=10144 comm=syz.0.1647 [ 147.146136][T10148] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 147.182604][T10150] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.186804][T10150] netdevsim netdevsim3 eth3 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0 [ 147.191004][T10150] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.266014][T10150] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.270413][T10150] netdevsim netdevsim3 eth2 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0 [ 147.273765][T10150] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.278508][ T10] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 22 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 147.290382][ T10] usb 6-1: USB disconnect, device number 22 [ 147.297879][ T10] usblp0: removed [ 147.303294][ T1331] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 22 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 147.314186][T10160] Illegal XDP return value 256 on prog (id 112) dev syz_tun, expect packet loss! [ 147.318027][ T1331] usb 7-1: USB disconnect, device number 22 [ 147.326460][ T1331] usblp0: removed [ 147.372450][T10150] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.375720][T10150] netdevsim netdevsim3 eth1 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0 [ 147.380824][T10150] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.433721][T10150] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.437629][T10150] netdevsim netdevsim3 eth0 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0 [ 147.441762][T10150] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.534933][ T13] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.537517][ T13] netdevsim netdevsim3 eth0: set [0, 1] type 1 family 0 port 2816 - 0 [ 147.540711][ T13] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.550506][ T13] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.553544][ T13] netdevsim netdevsim3 eth1: set [0, 1] type 1 family 0 port 2816 - 0 [ 147.556559][ T13] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.566694][ T13] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.569789][ T13] netdevsim netdevsim3 eth2: set [0, 1] type 1 family 0 port 2816 - 0 [ 147.572326][ T13] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.581783][ T46] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.585241][ T46] netdevsim netdevsim3 eth3: set [0, 1] type 1 family 0 port 2816 - 0 [ 147.588604][ T46] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.749446][ T9352] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 147.917091][ T9352] usb 7-1: Using ep0 maxpacket: 32 [ 147.921001][ T9352] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 147.924370][ T9352] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 147.927848][ T9352] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 147.931992][ T9352] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 147.935983][ T9352] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 147.940362][ T9352] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 147.947819][ T9352] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 147.952048][ T9352] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.958339][ T9352] usb 7-1: config 0 descriptor?? [ 147.982819][T10171] random: crng reseeded on system resumption [ 148.367135][ T9352] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 23 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 148.376364][ T9352] usb 7-1: USB disconnect, device number 23 [ 148.383950][ T9352] usblp0: removed [ 148.445187][T10195] binder: 10194:10195 unknown command 0 [ 148.447390][T10195] binder: 10194:10195 ioctl c0306201 200000000080 returned -22 [ 148.452020][T10195] binder: 10194:10195 ioctl c0306201 2000000003c0 returned -14 [ 148.483856][T10200] FAULT_INJECTION: forcing a failure. [ 148.483856][T10200] name failslab, interval 1, probability 0, space 0, times 0 [ 148.488941][T10200] CPU: 0 UID: 0 PID: 10200 Comm: syz.3.1672 Not tainted syzkaller #0 PREEMPT(full) [ 148.488961][T10200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 148.488972][T10200] Call Trace: [ 148.488985][T10200] [ 148.488990][T10200] dump_stack_lvl+0x16c/0x1f0 [ 148.489022][T10200] should_fail_ex+0x512/0x640 [ 148.489041][T10200] ? fs_reclaim_acquire+0xae/0x150 [ 148.489054][T10200] should_failslab+0xc2/0x120 [ 148.489067][T10200] __kmalloc_noprof+0xdd/0x880 [ 148.489084][T10200] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 148.489108][T10200] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 148.489124][T10200] tomoyo_realpath_from_path+0xc2/0x6e0 [ 148.489145][T10200] ? tomoyo_profile+0x47/0x60 [ 148.489170][T10200] tomoyo_path_number_perm+0x245/0x580 [ 148.489193][T10200] ? tomoyo_path_number_perm+0x237/0x580 [ 148.489219][T10200] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 148.489243][T10200] ? find_held_lock+0x2b/0x80 [ 148.489283][T10200] ? find_held_lock+0x2b/0x80 [ 148.489301][T10200] ? hook_file_ioctl_common+0x145/0x410 [ 148.489325][T10200] ? __fget_files+0x20e/0x3c0 [ 148.489342][T10200] security_file_ioctl+0x9b/0x240 [ 148.489361][T10200] __x64_sys_ioctl+0xb7/0x210 [ 148.489385][T10200] do_syscall_64+0xcd/0xfa0 [ 148.489409][T10200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.489421][T10200] RIP: 0033:0x7f94aab8efc9 [ 148.489434][T10200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.489448][T10200] RSP: 002b:00007f94aba01038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 148.489463][T10200] RAX: ffffffffffffffda RBX: 00007f94aade5fa0 RCX: 00007f94aab8efc9 [ 148.489473][T10200] RDX: 0000200000000380 RSI: 000000004008ae89 RDI: 0000000000000005 [ 148.489482][T10200] RBP: 00007f94aba01090 R08: 0000000000000000 R09: 0000000000000000 [ 148.489491][T10200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.489497][T10200] R13: 00007f94aade6038 R14: 00007f94aade5fa0 R15: 00007ffdfc68d718 [ 148.489519][T10200] [ 148.489525][T10200] ERROR: Out of memory at tomoyo_realpath_from_path. [ 148.536327][T10202] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1673'. [ 148.608584][T10206] netlink: 'syz.0.1674': attribute type 2 has an invalid length. [ 148.612082][T10206] netlink: 'syz.0.1674': attribute type 1 has an invalid length. [ 148.615774][T10206] netlink: 'syz.0.1674': attribute type 1 has an invalid length. [ 148.637232][T10208] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.1675'. [ 148.700724][T10212] 8021q: adding VLAN 0 to HW filter on device bond2 [ 148.710044][T10212] bond1: (slave macvlan4): Error -98 calling set_mac_address [ 148.823021][T10219] batadv3: entered allmulticast mode [ 148.825890][T10219] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 148.829831][T10219] bridge0: port 6(batadv3) entered blocking state [ 148.832493][T10219] bridge0: port 6(batadv3) entered disabled state [ 148.836492][T10219] batadv3: entered promiscuous mode [ 148.839443][T10219] bridge0: port 6(batadv3) entered blocking state [ 148.841864][T10219] bridge0: port 6(batadv3) entered forwarding state [ 149.139811][T10238] 8021q: adding VLAN 0 to HW filter on device bond5 [ 149.153016][T10238] bond1: (slave macvlan5): Error -98 calling set_mac_address [ 149.164201][T10241] batadv1: entered allmulticast mode [ 149.166637][T10241] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 149.170006][T10241] bridge0: port 3(batadv1) entered blocking state [ 149.173054][T10241] bridge0: port 3(batadv1) entered disabled state [ 149.177270][T10241] batadv1: entered promiscuous mode [ 149.179708][T10241] bridge0: port 3(batadv1) entered blocking state [ 149.181725][T10241] bridge0: port 3(batadv1) entered forwarding state [ 149.329013][ T1262] batman_adv: batadv3: No IGMP Querier present - multicast optimizations disabled [ 149.332131][ T1262] batman_adv: batadv3: No MLD Querier present - multicast optimizations disabled [ 149.338473][ T1262] bond0: (slave bond_slave_0): interface is now down [ 149.342088][ T1262] bond0: (slave bond_slave_1): interface is now down [ 149.345168][ T1262] bond0: (slave wlan1): interface is now down [ 149.346136][T10264] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1698'. [ 149.347212][ T1262] bond0: (slave dummy0): interface is now down [ 149.353669][ T1262] bond0: (slave syz_tun): interface is now down [ 149.359125][ T1262] bond0: now running without any active interface! [ 149.374579][T10266] batadv2: entered allmulticast mode [ 149.377917][T10266] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 149.381507][T10266] bridge0: port 4(batadv2) entered blocking state [ 149.384435][T10266] bridge0: port 4(batadv2) entered disabled state [ 149.388637][T10266] batadv2: entered promiscuous mode [ 149.391763][T10266] bridge0: port 4(batadv2) entered blocking state [ 149.394571][T10266] bridge0: port 4(batadv2) entered forwarding state [ 149.416058][T10274] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1703'. [ 149.437314][T10276] 8021q: adding VLAN 0 to HW filter on device bond6 [ 149.445445][T10276] bond1: (slave macvlan5): Error -98 calling set_mac_address [ 149.655180][T10294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1711'. [ 149.660107][T10294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1711'. [ 149.663352][T10294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1711'. [ 149.667286][T10294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1711'. [ 149.671631][T10294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1711'. [ 149.678426][ T46] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 149.682348][ T46] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 149.730203][T10302] 8021q: adding VLAN 0 to HW filter on device bond3 [ 149.739676][T10302] bond2: (slave macvlan3): Error -98 calling set_mac_address [ 149.805943][T10309] sch_fq: defrate 4294967295 ignored. [ 149.879267][ T62] batman_adv: batadv2: No IGMP Querier present - multicast optimizations disabled [ 149.883117][ T62] batman_adv: batadv2: No MLD Querier present - multicast optimizations disabled [ 150.121339][T10328] 8021q: adding VLAN 0 to HW filter on device bond4 [ 150.131196][T10328] bond2: (slave macvlan3): Error -98 calling set_mac_address [ 150.427048][T10343] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 150.475477][ T5936] block nbd2: Receive control failed (result -32) [ 150.480988][T10294] block nbd2: shutting down sockets [ 150.521237][T10349] 8021q: adding VLAN 0 to HW filter on device bond5 [ 150.528713][T10349] bond2: (slave macvlan3): Error -98 calling set_mac_address [ 150.834912][T10374] dummy0: entered allmulticast mode [ 150.870693][T10380] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1750'. [ 150.911913][ T40] kauditd_printk_skb: 147 callbacks suppressed [ 150.911924][ T40] audit: type=1400 audit(1761740954.882:2277): avc: denied { module_request } for pid=10386 comm="syz.0.1752" kmod=6E65746465762DA69544B6AE6E scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 150.919525][T10379] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 150.929550][ T40] audit: type=1400 audit(1761740954.902:2278): avc: denied { sys_module } for pid=10386 comm="syz.0.1752" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 150.940838][ T40] audit: type=1400 audit(1761740954.912:2279): avc: denied { read write } for pid=5945 comm="syz-executor" name="loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 150.948694][ T40] audit: type=1400 audit(1761740954.912:2280): avc: denied { open } for pid=5945 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 150.956558][ T40] audit: type=1400 audit(1761740954.912:2281): avc: denied { ioctl } for pid=5945 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 150.964922][ T40] audit: type=1400 audit(1761740954.922:2282): avc: denied { allowed } for pid=10386 comm="syz.0.1752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 150.965863][T10391] smc: net device bond0 applied user defined pnetid SYZ0 [ 150.971196][ T40] audit: type=1400 audit(1761740954.922:2283): avc: denied { read } for pid=10386 comm="syz.0.1752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 150.982316][ T40] audit: type=1400 audit(1761740954.932:2284): avc: denied { read } for pid=10390 comm="syz.3.1753" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 150.989540][ T40] audit: type=1400 audit(1761740954.932:2285): avc: denied { open } for pid=10390 comm="syz.3.1753" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 150.996639][ T40] audit: type=1400 audit(1761740954.942:2286): avc: denied { ioctl } for pid=10390 comm="syz.3.1753" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 151.069851][T10400] netlink: 'syz.0.1756': attribute type 10 has an invalid length. [ 151.072527][T10399] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 151.302097][T10407] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 151.306589][T10407] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.394105][T10407] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 151.398311][T10407] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.522170][T10407] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 151.525227][T10407] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.625172][T10407] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 151.629868][T10407] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.754105][ T6164] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 151.756668][ T6164] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.767382][ T6164] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 151.770096][ T6164] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.781729][ T6164] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 151.784613][ T6164] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.796712][ T1262] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 151.800485][ T1262] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.878592][T10438] mac80211_hwsim hwsim9 : renamed from wlan1 [ 152.270734][T10478] batadv6: entered allmulticast mode [ 152.273882][T10478] 8021q: adding VLAN 0 to HW filter on device batadv6 [ 152.276451][T10478] bridge0: port 8(batadv6) entered blocking state [ 152.279679][T10478] bridge0: port 8(batadv6) entered disabled state [ 152.282759][T10478] batadv6: entered promiscuous mode [ 152.284765][T10478] bridge0: port 8(batadv6) entered blocking state [ 152.287054][T10478] bridge0: port 8(batadv6) entered forwarding state [ 152.540333][T10498] netlink: 'syz.0.1785': attribute type 10 has an invalid length. [ 152.544008][T10497] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.558295][ T55] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 152.698305][ T55] usb 7-1: device descriptor read/64, error -71 [ 152.769421][ T1262] batman_adv: batadv6: No IGMP Querier present - multicast optimizations disabled [ 152.772759][ T1262] batman_adv: batadv6: No MLD Querier present - multicast optimizations disabled [ 152.842995][T10518] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 152.846791][T10518] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.902430][T10518] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 152.905744][T10518] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.948336][ T55] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 152.962053][T10518] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 152.966425][T10518] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.033921][T10518] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 153.037559][T10518] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.068413][ T34] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 153.078236][ T55] usb 7-1: device descriptor read/64, error -71 [ 153.145898][T10524] sch_fq: defrate 4294967295 ignored. [ 153.188511][ T55] usb usb7-port1: attempt power cycle [ 153.228294][ T34] usb 8-1: Using ep0 maxpacket: 32 [ 153.231204][ T34] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 153.234354][ T34] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 153.237284][ T34] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 153.240287][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 153.243638][ T34] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 153.246637][ T34] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 153.250811][ T34] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 153.254053][ T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.258274][ T34] usb 8-1: config 0 descriptor?? [ 153.463305][T10516] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 153.466178][T10516] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 153.482475][T10531] batadv4: entered allmulticast mode [ 153.485889][T10531] 8021q: adding VLAN 0 to HW filter on device batadv4 [ 153.489373][T10531] bridge0: port 7(batadv4) entered blocking state [ 153.491731][T10531] bridge0: port 7(batadv4) entered disabled state [ 153.494649][T10531] batadv4: entered promiscuous mode [ 153.496429][T10531] bridge0: port 7(batadv4) entered blocking state [ 153.498487][T10531] bridge0: port 7(batadv4) entered forwarding state [ 153.538340][ T55] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 153.559562][ T55] usb 7-1: device descriptor read/8, error -71 [ 153.608842][ T5936] Bluetooth: to_multiplier 54284 > 3200 [ 153.673718][ T34] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 23 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 153.679177][ T34] usb 8-1: USB disconnect, device number 23 [ 153.685533][ T34] usblp0: removed [ 153.798432][ T55] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 153.819005][ T55] usb 7-1: device descriptor read/8, error -71 [ 153.928388][ T55] usb usb7-port1: unable to enumerate USB device [ 153.978373][ T1147] batman_adv: batadv4: No IGMP Querier present - multicast optimizations disabled [ 153.982237][ T1147] batman_adv: batadv4: No MLD Querier present - multicast optimizations disabled [ 154.214414][T10545] sch_fq: defrate 4294967295 ignored. [ 154.601566][T10557] __nla_validate_parse: 3 callbacks suppressed [ 154.601584][T10557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1807'. [ 154.610018][T10557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1807'. [ 154.613978][T10557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1807'. [ 154.617857][T10557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1807'. [ 154.622468][T10557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1807'. [ 154.661238][T10559] 8021q: adding VLAN 0 to HW filter on device bond3 [ 154.675559][T10559] bond1: (slave macvlan4): Error -98 calling set_mac_address [ 154.701188][T10564] netlink: 'syz.3.1810': attribute type 10 has an invalid length. [ 154.703989][T10563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 155.377757][T10586] binder: 10585:10586 unknown command 0 [ 155.382061][T10586] binder: 10585:10586 ioctl c0306201 200000000080 returned -22 [ 155.390049][T10586] binder: 10585:10586 ioctl c0306201 2000000003c0 returned -14 [ 155.393426][ T54] IPVS: starting estimator thread 0... [ 155.478921][T10589] IPVS: using max 45 ests per chain, 108000 per kthread [ 155.481793][T10597] overlayfs: conflicting options: nfs_export=on,index=off [ 155.518552][T10600] FAULT_INJECTION: forcing a failure. [ 155.518552][T10600] name failslab, interval 1, probability 0, space 0, times 0 [ 155.522826][T10600] CPU: 2 UID: 0 PID: 10600 Comm: syz.2.1824 Not tainted syzkaller #0 PREEMPT(full) [ 155.522843][T10600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 155.522856][T10600] Call Trace: [ 155.522860][T10600] [ 155.522865][T10600] dump_stack_lvl+0x16c/0x1f0 [ 155.522885][T10600] should_fail_ex+0x512/0x640 [ 155.522898][T10600] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 155.522917][T10600] should_failslab+0xc2/0x120 [ 155.522930][T10600] kmem_cache_alloc_node_noprof+0x78/0x770 [ 155.522946][T10600] ? __alloc_skb+0x2b2/0x380 [ 155.522962][T10600] ? __alloc_skb+0x2b2/0x380 [ 155.522973][T10600] ? __pfx_netlink_insert+0x10/0x10 [ 155.522988][T10600] __alloc_skb+0x2b2/0x380 [ 155.523000][T10600] ? __pfx___alloc_skb+0x10/0x10 [ 155.523013][T10600] ? netlink_autobind.isra.0+0x158/0x370 [ 155.523031][T10600] netlink_alloc_large_skb+0x69/0x140 [ 155.523047][T10600] netlink_sendmsg+0x698/0xdd0 [ 155.523065][T10600] ? __pfx_netlink_sendmsg+0x10/0x10 [ 155.523085][T10600] ____sys_sendmsg+0xa98/0xc70 [ 155.523105][T10600] ? copy_msghdr_from_user+0x10a/0x160 [ 155.523123][T10600] ? __pfx_____sys_sendmsg+0x10/0x10 [ 155.523159][T10600] ___sys_sendmsg+0x134/0x1d0 [ 155.523184][T10600] ? __pfx____sys_sendmsg+0x10/0x10 [ 155.523204][T10600] ? __lock_acquire+0x622/0x1c90 [ 155.523262][T10600] __sys_sendmsg+0x16d/0x220 [ 155.523283][T10600] ? __pfx___sys_sendmsg+0x10/0x10 [ 155.523308][T10600] do_syscall_64+0xcd/0xfa0 [ 155.523325][T10600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.523336][T10600] RIP: 0033:0x7f41ca18efc9 [ 155.523346][T10600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.523360][T10600] RSP: 002b:00007f41cb060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 155.523376][T10600] RAX: ffffffffffffffda RBX: 00007f41ca3e5fa0 RCX: 00007f41ca18efc9 [ 155.523386][T10600] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000005 [ 155.523396][T10600] RBP: 00007f41cb060090 R08: 0000000000000000 R09: 0000000000000000 [ 155.523406][T10600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.523415][T10600] R13: 00007f41ca3e6038 R14: 00007f41ca3e5fa0 R15: 00007ffe2091fe58 [ 155.523442][T10600] [ 155.648772][ T5936] Bluetooth: hci1: command tx timeout [ 155.649705][T10606] netlink: 'syz.2.1827': attribute type 10 has an invalid length. [ 155.654839][T10605] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 155.938750][T10635] netlink: 'syz.3.1837': attribute type 1 has an invalid length. [ 155.992953][T10636] bond2: option arp_validate: mode dependency failed, not supported in mode 802.3ad(4) [ 156.049190][ T40] kauditd_printk_skb: 116 callbacks suppressed [ 156.049206][ T40] audit: type=1400 audit(1761740960.022:2403): avc: denied { map_create } for pid=10634 comm="syz.3.1837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 156.105665][ T6164] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 156.109148][ T6164] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.120747][ T1262] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 156.123548][ T1262] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.134295][ T1262] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 156.137800][ T1262] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.149762][ T1262] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 156.153294][ T1262] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.209073][ T40] audit: type=1400 audit(1761740960.182:2404): avc: denied { create } for pid=10637 comm="syz.2.1839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 156.215458][ T40] audit: type=1400 audit(1761740960.182:2405): avc: denied { write } for pid=10637 comm="syz.2.1839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 156.236606][ T40] audit: type=1400 audit(1761740960.202:2406): avc: denied { map_read map_write } for pid=10641 comm="syz.1.1840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 156.244873][ T40] audit: type=1400 audit(1761740960.202:2407): avc: denied { create } for pid=10641 comm="syz.1.1840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 156.343649][T10645] netlink: 'syz.2.1841': attribute type 11 has an invalid length. [ 156.371447][ T40] audit: type=1400 audit(1761740960.342:2408): avc: denied { create } for pid=10647 comm="syz.2.1842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 156.417347][ T40] audit: type=1400 audit(1761740960.382:2409): avc: denied { write } for pid=10649 comm="syz.2.1843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 156.422898][T10650] NILFS (nbd2): device size too small [ 156.425467][ T40] audit: type=1400 audit(1761740960.382:2410): avc: denied { read } for pid=10649 comm="syz.2.1843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 156.436089][ T40] audit: type=1400 audit(1761740960.382:2411): avc: denied { create } for pid=10649 comm="syz.2.1843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 156.443851][ T40] audit: type=1400 audit(1761740960.382:2412): avc: denied { getopt } for pid=10649 comm="syz.2.1843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 156.640428][T10659] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8474 sclass=netlink_route_socket pid=10659 comm=syz.2.1848 [ 156.645386][T10659] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10659 comm=syz.2.1848 [ 156.808076][T10671] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.862289][T10671] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.913125][T10671] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.035965][T10671] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.120760][T10678] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1855'. [ 157.127272][T10678] vlan3: entered promiscuous mode [ 157.127559][T10642] syz.1.1840: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 157.129807][T10678] gretap0: entered promiscuous mode [ 157.135824][T10642] CPU: 1 UID: 0 PID: 10642 Comm: syz.1.1840 Not tainted syzkaller #0 PREEMPT(full) [ 157.135842][T10642] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 157.135849][T10642] Call Trace: [ 157.135853][T10642] [ 157.135857][T10642] dump_stack_lvl+0x16c/0x1f0 [ 157.135876][T10642] warn_alloc+0x248/0x3a0 [ 157.135893][T10642] ? __pfx_warn_alloc+0x10/0x10 [ 157.135913][T10642] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 157.135926][T10642] ? __vmalloc_node_noprof+0xad/0xf0 [ 157.135941][T10642] __vmalloc_node_range_noprof+0xfe2/0x1480 [ 157.135959][T10642] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 157.135974][T10642] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 157.135992][T10642] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 157.136005][T10642] vmalloc_user_noprof+0x9e/0xe0 [ 157.136019][T10642] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 157.136031][T10642] vb2_vmalloc_alloc+0x135/0x3f0 [ 157.136044][T10642] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 157.136056][T10642] __vb2_queue_alloc+0x8c9/0x1280 [ 157.136075][T10642] vb2_core_reqbufs+0xa90/0xfe0 [ 157.136090][T10642] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 157.136101][T10642] ? __pfx___mutex_trylock_common+0x10/0x10 [ 157.136113][T10642] ? __pfx___might_resched+0x10/0x10 [ 157.136128][T10642] ? trace_contention_end+0xdd/0x130 [ 157.136137][T10642] ? __mutex_lock+0x1c5/0x1060 [ 157.136146][T10642] ? avc_has_extended_perms+0x47c/0x1090 [ 157.136163][T10642] vb2_ioctl_reqbufs+0x291/0x450 [ 157.136174][T10642] ? __pfx_vb2_ioctl_reqbufs+0x10/0x10 [ 157.136183][T10642] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 157.136198][T10642] ? kasan_quarantine_put+0x10a/0x240 [ 157.136211][T10642] vidioc_reqbufs+0x86/0x100 [ 157.136227][T10642] v4l_reqbufs+0x142/0x1d0 [ 157.136242][T10642] __video_do_ioctl+0xb77/0xf00 [ 157.136259][T10642] ? __might_fault+0xe3/0x190 [ 157.136274][T10642] ? __pfx___video_do_ioctl+0x10/0x10 [ 157.136293][T10642] video_usercopy+0x4d0/0x1720 [ 157.136310][T10642] ? __pfx___video_do_ioctl+0x10/0x10 [ 157.136324][T10642] ? selinux_kernel_read_file+0x80/0x130 [ 157.136335][T10642] ? __pfx_video_usercopy+0x10/0x10 [ 157.136360][T10642] v4l2_ioctl+0x1bd/0x250 [ 157.136374][T10642] ? __pfx_v4l2_ioctl+0x10/0x10 [ 157.136389][T10642] __x64_sys_ioctl+0x18e/0x210 [ 157.136404][T10642] do_syscall_64+0xcd/0xfa0 [ 157.136421][T10642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.136431][T10642] RIP: 0033:0x7f1e5138efc9 [ 157.136441][T10642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.136451][T10642] RSP: 002b:00007f1e5215a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 157.136461][T10642] RAX: ffffffffffffffda RBX: 00007f1e515e5fa0 RCX: 00007f1e5138efc9 [ 157.136468][T10642] RDX: 0000200000000000 RSI: 00000000c0145608 RDI: 0000000000000005 [ 157.136474][T10642] RBP: 00007f1e51411f91 R08: 0000000000000000 R09: 0000000000000000 [ 157.136480][T10642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.136486][T10642] R13: 00007f1e515e6038 R14: 00007f1e515e5fa0 R15: 00007fff0abd74a8 [ 157.136499][T10642] [ 157.136503][T10642] Mem-Info: [ 157.233145][T10642] active_anon:27018 inactive_anon:88 isolated_anon:0 [ 157.233145][T10642] active_file:2756 inactive_file:52706 isolated_file:0 [ 157.233145][T10642] unevictable:1768 dirty:108 writeback:0 [ 157.233145][T10642] slab_reclaimable:13464 slab_unreclaimable:80640 [ 157.233145][T10642] mapped:25406 shmem:18832 pagetables:1406 [ 157.233145][T10642] sec_pagetables:312 bounce:0 [ 157.233145][T10642] kernel_misc_reclaimable:0 [ 157.233145][T10642] free:342007 free_pcp:13136 free_cma:0 [ 157.246768][T10642] Node 0 active_anon:107556kB inactive_anon:352kB active_file:10828kB inactive_file:206528kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:101516kB dirty:428kB writeback:0kB shmem:71696kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:13424kB pagetables:4712kB sec_pagetables:1248kB all_unreclaimable? no Balloon:0kB [ 157.256938][T10642] Node 1 active_anon:516kB inactive_anon:0kB active_file:196kB inactive_file:204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:108kB dirty:4kB writeback:0kB shmem:3632kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:176kB pagetables:912kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 157.266338][T10642] Node 0 DMA free:5360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:628kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:404kB local_pcp:124kB free_cma:0kB [ 157.275356][T10642] lowmem_reserve[]: 0 1239 1239 1239 1239 [ 157.277153][T10642] Node 0 DMA32 free:49608kB boost:0kB min:27580kB low:34472kB high:41364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:107556kB inactive_anon:352kB active_file:10828kB inactive_file:200568kB unevictable:3536kB writepending:428kB zspages:0kB present:2080628kB managed:1269500kB mlocked:0kB bounce:0kB free_pcp:9740kB local_pcp:8060kB free_cma:0kB [ 157.287429][T10642] lowmem_reserve[]: 0 0 0 0 0 [ 157.289008][T10642] Node 1 Normal free:1322868kB boost:0kB min:39660kB low:49572kB high:59484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:516kB inactive_anon:0kB active_file:196kB inactive_file:204kB unevictable:3536kB writepending:4kB zspages:0kB present:2097152kB managed:1781892kB mlocked:0kB bounce:0kB free_pcp:42664kB local_pcp:1204kB free_cma:0kB [ 157.298543][T10642] lowmem_reserve[]: 0 0 0 0 0 [ 157.300000][T10642] Node 0 DMA: 7*4kB (M) 7*8kB (UM) 8*16kB (M) 6*32kB (M) 9*64kB (M) 6*128kB (UM) 2*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 0*2048kB 0*4096kB = 5332kB [ 157.304545][T10642] Node 0 DMA32: 297*4kB (UME) 164*8kB (UME) 109*16kB (UME) 149*32kB (UME) 49*64kB (UME) 54*128kB (UM) 27*256kB (M) 14*512kB (M) 5*1024kB (M) 2*2048kB (M) 2*4096kB (M) = 50548kB [ 157.310489][T10642] Node 1 Normal: 2*4kB (E) 5*8kB (E) 0*16kB 2*32kB (UE) 5*64kB (E) 6*128kB (ME) 2*256kB (UM) 2*512kB (UE) 1*1024kB (E) 2*2048kB (UM) 321*4096kB (M) = 1322672kB [ 157.315213][T10642] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 157.318036][T10642] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 157.321032][T10642] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 157.323804][T10642] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 157.326534][T10642] 71935 total pagecache pages [ 157.327932][T10642] 0 pages in swap cache [ 157.329487][T10642] Free swap = 124996kB [ 157.330754][T10642] Total swap = 124996kB [ 157.331993][T10642] 1048443 pages RAM [ 157.333164][T10642] 0 pages HighMem/MovableOnly [ 157.333814][ T1154] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.334548][T10642] 281755 pages reserved [ 157.334555][T10642] 0 pages cma reserved [ 157.348878][ T6164] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.389125][ T1147] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.409850][ T1147] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.444795][T10684] batadv5: entered allmulticast mode [ 157.447284][T10684] 8021q: adding VLAN 0 to HW filter on device batadv5 [ 157.450214][T10684] bridge0: port 8(batadv5) entered blocking state [ 157.452288][T10684] bridge0: port 8(batadv5) entered disabled state [ 157.455370][T10684] batadv5: entered promiscuous mode [ 157.457359][T10684] bridge0: port 8(batadv5) entered blocking state [ 157.459782][T10684] bridge0: port 8(batadv5) entered forwarding state [ 157.581237][T10703] random: crng reseeded on system resumption [ 157.621438][T10707] binder: BINDER_SET_CONTEXT_MGR already set [ 157.623369][T10707] binder: 10706:10707 ioctl 4018620d 2000000000c0 returned -16 [ 157.692888][T10710] batadv6: entered allmulticast mode [ 157.695217][T10710] 8021q: adding VLAN 0 to HW filter on device batadv6 [ 157.699150][T10710] bridge0: port 9(batadv6) entered blocking state [ 157.701777][T10710] bridge0: port 9(batadv6) entered disabled state [ 157.704658][T10710] batadv6: entered promiscuous mode [ 157.706831][T10710] bridge0: port 9(batadv6) entered blocking state [ 157.709295][T10710] bridge0: port 9(batadv6) entered forwarding state [ 157.721605][T10712] FAULT_INJECTION: forcing a failure. [ 157.721605][T10712] name failslab, interval 1, probability 0, space 0, times 0 [ 157.725409][T10712] CPU: 3 UID: 0 PID: 10712 Comm: syz.3.1870 Not tainted syzkaller #0 PREEMPT(full) [ 157.725423][T10712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 157.725429][T10712] Call Trace: [ 157.725433][T10712] [ 157.725438][T10712] dump_stack_lvl+0x16c/0x1f0 [ 157.725457][T10712] should_fail_ex+0x512/0x640 [ 157.725469][T10712] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 157.725483][T10712] should_failslab+0xc2/0x120 [ 157.725496][T10712] kmem_cache_alloc_noprof+0x75/0x6e0 [ 157.725513][T10712] ? skb_clone+0x190/0x3f0 [ 157.725529][T10712] ? skb_clone+0x190/0x3f0 [ 157.725541][T10712] skb_clone+0x190/0x3f0 [ 157.725554][T10712] netlink_deliver_tap+0xabd/0xd30 [ 157.725571][T10712] netlink_unicast+0x64c/0x870 [ 157.725600][T10712] ? __pfx_netlink_unicast+0x10/0x10 [ 157.725620][T10712] netlink_sendmsg+0x8c8/0xdd0 [ 157.725636][T10712] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.725656][T10712] ____sys_sendmsg+0xa98/0xc70 [ 157.725672][T10712] ? copy_msghdr_from_user+0x10a/0x160 [ 157.725685][T10712] ? __pfx_____sys_sendmsg+0x10/0x10 [ 157.725707][T10712] ___sys_sendmsg+0x134/0x1d0 [ 157.725721][T10712] ? __pfx____sys_sendmsg+0x10/0x10 [ 157.725733][T10712] ? __lock_acquire+0x622/0x1c90 [ 157.725769][T10712] __sys_sendmsg+0x16d/0x220 [ 157.725783][T10712] ? __pfx___sys_sendmsg+0x10/0x10 [ 157.725805][T10712] do_syscall_64+0xcd/0xfa0 [ 157.725822][T10712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.725832][T10712] RIP: 0033:0x7f94aab8efc9 [ 157.725842][T10712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.725851][T10712] RSP: 002b:00007f94aba01038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 157.725862][T10712] RAX: ffffffffffffffda RBX: 00007f94aade5fa0 RCX: 00007f94aab8efc9 [ 157.725868][T10712] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000005 [ 157.725874][T10712] RBP: 00007f94aba01090 R08: 0000000000000000 R09: 0000000000000000 [ 157.725879][T10712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.725885][T10712] R13: 00007f94aade6038 R14: 00007f94aade5fa0 R15: 00007ffdfc68d718 [ 157.725899][T10712] [ 157.797901][T10718] netlink: 'syz.2.1873': attribute type 30 has an invalid length. [ 157.810719][T10716] overlayfs: failed to resolve './file0': -2 [ 157.852300][ T5936] Bluetooth: hci1: Malformed HCI Event [ 157.875625][T10726] xt_CT: No such helper "snmp_trap" [ 157.958918][ T1147] batman_adv: batadv5: No IGMP Querier present - multicast optimizations disabled [ 157.961928][ T1147] batman_adv: batadv5: No MLD Querier present - multicast optimizations disabled [ 158.123677][T10737] batadv7: entered allmulticast mode [ 158.126497][T10737] 8021q: adding VLAN 0 to HW filter on device batadv7 [ 158.130844][T10737] bridge0: port 9(batadv7) entered blocking state [ 158.133103][T10737] bridge0: port 9(batadv7) entered disabled state [ 158.136261][T10737] batadv7: entered promiscuous mode [ 158.138440][T10737] bridge0: port 9(batadv7) entered blocking state [ 158.140517][T10737] bridge0: port 9(batadv7) entered forwarding state [ 158.177748][T10741] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1882'. [ 158.181727][T10741] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1882'. [ 158.185470][T10741] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1882'. [ 158.190499][T10741] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1882'. [ 158.198331][ T1147] batman_adv: batadv6: No IGMP Querier present - multicast optimizations disabled [ 158.202027][ T1147] batman_adv: batadv6: No MLD Querier present - multicast optimizations disabled [ 158.214142][T10743] binder: BINDER_SET_CONTEXT_MGR already set [ 158.216238][T10743] binder: 10742:10743 ioctl 4018620d 2000000001c0 returned -16 [ 158.220127][T10743] binder: 10742:10743 unknown command 0 [ 158.222249][T10743] binder: 10742:10743 ioctl c0306201 200000000080 returned -22 [ 158.226524][T10743] binder: BINDER_SET_CONTEXT_MGR already set [ 158.228774][T10743] binder: 10742:10743 ioctl 4018620d 200000000040 returned -16 [ 158.231344][T10743] binder: 10742:10743 ioctl c0306201 2000000003c0 returned -14 [ 158.262931][T10747] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 158.265608][T10747] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 158.270891][T10747] vhci_hcd vhci_hcd.0: Device attached [ 158.283342][T10750] vhci_hcd: connection closed [ 158.284966][ T6164] vhci_hcd: stop threads [ 158.289760][ T6164] vhci_hcd: release socket [ 158.292084][ T6164] vhci_hcd: disconnect device [ 158.438957][T10757] batadv7: entered allmulticast mode [ 158.441630][T10757] 8021q: adding VLAN 0 to HW filter on device batadv7 [ 158.444213][T10757] bridge0: port 10(batadv7) entered blocking state [ 158.446627][T10757] bridge0: port 10(batadv7) entered disabled state [ 158.451885][T10757] batadv7: entered promiscuous mode [ 158.454910][T10757] bridge0: port 10(batadv7) entered blocking state [ 158.458051][T10757] bridge0: port 10(batadv7) entered forwarding state [ 158.628315][ T6164] batman_adv: batadv7: No IGMP Querier present - multicast optimizations disabled [ 158.631681][ T6164] batman_adv: batadv7: No MLD Querier present - multicast optimizations disabled [ 158.684910][T10769] program syz.2.1895 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 158.851515][T10784] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 158.854587][T10784] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.938328][ T46] batman_adv: batadv7: No IGMP Querier present - multicast optimizations disabled [ 158.941371][ T46] batman_adv: batadv7: No MLD Querier present - multicast optimizations disabled [ 158.953998][T10784] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 158.958204][T10784] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.983780][T10790] 8021q: adding VLAN 0 to HW filter on device bond7 [ 158.994390][T10790] bond1: (slave macvlan5): Error -98 calling set_mac_address [ 159.013513][T10784] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 159.016626][T10784] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.092017][T10784] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 159.095047][T10784] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.132546][T10797] binder: BINDER_SET_CONTEXT_MGR already set [ 159.135153][T10797] binder: 10796:10797 ioctl 4018620d 2000000001c0 returned -16 [ 159.139642][T10797] binder: 10796:10797 unknown command 0 [ 159.142131][T10797] binder: 10796:10797 ioctl c0306201 200000000080 returned -22 [ 159.146541][T10797] binder: BINDER_SET_CONTEXT_MGR already set [ 159.149276][T10797] binder: 10796:10797 ioctl 4018620d 200000000040 returned -16 [ 159.152575][T10797] binder: 10796:10797 ioctl c0306201 2000000003c0 returned -14 [ 159.252876][T10806] sch_fq: defrate 4294967295 ignored. [ 159.392495][T10817] netlink: 'syz.2.1911': attribute type 10 has an invalid length. [ 159.396188][T10816] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 159.526400][T10819] batadv3: entered allmulticast mode [ 159.529047][T10819] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 159.531343][T10819] bridge0: port 5(batadv3) entered blocking state [ 159.533363][T10819] bridge0: port 5(batadv3) entered disabled state [ 159.536084][T10819] batadv3: entered promiscuous mode [ 159.537938][T10819] bridge0: port 5(batadv3) entered blocking state [ 159.540045][T10819] bridge0: port 5(batadv3) entered forwarding state [ 159.780836][ T1154] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 159.783461][ T1154] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.792481][ T13] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 159.795218][ T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.802884][ T1154] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 159.806279][ T1154] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.818451][ T1154] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 159.821246][ T1154] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.873024][ T5936] Bluetooth: Unknown BR/EDR signaling command 0x0c [ 159.875828][ T5936] Bluetooth: Wrong link type (-22) [ 159.879920][ T5936] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 159.882106][ T5936] Bluetooth: Wrong link type (-22) [ 159.883910][ T5936] Bluetooth: hci0: link tx timeout [ 159.886207][ T5936] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 159.937423][T10828] binder: BINDER_SET_CONTEXT_MGR already set [ 159.940304][T10828] binder: 10827:10828 ioctl 4018620d 2000000001c0 returned -16 [ 159.944427][T10828] binder: 10827:10828 unknown command 0 [ 159.946761][T10828] binder: 10827:10828 ioctl c0306201 200000000080 returned -22 [ 159.951221][T10828] binder: 10827:10828 ioctl c0306201 2000000003c0 returned -14 [ 160.038566][ T1262] batman_adv: batadv3: No IGMP Querier present - multicast optimizations disabled [ 160.042390][ T1262] batman_adv: batadv3: No MLD Querier present - multicast optimizations disabled [ 160.057691][T10838] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=10838 comm=syz.2.1920 [ 160.103134][T10842] __nla_validate_parse: 2 callbacks suppressed [ 160.103145][T10842] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1921'. [ 160.110031][T10842] IPv6: NLM_F_CREATE should be specified when creating new route [ 160.112367][T10842] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 160.114795][T10842] IPv6: NLM_F_CREATE should be set when creating new route [ 160.117020][T10842] IPv6: NLM_F_CREATE should be set when creating new route [ 160.125404][T10844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1922'. [ 160.130667][T10844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1922'. [ 160.133747][T10844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1922'. [ 160.136868][T10844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1922'. [ 160.140235][T10844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1922'. [ 160.209705][T10841] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 160.238820][T10851] FAULT_INJECTION: forcing a failure. [ 160.238820][T10851] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 160.242830][T10851] CPU: 2 UID: 0 PID: 10851 Comm: syz.2.1924 Not tainted syzkaller #0 PREEMPT(full) [ 160.242850][T10851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 160.242859][T10851] Call Trace: [ 160.242869][T10851] [ 160.242874][T10851] dump_stack_lvl+0x16c/0x1f0 [ 160.242904][T10851] should_fail_ex+0x512/0x640 [ 160.242925][T10851] _copy_from_user+0x2e/0xd0 [ 160.242938][T10851] copy_msghdr_from_user+0x98/0x160 [ 160.242953][T10851] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 160.242973][T10851] ___sys_sendmsg+0xfe/0x1d0 [ 160.242987][T10851] ? __pfx____sys_sendmsg+0x10/0x10 [ 160.242999][T10851] ? __lock_acquire+0x622/0x1c90 [ 160.243031][T10851] __sys_sendmsg+0x16d/0x220 [ 160.243044][T10851] ? __pfx___sys_sendmsg+0x10/0x10 [ 160.243065][T10851] do_syscall_64+0xcd/0xfa0 [ 160.243081][T10851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.243092][T10851] RIP: 0033:0x7f41ca18efc9 [ 160.243100][T10851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.243110][T10851] RSP: 002b:00007f41cb060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 160.243120][T10851] RAX: ffffffffffffffda RBX: 00007f41ca3e5fa0 RCX: 00007f41ca18efc9 [ 160.243126][T10851] RDX: 0000000000000800 RSI: 0000200000000000 RDI: 0000000000000004 [ 160.243133][T10851] RBP: 00007f41cb060090 R08: 0000000000000000 R09: 0000000000000000 [ 160.243138][T10851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.243144][T10851] R13: 00007f41ca3e6038 R14: 00007f41ca3e5fa0 R15: 00007ffe2091fe58 [ 160.243158][T10851] [ 160.256058][T10853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1925'. [ 160.274286][T10856] binder: BINDER_SET_CONTEXT_MGR already set [ 160.280237][T10853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1925'. [ 160.282287][T10856] binder: 10854:10856 ioctl 4018620d 2000000001c0 returned -16 [ 160.287301][T10853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1925'. [ 160.306568][T10856] binder: 10854:10856 unknown command 0 [ 160.308612][T10853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1925'. [ 160.310313][T10856] binder: 10854:10856 ioctl c0306201 200000000080 returned -22 [ 160.328314][T10856] binder: 10854:10856 ioctl c0306201 2000000003c0 returned -14 [ 160.335980][T10853] VFS: Mount too revealing [ 160.465785][T10869] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.534776][T10869] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.595859][T10869] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.672436][T10869] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.695938][T10880] tipc: Can't bind to reserved service type 0 [ 160.937409][T10893] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=10893 comm=syz.1.1941 [ 160.944014][T10893] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=10893 comm=syz.1.1941 [ 160.949215][T10893] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=10893 comm=syz.1.1941 [ 160.957065][T10893] bond0: (slave dummy0): Releasing backup interface [ 160.964319][T10893] batman_adv: batadv0: Adding interface: dummy0 [ 160.967092][T10893] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 160.978094][T10893] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 161.076743][ T40] kauditd_printk_skb: 173 callbacks suppressed [ 161.076756][ T40] audit: type=1400 audit(1761740965.042:2586): avc: denied { map_create } for pid=10909 comm="syz.1.1946" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 161.090814][ T40] audit: type=1400 audit(1761740965.042:2587): avc: denied { map_read map_write } for pid=10909 comm="syz.1.1946" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 161.127504][ T40] audit: type=1400 audit(1761740965.092:2588): avc: denied { create } for pid=10915 comm="syz.3.1948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 161.133754][ T40] audit: type=1400 audit(1761740965.102:2589): avc: denied { bind } for pid=10915 comm="syz.3.1948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 161.140241][ T40] audit: type=1400 audit(1761740965.102:2590): avc: denied { write } for pid=10915 comm="syz.3.1948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 161.147737][ T40] audit: type=1400 audit(1761740965.102:2591): avc: denied { ioctl } for pid=10919 comm="syz.0.1950" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=40851 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 161.169402][ T40] audit: type=1400 audit(1761740965.132:2592): avc: denied { create } for pid=10921 comm="syz.1.1951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 161.169929][T10923] Unsupported ieee802154 address type: 0 [ 161.175383][ T40] audit: type=1400 audit(1761740965.142:2593): avc: denied { bind } for pid=10921 comm="syz.1.1951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 161.175407][ T40] audit: type=1400 audit(1761740965.142:2594): avc: denied { read } for pid=10922 comm="syz.3.1952" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 161.175429][ T40] audit: type=1400 audit(1761740965.142:2595): avc: denied { open } for pid=10922 comm="syz.3.1952" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 161.374881][T10938] netlink: 'syz.0.1957': attribute type 7 has an invalid length. [ 161.524797][T10949] netlink: 'syz.0.1962': attribute type 10 has an invalid length. [ 161.528548][T10948] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 161.562402][ T1154] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.570025][ T1154] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.586780][ T1154] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.590389][ T1154] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.598534][ T9852] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 161.709172][T10961] erspan0: entered promiscuous mode [ 161.759073][ T9852] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 161.761771][T10963] batadv8: entered allmulticast mode [ 161.764463][ T9852] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 161.765711][T10963] 8021q: adding VLAN 0 to HW filter on device batadv8 [ 161.767992][ T9852] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 161.768019][ T9852] usb 8-1: config 0 interface 0 has no altsetting 0 [ 161.771668][T10963] bridge0: port 10(batadv8) entered blocking state [ 161.777025][ T9852] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 161.777637][T10963] bridge0: port 10(batadv8) entered disabled state [ 161.780510][ T9852] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 161.784159][T10963] batadv8: entered promiscuous mode [ 161.785737][ T9852] usb 8-1: config 0 interface 0 has no altsetting 0 [ 161.791309][T10963] bridge0: port 10(batadv8) entered blocking state [ 161.793858][ T9852] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 161.794612][T10963] bridge0: port 10(batadv8) entered forwarding state [ 161.797109][ T9852] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 161.808291][ T9852] usb 8-1: config 0 interface 0 has no altsetting 0 [ 161.811921][ T9852] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 161.815701][ T9852] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 161.820121][ T9852] usb 8-1: config 0 interface 0 has no altsetting 0 [ 161.823921][ T9852] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 161.828379][ T9852] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 161.832909][ T9852] usb 8-1: config 0 interface 0 has no altsetting 0 [ 161.836702][ T9852] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 161.840579][ T9852] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 161.845131][ T9852] usb 8-1: config 0 interface 0 has no altsetting 0 [ 161.849375][ T9852] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 161.853233][ T9852] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 161.857831][ T9852] usb 8-1: config 0 interface 0 has no altsetting 0 [ 161.861810][ T9852] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 161.865378][ T9852] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 161.870771][ T9852] usb 8-1: config 0 interface 0 has no altsetting 0 [ 161.876186][ T9852] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 161.879830][ T9852] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 161.883452][ T9852] usb 8-1: Product: syz [ 161.885250][ T9852] usb 8-1: Manufacturer: syz [ 161.887173][ T9852] usb 8-1: SerialNumber: syz [ 161.892426][ T9852] usb 8-1: config 0 descriptor?? [ 161.898755][ T9852] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 161.971761][ T66] Bluetooth: hci0: command 0x0406 tx timeout [ 162.163885][T10989] MINIX-fs: unable to read superblock [ 162.258563][ T1147] batman_adv: batadv8: No IGMP Querier present - multicast optimizations disabled [ 162.261674][ T1147] batman_adv: batadv8: No MLD Querier present - multicast optimizations disabled [ 162.381331][T10014] bond0: (slave syz_tun): Releasing backup interface [ 162.443172][ T66] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 162.447122][ T66] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 162.452098][ T66] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 162.458073][ T66] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 162.462372][ T66] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 162.766437][T10994] chnl_net:caif_netlink_parms(): no params data found [ 162.861319][T10994] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.865480][T10994] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.868602][T10994] bridge_slave_0: entered allmulticast mode [ 162.871646][T10994] bridge_slave_0: entered promiscuous mode [ 162.875516][T10994] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.878227][T10994] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.880473][T10994] bridge_slave_1: entered allmulticast mode [ 162.883865][T10994] bridge_slave_1: entered promiscuous mode [ 162.919550][T11013] binder: 11012:11013 ioctl c0306201 2000000003c0 returned -14 [ 162.931702][T10994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 162.939353][T10994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 162.973685][T11011] netlink: 'syz.2.1984': attribute type 10 has an invalid length. [ 162.975104][T10994] team0: Port device team_slave_0 added [ 162.980144][T10994] team0: Port device team_slave_1 added [ 163.013027][T10994] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.015294][T10994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 163.023629][T10994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.028939][T10994] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.031605][T10994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 163.042327][T10994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.081549][T11019] netlink: 'syz.1.1987': attribute type 4 has an invalid length. [ 163.101284][T10994] hsr_slave_0: entered promiscuous mode [ 163.103548][T10994] hsr_slave_1: entered promiscuous mode [ 163.105658][T10994] debugfs: 'hsr0' already exists in 'hsr' [ 163.107449][T10994] Cannot create hsr debugfs directory [ 163.202632][T10994] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 163.206733][T10994] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.223849][T11027] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.276506][T10994] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 163.279938][T10994] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.346385][T11027] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.413839][T10994] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 163.416789][T10994] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.483396][T11027] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.552381][T10994] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 163.555415][T10994] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.614344][T11027] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.711567][T10994] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 163.715751][T10994] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 163.722243][T10994] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 163.728536][T10994] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 163.781814][T10994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 163.804120][T10994] 8021q: adding VLAN 0 to HW filter on device team0 [ 163.815140][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.817950][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 163.824864][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.827572][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 163.957471][T10994] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.989677][T10994] veth0_vlan: entered promiscuous mode [ 163.996608][T10994] veth1_vlan: entered promiscuous mode [ 164.014584][T10994] veth0_macvtap: entered promiscuous mode [ 164.019176][T10994] veth1_macvtap: entered promiscuous mode [ 164.032142][T10994] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.041566][T10994] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.050256][ T1262] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.054821][ T1262] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.059277][ T1262] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.062037][ T1262] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.098541][ T1262] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.101098][ T1262] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.119020][ T1262] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.121721][ T1262] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.128658][ C1] usb 8-1: yurex_control_callback - control failed: -2 [ 164.134406][ T9852] usb 8-1: USB disconnect, device number 24 [ 164.142554][ T9852] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 164.214051][T11046] binder: 11045:11046 ioctl c0306201 2000000003c0 returned -14 [ 164.269923][T11056] xt_time: unknown flags 0xf4 [ 164.324485][T11060] batadv1: entered allmulticast mode [ 164.327099][T11060] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 164.330232][T11060] bridge0: port 3(batadv1) entered blocking state [ 164.332922][T11060] bridge0: port 3(batadv1) entered disabled state [ 164.337069][T11060] batadv1: entered promiscuous mode [ 164.340728][T11060] bridge0: port 3(batadv1) entered blocking state [ 164.343361][T11060] bridge0: port 3(batadv1) entered forwarding state [ 164.528350][ T5936] Bluetooth: hci1: command tx timeout [ 164.828379][ T54] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 164.828469][ T6164] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 164.833800][ T6164] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 164.958254][ T54] usb 5-1: device descriptor read/64, error -71 [ 165.208429][ T54] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 165.359009][ T54] usb 5-1: device descriptor read/64, error -71 [ 165.454795][T11081] batadv4: entered allmulticast mode [ 165.457399][T11081] 8021q: adding VLAN 0 to HW filter on device batadv4 [ 165.460826][T11081] bridge0: port 7(batadv4) entered blocking state [ 165.462950][T11081] bridge0: port 7(batadv4) entered disabled state [ 165.465772][T11081] batadv4: entered promiscuous mode [ 165.467791][T11081] bridge0: port 7(batadv4) entered blocking state [ 165.469907][T11081] bridge0: port 7(batadv4) entered forwarding state [ 165.480286][ T54] usb usb5-port1: attempt power cycle [ 165.486791][ T13] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.494790][ T6164] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.503703][ T13] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.510098][ T46] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.545786][T11087] __nla_validate_parse: 10 callbacks suppressed [ 165.545797][T11087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2012'. [ 165.609530][T11088] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 165.826579][T11108] batadv4: entered allmulticast mode [ 165.828305][ T54] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 165.831405][T11108] 8021q: adding VLAN 0 to HW filter on device batadv4 [ 165.833870][T11108] bridge0: port 6(batadv4) entered blocking state [ 165.835972][T11108] bridge0: port 6(batadv4) entered disabled state [ 165.838876][T11108] batadv4: entered promiscuous mode [ 165.840871][T11108] bridge0: port 6(batadv4) entered blocking state [ 165.842917][T11108] bridge0: port 6(batadv4) entered forwarding state [ 165.858858][ T54] usb 5-1: device descriptor read/8, error -71 [ 165.880117][T11110] geneve2: entered promiscuous mode [ 165.882256][T11110] geneve2: entered allmulticast mode [ 165.930818][T11111] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2020'. [ 165.935728][T11111] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pid=11111 comm=syz.3.2020 [ 165.958338][ T13] batman_adv: batadv4: No IGMP Querier present - multicast optimizations disabled [ 165.961877][ T13] batman_adv: batadv4: No MLD Querier present - multicast optimizations disabled [ 165.984708][T11113] netlink: 'syz.3.2021': attribute type 10 has an invalid length. [ 165.989399][T11112] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 166.108272][ T54] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 166.131789][ T54] usb 5-1: device descriptor read/8, error -71 [ 166.238404][ T54] usb usb5-port1: unable to enumerate USB device [ 166.328652][ T1147] batman_adv: batadv4: No IGMP Querier present - multicast optimizations disabled [ 166.332827][ T1147] batman_adv: batadv4: No MLD Querier present - multicast optimizations disabled [ 166.513734][ T40] kauditd_printk_skb: 236 callbacks suppressed [ 166.513746][ T40] audit: type=1400 audit(1761740970.482:2832): avc: denied { mounton } for pid=11120 comm="syz.2.2025" path="/proc/1177/task" dev="proc" ino=43937 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 166.521896][T11124] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2027'. [ 166.524308][ T40] audit: type=1400 audit(1761740970.482:2833): avc: denied { mount } for pid=11120 comm="syz.2.2025" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 166.529046][ T9852] Oops: general protection fault, probably for non-canonical address 0xdffffc000000004c: 0000 [#1] SMP KASAN NOPTI [ 166.529061][T11124] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2027'. [ 166.529208][T11124] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2027'. [ 166.529306][T11124] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2027'. [ 166.529346][T11124] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2027'. [ 166.554672][ T9852] KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267] [ 166.558100][ T9852] CPU: 1 UID: 0 PID: 9852 Comm: kworker/1:5 Not tainted syzkaller #0 PREEMPT(full) [ 166.561928][ T9852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 166.565520][ T9852] Workqueue: events l2cap_info_timeout [ 166.567224][ T9852] RIP: 0010:kasan_byte_accessible+0x15/0x30 [ 166.569070][ T9852] Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 [ 166.575468][ T9852] RSP: 0018:ffffc900074579f0 EFLAGS: 00010282 [ 166.577405][ T9852] RAX: dffffc0000000000 RBX: 0000000000000260 RCX: 0000000000000000 [ 166.579825][ T9852] RDX: 0000000000000000 RSI: ffffffff89295111 RDI: dffffc000000004c [ 166.582271][ T9852] RBP: 0000000000000260 R08: 0000000000000001 R09: 0000000000000000 [ 166.585082][ T9852] R10: 00000000ffffff83 R11: 0000000000000001 R12: ffffffff89295111 [ 166.587444][ T9852] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 166.589816][ T9852] FS: 0000000000000000(0000) GS:ffff8880d6b0a000(0000) knlGS:0000000000000000 [ 166.592499][ T9852] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 166.594612][ T9852] CR2: 00007ffe2091f840 CR3: 000000004f371000 CR4: 0000000000352ef0 [ 166.597059][ T9852] Call Trace: [ 166.598086][ T9852] [ 166.599009][ T9852] __kasan_check_byte+0x13/0x50 [ 166.600587][ T9852] lock_acquire+0xfc/0x350 [ 166.601958][ T9852] lock_sock_nested+0x41/0xf0 [ 166.603407][ T9852] ? l2cap_sock_ready_cb+0x41/0x170 [ 166.605473][ T9852] l2cap_sock_ready_cb+0x41/0x170 [ 166.607319][ T9852] l2cap_conn_start+0x144/0xb30 [ 166.608887][ T9852] ? __pfx_l2cap_conn_start+0x10/0x10 [ 166.610550][ T9852] ? __pfx___mutex_lock+0x10/0x10 [ 166.612117][ T9852] ? debug_object_deactivate+0x1ec/0x3a0 [ 166.613931][ T9852] l2cap_info_timeout+0x81/0xa0 [ 166.615464][ T9852] process_one_work+0x9cf/0x1b70 [ 166.617037][ T9852] ? __pfx_process_one_work+0x10/0x10 [ 166.618176][ T5936] Bluetooth: hci1: command tx timeout [ 166.618711][ T9852] ? assign_work+0x1a0/0x250 [ 166.618724][ T9852] worker_thread+0x6c8/0xf10 [ 166.623384][ T9852] ? __kthread_parkme+0x19e/0x250 [ 166.625113][ T9852] ? __pfx_worker_thread+0x10/0x10 [ 166.627119][ T9852] kthread+0x3c5/0x780 [ 166.628558][ T9852] ? __pfx_kthread+0x10/0x10 [ 166.630038][ T9852] ? rcu_is_watching+0x12/0xc0 [ 166.630161][ T40] audit: type=1400 audit(1761740970.602:2834): avc: denied { read } for pid=5324 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 166.631540][ T9852] ? __pfx_kthread+0x10/0x10 [ 166.631553][ T9852] ret_from_fork+0x675/0x7d0 [ 166.631562][ T9852] ? __pfx_kthread+0x10/0x10 [ 166.631571][ T9852] ret_from_fork_asm+0x1a/0x30 [ 166.645152][ T40] audit: type=1400 audit(1761740970.602:2835): avc: denied { search } for pid=5324 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 166.646229][ T9852] [ 166.653216][ T40] audit: type=1400 audit(1761740970.602:2836): avc: denied { search } for pid=5324 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 166.653867][ T9852] Modules linked in: [ 166.660964][ T40] audit: type=1400 audit(1761740970.602:2837): avc: denied { add_name } for pid=5324 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 166.662363][ T9852] ---[ end trace 0000000000000000 ]--- [ 166.668320][ T40] audit: type=1400 audit(1761740970.602:2838): avc: denied { create } for pid=5324 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 166.668339][ T40] audit: type=1400 audit(1761740970.602:2839): avc: denied { append open } for pid=5324 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 166.668356][ T40] audit: type=1400 audit(1761740970.602:2840): avc: denied { getattr } for pid=5324 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 166.670164][ T40] audit: type=1400 audit(1761740970.642:2841): avc: denied { write } for pid=5846 comm="syz-executor" path="pipe:[7221]" dev="pipefs" ino=7221 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 166.724937][ T9852] RIP: 0010:kasan_byte_accessible+0x15/0x30 [ 166.727390][ T9852] Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 [ 166.736840][ T9852] RSP: 0018:ffffc900074579f0 EFLAGS: 00010282 [ 166.737037][T11130] kthread_run failed with err -4 [ 166.739546][ T9852] RAX: dffffc0000000000 RBX: 0000000000000260 RCX: 0000000000000000 [ 166.743916][ T9852] RDX: 0000000000000000 RSI: ffffffff89295111 RDI: dffffc000000004c [ 166.746386][ T9852] RBP: 0000000000000260 R08: 0000000000000001 R09: 0000000000000000 [ 166.748897][ T9852] R10: 00000000ffffff83 R11: 0000000000000001 R12: ffffffff89295111 [ 166.751384][ T9852] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 166.753879][ T9852] FS: 0000000000000000(0000) GS:ffff8880d6b0a000(0000) knlGS:0000000000000000 [ 166.756568][ T9852] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 166.758705][ T9852] CR2: 000055cafdf38ad8 CR3: 00000000332a6000 CR4: 0000000000352ef0 [ 166.761182][ T9852] Kernel panic - not syncing: Fatal exception [ 166.763778][ T9852] Kernel Offset: disabled [ 166.765186][ T9852] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:29:30 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffff88806a540320 RCX=ffffffff81b0fed1 RDX=ffff8880242c8000 RSI=ffffffff81b0feab RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc9000409f668 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=dffffc0000000000 R13=ffffed100d4a8065 R14=0000000000000001 R15=0000000000000001 RIP=ffffffff81b0feb2 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055555b2d4500 ffffffff 00c00000 GS =0000 ffff8880d6a0a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f94ab9156c0 CR3=00000000511b5000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdfc68daa0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f94aac12fdb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f94aac12fe8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f94aac12fe2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f94aac12ff6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f94aac1307c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f94aac1315a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85295455 RDI=ffffffff9add6740 RBP=ffffffff9add6700 RSP=ffffc900074573d8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3a6b6e696c74656e R12=0000000000000000 R13=0000000000000074 R14=ffffffff9add6700 R15=ffffffff852953f0 RIP=ffffffff8529547f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6b0a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffe2091f840 CR3=000000004f371000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=0000000002fefcfe Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 99ee364052657ff2 fa970d3a18ebfd92 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 c25b224c9248b5bf fbe9dde3459cb7f2 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3ca30372a15d8885 86d29760ab237893 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffa24986d5aa460b 68fde864cda6f67a ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 00000000000000b4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000034 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 673a8f690cc30c82 93549acbadf55111 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f89b3d2c7a96fbe8 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f9872074f362943c 01e7fe2f4536d77e ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6dc53fb400000000 15c7b88a9c368fbb ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4445c8e8982a7b1f bd460c2eb0b657f8 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 47ad76b89e2d87d1 eb46322d27306158 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000002 RCX=ffffffff82314c68 RDX=ffff88802e882480 RSI=ffffffff82314c72 RDI=0000000000000007 RBP=0000000000000001 RSP=ffffc9000383f5c0 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000002 R11=0000000000000001 R12=0000000000000000 R13=0000000000000001 R14=dffffc0000000000 R15=0000000000000000 RIP=ffffffff81bd0bd1 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00005555892d4500 ffffffff 00c00000 GS =0000 ffff8880d6c0a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f1e521156c0 CR3=000000004df73000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff0abd7830 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1e51412fdb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1e51412fe8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1e51412fe2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1e51412ff6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1e5141307c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1e5141315a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=ffffffff817adbac RBX=0000000000000001 RCX=ffffc90004090000 RDX=ffffc9000408fb01 RSI=ffffc9000408fb28 RDI=ffffc9000408fb28 RBP=ffffc9000408f5a0 RSP=ffffc9000408f4e0 R8 =ffffffff91229aca R9 =0000000000000000 R10=ffffc9000408f558 R11=0000000000010e4c R12=ffffc9000408f5a8 R13=ffffc9000408f558 R14=ffffc9000408fb30 R15=ffffc9000408f58c RIP=ffffffff816c0b03 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055558dc74500 ffffffff 00c00000 GS =0000 ffff8880d6d0a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f41caf156c0 CR3=000000004f371000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=0000000002fefcfe Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe209201e0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f41ca212fdb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f41ca212fe8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f41ca212fe2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f41ca212ff6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f41ca21307c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f41ca21315a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000038 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000038 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000