last executing test programs: 1.231274896s ago: executing program 3 (id=1042): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) (async) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$F2FS_IOC_COMPRESS_FILE(r0, 0xf518, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'}) 1.138731069s ago: executing program 3 (id=1045): unshare(0x64000600) r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x12000, 0x0) close(r0) rseq(&(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1, 0x6efd0ab0, 0xfffffffffffff000, 0x4}, 0x4}, 0x20, 0x1, 0x0) 1.040934992s ago: executing program 3 (id=1047): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="180200009d96d1c800000000000000008500000020000000850000002a00000095"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000400)="e0b9547ed387dbe9abc89b6f5b7e", 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x400, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x4}, {0xb, 0x8}, {0x6, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40004) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa001, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f0000000300)={0xdf, 0x0, 0x100000}) syz_kvm_setup_syzos_vm$x86(r3, &(0x7f0000bff000/0x400000)=nil) ioctl$PTP_SYS_OFFSET(r1, 0x43403d05, &(0x7f0000000500)={0x13}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) 990.195432ms ago: executing program 2 (id=1049): r0 = fanotify_init(0x8, 0x80000) fanotify_mark(r0, 0x80, 0x40100000, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a40)=@raw={'raw\x00', 0x8, 0x3, 0x300, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x230, 0xffffffff, 0xffffffff, 0x230, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x118, 0x140, 0x0, {}, [@common=@dst={{0x48}, {0x0, 0x0, 0x31ea8be7603078ea}}, @common=@inet=@tos={{0x28}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x360) 989.931584ms ago: executing program 0 (id=1050): mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a) (async) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async) read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020) (async) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) (async) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8) (async) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) (async) recvmmsg(r2, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/191, 0xbf}, 0x6}], 0x1, 0x20, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 983.490415ms ago: executing program 2 (id=1051): r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x101041, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, r2}) ioctl$DMA_BUF_SET_NAME_A(r4, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x3, 0xa, 0x3116, 0x0, 0x0, 0x3, 0x1, 0x0, 0x2, 0x8d6, 0x6, 0x8, 0x0, 0x64, 0x0, 0x7a10, 0x8, 0xfffffff8, 0x9, 0xa, 0x9, 0xdc69, 0x9ac6, 0x2, 0x1, 0xffff1dee, 0x800, 0x0, 0x100, 0x400, 0x5, 0x2, 0x3ff, 0x9, 0x10, 0x4, 0x5, 0x10001, 0x58, 0x6, 0x0, 0x57b5, 0x8, 0x1, 0xf, 0x2, 0x6, 0x8, 0x6, 0x6, 0x2, 0xbf5, 0x9, 0x3, 0xe3e, 0x7ff, 0x2, 0x0, 0x3, 0x26, 0x16ce, 0x80000000, 0x7, 0x9, 0x8, 0x3, 0x6, 0xffff0fdd, 0x0, 0x1, 0x8fb6, 0x7, 0xfffffffa, 0x9, 0x5, 0x8, 0x6, 0x1, 0x6, 0x9, 0x9, 0x9, 0x78, 0x6, 0xfffffff8, 0x7, 0x9, 0x0, 0x0, 0x80, 0x8, 0x8, 0x80, 0x3, 0x401, 0x3, 0x0, 0xe, 0xfffffff7, 0x4, 0x4, 0x5, 0x5, 0x2, 0xfbec, 0x9, 0x100, 0x7, 0xfff, 0x7, 0xff, 0x1, 0x5, 0x8, 0x7, 0x9, 0x400, 0x10, 0x7, 0x1, 0x0, 0xffffffff, 0x4, 0x8000, 0x1, 0x8, 0x3, 0xffff, 0xfff, 0x5, 0x1000, 0x268, 0x5, 0xffff8000, 0x3, 0x1ff, 0x6, 0x8, 0x9, 0xf, 0x3, 0x7, 0x0, 0x5, 0x2, 0x567, 0xc0000, 0xffffff67, 0x10000, 0x8001, 0x635, 0xffffef14, 0x10000, 0x3, 0xffff, 0x2, 0x101, 0x6, 0xc, 0x9d82, 0xfffffff1, 0x8, 0x9, 0x4, 0x9b, 0x80000000, 0x2, 0x7, 0x2, 0x4, 0xb, 0xfffffffc, 0x4, 0x9, 0xfffffffd, 0x800, 0xb1, 0x3, 0xd, 0xc, 0x7, 0x0, 0x5, 0x2, 0x8a, 0x3, 0x5, 0xb69, 0x7ff, 0x9, 0x7, 0xc57, 0x3ff, 0x2, 0xe, 0x1, 0x6, 0x565, 0x8, 0x10, 0x3, 0x2, 0x8, 0x0, 0x401, 0x5, 0x8, 0x6, 0x1000, 0x3, 0x7, 0x877, 0x81, 0xfffffffd, 0x7, 0x93bb, 0xffffffff, 0x7, 0x6, 0x2, 0x200, 0x4, 0x6, 0x2, 0x8, 0xc95, 0x3, 0x10000, 0xb924, 0x2, 0x8, 0x400, 0xff, 0x92, 0x7, 0xa5ef, 0x7, 0x9, 0x7, 0x1, 0x7, 0x940, 0x10000, 0x3, 0x200, 0x5, 0xff, 0x8, 0x5, 0xb, 0xde91579, 0x80, 0x8, 0x6, 0x1, 0x8, 0x3, 0x100, 0x5f38101a, 0xd916, 0x8, 0x9, 0x3c, 0xb, 0x3, 0x7, 0xffff, 0x0, 0x4000000, 0xa51, 0x6d70, 0x2, 0x5, 0x5, 0x7, 0x10000000, 0x3ff, 0x2, 0x5efd, 0x9, 0x80, 0x2, 0x4, 0x793, 0x1, 0x1f, 0x6, 0x1000, 0xfffffff7, 0x8, 0x4, 0x4, 0x9, 0xef, 0x7ff, 0x3, 0x1, 0x7ff, 0x101, 0x9af, 0x5, 0x2, 0x9, 0x2, 0x4, 0x0, 0x1, 0xfffffff7, 0x800, 0x3800000, 0x5, 0x3, 0x9, 0x4, 0x1ff, 0x1, 0x4, 0xb20, 0x1, 0x9, 0x7, 0x5, 0x4, 0x5, 0x9, 0x70, 0x10000, 0x6, 0x3, 0x246, 0x673, 0x0, 0xff00, 0x9, 0x10, 0xfff, 0xbf47, 0x6419800, 0x0, 0x10001, 0x3, 0xc, 0x7, 0x800, 0xcd26528a, 0x10000, 0x200, 0x5, 0x8e, 0x9, 0x11, 0xb7d, 0xa, 0xe5, 0x7ff, 0x5, 0x8, 0x0, 0x7, 0x8, 0xfffffffc, 0x2, 0xe4, 0x6, 0x45, 0x6, 0xb, 0x9, 0x8, 0x5, 0x8, 0x6, 0x7, 0x9, 0xdd71, 0x0, 0x3, 0xd, 0x3, 0x1, 0x5, 0x449, 0xbf6c, 0xb7, 0x1, 0x6, 0xffffffff, 0xd, 0x800, 0x6, 0x7, 0x6, 0x8c1a, 0x4, 0x7, 0x2, 0x8, 0x100, 0x53bc, 0xe, 0x7, 0x0, 0xad, 0x242f, 0xff, 0x784, 0x5, 0x3d6, 0x9, 0x4, 0x0, 0xc1b, 0x1, 0x7, 0x10000, 0xa2b, 0x2, 0x6, 0x5, 0x9e, 0x3ff, 0x40, 0x5, 0x7, 0x8001, 0x2, 0x0, 0x2, 0xdb23, 0x9, 0x17e2, 0x4, 0xb172, 0x1, 0x7074, 0x4, 0xb, 0x7, 0x9, 0xb69, 0xb295, 0x6, 0x4, 0x5, 0x80000000, 0x5, 0x3c5, 0xcf4, 0x8, 0x2, 0x5, 0x7, 0x1, 0xfff, 0xfffffffe, 0x8, 0x10001, 0x4, 0x80000000, 0x9, 0x100000, 0x9, 0x10001, 0x32, 0x8, 0xe74d, 0xfffffff7, 0x7f, 0x3, 0x1c0, 0x7, 0xa, 0x66, 0x4, 0xac3, 0x8, 0x4, 0x80000001, 0x50000000, 0x8, 0x0, 0x0, 0x1bf66410, 0x8, 0x101, 0x100, 0x9, 0x8, 0x1, 0x26, 0xcc35, 0x8, 0xfffface4, 0xf1, 0xde8, 0xc1e, 0x5, 0x5175, 0xfffff801, 0x6, 0x7, 0x0, 0x3, 0x0, 0x5, 0x4, 0x0, 0x3, 0x693, 0xf, 0x1, 0x4, 0xffffffff, 0x4, 0x9, 0x8, 0x4, 0x3, 0xfff, 0x2, 0xe968, 0x2023, 0x5, 0x3, 0x6, 0x4, 0x80, 0x9, 0x2, 0x1, 0x80000001, 0x8, 0x9, 0x6, 0x2, 0x1800000, 0x9, 0x1, 0x10000, 0x3, 0x8, 0x3ff, 0xbd, 0xfffffff7, 0x4, 0xd5b0, 0x80000001, 0x6, 0x0, 0x5, 0xf, 0xfffffff2, 0x90, 0x60000, 0x9, 0x8, 0x170, 0x9, 0x861, 0x7, 0x9, 0x80, 0x3ff, 0x1, 0x7, 0x2, 0x1, 0xfffffffc, 0x0, 0x3, 0x8, 0x1, 0x1, 0xffffffff, 0xfff, 0x2, 0x1ff, 0xfff, 0xff, 0x0, 0x3f59fbeb, 0x40, 0xae, 0x4, 0x2, 0x7, 0x656d, 0x84a1, 0x3, 0x7, 0x2, 0x1ff, 0x6, 0x2, 0x8, 0x81, 0x200, 0x7, 0x80000000, 0x80, 0x1, 0x7ff, 0x7, 0x10001, 0x5, 0xff0d, 0x100, 0x5, 0x6, 0x1, 0x8, 0x1, 0x5, 0x9, 0x2, 0xffffffff, 0x9, 0x7, 0x5, 0xa, 0xc19, 0xcaf1, 0x6, 0x5, 0x401, 0x6, 0x8000, 0x2, 0x8000, 0x9, 0x8000, 0x2, 0x6, 0x1, 0xb, 0x100, 0x2, 0xd0, 0xfffff800, 0x8000, 0x4, 0x2f43e75e, 0x800, 0x78, 0x1, 0xfff, 0xfffffc00, 0x9, 0x5, 0x948, 0x7, 0x7, 0x3, 0x3, 0x2, 0xfffffff7, 0x5, 0x3, 0x0, 0x400, 0x6, 0x4, 0x8, 0x89ca, 0xff, 0x4, 0x5, 0x7, 0x8, 0x7fff, 0x16, 0xff, 0x9, 0x10000, 0x668, 0x8000, 0x2, 0x7, 0x2, 0xfffffff7, 0x1, 0x80000000, 0x0, 0xc8, 0xffffff01, 0x2, 0x0, 0x7f, 0x0, 0x3, 0x80, 0x2ac, 0x499, 0x80000000, 0x100, 0x6, 0xc53e, 0xffff, 0x7, 0x1, 0x1ff, 0x7f, 0x0, 0x5, 0xe0, 0x7ff, 0x5, 0x7f, 0x20e0c7e0, 0xc78d, 0x9, 0xac, 0x7b5f, 0xb, 0x2, 0x7fff, 0x3, 0x7f, 0x6, 0x2, 0x2, 0x3, 0x1, 0x2, 0x7, 0x10001, 0x39, 0x1ab, 0x4, 0x8001, 0x6, 0xfffffe01, 0x2, 0x5, 0xc2ed, 0x2, 0x9, 0x3, 0x3, 0x6, 0x19a, 0xb, 0x3, 0x5, 0x6, 0x8, 0x3, 0x1, 0x7, 0xb, 0x7, 0x3, 0x8, 0x3, 0xf85, 0x80000001, 0x4, 0x5, 0x7, 0x7, 0xae0, 0x7, 0x81, 0x10000, 0x1, 0xffffffff, 0x8, 0x4, 0x0, 0x5, 0x5, 0x7a756e9d, 0x4, 0x64, 0x401, 0xffffff7f, 0x3471, 0x8, 0x3, 0x9, 0x40004000, 0x401, 0x0, 0x2, 0x401, 0x9f4a, 0x9, 0x9, 0x9, 0x0, 0x5, 0x54, 0x4, 0x0, 0x101, 0x10000, 0x0, 0x1ff, 0x2, 0x2, 0x6, 0x2b, 0x6, 0x80d9, 0x2, 0x5, 0x1, 0x2, 0x7f, 0x3, 0x4, 0x2, 0x6, 0x8, 0x7, 0xfffffffd, 0x5, 0xb, 0x4, 0x2, 0x6f6, 0x3, 0x3, 0x2, 0x7, 0x7, 0x7, 0x1, 0x0, 0x1000, 0x2, 0x6, 0x10000, 0x0, 0x2, 0x8, 0x293, 0x18000, 0x3ff, 0x7, 0x6, 0x7, 0x8, 0x6, 0x0, 0x7f, 0x40, 0x4, 0x8, 0x9, 0x9, 0x6, 0xfffff72e, 0x0, 0x1, 0x8, 0x4, 0x1, 0x4, 0x5, 0x9, 0x1, 0x2, 0x8f, 0x4, 0xff, 0x2, 0x81, 0xaf3, 0x72bc, 0x5, 0x9, 0xfffffffd, 0x5, 0x0, 0xfffffff8, 0x9, 0x5dc, 0x6, 0x1, 0x1, 0x4, 0xf5, 0x4, 0x26c, 0x6, 0x6, 0x3, 0x9, 0x2, 0x3, 0x8, 0xd4, 0xfffffffc, 0x10, 0x3, 0xff, 0xbb, 0x9, 0x3, 0x5, 0x1, 0x0, 0x0, 0x8001, 0x5, 0x290, 0x8, 0x4, 0x1, 0x8, 0x4a0bc94e, 0x4, 0x3fe, 0x4, 0x80000000, 0x8, 0x3, 0x9, 0x7a52, 0x5632, 0x8, 0x5, 0x40, 0x8c9, 0x8, 0x9, 0xa08, 0x36, 0x1, 0x483, 0x9, 0x54, 0x9, 0xd, 0x0, 0xff, 0xa, 0x5, 0x4, 0x3, 0x2, 0xb8, 0x96, 0xd61, 0x10001, 0x4, 0x9, 0xfb, 0x80000000, 0x4, 0x6, 0x6, 0xff, 0xdf5, 0x6, 0x8, 0x8000, 0x6, 0x0, 0x0, 0x3, 0x9, 0x100, 0x9, 0x4, 0x1, 0x401, 0x3, 0x7fffffff, 0x74f, 0x8, 0x3, 0x3, 0xfff, 0x4, 0xc, 0x3, 0x1, 0x5, 0x8000, 0x10001, 0xffffffff, 0x3, 0xffffffff, 0x0, 0x4, 0x3, 0x7, 0x81, 0x0, 0xffffffff, 0x7, 0xa, 0x5, 0x81, 0x6, 0x6da8, 0x8, 0x6, 0x80000001, 0x5, 0x7, 0x8, 0x9, 0x7, 0x2, 0x4, 0x7, 0x9, 0x7fffffff, 0x0, 0x80000000, 0xe0, 0x6, 0x6, 0x401, 0x5, 0xd9, 0xd, 0x3ff, 0xfca9, 0x0, 0x8c]}) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x1398, 0xffffffff, 0x11d8, 0x10f8, 0x0, 0xffffffff, 0xffffffff, 0x1300, 0x1300, 0x1300, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00'}, 0x0, 0x10d0, 0x10f8, 0x0, {0x100000000000000}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0x7}}, @common=@unspec=@cgroup1={{0x1030}, {0x0, 0x0, 0x0, 0x0, './cgroup.net/syz1\x00'}}]}, @REJECT={0x28}}, {{@ip={@loopback, @broadcast, 0x0, 0x0, 'batadv_slave_1\x00', 'macvtap0\x00'}, 0x0, 0xa0, 0xe0, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ip={@loopback, @loopback, 0x0, 0x0, 'erspan0\x00', 'ip6erspan0\x00'}, 0x0, 0xe0, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00'}}, @common=@socket0={{0x20}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x143b) 901.08916ms ago: executing program 2 (id=1052): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) (async, rerun: 64) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30b529, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x2, 0xffffffffffffffff, 0xa, 0x8}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) (rerun: 64) socket(0x25, 0x5, 0x8) (async) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000004}, 0x11) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r6, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4d549b, 0x0, [0x8000000000000001, 0x8, 0x0, 0x4, 0x9, 0x3, 0xfffffffffffffffc, 0x1000800000]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000140)="470f23fc6541fc48b8e7320000000000000f23d80f21f80f23e1f8f30f1edd0f2221c744240200800000ff2c24f30f516797c483fd005b02ea6426470f01cf65666466430f3833af00580000", 0x4c}], 0x1, 0x24, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_AUDIO(r7, 0x40345622, &(0x7f0000000080)={0x1, "da7f5b4c103ebf993ddeaeb558fd61f55a215d92e4b39cdd8152b94fa92da377", 0x0, 0x1}) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000003e000701fcfffff7fddbdff6037c0000040036800c000180060006000806"], 0x24}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) (async) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 900.822942ms ago: executing program 0 (id=1053): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000000bc0)={0x9, {{0xa, 0x4e22, 0x6, @mcast1}}}, 0x88) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020692500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000650000000600000085100000010000009500000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 899.832124ms ago: executing program 3 (id=1054): r0 = semget$private(0x0, 0x6, 0x0) semop(r0, &(0x7f00000000c0)=[{0x0, 0xc63e}, {0x4, 0x4, 0x1800}], 0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) mount(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='nfs4\x00', 0x208000, 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000940), &(0x7f0000000980)='system_u:object_r:semanage_exec_t:s0\x00', 0x25, 0x1) ioctl$TCFLSH(r1, 0x400455c8, 0x20000000008) semctl$GETZCNT(r0, 0x0, 0xf, 0x0) semctl$GETPID(r0, 0x2, 0xb, &(0x7f0000000040)=""/219) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x421, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x0, 0x28079}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @random="087934e9cff9"}]}, 0x44}}, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x40000) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r4, 0x1, 0x23, &(0x7f0000000080)=0x3, 0x4) bind$inet(r4, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$inet(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)='5', 0x1}], 0x1}, 0x4003) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r3, 0xc2604111, &(0x7f00000003c0)={0x7ff, [[0x9, 0xffff0000, 0x5, 0x28, 0x5, 0x101, 0x80, 0xc000], [0x1000, 0x10001, 0x5, 0x8, 0x7638, 0xfffffffb, 0x3, 0x3fd], [0xa, 0x3, 0x62, 0x536, 0xb, 0x5, 0x664, 0xfff]], '\x00', [{0x8, 0xff, 0x1, 0x0, 0x1, 0x1}, {0xf48, 0x2}, {0x9, 0x2, 0x1}, {0x4, 0x10001000, 0x0, 0x1}, {0x4, 0x2, 0x1, 0x1}, {0x3, 0x1}, {0x6, 0x7fffffff, 0x1}, {0xa, 0x101, 0x0, 0x1, 0x1, 0x1}, {0x7, 0xb5, 0x0, 0x1, 0x0, 0x1}, {0x8, 0x4, 0x1}, {0x7ff, 0x8000, 0x0, 0x1, 0x1, 0x1}, {0x4eee, 0x1}], '\x00', 0x1b}) 899.429144ms ago: executing program 0 (id=1055): syz_io_uring_setup(0x7fbc, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x2000000}, &(0x7f0000000100)=0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r1, &(0x7f0000000000)=[{&(0x7f00000004c0)='4', 0x1}], 0x1) syz_io_uring_submit(r0, 0x0, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x10, 0x2007, @fd, 0x8, 0x0, 0x0, 0x2}) 807.654422ms ago: executing program 0 (id=1056): syz_open_dev$dri(0x0, 0x2, 0x40502) socket$inet6(0xa, 0x80803, 0x87) syz_emit_ethernet(0x7e, 0x0, 0x0) 807.412767ms ago: executing program 0 (id=1057): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x44}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x28, r4, 0x325, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x28}}, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f00007cc000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000040)="baf80c66b832935c8f66efbafc0cedd9e4660fdd09360f238bf2af2e0d00002e260f01390f20e06635200000000f22e066f082a10e00000f2219", 0x3a}], 0x1, 0x23, &(0x7f0000000240), 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = socket$inet6(0xa, 0x3, 0x8000000003c) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r6], 0x7c}, 0x1, 0x0, 0x0, 0x40080}, 0x48000) r7 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0xc8300, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100"}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f00007be000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, 0x0}], 0x1, 0x2c, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 680.859777ms ago: executing program 2 (id=1058): ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r1, 0x2, 0x70bd25, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY_TXQ_PARAMS={0x4c, 0x25, 0x0, 0x1, [@NL80211_TXQ_ATTR_QUEUE={0x5, 0x1, 0xf4}, @NL80211_TXQ_ATTR_TXOP={0x6, 0x2, 0x9}, @NL80211_TXQ_ATTR_CWMIN={0x6, 0x3, 0x3}, @NL80211_TXQ_ATTR_QUEUE={0x5, 0x1, 0xc}, @NL80211_TXQ_ATTR_CWMIN={0x6, 0x3, 0x800}, @NL80211_TXQ_ATTR_CWMAX={0x6, 0x4, 0xfff7}, @NL80211_TXQ_ATTR_CWMIN={0x6, 0x3, 0x6f9}, @NL80211_TXQ_ATTR_CWMIN={0x6, 0x3, 0xc}, @NL80211_TXQ_ATTR_CWMAX={0x6, 0x4, 0x5}]}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x8}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) (async) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc080661a, &(0x7f00000001c0)={@id={0x2, 0x0, @auto="65555915a1c83ed71bdc44d34026ce1a"}}) (async) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000240)=[{{0x1, 0x1, 0x1, 0x1}, {0x4, 0x1}}, {{0x1, 0x1}, {0x2, 0x1, 0x1, 0x1}}, {{0x1, 0x0, 0x1, 0x1}, {0x0, 0x1, 0x0, 0x1}}], 0x18) (async) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x68, r1, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x6c}}}}, [@NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x4}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x82}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0xf8}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0xd}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0xae}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x5}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x3}, @NL80211_ATTR_P2P_OPPPS={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0x800}, 0x4801) (async) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f00000003c0)={@empty, 0xe}) fstat(r0, &(0x7f0000000400)) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000004c0), r0) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, r2, 0x300, 0x70bd2b, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0xd4}}, 0x20000000) (async) sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000780)={&(0x7f00000006c0)={0xa8, r2, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xa8}}, 0x48090) (async) ioctl$KVM_CAP_MAX_VCPU_ID(r0, 0x4068aea3, &(0x7f0000000800)={0x80, 0x0, 0xfffffffffffffffd}) (async) ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f0000000880)={{0x1, 0x1000}, 0x100, './file0\x00'}) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000b40)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a00)={0xd8, r2, 0x20, 0x70bd27, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x66ee}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}}]}, 0xd8}}, 0x4020000) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000bc0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x5c, r1, 0x400, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1e}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xe}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x38}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x4}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2b}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x23}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x33}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x12}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000800}, 0x8000) (async) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d40), r0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000001080)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001040)={&(0x7f0000000d80)={0x294, r4, 0x800, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x0, 0x59}}}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x5}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0xe8, 0x3, 0x0, 0x1, [{0x74, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x6d, 0x2, "9fbf52cc11b26f051c32861bbf7323a93fc5f2d3417afb58ed57e67c587363a5f744d48981d4c738025deb147347b216e6d620c72dcd962000bc42f7793d8d2b07031f689dd9bb05238812494dd6ab109fefe0538dfd9e3aa94874c9e494fdb1ab3b3a6ef5b2b4fe44"}}, {0x64, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x60, 0x2, "c7e4f285249eb8404ebded39a6d4e7e2aa0d744b077735e59359772a6460a36f987b30fde2ef46d1ecdbac9c58b14560eb09f091116b3d023e32c39834d9ed91d86c69873575e489a7ad99c6ec730f581640e933e219e425b90fa3b9"}}, {0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x8}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x174, 0x3, 0x0, 0x1, [{0x74, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0x70, 0x1, "59a1e504ea1d2bdd865bf2101ec55c0fbd398bedf3ce4a244a5219cd633eb7be64e6074c064e8f26de318c4421d359dba40e0b250214d6a92b1bc0bd1c1f697510a0ad6e5a42e24d67d7a7c06c0182919a9adbc73aab7d010e9543653ba2386c51f89da1137787b5674201da"}}, {0xfc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0xf5, 0x1, "e7f9e87faeb3bbc9aa8b48b2d2909d570443ee995dcf2e5788e350e0f81a945fe8b2004db01b2dfe1f1e57784ba2b7abcb818f2bc1d68e20e3520cb15e5a594ee10124196c6502a2a91a6b6021b3a569ba8aa0d02edca9f4539a30e94451047ac30bfde5be12b99cc4937ecf94cc10f7e577dd18bb2ae4be6e63afbb43fbb9493e9e98a68e3adabcf0fea67fe4f1f4e5080d07e8521630e87036253774353feef82bc0fac471e2a9f0da874f084080352d67cb0116681aac12a1e1f95a1ca1992e513bbc746b1e698cc050c48fb6c39e007e5fe31ebf43266b09c00b17f6b7228adb8321538c585e635978f50bf50ee9f8"}}]}]}, 0x294}, 0x1, 0x0, 0x0, 0x40440c0}, 0x80) (async) sendfile(r0, r0, &(0x7f00000010c0)=0x8000000000000001, 0x83) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000001100)={0x0, 0xea9f, 0x30}, &(0x7f0000001140)=0xc) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000001180)={r5, @in={{0x2, 0x4e24, @multicast2}}, 0x7fff, 0xedd1, 0x4, 0xc, 0x48, 0x2, 0x6}, 0x9c) (async) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f0000001300)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000012c0)={&(0x7f0000001280)={0x1c, 0x4, 0x8, 0x5, 0x0, 0x0, {0x5, 0x0, 0x1}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x8e}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8019}, 0x8881) (async) removexattr(&(0x7f0000001340)='./file0\x00', &(0x7f0000001380)=@known='trusted.syz\x00') ioctl$PTP_PIN_SETFUNC2(r0, 0x40603d10, &(0x7f00000013c0)={'\x00', 0x0, 0x0, 0x7}) bpf$OBJ_GET_MAP(0x7, &(0x7f0000001480)=@generic={&(0x7f0000001440)='./file0\x00', 0x0, 0x20}, 0x18) socket$inet6_sctp(0xa, 0xb, 0x84) (async) r6 = openat$ndctl0(0xffffffffffffff9c, &(0x7f00000014c0), 0x484780, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000001500)={r5, @in={{0x2, 0x4e24, @empty}}, 0x2, 0x7, 0x12, 0x7ff, 0x5, 0x6, 0x2}, 0x9c) (async) sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x40004000}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x38, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0xb, 0x53}}}}, [@NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x200040d0}, 0x4048041) 680.61681ms ago: executing program 2 (id=1059): openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, 0x0, 0x0, 0x4000) 679.76107ms ago: executing program 2 (id=1060): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = syz_io_uring_setup(0x386e, &(0x7f0000000180)={0x0, 0x3546, 0x10000, 0x4, 0x23}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) r4 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000380)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0x0) keyctl$KEYCTL_WATCH_KEY(0x15, r4, r5, 0xfffffffdffffffff) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x0, r0, 0x0, 0x0, 0x0, 0x40000240, 0x1, {0x1}}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0x4000010, r1, 0x14927000) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x10) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000003c0)=0x14) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0x14) bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r10, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_hardware_error={{0x10, 0x1}, {0x5}}}, 0x4) 549.985954ms ago: executing program 0 (id=1061): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x56) r1 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000008240), 0x1, 0x0) write$binfmt_register(r1, &(0x7f0000008280)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x38, 0x3a, 'system_u:object_r:dlm_control_device_t:s0', 0x3a, 'system_u:object_r:dlm_control_device_t:s0', 0x3a, './file0'}, 0x79) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200000008000300ac1414aa0800060001"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="010028bd7000fcdbdf2504"], 0x14}}, 0x0) fcntl$setlease(r4, 0x400, 0x3) r7 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r7, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x1, @private}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) syz_usb_connect(0x2, 0x0, 0x0, 0x0) read$FUSE(r7, &(0x7f0000000b00)={0x2020}, 0x2020) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000000)=0x0) shutdown(r0, 0x0) write$P9_RGETATTR(r4, &(0x7f0000000100)={0xa0, 0x19, 0x2, {0x3027, {0x20, 0x0, 0x3}, 0x44, r8, 0xee00, 0x100, 0x2, 0x4, 0x5, 0x7, 0x5, 0x0, 0x8, 0x80000001, 0x2, 0x401, 0x8, 0x3, 0x8000000000000000, 0x2}}, 0xa0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e24, @multicast1}, 0x10) connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x16}}, 0x2, 0x4, 0x1, 0x3}}, 0x2e) socket$pppl2tp(0x18, 0x1, 0x1) r9 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r9, &(0x7f00000005c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @remote}, 0x2, 0x4, 0x3, 0x3}}, 0x2e) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181010100000000010000000000000e000a000f00000002800600121f", 0x2e}], 0x1}, 0x0) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) close(r0) 430.67337ms ago: executing program 1 (id=1065): syz_open_dev$dri(0x0, 0x2, 0x40502) socket$inet6(0xa, 0x80803, 0x87) syz_emit_ethernet(0x7e, 0x0, 0x0) 430.41026ms ago: executing program 1 (id=1066): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_buf(r0, 0x0, 0x11, 0x0, 0x2) r1 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f00000000c0)='\x02', 0x0) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(r2, 0x7b9, 0x0) ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000100)={0x7, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}, {}]}) 361.138469ms ago: executing program 1 (id=1067): r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x2, 0x1bd}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x8001}]}, 0x6c}}, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000100)={'syz0\x00', {0x0, 0x4}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x316d], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaddc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='-'], 0x118) r5 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80d01, 0x0) ioctl$BLKPG(r5, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x98, &(0x7f00000000c0)={0x800, 0x1000, 0x400c}}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x14) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f0000000580)='cgroup.freeze\x00', 0x0, 0x0) 309.399365ms ago: executing program 1 (id=1068): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000500000000000000009110b400000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x1ff) 309.19374ms ago: executing program 1 (id=1069): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6}, 0x1, 0x0, 0x0, 0x40}, 0x80) 250.437508ms ago: executing program 1 (id=1070): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000001540), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_RESUME(r1, 0x4147, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) syz_io_uring_setup(0x3c86, &(0x7f0000002480)={0x0, 0x40af, 0x800, 0x2, 0x3d}, 0x0, 0x0) syz_open_dev$dri(0x0, 0xd21, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r7, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r7, &(0x7f0000002300)={0x50, 0x0, r8, {0x7, 0x9, 0x0, 0x1030002}}, 0x50) read$FUSE(r7, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r7, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r9}, 0x10) open(&(0x7f0000000080)='./file1\x00', 0x100, 0x0) r10 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!Tnux\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0) dup3(r10, r7, 0x0) openat$sysctl(0xffffff9c, &(0x7f00000007c0)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd28, 0x7f8, {0x0, 0x0, 0x0, r6, {0xfff2, 0xffe0}, {}, {0xa, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x101}]}}}]}, 0x3c}}, 0x0) 997.869µs ago: executing program 3 (id=1071): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x3, 0x0, 0x1}}, &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 0s ago: executing program 3 (id=1072): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010067656e657665300000000000000000001400010076657468315f746f5f7465616d"], 0x110}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @address_reply}}}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0xfffffe98, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="8400000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c0002800500010000000000080007400000000010001700000000000000000000000000100016"], 0x84}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="300000001a0001002cbd7000fbdbdf251c1480000000fd000001000008000100000031"], 0x30}}, 0x0) ioctl(r1, 0x6, &(0x7f0000000140)="cbd2ef930c91a6b5ac56dc4a15f366f59ca9e0bca7566d3fc5e678a683083868cc45327812a882c60d9b2544571a0049eb9a6a59") kernel console output (not intermixed with test programs): m_t tclass=caif_socket permissive=1 [ 60.549707][ T5719] usb 7-1: config 0 descriptor?? [ 60.644423][ T5719] rc_core: IR keymap rc-hauppauge not found [ 60.646413][ T5719] Registered IR keymap rc-empty [ 60.650363][ T5719] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 60.656450][ T5719] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input6 [ 60.657337][ T6730] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6730 comm=syz.3.208 [ 60.811213][ T40] audit: type=1400 audit(1749687087.013:323): avc: denied { connect } for pid=6684 comm="syz.2.200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 60.980175][ T6562] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 60.981825][ T837] usb 7-1: USB disconnect, device number 2 [ 60.990310][ T6562] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 60.997780][ T6562] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 61.002391][ T6562] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 61.071623][ T6562] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.090489][ T6562] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.096610][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.100006][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.108703][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.110956][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.250874][ T6562] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.278536][ T6562] veth0_vlan: entered promiscuous mode [ 61.283095][ T6562] veth1_vlan: entered promiscuous mode [ 61.298356][ T6562] veth0_macvtap: entered promiscuous mode [ 61.302006][ T6562] veth1_macvtap: entered promiscuous mode [ 61.310108][ T6562] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.316593][ T6562] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.321367][ T6562] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.324588][ T6562] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.327339][ T6562] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.330026][ T6562] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.369786][ T1241] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.372261][ T1241] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.388670][ T6296] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.391120][ T6296] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.400010][ T40] audit: type=1400 audit(1749687087.603:324): avc: denied { mount } for pid=6562 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 61.407430][ T40] audit: type=1400 audit(1749687087.603:325): avc: denied { mounton } for pid=6562 comm="syz-executor" path="/syzkaller.7b4jJc/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 61.452918][ T6767] fuse: Bad value for 'fd' [ 61.494153][ T40] audit: type=1400 audit(1749687087.693:326): avc: denied { ioctl } for pid=6773 comm="syz.0.217" path="/dev/uhid" dev="devtmpfs" ino=1297 ioctlcmd=0x9413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 61.501775][ T40] audit: type=1400 audit(1749687087.693:327): avc: denied { ioctl } for pid=6773 comm="syz.0.217" path="socket:[14399]" dev="sockfs" ino=14399 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 61.554210][ T40] audit: type=1400 audit(1749687087.753:328): avc: denied { name_bind } for pid=6770 comm="syz.3.211" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 61.596495][ T40] audit: type=1400 audit(1749687087.803:329): avc: denied { read } for pid=6771 comm="syz.2.210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 61.623015][ T40] audit: type=1400 audit(1749687087.823:330): avc: denied { getopt } for pid=6805 comm="syz.0.215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 61.660857][ T40] audit: type=1400 audit(1749687087.863:331): avc: denied { listen } for pid=6814 comm="syz.1.218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 61.717794][ T6819] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 61.721341][ T6819] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 61.816209][ T6830] loop6: detected capacity change from 0 to 524287999 [ 61.816374][ T6829] fuseblk: Unknown parameter 'dont_hash' [ 61.826895][ T6817] netlink: 'syz.0.219': attribute type 21 has an invalid length. [ 61.832888][ T6822] FAULT_INJECTION: forcing a failure. [ 61.832888][ T6822] name failslab, interval 1, probability 0, space 0, times 1 [ 61.837210][ T6822] CPU: 2 UID: 0 PID: 6822 Comm: syz.2.221 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 61.837225][ T6822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.837232][ T6822] Call Trace: [ 61.837236][ T6822] [ 61.837240][ T6822] dump_stack_lvl+0x16c/0x1f0 [ 61.837260][ T6822] should_fail_ex+0x512/0x640 [ 61.837276][ T6822] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 61.837292][ T6822] should_failslab+0xc2/0x120 [ 61.837308][ T6822] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 61.837322][ T6822] ? __alloc_skb+0x2b2/0x380 [ 61.837340][ T6822] __alloc_skb+0x2b2/0x380 [ 61.837355][ T6822] ? __pfx___alloc_skb+0x10/0x10 [ 61.837368][ T6822] ? __pfx_rtnl_newlink+0x10/0x10 [ 61.837390][ T6822] netlink_ack+0x15d/0xb80 [ 61.837407][ T6822] netlink_rcv_skb+0x332/0x420 [ 61.837419][ T6822] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 61.837437][ T6822] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 61.837453][ T6822] ? netlink_deliver_tap+0x1ae/0xd30 [ 61.837467][ T6822] netlink_unicast+0x53d/0x7f0 [ 61.837480][ T6822] ? __pfx_netlink_unicast+0x10/0x10 [ 61.837495][ T6822] netlink_sendmsg+0x8d1/0xdd0 [ 61.837509][ T6822] ? __pfx_netlink_sendmsg+0x10/0x10 [ 61.837526][ T6822] ____sys_sendmsg+0xa98/0xc70 [ 61.837538][ T6822] ? copy_msghdr_from_user+0x10a/0x160 [ 61.837555][ T6822] ? __pfx_____sys_sendmsg+0x10/0x10 [ 61.837573][ T6822] ___sys_sendmsg+0x134/0x1d0 [ 61.837590][ T6822] ? __pfx____sys_sendmsg+0x10/0x10 [ 61.837618][ T6822] ? __pfx_vfs_write+0x10/0x10 [ 61.837632][ T6822] ? do_sys_openat2+0x157/0x1d0 [ 61.837644][ T6822] __sys_sendmsg+0x16d/0x220 [ 61.837660][ T6822] ? __pfx___sys_sendmsg+0x10/0x10 [ 61.837685][ T6822] do_syscall_64+0xcd/0x4c0 [ 61.837703][ T6822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.837714][ T6822] RIP: 0033:0x7f12c538e929 [ 61.837723][ T6822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.837733][ T6822] RSP: 002b:00007f12c31f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.837743][ T6822] RAX: ffffffffffffffda RBX: 00007f12c55b5fa0 RCX: 00007f12c538e929 [ 61.837750][ T6822] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003 [ 61.837756][ T6822] RBP: 00007f12c31f6090 R08: 0000000000000000 R09: 0000000000000000 [ 61.837761][ T6822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 61.837767][ T6822] R13: 0000000000000000 R14: 00007f12c55b5fa0 R15: 00007ffe25064ab8 [ 61.837781][ T6822] [ 61.944368][ T6833] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 62.048653][ T6837] random: crng reseeded on system resumption [ 62.140891][ T6841] netlink: 8 bytes leftover after parsing attributes in process `syz.0.225'. [ 62.165001][ T5941] Bluetooth: hci2: command tx timeout [ 62.233798][ T6848] SELinux: Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped). [ 62.239406][ T6848] syz.0.227 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 62.603284][ T6829] Process accounting resumed [ 62.695326][ T6864] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.766810][ T1154] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 62.803946][ T6877] loop3: detected capacity change from 0 to 1 [ 62.808274][ T6877] Dev loop3: unable to read RDB block 1 [ 62.810462][ T6877] loop3: unable to read partition table [ 62.813199][ T6877] loop3: partition table beyond EOD, truncated [ 62.819549][ T6877] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 62.857693][ T6885] fuse: Bad value for 'fd' [ 62.923787][ T6890] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 62.926154][ T6890] IPv6: NLM_F_CREATE should be set when creating new route [ 63.054843][ T29] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 63.204280][ T29] usb 6-1: Using ep0 maxpacket: 8 [ 63.207737][ T29] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 63.210432][ T29] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 63.213653][ T29] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 63.217097][ T29] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 63.220297][ T29] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 63.225535][ T29] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 63.228446][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.291149][ T6915] evm: overlay not supported [ 63.436919][ T29] usb 6-1: GET_CAPABILITIES returned 0 [ 63.439134][ T29] usbtmc 6-1:16.0: can't read capabilities [ 63.557749][ T6920] FAULT_INJECTION: forcing a failure. [ 63.557749][ T6920] name failslab, interval 1, probability 0, space 0, times 0 [ 63.561737][ T6920] CPU: 1 UID: 0 PID: 6920 Comm: syz.0.244 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 63.561754][ T6920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 63.561760][ T6920] Call Trace: [ 63.561764][ T6920] [ 63.561768][ T6920] dump_stack_lvl+0x16c/0x1f0 [ 63.561789][ T6920] should_fail_ex+0x512/0x640 [ 63.561807][ T6920] should_failslab+0xc2/0x120 [ 63.561824][ T6920] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 63.561838][ T6920] ? skb_clone+0x190/0x3f0 [ 63.561858][ T6920] skb_clone+0x190/0x3f0 [ 63.561875][ T6920] netlink_deliver_tap+0xabd/0xd30 [ 63.561890][ T6920] netlink_unicast+0x6b2/0x7f0 [ 63.561903][ T6920] ? __pfx_netlink_unicast+0x10/0x10 [ 63.561919][ T6920] netlink_ack+0x696/0xb80 [ 63.561935][ T6920] netlink_rcv_skb+0x332/0x420 [ 63.561946][ T6920] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 63.561964][ T6920] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 63.561981][ T6920] ? netlink_deliver_tap+0x1ae/0xd30 [ 63.561995][ T6920] netlink_unicast+0x53d/0x7f0 [ 63.562008][ T6920] ? __pfx_netlink_unicast+0x10/0x10 [ 63.562023][ T6920] netlink_sendmsg+0x8d1/0xdd0 [ 63.562037][ T6920] ? __pfx_netlink_sendmsg+0x10/0x10 [ 63.562055][ T6920] ____sys_sendmsg+0xa98/0xc70 [ 63.562067][ T6920] ? copy_msghdr_from_user+0x10a/0x160 [ 63.562083][ T6920] ? __pfx_____sys_sendmsg+0x10/0x10 [ 63.562106][ T6920] ___sys_sendmsg+0x134/0x1d0 [ 63.562123][ T6920] ? __pfx____sys_sendmsg+0x10/0x10 [ 63.562152][ T6920] ? __pfx_vfs_write+0x10/0x10 [ 63.562167][ T6920] ? do_sys_openat2+0x157/0x1d0 [ 63.562178][ T6920] __sys_sendmsg+0x16d/0x220 [ 63.562195][ T6920] ? __pfx___sys_sendmsg+0x10/0x10 [ 63.562220][ T6920] do_syscall_64+0xcd/0x4c0 [ 63.562238][ T6920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.562249][ T6920] RIP: 0033:0x7f88edd8e929 [ 63.562257][ T6920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.562268][ T6920] RSP: 002b:00007f88eec71038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.562278][ T6920] RAX: ffffffffffffffda RBX: 00007f88edfb5fa0 RCX: 00007f88edd8e929 [ 63.562285][ T6920] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003 [ 63.562291][ T6920] RBP: 00007f88eec71090 R08: 0000000000000000 R09: 0000000000000000 [ 63.562297][ T6920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.562303][ T6920] R13: 0000000000000000 R14: 00007f88edfb5fa0 R15: 00007ffc2654c8d8 [ 63.562316][ T6920] [ 63.762621][ T6930] Cannot find set identified by id 0 to match [ 63.998621][ T6938] usbtmc 6-1:16.0: INDICATOR_PULSE returned 0 [ 64.199957][ T837] usb 6-1: USB disconnect, device number 3 [ 64.234780][ T5941] Bluetooth: hci2: command tx timeout [ 64.720174][ T6941] syz_tun: entered allmulticast mode [ 64.894392][ T6941] netlink: 12 bytes leftover after parsing attributes in process `syz.0.249'. [ 64.940245][ T6957] netlink: 8 bytes leftover after parsing attributes in process `syz.1.253'. [ 64.943220][ T6957] netlink: 8 bytes leftover after parsing attributes in process `syz.1.253'. [ 64.959828][ T6957] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.061608][ T6964] netlink: 'syz.1.255': attribute type 41 has an invalid length. [ 65.094440][ T6968] netlink: 'syz.1.257': attribute type 1 has an invalid length. [ 65.097580][ T6968] netlink: 228 bytes leftover after parsing attributes in process `syz.1.257'. [ 65.186206][ T6978] kvm: pic: level sensitive irq not supported [ 65.186543][ T6978] kvm: pic: non byte read [ 65.191014][ T6978] kvm: pic: non byte read [ 65.192786][ T6978] kvm: pic: non byte read [ 65.199082][ T6978] kvm: pic: non byte read [ 65.200943][ T6978] kvm: pic: non byte read [ 65.202671][ T6978] kvm: pic: non byte read [ 65.205151][ T6978] kvm: pic: non byte read [ 65.207006][ T6978] kvm: pic: non byte read [ 65.208802][ T6978] kvm: pic: non byte read [ 65.210556][ T6978] kvm: pic: non byte read [ 65.570583][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 65.570595][ T40] audit: type=1400 audit(1749687090.778:359): avc: denied { append } for pid=7015 comm="syz.2.268" path="/65/file0/blkio.throttle.io_service_bytes_recursive" dev="9p" ino=35913969 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 66.236683][ T40] audit: type=1400 audit(1749687091.448:360): avc: denied { unmount } for pid=5933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 66.314184][ T5941] Bluetooth: hci2: command tx timeout [ 66.474225][ C3] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 66.485158][ T7032] netlink: 28 bytes leftover after parsing attributes in process `syz.0.272'. [ 66.491482][ T7032] netlink: 40 bytes leftover after parsing attributes in process `syz.0.272'. [ 66.799722][ T40] audit: type=1400 audit(1749687092.008:361): avc: denied { setopt } for pid=7040 comm="syz.1.275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 66.806603][ T40] audit: type=1400 audit(1749687092.018:362): avc: denied { getopt } for pid=7040 comm="syz.1.275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 66.813203][ T40] audit: type=1400 audit(1749687092.018:363): avc: denied { connect } for pid=7040 comm="syz.1.275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 66.820857][ T40] audit: type=1400 audit(1749687092.018:364): avc: denied { read } for pid=7040 comm="syz.1.275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 66.858990][ T7049] tmpfs: Bad value for 'mpol' [ 66.928584][ T40] audit: type=1400 audit(1749687092.138:365): avc: denied { ioctl } for pid=7057 comm="syz.2.280" path="socket:[17495]" dev="sockfs" ino=17495 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 66.979887][ T5941] block nbd0: Receive control failed (result -107) [ 67.014137][ T40] audit: type=1400 audit(1749687092.218:366): avc: denied { ioctl } for pid=7070 comm="syz.3.283" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 67.016219][ T7071] binder: 7070:7071 ioctl c018620c 200000000300 returned -22 [ 67.021935][ T40] audit: type=1400 audit(1749687092.228:367): avc: denied { set_context_mgr } for pid=7070 comm="syz.3.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 67.036379][ T40] audit: type=1400 audit(1749687092.248:368): avc: denied { map } for pid=7057 comm="syz.2.280" path="socket:[17495]" dev="sockfs" ino=17495 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 67.066831][ T7077] tipc: Started in network mode [ 67.068907][ T7077] tipc: Node identity ac14142f, cluster identity 4711 [ 67.072201][ T7077] tipc: New replicast peer: 0.0.0.0 [ 67.075344][ T7077] tipc: Enabled bearer , priority 10 [ 67.078432][ T7077] tipc: New replicast peer: fc02:0000:0000:0000:0000:0000:0000:0000 [ 67.107352][ T7079] netlink: 16 bytes leftover after parsing attributes in process `syz.2.285'. [ 67.110215][ T7079] netlink: 16 bytes leftover after parsing attributes in process `syz.2.285'. [ 67.150999][ T837] libceph: connect (1)[c::]:6789 error -101 [ 67.153456][ T837] libceph: mon0 (1)[c::]:6789 connect error [ 67.198159][ T837] libceph: connect (1)[c::]:6789 error -101 [ 67.204301][ T837] libceph: mon0 (1)[c::]:6789 connect error [ 67.245995][ T7091] netlink: 12 bytes leftover after parsing attributes in process `syz.2.286'. [ 67.252726][ T7091] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 67.256061][ T7091] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 67.258839][ T7091] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 67.266278][ T7091] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 67.269108][ T7091] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 67.271813][ T7091] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 67.416360][ T7099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.289'. [ 67.425030][ T837] libceph: connect (1)[c::]:6789 error -101 [ 67.427606][ T837] libceph: mon0 (1)[c::]:6789 connect error [ 67.466054][ T837] libceph: connect (1)[c::]:6789 error -101 [ 67.468284][ T837] libceph: mon0 (1)[c::]:6789 connect error [ 67.584534][ T7105] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 67.694835][ T7106] program syz.0.291 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.934750][ T10] libceph: connect (1)[c::]:6789 error -101 [ 67.937430][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 67.971831][ T7082] ceph: No mds server is up or the cluster is laggy [ 67.972820][ T7085] ceph: No mds server is up or the cluster is laggy [ 67.985120][ T10] libceph: connect (1)[c::]:6789 error -101 [ 67.987774][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 68.063757][ T7112] SELinux: Context system_u:object_r:dhcpc_state_t:s0 is not valid (left unmapped). [ 68.215777][ T10] tipc: Node number set to 2886997039 [ 68.464680][ T7119] dummy0: entered promiscuous mode [ 68.636968][ T7128] fuse: Unknown parameter '00000000000000000000' [ 68.930552][ T7141] program syz.2.302 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 69.246186][ T7169] netlink: 'syz.2.309': attribute type 3 has an invalid length. [ 70.147763][ T7181] mmap: syz.2.312 (7181): VmData 37466112 exceed data ulimit 4. Update limits or use boot option ignore_rlimit_data. [ 70.186898][ T7190] __nla_validate_parse: 2 callbacks suppressed [ 70.186909][ T7190] netlink: 10 bytes leftover after parsing attributes in process `syz.3.316'. [ 70.278058][ T7206] netlink: 236 bytes leftover after parsing attributes in process `syz.1.320'. [ 70.425671][ T7224] ipvlan2: entered promiscuous mode [ 70.428298][ T7224] bridge0: port 3(ipvlan2) entered blocking state [ 70.430713][ T7224] bridge0: port 3(ipvlan2) entered disabled state [ 70.433236][ T7224] ipvlan2: entered allmulticast mode [ 70.435915][ T7224] bridge0: entered allmulticast mode [ 70.438724][ T7224] ipvlan2: left allmulticast mode [ 70.440343][ T7224] bridge0: left allmulticast mode [ 70.521879][ T7227] xt_hashlimit: size too large, truncated to 1048576 [ 70.554237][ T837] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 70.616430][ T40] kauditd_printk_skb: 21 callbacks suppressed [ 70.616441][ T40] audit: type=1400 audit(1749687095.828:390): avc: denied { append } for pid=7230 comm="syz.1.328" name="cec1" dev="devtmpfs" ino=976 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 70.617482][ T7231] 9pnet_fd: Insufficient options for proto=fd [ 70.704223][ T837] usb 7-1: Using ep0 maxpacket: 32 [ 70.709339][ T837] usb 7-1: config 0 has an invalid interface number: 85 but max is 0 [ 70.712838][ T837] usb 7-1: config 0 has no interface number 0 [ 70.716035][ T837] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 70.722003][ T837] usb 7-1: config 0 interface 85 has no altsetting 0 [ 70.728335][ T837] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 70.732292][ T837] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.735763][ T837] usb 7-1: Product: syz [ 70.737545][ T837] usb 7-1: Manufacturer: syz [ 70.739518][ T837] usb 7-1: SerialNumber: syz [ 70.745534][ T837] usb 7-1: config 0 descriptor?? [ 70.792137][ T40] audit: type=1400 audit(1749687095.998:391): avc: denied { watch watch_reads } for pid=7240 comm="syz.1.332" path="pipe:[12902]" dev="pipefs" ino=12902 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 70.795815][ T7241] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 70.902794][ T40] audit: type=1400 audit(1749687096.108:392): avc: denied { read } for pid=7251 comm="syz.0.336" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 70.909440][ T7252] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.336'. [ 70.912137][ T40] audit: type=1400 audit(1749687096.108:393): avc: denied { open } for pid=7251 comm="syz.0.336" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 71.118723][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.120712][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.204273][ T54] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 71.312178][ T837] appletouch 7-1:0.85: Failed to read mode from device. [ 71.319656][ T837] appletouch 7-1:0.85: probe with driver appletouch failed with error -5 [ 71.325437][ T837] usb 7-1: USB disconnect, device number 3 [ 71.365000][ T54] usb 5-1: too many configurations: 151, using maximum allowed: 8 [ 71.369498][ T54] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 71.372213][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 71.375944][ T54] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 71.380073][ T54] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 71.382907][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 71.386311][ T54] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 71.390936][ T54] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 71.394720][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 71.398837][ T54] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 71.399969][ T7257] netlink: 8 bytes leftover after parsing attributes in process `syz.2.337'. [ 71.403498][ T54] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 71.405642][ T6292] bond0: (slave bond_slave_0): interface is now down [ 71.407576][ T7257] netlink: 'syz.2.337': attribute type 10 has an invalid length. [ 71.408906][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 71.408943][ T54] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 71.411776][ T6292] bond0: (slave bond_slave_1): interface is now down [ 71.415412][ T54] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 71.418574][ T6292] bond0: (slave wlan1): interface is now down [ 71.421207][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 71.425537][ T7257] erspan0: entered promiscuous mode [ 71.426843][ T54] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 71.430879][ T7257] bond0: (slave erspan0): no link monitoring support [ 71.433200][ T54] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 71.438279][ T7257] erspan0: entered allmulticast mode [ 71.439271][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 71.439283][ T54] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 71.440056][ T54] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 71.442324][ T7257] bond0: (slave erspan0): Enslaving as an active interface with an up link [ 71.443568][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 71.461124][ T54] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 71.466145][ T54] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 71.469866][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 71.473746][ T54] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 71.478385][ T54] usb 5-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 71.481219][ T54] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 71.483785][ T54] usb 5-1: Product: syz [ 71.485237][ T54] usb 5-1: Manufacturer: syz [ 71.486705][ T54] usb 5-1: SerialNumber: syz [ 71.490419][ T54] usb 5-1: config 0 descriptor?? [ 71.726457][ T40] audit: type=1400 audit(1749687096.938:394): avc: denied { ioctl } for pid=7274 comm="syz.2.342" path="mnt:[4026532924]" dev="nsfs" ino=4026532924 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 71.820591][ T40] audit: type=1400 audit(1749687097.028:395): avc: denied { map } for pid=7274 comm="syz.2.342" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=749 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 71.876935][ T7275] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1550 sclass=netlink_route_socket pid=7275 comm=syz.2.342 [ 71.894284][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.940127][ T7286] netlink: 328 bytes leftover after parsing attributes in process `syz.2.344'. [ 72.009530][ T7297] futex_wake_op: syz.2.347 tries to shift op by -1; fix this program [ 72.614530][ T40] audit: type=1400 audit(1749687097.828:396): avc: denied { read } for pid=7321 comm="syz.1.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 72.621143][ T7323] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 72.624492][ T7323] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 72.626988][ T7322] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(6) [ 72.629141][ T7322] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 72.632423][ T7323] vhci_hcd vhci_hcd.0: Device attached [ 72.632784][ T7322] vhci_hcd vhci_hcd.0: Device attached [ 72.637035][ T7324] vhci_hcd: connection closed [ 72.642560][ T6295] vhci_hcd: stop threads [ 72.646731][ T6295] vhci_hcd: release socket [ 72.648236][ T6295] vhci_hcd: disconnect device [ 72.648788][ T7325] vhci_hcd: connection closed [ 72.651123][ T6295] vhci_hcd: stop threads [ 72.655309][ T6295] vhci_hcd: release socket [ 72.656814][ T6295] vhci_hcd: disconnect device [ 72.886140][ T40] audit: type=1400 audit(1749687098.098:397): avc: denied { sqpoll } for pid=7338 comm="syz.1.359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 72.981918][ T40] audit: type=1400 audit(1749687098.188:398): avc: denied { setopt } for pid=7346 comm="syz.1.360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 73.015273][ T40] audit: type=1400 audit(1749687098.228:399): avc: denied { listen } for pid=7348 comm="syz.1.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 73.023569][ T7350] ,: renamed from batadv_slave_1 (while UP) [ 73.222923][ T7358] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.226016][ T7358] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.236156][ T7358] bridge0: port 3(vlan2) entered blocking state [ 73.238252][ T7358] bridge0: port 3(vlan2) entered disabled state [ 73.240284][ T7358] vlan2: entered allmulticast mode [ 73.241939][ T7358] bond0: entered allmulticast mode [ 73.243662][ T7358] bond_slave_0: entered allmulticast mode [ 73.246186][ T7358] bond_slave_1: entered allmulticast mode [ 73.249007][ T7358] vlan2: entered promiscuous mode [ 73.250594][ T7358] bond0: entered promiscuous mode [ 73.252177][ T7358] bond_slave_0: entered promiscuous mode [ 73.254143][ T7358] bond_slave_1: entered promiscuous mode [ 73.354875][ T1144] bond0: (slave bond_slave_0): interface is now down [ 73.357680][ T1144] bond0: (slave bond_slave_1): interface is now down [ 73.359836][ T1144] bond0: (slave wlan1): interface is now down [ 73.913676][ T5719] usb 5-1: USB disconnect, device number 3 [ 74.314202][ C3] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 74.357833][ T7386] netlink: 'syz.1.375': attribute type 1 has an invalid length. [ 74.360299][ T7386] netlink: 'syz.1.375': attribute type 4 has an invalid length. [ 74.362788][ T7386] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.375'. [ 74.407699][ T7394] x_tables: ip_tables: icmp.0 match: invalid size 8 (kernel) != (user) 56 [ 74.671905][ T7405] netlink: 24 bytes leftover after parsing attributes in process `syz.0.381'. [ 74.713080][ T7411] netlink: 8 bytes leftover after parsing attributes in process `syz.0.383'. [ 74.717801][ T7411] netlink: 24 bytes leftover after parsing attributes in process `syz.0.383'. [ 74.994352][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 75.146071][ T10] usb 5-1: no configurations [ 75.147627][ T10] usb 5-1: can't read configurations, error -22 [ 75.204186][ T5945] Bluetooth: hci4: command 0x1003 tx timeout [ 75.206333][ T5941] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 75.275819][ T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 75.284233][ T6295] bond0: (slave erspan0): interface is now down [ 75.286975][ T6295] bond0: now running without any active interface! [ 75.387346][ T7429] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 75.425038][ T10] usb 5-1: no configurations [ 75.426487][ T10] usb 5-1: can't read configurations, error -22 [ 75.429930][ T10] usb usb5-port1: attempt power cycle [ 75.784141][ T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 75.806833][ T10] usb 5-1: no configurations [ 75.808330][ T10] usb 5-1: can't read configurations, error -22 [ 75.904636][ T40] kauditd_printk_skb: 6 callbacks suppressed [ 75.904646][ T40] audit: type=1400 audit(1749687101.118:406): avc: denied { setopt } for pid=7450 comm="syz.2.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 75.912925][ T40] audit: type=1400 audit(1749687101.118:407): avc: denied { connect } for pid=7450 comm="syz.2.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 75.919113][ T40] audit: type=1400 audit(1749687101.118:408): avc: denied { write } for pid=7450 comm="syz.2.393" path="socket:[18146]" dev="sockfs" ino=18146 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 75.934625][ T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 75.955279][ T10] usb 5-1: no configurations [ 75.956765][ T10] usb 5-1: can't read configurations, error -22 [ 75.958870][ T10] usb usb5-port1: unable to enumerate USB device [ 76.055636][ T7464] pim6reg1: entered promiscuous mode [ 76.057854][ T7464] pim6reg1: entered allmulticast mode [ 76.625782][ T7483] netlink: 'syz.3.401': attribute type 4 has an invalid length. [ 76.734191][ T29] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 76.875747][ T5941] Bluetooth: hci5: command 0x1003 tx timeout [ 76.879011][ T5944] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 76.896331][ T29] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 76.900777][ T29] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 76.905004][ T29] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 76.908672][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.910152][ T7499] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.404'. [ 76.915016][ T7473] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 76.923177][ T29] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 76.969275][ T40] audit: type=1400 audit(1749687102.178:409): avc: denied { create } for pid=7498 comm="syz.3.404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 76.979886][ T40] audit: type=1400 audit(1749687102.178:410): avc: denied { bind } for pid=7498 comm="syz.3.404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 76.990273][ T40] audit: type=1400 audit(1749687102.178:411): avc: denied { watch } for pid=7498 comm="syz.3.404" path="/87/file1" dev="tmpfs" ino=469 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 77.219641][ T6002] usb 7-1: USB disconnect, device number 4 [ 77.433191][ T40] audit: type=1400 audit(1749687102.638:412): avc: denied { read } for pid=7506 comm="syz.1.405" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 77.473379][ T40] audit: type=1400 audit(1749687102.678:413): avc: denied { getopt } for pid=7508 comm="syz.1.406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 77.477151][ T7509] netlink: 'syz.1.406': attribute type 1 has an invalid length. [ 77.528237][ T7511] mmap: syz.1.407 (7511) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 77.753453][ T40] audit: type=1400 audit(1749687102.958:414): avc: denied { read write } for pid=7514 comm="syz.2.408" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 77.969027][ T7550] process 'syz.3.418' launched './file1' with NULL argv: empty string added [ 77.976490][ T40] audit: type=1400 audit(1749687103.178:415): avc: denied { execute_no_trans } for pid=7549 comm="syz.3.418" path="/89/file1" dev="tmpfs" ino=480 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 78.015857][ T7562] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 78.077773][ T7566] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.080293][ T7566] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.159548][ T7571] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 78.202267][ T7573] xt_policy: output policy not valid in PREROUTING and INPUT [ 78.290180][ T7582] trusted_key: syz.1.427 sent an empty control message without MSG_MORE. [ 78.297136][ T7582] gfs2: Unknown parameter 'quota11' [ 78.331116][ T7590] netlink: 4 bytes leftover after parsing attributes in process `syz.3.431'. [ 78.334569][ T7589] netlink: 4 bytes leftover after parsing attributes in process `syz.3.431'. [ 78.412232][ T7593] binder: 7592:7593 ioctl c058671e 200000000580 returned -22 [ 78.422795][ T7593] binder: 7592:7593 ioctl c0306201 200000000080 returned -22 [ 78.422795][ T7596] binder: 7592:7596 ioctl c058671e 200000000580 returned -22 [ 78.466132][ T7599] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 78.518201][ T7603] futex_wake_op: syz.2.434 tries to shift op by -1; fix this program [ 78.551754][ C3] vkms_vblank_simulate: vblank timer overrun [ 79.027812][ T7610] block nbd0: Cannot use ioctl interface on a netlink controlled device. [ 79.098790][ T7616] netlink: 'syz.1.439': attribute type 13 has an invalid length. [ 79.111622][ T7616] macvtap0: entered promiscuous mode [ 79.115539][ T7616] macvtap0: refused to change device tx_queue_len [ 79.118514][ T7616] vlan0: entered promiscuous mode [ 79.122484][ T7616] rdma_op ffff8880554799f0 conn xmit_rdma 0000000000000000 [ 79.126063][ T7616] netlink: 4 bytes leftover after parsing attributes in process `syz.1.439'. [ 79.128927][ T7616] netlink: 4 bytes leftover after parsing attributes in process `syz.1.439'. [ 79.164198][ T7630] 9pnet_fd: Insufficient options for proto=fd [ 79.383024][ T7647] netlink: 60 bytes leftover after parsing attributes in process `syz.2.446'. [ 79.427605][ T7646] netlink: 'syz.3.447': attribute type 11 has an invalid length. [ 79.430006][ T7646] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.447'. [ 79.624321][ T24] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 79.679041][ T7673] block nbd0: Cannot use ioctl interface on a netlink controlled device. [ 79.683197][ T7673] block nbd0: Cannot use ioctl interface on a netlink controlled device. [ 79.687268][ T7673] block nbd0: NBD_DISCONNECT [ 79.689432][ T7673] block nbd0: Send disconnect failed -32 [ 79.691349][ T7673] block nbd0: shutting down sockets [ 79.774231][ T24] usb 7-1: device descriptor read/64, error -71 [ 79.825162][ T7681] netlink: 8 bytes leftover after parsing attributes in process `syz.1.457'. [ 79.828766][ T7681] netlink: 12 bytes leftover after parsing attributes in process `syz.1.457'. [ 79.833592][ T7681] netlink: 'syz.1.457': attribute type 13 has an invalid length. [ 79.890792][ T7689] pim6reg1: entered promiscuous mode [ 79.892512][ T7689] pim6reg1: entered allmulticast mode [ 80.024250][ T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 80.127941][ T7709] netlink: 'syz.0.465': attribute type 10 has an invalid length. [ 80.133916][ T7709] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.137209][ T7709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.141129][ T7709] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.144005][ T7709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.150634][ T7709] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 80.154204][ T24] usb 7-1: device descriptor read/64, error -71 [ 80.155204][ T7709] bridge_slave_1: left allmulticast mode [ 80.158562][ T7709] bridge_slave_1: left promiscuous mode [ 80.160515][ T7709] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.168616][ T7709] bridge_slave_0: left allmulticast mode [ 80.170374][ T7709] bridge_slave_0: left promiscuous mode [ 80.172478][ T7709] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.198743][ T7709] bond0: (slave bridge0): Releasing backup interface [ 80.210892][ T7712] bpf: Bad value for 'uid' [ 80.274472][ T24] usb usb7-port1: attempt power cycle [ 80.363241][ T7723] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 80.401730][ T7723] netlink: 24 bytes leftover after parsing attributes in process `syz.0.470'. [ 80.618774][ T7742] trusted_key: encrypted_key: master key parameter 'encrypted' is invalid [ 80.634436][ T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 80.655740][ T24] usb 7-1: device descriptor read/8, error -71 [ 80.727119][ T7748] batman_adv: batadv0: Adding interface: dummy0 [ 80.729267][ T7748] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.737787][ T7748] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 80.881188][ T7766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.884328][ T7766] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 80.889019][ T7766] bond0: (slave gre0): Error -95 calling set_mac_address [ 80.924183][ T24] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 80.957452][ T24] usb 7-1: device descriptor read/8, error -71 [ 80.972731][ T40] kauditd_printk_skb: 46 callbacks suppressed [ 80.972747][ T40] audit: type=1400 audit(1749687106.178:462): avc: denied { remount } for pid=7769 comm="syz.1.483" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 81.064554][ T24] usb usb7-port1: unable to enumerate USB device [ 81.166674][ T40] audit: type=1400 audit(1749687106.378:463): avc: denied { nlmsg_read } for pid=7783 comm="syz.3.485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 81.359467][ T838] cfg80211: failed to load regulatory.db [ 81.698279][ T7810] openvswitch: netlink: Flow key attr not present in new flow. [ 81.743221][ T7812] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 81.748192][ T7812] bond0: (slave gre0): Error -95 calling set_mac_address [ 81.789841][ T7814] batadv_slave_1: entered promiscuous mode [ 81.872104][ T40] audit: type=1400 audit(1749687107.078:464): avc: denied { mount } for pid=7817 comm="syz.1.495" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 81.926709][ T40] audit: type=1400 audit(1749687107.138:465): avc: denied { unmount } for pid=7817 comm="syz.1.495" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 81.960932][ T7815] team0 (unregistering): Port device team_slave_0 removed [ 81.968241][ T7815] team0 (unregistering): Port device team_slave_1 removed [ 81.987112][ T7819] __nla_validate_parse: 6 callbacks suppressed [ 81.987128][ T7819] netlink: 24 bytes leftover after parsing attributes in process `syz.1.495'. [ 82.004291][ T40] audit: type=1400 audit(1749687107.208:466): avc: denied { unmount } for pid=6562 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 82.165665][ T40] audit: type=1400 audit(1749687107.378:467): avc: denied { bind } for pid=7821 comm="syz.1.496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 82.171683][ T40] audit: type=1400 audit(1749687107.378:468): avc: denied { setopt } for pid=7821 comm="syz.1.496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 82.417165][ T7829] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 82.455743][ T7833] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 82.622437][ T7813] batadv_slave_1: left promiscuous mode [ 82.671167][ T7836] usb usb8: usbfs: process 7836 (syz.0.501) did not claim interface 0 before use [ 82.673655][ T7838] IPv6: addrconf: prefix option has invalid lifetime [ 82.744120][ T7840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.502'. [ 82.752612][ T40] audit: type=1400 audit(1749687107.958:469): avc: denied { mount } for pid=7839 comm="syz.0.502" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 82.758099][ T7840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.502'. [ 82.762039][ T40] audit: type=1400 audit(1749687107.958:470): avc: denied { read } for pid=7839 comm="syz.0.502" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 82.775220][ T40] audit: type=1400 audit(1749687107.958:471): avc: denied { open } for pid=7839 comm="syz.0.502" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 83.195533][ T7853] dns_resolver: Unsupported content type (234) [ 83.271756][ T7860] netlink: 'syz.0.508': attribute type 1 has an invalid length. [ 83.298329][ T7860] 8021q: adding VLAN 0 to HW filter on device bond2 [ 83.307564][ T7860] bond2: (slave gretap1): making interface the new active one [ 83.311245][ T7860] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 83.394484][ T7871] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 83.400252][ T7871] bond0: (slave gre0): Error -95 calling set_mac_address [ 83.414192][ T7860] syz.0.508 (7860) used greatest stack depth: 20872 bytes left [ 83.470746][ T7881] Bluetooth: Error in BCSP hdr checksum [ 83.665767][ T7892] fuse: Bad value for 'user_id' [ 83.667359][ T7892] fuse: Bad value for 'user_id' [ 83.667447][ T7894] input: syz0 as /devices/virtual/input/input10 [ 83.671512][ T7894] input: failed to attach handler leds to device input10, error: -6 [ 83.740569][ T7897] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=62234 sclass=netlink_xfrm_socket pid=7897 comm=syz.2.515 [ 84.672849][ T7924] netlink: 288 bytes leftover after parsing attributes in process `syz.0.527'. [ 84.703464][ T7929] netlink: 'syz.0.528': attribute type 3 has an invalid length. [ 84.740147][ T7932] netlink: 28 bytes leftover after parsing attributes in process `syz.0.529'. [ 84.939860][ T7950] usb 1-1: USB disconnect, device number 2 [ 85.018764][ T7957] virtio-pci 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 85.201620][ T7961] netlink: 12 bytes leftover after parsing attributes in process `syz.2.538'. [ 85.290356][ T7969] netlink: 16 bytes leftover after parsing attributes in process `syz.2.540'. [ 85.515037][ T5941] Bluetooth: hci4: command 0x1003 tx timeout [ 85.515077][ T5944] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 85.537246][ T7985] netlink: 76 bytes leftover after parsing attributes in process `syz.2.543'. [ 85.692217][ T8002] virtio-pci 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 85.771382][ T8008] 8021q: adding VLAN 0 to HW filter on device bond1 [ 85.866445][ T8016] netlink: 244 bytes leftover after parsing attributes in process `syz.2.552'. [ 86.099584][ T5944] Bluetooth: hci0: adv larger than maximum supported [ 86.099611][ T5944] Bluetooth: hci0: Malformed LE Event: 0x0d [ 86.099856][ T8030] netlink: 'syz.0.555': attribute type 1 has an invalid length. [ 86.106305][ T8030] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.555'. [ 86.276136][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 86.276147][ T40] audit: type=1400 audit(1749687111.488:485): avc: denied { create } for pid=8037 comm="syz.1.559" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 86.286065][ T40] audit: type=1400 audit(1749687111.488:486): avc: denied { ioctl } for pid=8037 comm="syz.1.559" path="socket:[20416]" dev="sockfs" ino=20416 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 86.293706][ T40] audit: type=1400 audit(1749687111.498:487): avc: denied { connect } for pid=8037 comm="syz.1.559" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 86.419925][ T8047] loop6: detected capacity change from 0 to 524287999 [ 86.434263][ T8047] Driver unsupported XDP return value 0 on prog (id 61) dev N/A, expect packet loss! [ 86.707635][ T40] audit: type=1400 audit(1749687111.918:488): avc: denied { read } for pid=8060 comm="syz.2.567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 86.732254][ T8057] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 86.808221][ T40] audit: type=1400 audit(1749687112.018:489): avc: denied { append } for pid=8072 comm="syz.3.570" name="uinput" dev="devtmpfs" ino=944 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 87.002442][ T40] audit: type=1400 audit(1749687112.208:490): avc: denied { block_suspend } for pid=8103 comm="syz.3.581" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 87.057982][ T8106] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 87.129734][ T8126] FAULT_INJECTION: forcing a failure. [ 87.129734][ T8126] name failslab, interval 1, probability 0, space 0, times 0 [ 87.131185][ T8125] xt_policy: output policy not valid in PREROUTING and INPUT [ 87.133608][ T8126] CPU: 1 UID: 0 PID: 8126 Comm: syz.2.589 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 87.133623][ T8126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.133630][ T8126] Call Trace: [ 87.133634][ T8126] [ 87.133639][ T8126] dump_stack_lvl+0x16c/0x1f0 [ 87.133703][ T8126] should_fail_ex+0x512/0x640 [ 87.133723][ T8126] ? fs_reclaim_acquire+0xae/0x150 [ 87.133735][ T8126] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 87.133750][ T8126] should_failslab+0xc2/0x120 [ 87.133767][ T8126] __kmalloc_noprof+0xd2/0x510 [ 87.133784][ T8126] tomoyo_realpath_from_path+0xc2/0x6e0 [ 87.133801][ T8126] ? tomoyo_profile+0x47/0x60 [ 87.133820][ T8126] tomoyo_path_number_perm+0x245/0x580 [ 87.133832][ T8126] ? tomoyo_path_number_perm+0x237/0x580 [ 87.133846][ T8126] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 87.133861][ T8126] ? find_held_lock+0x2b/0x80 [ 87.133887][ T8126] ? find_held_lock+0x2b/0x80 [ 87.133900][ T8126] ? hook_file_ioctl_common+0x145/0x410 [ 87.133913][ T8126] ? __fget_files+0x20e/0x3c0 [ 87.133932][ T8126] security_file_ioctl+0x9b/0x240 [ 87.133948][ T8126] __x64_sys_ioctl+0xb7/0x210 [ 87.133962][ T8126] do_syscall_64+0xcd/0x4c0 [ 87.133979][ T8126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.133990][ T8126] RIP: 0033:0x7f12c538e929 [ 87.133999][ T8126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.134009][ T8126] RSP: 002b:00007f12c31f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.134019][ T8126] RAX: ffffffffffffffda RBX: 00007f12c55b5fa0 RCX: 00007f12c538e929 [ 87.134025][ T8126] RDX: 00002000000000c0 RSI: 00000000000089f0 RDI: 0000000000000004 [ 87.134031][ T8126] RBP: 00007f12c31f6090 R08: 0000000000000000 R09: 0000000000000000 [ 87.134037][ T8126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 87.134043][ T8126] R13: 0000000000000000 R14: 00007f12c55b5fa0 R15: 00007ffe25064ab8 [ 87.134068][ T8126] [ 87.135327][ T8126] ERROR: Out of memory at tomoyo_realpath_from_path. [ 87.146017][ T8118] program syz.0.586 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 87.147599][ T8126] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 87.150676][ T8118] __nla_validate_parse: 3 callbacks suppressed [ 87.150690][ T8118] netlink: 4 bytes leftover after parsing attributes in process `syz.0.586'. [ 87.151093][ T8126] bond0: (slave gre0): Error -95 calling set_mac_address [ 87.259327][ T40] audit: type=1400 audit(1749687112.468:491): avc: denied { map } for pid=8137 comm="syz.0.593" path="socket:[22680]" dev="sockfs" ino=22680 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 87.268908][ T40] audit: type=1400 audit(1749687112.468:492): avc: denied { accept } for pid=8137 comm="syz.0.593" path="socket:[22680]" dev="sockfs" ino=22680 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 87.274210][ T8134] futex_wake_op: syz.3.591 tries to shift op by 32; fix this program [ 87.312528][ T40] audit: type=1400 audit(1749687112.518:493): avc: denied { map } for pid=8137 comm="syz.0.593" path="socket:[19387]" dev="sockfs" ino=19387 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 87.363029][ T8136] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 87.365915][ T8136] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 87.378689][ T8136] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 87.380928][ T8136] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 87.388873][ T8136] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 87.390788][ T8136] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 87.397375][ T8136] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 87.399294][ T8136] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 87.851380][ T40] audit: type=1400 audit(1749687113.058:494): avc: denied { setopt } for pid=8161 comm="syz.0.598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 87.977023][ T8169] FAULT_INJECTION: forcing a failure. [ 87.977023][ T8169] name failslab, interval 1, probability 0, space 0, times 0 [ 87.982120][ T8169] CPU: 2 UID: 0 PID: 8169 Comm: syz.0.601 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 87.982145][ T8169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.982157][ T8169] Call Trace: [ 87.982165][ T8169] [ 87.982173][ T8169] dump_stack_lvl+0x16c/0x1f0 [ 87.982273][ T8169] should_fail_ex+0x512/0x640 [ 87.982305][ T8169] ? fs_reclaim_acquire+0xae/0x150 [ 87.982325][ T8169] ? tomoyo_encode2+0x100/0x3e0 [ 87.982349][ T8169] should_failslab+0xc2/0x120 [ 87.982376][ T8169] __kmalloc_noprof+0xd2/0x510 [ 87.982408][ T8169] tomoyo_encode2+0x100/0x3e0 [ 87.982438][ T8169] tomoyo_encode+0x29/0x50 [ 87.982463][ T8169] tomoyo_realpath_from_path+0x18f/0x6e0 [ 87.982491][ T8169] ? tomoyo_profile+0x47/0x60 [ 87.982522][ T8169] tomoyo_path_number_perm+0x245/0x580 [ 87.982549][ T8169] ? tomoyo_path_number_perm+0x237/0x580 [ 87.982574][ T8169] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 87.982598][ T8169] ? find_held_lock+0x2b/0x80 [ 87.982648][ T8169] ? find_held_lock+0x2b/0x80 [ 87.982670][ T8169] ? hook_file_ioctl_common+0x145/0x410 [ 87.982695][ T8169] ? __fget_files+0x20e/0x3c0 [ 87.982725][ T8169] security_file_ioctl+0x9b/0x240 [ 87.982751][ T8169] __x64_sys_ioctl+0xb7/0x210 [ 87.982775][ T8169] do_syscall_64+0xcd/0x4c0 [ 87.982805][ T8169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.982825][ T8169] RIP: 0033:0x7f88edd8e929 [ 87.982840][ T8169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.982858][ T8169] RSP: 002b:00007f88eec71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.982877][ T8169] RAX: ffffffffffffffda RBX: 00007f88edfb5fa0 RCX: 00007f88edd8e929 [ 87.982889][ T8169] RDX: 00002000000000c0 RSI: 00000000000089f0 RDI: 0000000000000004 [ 87.982901][ T8169] RBP: 00007f88eec71090 R08: 0000000000000000 R09: 0000000000000000 [ 87.982911][ T8169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 87.982922][ T8169] R13: 0000000000000000 R14: 00007f88edfb5fa0 R15: 00007ffc2654c8d8 [ 87.982948][ T8169] [ 87.982968][ T8169] ERROR: Out of memory at tomoyo_realpath_from_path. [ 88.068677][ T8169] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 88.072036][ T8169] bond0: (slave gre0): Error -95 calling set_mac_address [ 88.148826][ T8184] team0: entered allmulticast mode [ 88.151032][ T8184] team_slave_0: entered allmulticast mode [ 88.152984][ T8184] team_slave_1: entered allmulticast mode [ 88.156647][ T8184] team0: left allmulticast mode [ 88.158347][ T8184] team_slave_0: left allmulticast mode [ 88.160544][ T8184] team_slave_1: left allmulticast mode [ 88.228556][ T8189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 88.336140][ T8196] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 88.339939][ T8196] bond0: (slave gre0): Error -95 calling set_mac_address [ 88.376165][ T8198] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 88.379732][ T8198] bond0: (slave gre0): Error -95 calling set_mac_address [ 88.418821][ T8201] tipc: Started in network mode [ 88.421191][ T8201] tipc: Node identity , cluster identity 4711 [ 88.423725][ T8201] tipc: Failed to obtain node identity [ 88.426057][ T8201] tipc: Enabling of bearer rejected, failed to enable media [ 88.499844][ T8207] hugetlbfs: Unknown parameter 's z6+a' [ 88.745266][ T8225] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 88.750202][ T8225] bond0: (slave gre0): Error -95 calling set_mac_address [ 88.921014][ T8242] FAULT_INJECTION: forcing a failure. [ 88.921014][ T8242] name failslab, interval 1, probability 0, space 0, times 0 [ 88.926705][ T8242] CPU: 3 UID: 0 PID: 8242 Comm: syz.2.626 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 88.926720][ T8242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.926727][ T8242] Call Trace: [ 88.926731][ T8242] [ 88.926735][ T8242] dump_stack_lvl+0x16c/0x1f0 [ 88.926756][ T8242] should_fail_ex+0x512/0x640 [ 88.926771][ T8242] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 88.926788][ T8242] should_failslab+0xc2/0x120 [ 88.926805][ T8242] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 88.926819][ T8242] ? __alloc_skb+0x2b2/0x380 [ 88.926838][ T8242] __alloc_skb+0x2b2/0x380 [ 88.926853][ T8242] ? __pfx___alloc_skb+0x10/0x10 [ 88.926871][ T8242] ? if_nlmsg_size+0x475/0xaf0 [ 88.926896][ T8242] rtmsg_ifinfo_build_skb+0x81/0x280 [ 88.926915][ T8242] rtnetlink_event+0xf3/0x1f0 [ 88.926928][ T8242] notifier_call_chain+0xbc/0x410 [ 88.926942][ T8242] ? __pfx_rtnetlink_event+0x10/0x10 [ 88.926959][ T8242] call_netdevice_notifiers_info+0xbe/0x140 [ 88.926979][ T8242] call_netdevice_notifiers+0x7c/0xb0 [ 88.926997][ T8242] ? __pfx_call_netdevice_notifiers+0x10/0x10 [ 88.927016][ T8242] bond_enslave+0x2203/0x60b0 [ 88.927058][ T8242] ? find_held_lock+0x2b/0x80 [ 88.927072][ T8242] ? avc_has_perm_noaudit+0x117/0x3b0 [ 88.927085][ T8242] ? __pfx_bond_enslave+0x10/0x10 [ 88.927097][ T8242] ? avc_has_perm_noaudit+0x149/0x3b0 [ 88.927109][ T8242] ? cred_has_capability.isra.0+0x193/0x2f0 [ 88.927125][ T8242] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 88.927146][ T8242] ? cap_capable+0xb3/0x250 [ 88.927157][ T8242] ? full_name_hash+0xbc/0x110 [ 88.927175][ T8242] ? netdev_name_node_lookup+0x127/0x180 [ 88.927193][ T8242] bond_do_ioctl+0x601/0x6c0 [ 88.927205][ T8242] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 88.927220][ T8242] ? __pfx_bond_do_ioctl+0x10/0x10 [ 88.927233][ T8242] ? trace_sched_exit_tp+0xde/0x130 [ 88.927277][ T8242] ? __schedule+0x1181/0x5de0 [ 88.927293][ T8242] ? find_held_lock+0x2b/0x80 [ 88.927309][ T8242] ? __lock_acquire+0xb8a/0x1c90 [ 88.927354][ T8242] bond_siocdevprivate+0x167/0x200 [ 88.927369][ T8242] ? __pfx_bond_siocdevprivate+0x10/0x10 [ 88.927407][ T8242] ? do_raw_spin_lock+0x12c/0x2b0 [ 88.927421][ T8242] ? full_name_hash+0xbc/0x110 [ 88.927438][ T8242] ? netdev_name_node_lookup+0x127/0x180 [ 88.927455][ T8242] dev_ifsioc+0x8eb/0x1f70 [ 88.927472][ T8242] ? __pfx_dev_ifsioc+0x10/0x10 [ 88.927487][ T8242] ? __pfx___mutex_lock+0x10/0x10 [ 88.927508][ T8242] ? dev_load+0x8e/0x240 [ 88.927525][ T8242] dev_ioctl+0x1b2/0x10e0 [ 88.927542][ T8242] sock_ioctl+0x5b3/0x6b0 [ 88.927559][ T8242] ? __pfx_sock_ioctl+0x10/0x10 [ 88.927570][ T8242] ? hook_file_ioctl_common+0x145/0x410 [ 88.927584][ T8242] ? selinux_file_ioctl+0x180/0x270 [ 88.927599][ T8242] ? selinux_file_ioctl+0xb4/0x270 [ 88.927614][ T8242] ? __pfx_sock_ioctl+0x10/0x10 [ 88.927627][ T8242] __x64_sys_ioctl+0x18e/0x210 [ 88.927641][ T8242] do_syscall_64+0xcd/0x4c0 [ 88.927660][ T8242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.927671][ T8242] RIP: 0033:0x7f12c538e929 [ 88.927680][ T8242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.927691][ T8242] RSP: 002b:00007f12c31f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 88.927702][ T8242] RAX: ffffffffffffffda RBX: 00007f12c55b5fa0 RCX: 00007f12c538e929 [ 88.927708][ T8242] RDX: 00002000000000c0 RSI: 00000000000089f0 RDI: 0000000000000004 [ 88.927715][ T8242] RBP: 00007f12c31f6090 R08: 0000000000000000 R09: 0000000000000000 [ 88.927721][ T8242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 88.927727][ T8242] R13: 0000000000000000 R14: 00007f12c55b5fa0 R15: 00007ffe25064ab8 [ 88.927740][ T8242] [ 88.927813][ T8242] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 88.935771][ T29] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 88.936511][ T8242] bond0: (slave gre0): Error -95 calling set_mac_address [ 89.171623][ T8264] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pid=8264 comm=syz.2.629 [ 89.274854][ T8276] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 89.279314][ T8276] bond0: (slave gre0): Error -95 calling set_mac_address [ 89.477900][ T1144] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.554669][ T1144] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.639383][ T1144] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.684365][ C3] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 89.814051][ T1144] bridge_slave_1: left allmulticast mode [ 89.816437][ T1144] bridge_slave_1: left promiscuous mode [ 89.818884][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.823180][ T1144] bridge_slave_0: left allmulticast mode [ 89.825405][ T1144] bridge_slave_0: left promiscuous mode [ 89.827849][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.129655][ T1144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 90.134770][ T1144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 90.140740][ T1144] bond0 (unregistering): Released all slaves [ 90.202074][ T1144] bond1 (unregistering): Released all slaves [ 90.493022][ T1144] hsr_slave_0: left promiscuous mode [ 90.495601][ T1144] hsr_slave_1: left promiscuous mode [ 90.497628][ T1144] batman_adv: batadv0: Removing interface: dummy0 [ 90.500148][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.502494][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 90.505832][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.508250][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 90.525797][ T1144] veth1_macvtap: left promiscuous mode [ 90.528245][ T1144] veth0_macvtap: left promiscuous mode [ 90.530700][ T1144] veth1_vlan: left promiscuous mode [ 90.533908][ T1144] veth0_vlan: left promiscuous mode [ 91.170138][ T1144] team0 (unregistering): Port device team_slave_1 removed [ 91.229940][ T1144] team0 (unregistering): Port device team_slave_0 removed [ 106.434277][ T8471] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 106.451370][ T8473] netlink: 32 bytes leftover after parsing attributes in process `syz.0.637'. [ 106.454591][ T8473] netlink: 216 bytes leftover after parsing attributes in process `syz.0.637'. [ 106.458119][ T8473] netlink: 216 bytes leftover after parsing attributes in process `syz.0.637'. [ 106.463512][ T8473] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 106.470832][ T8475] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 106.474836][ T8475] bond0: (slave gre0): Error -95 calling set_mac_address [ 106.533552][ T8471] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 106.535878][ T5941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 106.541184][ T5941] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 106.546073][ T5941] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 106.549462][ T5941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 106.552141][ T5941] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 106.559251][ T5944] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 106.561565][ T5944] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 106.563913][ T5944] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 106.567438][ T5944] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 106.570870][ T5944] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 106.666720][ T839] hid (null): unknown global tag 0xe [ 106.668519][ T839] hid (null): unknown global tag 0xe [ 106.669873][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 106.669888][ T40] audit: type=1400 audit(1749687131.878:515): avc: denied { create } for pid=8492 comm="syz.1.642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 106.672435][ T839] hid-generic 0008:000D:80000000.0003: unknown main item tag 0x7 [ 106.672652][ T40] audit: type=1400 audit(1749687131.878:516): avc: denied { write } for pid=8492 comm="syz.1.642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 106.679527][ T839] hid-generic 0008:000D:80000000.0003: unknown global tag 0xe [ 106.685143][ T40] audit: type=1400 audit(1749687131.878:517): avc: denied { nlmsg_write } for pid=8492 comm="syz.1.642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 106.691623][ T839] hid-generic 0008:000D:80000000.0003: item 0 1 1 14 parsing failed [ 106.696744][ T40] audit: type=1400 audit(1749687131.888:518): avc: denied { remount } for pid=8494 comm="syz.2.643" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 106.706178][ T839] hid-generic 0008:000D:80000000.0003: probe with driver hid-generic failed with error -22 [ 106.717442][ T8479] chnl_net:caif_netlink_parms(): no params data found [ 106.742516][ T40] audit: type=1400 audit(1749687131.948:519): avc: denied { ioctl } for pid=8499 comm="syz.0.646" path="socket:[22449]" dev="sockfs" ino=22449 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 106.792410][ T8505] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 106.796256][ T8505] FAULT_INJECTION: forcing a failure. [ 106.796256][ T8505] name failslab, interval 1, probability 0, space 0, times 0 [ 106.800149][ T8505] CPU: 3 UID: 0 PID: 8505 Comm: syz.2.647 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 106.800164][ T8505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 106.800171][ T8505] Call Trace: [ 106.800175][ T8505] [ 106.800179][ T8505] dump_stack_lvl+0x16c/0x1f0 [ 106.800200][ T8505] should_fail_ex+0x512/0x640 [ 106.800215][ T8505] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 106.800229][ T8505] should_failslab+0xc2/0x120 [ 106.800246][ T8505] __kmalloc_cache_noprof+0x6a/0x3e0 [ 106.800258][ T8505] ? bond_enslave+0x481/0x60b0 [ 106.800274][ T8505] bond_enslave+0x481/0x60b0 [ 106.800289][ T8505] ? find_held_lock+0x2b/0x80 [ 106.800303][ T8505] ? avc_has_perm_noaudit+0x117/0x3b0 [ 106.800316][ T8505] ? __pfx_bond_enslave+0x10/0x10 [ 106.800329][ T8505] ? avc_has_perm_noaudit+0x149/0x3b0 [ 106.800341][ T8505] ? cred_has_capability.isra.0+0x193/0x2f0 [ 106.800357][ T8505] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 106.800378][ T8505] ? cap_capable+0xb3/0x250 [ 106.800390][ T8505] ? full_name_hash+0xbc/0x110 [ 106.800412][ T8505] ? netdev_name_node_lookup+0x127/0x180 [ 106.800430][ T8505] bond_do_ioctl+0x601/0x6c0 [ 106.800442][ T8505] ? finish_task_switch.isra.0+0x221/0xc10 [ 106.800457][ T8505] ? __pfx_bond_do_ioctl+0x10/0x10 [ 106.800470][ T8505] ? trace_sched_exit_tp+0xde/0x130 [ 106.800485][ T8505] ? __schedule+0x1181/0x5de0 [ 106.800499][ T8505] ? find_held_lock+0x2b/0x80 [ 106.800516][ T8505] ? __lock_acquire+0xb8a/0x1c90 [ 106.800536][ T8505] bond_siocdevprivate+0x167/0x200 [ 106.800550][ T8505] ? __pfx_bond_siocdevprivate+0x10/0x10 [ 106.800563][ T8505] ? do_raw_spin_lock+0x12c/0x2b0 [ 106.800576][ T8505] ? full_name_hash+0xbc/0x110 [ 106.800603][ T8505] ? netdev_name_node_lookup+0x127/0x180 [ 106.800622][ T8505] dev_ifsioc+0x8eb/0x1f70 [ 106.800639][ T8505] ? __pfx_dev_ifsioc+0x10/0x10 [ 106.800654][ T8505] ? __pfx___mutex_lock+0x10/0x10 [ 106.800675][ T8505] ? dev_load+0x8e/0x240 [ 106.800693][ T8505] dev_ioctl+0x1b2/0x10e0 [ 106.800709][ T8505] sock_ioctl+0x5b3/0x6b0 [ 106.800722][ T8505] ? __pfx_sock_ioctl+0x10/0x10 [ 106.800733][ T8505] ? hook_file_ioctl_common+0x145/0x410 [ 106.800747][ T8505] ? selinux_file_ioctl+0x180/0x270 [ 106.800762][ T8505] ? selinux_file_ioctl+0xb4/0x270 [ 106.800777][ T8505] ? __pfx_sock_ioctl+0x10/0x10 [ 106.800790][ T8505] __x64_sys_ioctl+0x18e/0x210 [ 106.800804][ T8505] do_syscall_64+0xcd/0x4c0 [ 106.800822][ T8505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.800833][ T8505] RIP: 0033:0x7f12c538e929 [ 106.800843][ T8505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.800853][ T8505] RSP: 002b:00007f12c31f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 106.800864][ T8505] RAX: ffffffffffffffda RBX: 00007f12c55b5fa0 RCX: 00007f12c538e929 [ 106.800871][ T8505] RDX: 00002000000000c0 RSI: 00000000000089f0 RDI: 0000000000000004 [ 106.800877][ T8505] RBP: 00007f12c31f6090 R08: 0000000000000000 R09: 0000000000000000 [ 106.800883][ T8505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.800889][ T8505] R13: 0000000000000000 R14: 00007f12c55b5fa0 R15: 00007ffe25064ab8 [ 106.800903][ T8505] [ 106.801182][ T8506] netlink: 'syz.1.645': attribute type 1 has an invalid length. [ 106.860875][ T8515] hpfs: Bad magic ... probably not HPFS [ 106.868370][ T8506] netlink: 'syz.1.645': attribute type 4 has an invalid length. [ 106.920835][ T8506] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.645'. [ 106.948635][ T8479] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.951660][ T8479] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.954963][ T8479] bridge_slave_0: entered allmulticast mode [ 106.957820][ T8479] bridge_slave_0: entered promiscuous mode [ 106.960867][ T8479] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.963096][ T8479] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.967358][ T8479] bridge_slave_1: entered allmulticast mode [ 106.969972][ T8479] bridge_slave_1: entered promiscuous mode [ 107.037510][ T8519] netlink: 48 bytes leftover after parsing attributes in process `syz.2.649'. [ 107.077158][ T8479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.085735][ T8521] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 107.097066][ T8479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.145108][ T8479] team0: Port device team_slave_0 added [ 107.150109][ T8479] team0: Port device team_slave_1 added [ 107.157862][ T8521] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 107.196895][ T8479] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.199068][ T8479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.208114][ T8479] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.213096][ T8479] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.216058][ T8479] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.224147][ T8479] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.286624][ T8479] hsr_slave_0: entered promiscuous mode [ 107.288903][ T8479] hsr_slave_1: entered promiscuous mode [ 107.306353][ T8525] netlink: 788 bytes leftover after parsing attributes in process `syz.2.651'. [ 107.444331][ T40] audit: type=1400 audit(1749687132.648:520): avc: denied { setopt } for pid=8529 comm="syz.0.652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 107.445138][ T8530] sp0: Synchronizing with TNC [ 107.848045][ T8556] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8556 comm=syz.2.659 [ 107.878043][ T8560] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 107.884456][ T8560] bond0: (slave gre0): Error -95 calling set_mac_address [ 107.966984][ T8479] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 107.975793][ T8479] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 107.980837][ T8479] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 107.984987][ T8479] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 108.038489][ T8479] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.049082][ T8479] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.057520][ T6295] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.060171][ T6295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.070300][ T6295] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.072956][ T6295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.151195][ T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 108.227167][ T8479] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.262791][ T8479] veth0_vlan: entered promiscuous mode [ 108.268470][ T8479] veth1_vlan: entered promiscuous mode [ 108.285673][ T8479] veth0_macvtap: entered promiscuous mode [ 108.292899][ T8479] veth1_macvtap: entered promiscuous mode [ 108.303514][ T8479] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.309926][ T8479] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.315213][ T8479] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.318116][ T8479] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.320832][ T8479] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.323652][ T8479] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.328790][ T24] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 108.332213][ T24] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 108.341771][ T24] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 108.345186][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.354215][ T8563] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 108.360214][ T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 108.440077][ T6296] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.442533][ T6296] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.466975][ T6292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.469508][ T6292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.483644][ T40] audit: type=1400 audit(1749687133.688:521): avc: denied { mounton } for pid=8479 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 108.544723][ T40] audit: type=1400 audit(1749687133.758:522): avc: denied { read } for pid=8605 comm="syz.3.635" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 108.553486][ T40] audit: type=1400 audit(1749687133.758:523): avc: denied { open } for pid=8605 comm="syz.3.635" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 108.568626][ T24] usb 5-1: USB disconnect, device number 8 [ 108.636898][ T5941] Bluetooth: hci1: command tx timeout [ 108.707492][ T8569] syz.2.663 (8569): drop_caches: 2 [ 108.733955][ T8619] binder: 8617:8619 ioctl c0189376 200000000180 returned -22 [ 108.737163][ T8619] binder: 8617:8619 ioctl c0306201 200000000640 returned -22 [ 108.743450][ T8619] netlink: 172 bytes leftover after parsing attributes in process `syz.1.667'. [ 108.748918][ T40] audit: type=1400 audit(1749687133.958:524): avc: denied { map } for pid=8617 comm="syz.1.667" path="/dev/video3" dev="devtmpfs" ino=960 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 109.223960][ T8653] 9pnet: Limiting 'msize' to 512000 as this is the maximum supported by transport virtio [ 109.442408][ T8675] netlink: 'syz.1.677': attribute type 1 has an invalid length. [ 109.626013][ T8700] misc userio: The device must be registered before sending interrupts [ 110.059044][ T8750] netlink: 16 bytes leftover after parsing attributes in process `syz.1.690'. [ 110.064050][ T8751] netlink: 16 bytes leftover after parsing attributes in process `syz.1.690'. [ 110.105320][ T8756] vlan3: entered allmulticast mode [ 110.184826][ T8756] vlan3: entered allmulticast mode [ 110.195839][ T7505] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 110.285694][ T8756] vlan3: entered allmulticast mode [ 110.345410][ T7505] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 110.348047][ T7505] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.352292][ T7505] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 110.358526][ T7505] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 110.361391][ T7505] usb 7-1: Manufacturer: syz [ 110.366224][ T8756] vlan3: entered allmulticast mode [ 110.372070][ T7505] usb 7-1: config 0 descriptor?? [ 110.434147][ T7505] rc_core: IR keymap rc-hauppauge not found [ 110.442153][ T7505] Registered IR keymap rc-empty [ 110.450438][ T7505] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 110.457280][ T7505] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input11 [ 110.473285][ T8756] vlan3: entered allmulticast mode [ 110.540727][ T8756] vlan3: entered allmulticast mode [ 110.584364][ T8724] bond0: (slave erspan0): Releasing backup interface [ 110.596613][ T8724] erspan0: left allmulticast mode [ 110.603794][ T8724] bridge_slave_0: left allmulticast mode [ 110.606807][ T8724] bridge_slave_0: left promiscuous mode [ 110.609163][ T8724] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.609249][ T8797] netlink: 4 bytes leftover after parsing attributes in process `syz.0.695'. [ 110.615774][ T8724] bridge_slave_1: left allmulticast mode [ 110.617582][ T8724] bridge_slave_1: left promiscuous mode [ 110.619422][ T8724] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.629849][ T8738] netlink: 'syz.2.687': attribute type 10 has an invalid length. [ 110.635468][ T8724] vlan2: left promiscuous mode [ 110.637118][ T8724] bond0: left promiscuous mode [ 110.638639][ T8724] bond_slave_0: left promiscuous mode [ 110.640460][ T8724] bond_slave_1: left promiscuous mode [ 110.642242][ T8724] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 110.647613][ T8724] bond0: (slave bond_slave_0): Releasing backup interface [ 110.650457][ T8724] bond_slave_0: left allmulticast mode [ 110.655319][ T8724] bond0: (slave bond_slave_1): Releasing backup interface [ 110.659605][ T8724] bond_slave_1: left allmulticast mode [ 110.678336][ T8724] team0: Port device team_slave_0 removed [ 110.689451][ T8724] team0: Port device team_slave_1 removed [ 110.692970][ T8724] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 110.695947][ T8724] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 110.700199][ T8724] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 110.702984][ T8724] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 110.715720][ T8724] bond0: (slave wlan1): Releasing backup interface [ 110.719816][ T8724] mac80211_hwsim hwsim3 wlan1: left allmulticast mode [ 110.724160][ T5941] Bluetooth: hci1: command tx timeout [ 110.731394][ T8724] vlan2: left allmulticast mode [ 110.733282][ T8724] bond0: left allmulticast mode [ 110.735635][ T8724] bridge0: port 3(vlan2) entered disabled state [ 110.748118][ T8756] vlan3: entered allmulticast mode [ 110.774608][ T8738] bond0: (slave wlan1): Enslaving as an active interface with a down link [ 110.778812][ T839] usb 7-1: USB disconnect, device number 9 [ 110.832403][ T8756] vlan3: entered allmulticast mode [ 111.021053][ T8827] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 111.211778][ T8843] netlink: 'syz.1.704': attribute type 2 has an invalid length. [ 111.223114][ T8846] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 111.456180][ T8866] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1537 sclass=netlink_route_socket pid=8866 comm=syz.3.708 [ 111.519780][ T1154] Bluetooth: hci4: Frame reassembly failed (-84) [ 111.522095][ T8869] Bluetooth: hci4: Frame reassembly failed (-84) [ 111.528297][ T1145] Bluetooth: hci4: Frame reassembly failed (-84) [ 111.720975][ T8882] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 111.854240][ T8893] mkiss: ax0: crc mode is auto. [ 111.888638][ T40] kauditd_printk_skb: 18 callbacks suppressed [ 111.888654][ T40] audit: type=1326 audit(1749687137.098:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8894 comm="syz.0.719" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f88edd8e929 code=0x0 [ 111.940780][ T8897] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 111.944471][ T8897] bond0: (slave gre0): Error -95 calling set_mac_address [ 112.135852][ T8904] __nla_validate_parse: 2 callbacks suppressed [ 112.135870][ T8904] netlink: 8 bytes leftover after parsing attributes in process `syz.1.721'. [ 112.180114][ T40] audit: type=1400 audit(1749687137.388:544): avc: denied { associate } for pid=8907 comm="syz.1.722" name="pids.current" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 112.187450][ T40] audit: type=1400 audit(1749687137.398:545): avc: denied { read append open } for pid=8907 comm="syz.1.722" path="/152/file0/pids.current" dev="9p" ino=35913982 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 112.261845][ T8911] netlink: 92 bytes leftover after parsing attributes in process `syz.1.723'. [ 112.710354][ T8929] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 112.794301][ T5944] Bluetooth: hci1: command tx timeout [ 112.809841][ T8940] i2c i2c-1: Invalid block write size 34 [ 112.838940][ T8942] netlink: 52 bytes leftover after parsing attributes in process `syz.0.732'. [ 113.119545][ T8963] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 113.122820][ T8963] bond0: (slave gre0): Error -95 calling set_mac_address [ 113.154491][ T8967] netlink: 20 bytes leftover after parsing attributes in process `syz.1.742'. [ 113.188746][ T8970] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 113.392679][ T8976] netlink: 'syz.1.745': attribute type 2 has an invalid length. [ 113.585382][ T40] audit: type=1400 audit(1749687138.798:546): avc: denied { create } for pid=8983 comm="syz.1.748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 113.604207][ T5944] Bluetooth: hci4: command 0x1003 tx timeout [ 113.604253][ T5941] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 113.618726][ T40] audit: type=1400 audit(1749687138.828:547): avc: denied { ioctl } for pid=8983 comm="syz.1.748" path="socket:[27857]" dev="sockfs" ino=27857 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 113.683285][ T8991] syz_tun: entered promiscuous mode [ 113.689816][ T8991] syz_tun: refused to change device tx_queue_len [ 113.747512][ T8997] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 114.053189][ T40] audit: type=1400 audit(1749687139.258:548): avc: denied { name_bind } for pid=9006 comm="syz.1.756" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 114.203651][ T9015] SELinux: ebitmap: truncated map [ 114.208903][ T9015] SELinux: failed to load policy [ 114.287493][ T9022] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 114.571325][ T9028] netlink: 'syz.1.763': attribute type 1 has an invalid length. [ 114.587689][ T9028] 8021q: adding VLAN 0 to HW filter on device bond1 [ 114.599076][ T9028] bond1: (slave dummy0): making interface the new active one [ 114.603385][ T9028] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 114.735783][ T9033] block nbd1: Unsupported socket: shutdown callout must be supported. [ 114.816324][ T9038] binder: 9037:9038 ioctl c0306201 0 returned -14 [ 114.874155][ T5941] Bluetooth: hci1: command tx timeout [ 115.008890][ T9043] binder: 9042:9043 ioctl 8921 200000000040 returned -22 [ 115.012320][ T9043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.769'. [ 115.088163][ T9043] team0 (unregistering): Port device team_slave_0 removed [ 115.093272][ T9043] team0 (unregistering): Port device team_slave_1 removed [ 115.191493][ T9047] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 115.547510][ T40] audit: type=1400 audit(1749687140.758:549): avc: denied { append } for pid=9056 comm="syz.1.774" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 115.548887][ T9057] hub 8-0:1.0: USB hub found [ 115.557397][ T9057] hub 8-0:1.0: 1 port detected [ 115.659128][ T40] audit: type=1400 audit(1749687140.868:550): avc: denied { getopt } for pid=9060 comm="syz.1.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 115.813600][ T9071] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 116.008847][ T9077] netlink: 16 bytes leftover after parsing attributes in process `syz.1.781'. [ 116.027524][ T9080] netlink: 830 bytes leftover after parsing attributes in process `syz.0.782'. [ 116.172323][ T9084] netlink: 8 bytes leftover after parsing attributes in process `syz.1.784'. [ 116.175509][ T9084] netlink: 24 bytes leftover after parsing attributes in process `syz.1.784'. [ 116.205172][ T9086] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9086 comm=syz.1.785 [ 116.210787][ T9086] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 116.377127][ T40] audit: type=1400 audit(1749687141.588:551): avc: denied { bind } for pid=9092 comm="syz.1.788" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 116.380440][ T9093] netlink: 4 bytes leftover after parsing attributes in process `syz.1.788'. [ 116.383006][ T40] audit: type=1400 audit(1749687141.588:552): avc: denied { name_bind } for pid=9092 comm="syz.1.788" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 116.396594][ T9095] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 116.871488][ T9136] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 116.884534][ T838] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 117.035578][ T838] usb 8-1: config 0 has no interfaces? [ 117.037425][ T838] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 117.040403][ T838] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.046604][ T838] usb 8-1: config 0 descriptor?? [ 117.237451][ T9175] __nla_validate_parse: 2 callbacks suppressed [ 117.237463][ T9175] netlink: 12 bytes leftover after parsing attributes in process `syz.2.810'. [ 117.257840][ T7505] usb 8-1: USB disconnect, device number 3 [ 117.276012][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 117.276025][ T40] audit: type=1400 audit(1749687142.488:555): avc: denied { remount } for pid=9179 comm="syz.2.811" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 117.287207][ T9180] binder: Binderfs stats mode cannot be changed during a remount [ 117.288805][ T9182] binder: Binderfs stats mode cannot be changed during a remount [ 117.359514][ T40] audit: type=1400 audit(1749687142.568:556): avc: denied { read } for pid=9186 comm="syz.2.812" path="socket:[30027]" dev="sockfs" ino=30027 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 117.554657][ T40] audit: type=1400 audit(1749687142.768:557): avc: denied { create } for pid=9195 comm="syz.1.813" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 117.561365][ T40] audit: type=1400 audit(1749687142.768:558): avc: denied { write } for pid=9195 comm="syz.1.813" name="file0" dev="tmpfs" ino=1157 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 117.582828][ T40] audit: type=1400 audit(1749687142.768:559): avc: denied { open } for pid=9195 comm="syz.1.813" path="/215/file0" dev="tmpfs" ino=1157 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 117.590747][ T40] audit: type=1400 audit(1749687142.768:560): avc: denied { ioctl } for pid=9195 comm="syz.1.813" path="/215/file0" dev="tmpfs" ino=1157 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 117.609715][ T9205] relay: one or more items not logged [item size (56) > sub-buffer size (9)] [ 118.067608][ T9238] netlink: 596 bytes leftover after parsing attributes in process `syz.0.816'. [ 118.078947][ T9238] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 118.288705][ T40] audit: type=1400 audit(1749687143.498:561): avc: denied { write } for pid=9240 comm="syz.2.818" lport=53000 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 118.289133][ T9241] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 118.298515][ T9242] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 118.300942][ T40] audit: type=1400 audit(1749687143.498:562): avc: denied { setopt } for pid=9240 comm="syz.2.818" lport=53000 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 118.976876][ T9255] netlink: 'syz.0.823': attribute type 11 has an invalid length. [ 119.094468][ T40] audit: type=1400 audit(1749687144.308:563): avc: denied { read } for pid=9256 comm="syz.2.825" dev="sockfs" ino=29245 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 119.108091][ T9258] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 119.116028][ T9258] bond0: (slave gre0): Error -95 calling set_mac_address [ 119.138671][ T40] audit: type=1400 audit(1749687144.338:564): avc: denied { unlink } for pid=6562 comm="syz-executor" name="file0" dev="tmpfs" ino=1157 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 119.220519][ T9275] netlink: 68 bytes leftover after parsing attributes in process `syz.1.831'. [ 119.242670][ T9282] netlink: 'syz.2.832': attribute type 10 has an invalid length. [ 119.249170][ T9282] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.253187][ T9282] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 119.392657][ T9305] syz_tun: entered allmulticast mode [ 119.419138][ T9304] syz_tun: left allmulticast mode [ 119.455947][ T9308] netlink: 36 bytes leftover after parsing attributes in process `syz.3.841'. [ 119.459133][ T9309] netlink: 36 bytes leftover after parsing attributes in process `syz.3.841'. [ 119.827105][ T9322] Cannot find add_set index 0 as target [ 119.898805][ T9328] netlink: 'syz.3.849': attribute type 1 has an invalid length. [ 119.966446][ T9329] netlink: 76 bytes leftover after parsing attributes in process `syz.3.849'. [ 120.953143][ T9328] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 120.962216][ T9341] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 120.970083][ T9341] bond0: (slave gre0): Error -95 calling set_mac_address [ 121.001268][ T9346] openvswitch: netlink: Key 0 has unexpected len 10 expected 0 [ 121.033469][ T9350] netlink: 64 bytes leftover after parsing attributes in process `syz.2.858'. [ 121.042654][ T9350] netlink: 4 bytes leftover after parsing attributes in process `syz.2.858'. [ 121.231594][ T9367] openvswitch: netlink: Tunnel attr 16370 out of range max 16 [ 121.302204][ T9373] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 121.579486][ T9391] syzkaller0: entered promiscuous mode [ 121.581623][ T9391] syzkaller0: entered allmulticast mode [ 121.684492][ C3] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 122.174348][ T9396] program syz.2.876 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.233579][ T9397] netlink: 16 bytes leftover after parsing attributes in process `syz.2.876'. [ 122.802113][ T9434] netlink: 8 bytes leftover after parsing attributes in process `syz.2.890'. [ 123.274802][ T9196] bond0: (slave batadv0): interface is now down [ 123.278001][ T9196] bond0: now running without any active interface! [ 123.704392][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 123.704407][ T40] audit: type=1400 audit(1749687148.918:568): avc: denied { ioctl } for pid=9449 comm="syz.2.896" path="socket:[28661]" dev="sockfs" ino=28661 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 123.801616][ T9460] sg_write: data in/out 440207358/4056 bytes for SCSI command 0x45-- guessing data in; [ 123.801616][ T9460] program syz.2.899 not setting count and/or reply_len properly [ 123.840974][ T9466] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 123.914915][ T9475] overlayfs: failed to resolve './file1': -2 [ 123.931749][ T9480] exFAT-fs (nullb0): invalid boot record signature [ 123.933844][ T9480] exFAT-fs (nullb0): failed to read boot sector [ 123.936548][ T9480] exFAT-fs (nullb0): failed to recognize exfat type [ 123.951164][ T9484] netlink: 8 bytes leftover after parsing attributes in process `syz.1.906'. [ 124.080659][ T40] audit: type=1400 audit(1749687149.288:569): avc: denied { getopt } for pid=9495 comm="syz.1.909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 124.110257][ T9499] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=67371010 (134742020 ns) > initial count (56 ns). Using initial count to start timer. [ 124.144660][ T9507] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 124.270148][ T40] audit: type=1400 audit(1749687149.478:570): avc: denied { mount } for pid=9513 comm="syz.2.915" name="/" dev="rpc_pipefs" ino=31790 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 124.280108][ T40] audit: type=1400 audit(1749687149.478:571): avc: denied { mount } for pid=9515 comm="syz.1.916" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 124.312543][ T9525] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 124.354749][ T9] usb 8-1: new low-speed USB device number 4 using dummy_hcd [ 124.434017][ T9535] Option ''MO' to dns_resolver key: bad/missing value [ 124.444234][ T7505] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 124.505784][ T9] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 124.509750][ T9] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 124.513370][ T9] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 124.517571][ T9] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.520522][ T9] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 124.523302][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.529596][ T9] hub 8-1:1.0: bad descriptor, ignoring hub [ 124.531483][ T9] hub 8-1:1.0: probe with driver hub failed with error -5 [ 124.534019][ T9] cdc_wdm 8-1:1.0: skipping garbage [ 124.536281][ T9] cdc_wdm 8-1:1.0: skipping garbage [ 124.543359][ T9] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 124.545885][ T9] cdc_wdm 8-1:1.0: Unknown control protocol [ 124.557392][ T9538] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 124.561770][ T40] audit: type=1400 audit(1749687149.768:572): avc: denied { associate } for pid=9534 comm="syz.1.923" name="blkio.bfq.io_merged_recursive" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 124.584938][ T7505] usb 5-1: device descriptor read/64, error -71 [ 124.730124][ T40] audit: type=1400 audit(1749687149.938:573): avc: denied { read write } for pid=9497 comm="syz.3.911" name="cdc-wdm0" dev="devtmpfs" ino=2961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 124.739823][ T40] audit: type=1400 audit(1749687149.938:574): avc: denied { open } for pid=9497 comm="syz.3.911" path="/dev/cdc-wdm0" dev="devtmpfs" ino=2961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 124.775949][ T9550] cgroup: fork rejected by pids controller in /syz2 [ 124.806348][ T9499] cdc_wdm 8-1:1.0: Error submitting int urb - -90 [ 124.825623][ T9] usb 8-1: USB disconnect, device number 4 [ 124.844181][ T7505] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 124.984186][ T7505] usb 5-1: device descriptor read/64, error -71 [ 125.094575][ T9196] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.104454][ T7505] usb usb5-port1: attempt power cycle [ 125.178774][ T9196] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.272058][ T9196] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.300978][ T5944] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 125.307322][ T5944] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 125.312439][ T5944] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 125.317464][ T5944] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 125.321202][ T5944] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 125.454597][ T7505] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 125.474735][ T7505] usb 5-1: device descriptor read/8, error -71 [ 125.715028][ T7505] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 125.738862][ T7505] usb 5-1: device descriptor read/8, error -71 [ 125.823306][ T9707] i2c i2c-1: Invalid block write size 34 [ 125.837142][ T9196] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 125.856231][ T7505] usb usb5-port1: unable to enumerate USB device [ 125.864291][ T9196] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 125.875075][ T9196] bond0 (unregistering): Released all slaves [ 125.883644][ T9654] chnl_net:caif_netlink_parms(): no params data found [ 125.908263][ T9713] 8021q: adding VLAN 0 to HW filter on device bond1 [ 125.977089][ T9196] tipc: Disabling bearer [ 125.980859][ T9196] tipc: Left network mode [ 126.008372][ T9196] IPVS: stopping backup sync thread 6424 ... [ 126.033527][ T9654] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.036542][ T9654] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.039086][ T9654] bridge_slave_0: entered allmulticast mode [ 126.041745][ T9654] bridge_slave_0: entered promiscuous mode [ 126.051834][ T9654] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.055416][ T9654] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.057969][ T9654] bridge_slave_1: entered allmulticast mode [ 126.061121][ T9654] bridge_slave_1: entered promiscuous mode [ 126.095680][ T9654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 126.100576][ T9654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 126.146747][ T9654] team0: Port device team_slave_0 added [ 126.163483][ T9654] team0: Port device team_slave_1 added [ 126.206508][ T9654] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 126.208793][ T9654] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 126.217737][ T9654] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 126.222020][ T9654] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 126.224836][ T9654] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 126.232715][ T9654] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 126.252575][ T9733] netlink: 24 bytes leftover after parsing attributes in process `syz.1.946'. [ 126.320212][ T9654] hsr_slave_0: entered promiscuous mode [ 126.322553][ T9654] hsr_slave_1: entered promiscuous mode [ 126.324861][ T9654] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 126.327296][ T9654] Cannot create hsr debugfs directory [ 126.353536][ T9196] veth0_to_team: left promiscuous mode [ 126.358062][ T9196] batadv_slave_1: left promiscuous mode [ 126.363606][ T9196] hsr_slave_0: left promiscuous mode [ 126.366747][ T9196] hsr_slave_1: left promiscuous mode [ 126.381360][ T9196] veth1_macvtap: left promiscuous mode [ 126.383166][ T9196] veth0_macvtap: left promiscuous mode [ 126.385260][ T9196] veth1_vlan: left promiscuous mode [ 126.386954][ T9196] veth0_vlan: left promiscuous mode [ 127.355892][ T5944] Bluetooth: hci3: command tx timeout [ 127.564213][ T7505] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 127.714136][ T7505] usb 5-1: Using ep0 maxpacket: 32 [ 127.718491][ T7505] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.723082][ T7505] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.727733][ T7505] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 127.732007][ T7505] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.737249][ T9764] tipc: Started in network mode [ 127.739349][ T9764] tipc: Node identity , cluster identity 4711 [ 127.741733][ T9764] tipc: Failed to obtain node identity [ 127.745948][ T7505] usb 5-1: config 0 descriptor?? [ 127.747406][ T9764] tipc: Enabling of bearer rejected, failed to enable media [ 128.171426][ T9654] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 128.180151][ T7505] savu 0003:1E7D:2D5A.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 128.187713][ T9654] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 128.192864][ T9654] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 128.198935][ T9654] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 128.279378][ T9654] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.290829][ T9654] 8021q: adding VLAN 0 to HW filter on device team0 [ 128.298220][ T9209] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.301209][ T9209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.308420][ T9196] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.310687][ T9196] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.331103][ T9819] netlink: 12 bytes leftover after parsing attributes in process `syz.1.959'. [ 128.361738][ T9823] fuse: Unknown parameter 'r*ode' [ 128.426443][ T839] usb 5-1: USB disconnect, device number 13 [ 128.431633][ T9654] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.458551][ T9654] veth0_vlan: entered promiscuous mode [ 128.463349][ T9654] veth1_vlan: entered promiscuous mode [ 128.481840][ T9654] veth0_macvtap: entered promiscuous mode [ 128.485900][ T9654] veth1_macvtap: entered promiscuous mode [ 128.496567][ T9654] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.502051][ T9654] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.506734][ T9654] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.509522][ T9654] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.512267][ T9654] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.515585][ T9654] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.562776][ T9209] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.573509][ T9209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.590947][ T9209] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.593514][ T9209] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.632368][ T9835] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 128.701255][ T40] audit: type=1400 audit(1749687153.908:575): avc: denied { mounton } for pid=9834 comm="syz.2.930" path="/0/file0" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1 [ 128.702334][ T9835] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 128.711579][ T9835] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 128.771026][ T9847] netlink: 64 bytes leftover after parsing attributes in process `syz.1.964'. [ 128.775434][ T40] audit: type=1400 audit(1749687153.988:576): avc: denied { listen } for pid=9846 comm="syz.1.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 128.781924][ T40] audit: type=1400 audit(1749687153.988:577): avc: denied { read } for pid=9846 comm="syz.1.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 128.877770][ T9855] batadv1: entered promiscuous mode [ 128.891497][ T40] audit: type=1400 audit(1749687154.098:578): avc: denied { kexec_image_load } for pid=9856 comm="syz.1.967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 128.944883][ T9865] overlay: ./file0 is not a directory [ 129.009566][ T9872] netlink: 16 bytes leftover after parsing attributes in process `syz.1.972'. [ 129.016472][ T9872] netlink: 16 bytes leftover after parsing attributes in process `syz.1.972'. [ 129.041704][ T9878] FAT-fs (nullb0): bogus number of reserved sectors [ 129.046824][ T9878] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 129.130899][ T9889] bio_check_eod: 16 callbacks suppressed [ 129.130911][ T9889] syz.2.976: attempt to access beyond end of device [ 129.130911][ T9889] loop2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 129.138683][ T9889] gfs2: error -5 reading superblock [ 129.182494][ T9872] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 129.190213][ T9872] batman_adv: batadv0: Interface deactivated: , [ 129.260126][ T9872] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.263852][ T9872] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.269605][ T9872] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.375728][ C3] Unknown status report in ack skb [ 129.409924][ T9902] syz.2.979: vmalloc error: size 4722688, failed to allocated page array size 9224, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 129.410373][ T40] audit: type=1400 audit(1749687154.618:579): avc: denied { connect } for pid=9909 comm="syz.3.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 129.415930][ T9902] CPU: 3 UID: 0 PID: 9902 Comm: syz.2.979 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 129.415955][ T9902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 129.415965][ T9902] Call Trace: [ 129.415971][ T9902] [ 129.415978][ T9902] dump_stack_lvl+0x16c/0x1f0 [ 129.416077][ T9902] warn_alloc+0x248/0x3a0 [ 129.416102][ T9902] ? __pfx_warn_alloc+0x10/0x10 [ 129.416133][ T9902] ? xt_alloc_entry_offsets+0x3a/0x60 [ 129.416154][ T9902] ? __vmalloc_node_noprof+0xad/0xf0 [ 129.416175][ T9902] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 129.416201][ T9902] ? xt_alloc_entry_offsets+0x3a/0x60 [ 129.416228][ T9902] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 129.416247][ T9902] ? __alloc_pages_noprof+0xb/0x1b0 [ 129.416268][ T9902] ? ___kmalloc_large_node+0x84/0x1e0 [ 129.416291][ T9902] __kvmalloc_node_noprof+0x30a/0x620 [ 129.416312][ T9902] ? xt_alloc_entry_offsets+0x3a/0x60 [ 129.416334][ T9902] ? xt_alloc_entry_offsets+0x3a/0x60 [ 129.416357][ T9902] ? xt_alloc_entry_offsets+0x3a/0x60 [ 129.416373][ T9902] ? __might_fault+0x13b/0x190 [ 129.416391][ T9902] xt_alloc_entry_offsets+0x3a/0x60 [ 129.416408][ T9902] translate_table+0x22d/0x1720 [ 129.416427][ T9902] ? _copy_from_user+0x59/0xd0 [ 129.416456][ T9902] ? __pfx_translate_table+0x10/0x10 [ 129.416475][ T9902] do_ipt_set_ctl+0x570/0xae0 [ 129.416490][ T9902] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 129.416503][ T9902] ? find_held_lock+0x2b/0x80 [ 129.416518][ T9902] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 129.416533][ T9902] ? lockdep_hardirqs_on+0x7c/0x110 [ 129.416550][ T9902] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 129.416574][ T9902] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 129.416588][ T9902] nf_setsockopt+0x8d/0xf0 [ 129.416601][ T9902] ip_setsockopt+0xcb/0xf0 [ 129.416617][ T9902] udp_setsockopt+0x7d/0xd0 [ 129.416631][ T9902] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 129.416644][ T9902] do_sock_setsockopt+0x224/0x470 [ 129.416654][ T9902] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 129.416674][ T9902] __sys_setsockopt+0x1a0/0x230 [ 129.416692][ T9902] __x64_sys_setsockopt+0xbd/0x160 [ 129.416707][ T9902] ? do_syscall_64+0x91/0x4c0 [ 129.416723][ T9902] ? lockdep_hardirqs_on+0x7c/0x110 [ 129.416738][ T9902] do_syscall_64+0xcd/0x4c0 [ 129.416755][ T9902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.416766][ T9902] RIP: 0033:0x7fbe3378e929 [ 129.416776][ T9902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.416787][ T9902] RSP: 002b:00007fbe315f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 129.416797][ T9902] RAX: ffffffffffffffda RBX: 00007fbe339b5fa0 RCX: 00007fbe3378e929 [ 129.416804][ T9902] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 129.416810][ T9902] RBP: 00007fbe33810b39 R08: 00000000000002d8 R09: 0000000000000000 [ 129.416817][ T9902] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 129.416823][ T9902] R13: 0000000000000000 R14: 00007fbe339b5fa0 R15: 00007ffc21fde038 [ 129.416837][ T9902] [ 129.416841][ T9902] Mem-Info: [ 129.453858][ T5944] Bluetooth: hci3: command tx timeout [ 129.456401][ T9902] active_anon:14977 inactive_anon:0 isolated_anon:0 [ 129.456401][ T9902] active_file:4199 inactive_file:50946 isolated_file:0 [ 129.456401][ T9902] unevictable:4187 dirty:580 writeback:0 [ 129.456401][ T9902] slab_reclaimable:6986 slab_unreclaimable:71191 [ 129.456401][ T9902] mapped:30973 shmem:8600 pagetables:1309 [ 129.456401][ T9902] sec_pagetables:303 bounce:0 [ 129.456401][ T9902] kernel_misc_reclaimable:0 [ 129.456401][ T9902] free:450648 free_pcp:15064 free_cma:0 [ 129.482040][ T9913] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1793 sclass=netlink_route_socket pid=9913 comm=syz.0.984 [ 129.483362][ T9902] Node 0 active_anon:64856kB inactive_anon:0kB active_file:16796kB inactive_file:203332kB unevictable:13956kB isolated(anon):0kB isolated(file):0kB mapped:128108kB dirty:2312kB writeback:0kB shmem:36568kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13808kB pagetables:5028kB sec_pagetables:1212kB all_unreclaimable? no Balloon:0kB [ 129.561675][ T9902] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:144kB pagetables:208kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 129.572474][ T9902] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 129.581641][ T9902] lowmem_reserve[]: 0 1235 1235 1235 1235 [ 129.583759][ T9902] Node 0 DMA32 free:156536kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:79560kB inactive_anon:0kB active_file:18656kB inactive_file:203332kB unevictable:9484kB writepending:2312kB present:2080628kB managed:1264744kB mlocked:0kB bounce:0kB free_pcp:50140kB local_pcp:9104kB free_cma:0kB [ 129.592340][ T9921] loop2: detected capacity change from 0 to 7 [ 129.595722][ T9902] lowmem_reserve[]: 0 0 0 0 0 [ 129.599347][ T9902] Node 1 Normal free:1602172kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB writepending:8kB present:2097152kB managed:1781948kB mlocked:0kB bounce:0kB free_pcp:20536kB local_pcp:5996kB free_cma:0kB [ 129.600539][ T8602] Dev loop2: unable to read RDB block 7 [ 129.609962][ T9902] lowmem_reserve[]: 0 0 0 0 0 [ 129.609987][ T9902] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 129.610053][ T9902] Node 0 DMA32: 12*4kB (UME) 115*8kB (ME) 49*16kB (E) 356*32kB (UME) 83*64kB (UE) 45*128kB (UE) 21*256kB (UE) 2*512kB (UE) 19*1024kB (UME) 16*2048kB (UME) 17*4096kB (UM) = 152472kB [ 129.610143][ T9902] Node 1 Normal: 2*4kB (M) 5*8kB (E) 7*16kB (UE) 8*32kB (E) 9*64kB (UME) 9*128kB (UME) 2*256kB (UE) 4*512kB (UM) 0*1024kB 2*2048kB (ME) 389*4096kB (M) = 1602144kB [ 129.610233][ T9902] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 129.610243][ T9902] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 129.610252][ T9902] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 129.629383][ T8602] loop2: AHDI p1 p2 p3 [ 129.629406][ T8602] loop2: partition table partially beyond EOD, [ 129.632555][ T9902] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 129.632567][ T9902] 69173 total pagecache pages [ 129.632572][ T9902] 0 pages in swap cache [ 129.632576][ T9902] Free swap = 124996kB [ 129.632580][ T9902] Total swap = 124996kB [ 129.632586][ T9902] 1048443 pages RAM [ 129.632590][ T9902] 0 pages HighMem/MovableOnly [ 129.632594][ T9902] 282930 pages reserved [ 129.632597][ T9902] 0 pages cma reserved [ 129.633456][ T9923] netlink: 'syz.1.986': attribute type 27 has an invalid length. [ 129.636509][ T8602] truncated [ 129.641357][ T9923] syz_tun: left promiscuous mode [ 129.644962][ T8602] loop2: p1 start 1601398130 is beyond EOD, [ 129.648599][ T9923] vlan0: left promiscuous mode [ 129.649413][ T8602] truncated [ 129.651456][ T9923] macvtap0: left promiscuous mode [ 129.652437][ T8602] loop2: p2 start 1702059890 is beyond EOD, [ 129.657407][ T9923] netlink: 12 bytes leftover after parsing attributes in process `syz.1.986'. [ 129.658041][ T8602] truncated [ 129.676178][ T9923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.677043][ T9923] bridge0: port 3(vlan2) entered blocking state [ 129.685399][ T9923] bridge0: port 3(vlan2) entered listening state [ 129.691815][ T9923] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 129.692760][ T9921] Dev loop2: unable to read RDB block 7 [ 129.699445][ T9921] loop2: AHDI p1 p2 p3 [ 129.701194][ T9921] loop2: partition table partially beyond EOD, truncated [ 129.706063][ T9921] loop2: p1 start 1601398130 is beyond EOD, truncated [ 129.708874][ T9921] loop2: p2 start 1702059890 is beyond EOD, truncated [ 129.773621][ T40] audit: type=1400 audit(1749687154.978:580): avc: denied { create } for pid=9931 comm="syz.0.989" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 129.784522][ T40] audit: type=1400 audit(1749687154.988:581): avc: denied { setopt } for pid=9931 comm="syz.0.989" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 129.886847][ T40] audit: type=1400 audit(1749687155.098:582): avc: denied { write } for pid=9933 comm="syz.2.990" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 129.892268][ T9945] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 129.895883][ T40] audit: type=1400 audit(1749687155.098:583): avc: denied { call } for pid=9933 comm="syz.2.990" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 130.429453][ T40] audit: type=1400 audit(1749687155.638:584): avc: denied { ioctl } for pid=9957 comm="syz.3.998" path="/dev/ptyqa" dev="devtmpfs" ino=137 ioctlcmd=0x5438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 130.616158][ T40] audit: type=1400 audit(1749687155.818:585): avc: denied { mount } for pid=9969 comm="syz.3.1000" name="/" dev="autofs" ino=34031 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 130.689399][ T9986] vxfs: WRONG superblock magic 00000000 at 1 [ 130.691689][ T9986] vxfs: WRONG superblock magic 00000000 at 8 [ 130.693497][ T9986] vxfs: can't find superblock. [ 130.696527][ T9983] vlan3: entered promiscuous mode [ 130.698056][ T9983] bridge0: entered promiscuous mode [ 130.748630][ T9995] netlink: 'syz.2.1011': attribute type 21 has an invalid length. [ 130.751964][ T9995] netlink: 'syz.2.1011': attribute type 6 has an invalid length. [ 130.764124][ T9995] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1011'. [ 130.874490][ T837] af_packet: tpacket_rcv: packet too big, clamped from 96 to 4294967272. macoff=96 [ 130.921180][T10023] bond1: (slave dummy0): Releasing active interface [ 130.926849][T10023] batman_adv: batadv0: Adding interface: dummy0 [ 130.928844][T10023] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.936421][T10023] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 130.944685][T10021] netlink: 'syz.2.1019': attribute type 2 has an invalid length. [ 130.947058][T10021] netlink: 119 bytes leftover after parsing attributes in process `syz.2.1019'. [ 130.952004][T10023] xt_TPROXY: Can be used only with -p tcp or -p udp [ 130.956595][T10023] overlayfs: failed to clone upperpath [ 130.957960][T10022] overlayfs: failed to clone upperpath [ 130.962972][T10022] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1018'. [ 130.965957][T10022] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1018'. [ 130.982886][T10028] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1021'. [ 131.091252][T10040] netlink: 'syz.2.1025': attribute type 12 has an invalid length. [ 131.096213][T10042] netlink: 'syz.2.1025': attribute type 12 has an invalid length. [ 131.147490][T10048] netlink: 'syz.1.1028': attribute type 4 has an invalid length. [ 131.153675][T10048] netlink: 'syz.1.1028': attribute type 4 has an invalid length. [ 131.157462][T10051] netlink: 'syz.1.1028': attribute type 4 has an invalid length. [ 131.160656][ T839] IPVS: starting estimator thread 0... [ 131.203191][T10055] cifs: Unknown parameter 'no9 PG!8E8- ŖEeլ' [ 131.245565][T10067] program syz.2.1034 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 131.254272][T10053] IPVS: using max 30 ests per chain, 72000 per kthread [ 131.514270][ T5944] Bluetooth: hci3: command tx timeout [ 131.692449][T10098] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 131.749869][T10109] xt_l2tp: missing protocol rule (udp|l2tpip) [ 131.882000][T10124] SELinux: Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped). [ 131.889221][T10124] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 131.889221][T10124] The task syz.3.1054 (10124) triggered the difference, watch for misbehavior. [ 131.949028][T10126] xt_hashlimit: size too large, truncated to 1048576 [ 132.090729][T10136] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.125580][ T5944] Bluetooth: hci3: hardware error 0x05 [ 132.210443][T10151] netlink: 'syz.0.1061': attribute type 10 has an invalid length. [ 132.213668][T10151] lo: entered promiscuous mode [ 132.216416][T10151] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 132.417973][T10136] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.507578][T10136] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.574584][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.574685][T10136] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.577314][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.887917][ T1426] ================================================================== [ 132.891006][ T1426] BUG: KASAN: slab-use-after-free in handle_tx+0x5a5/0x630 [ 132.893247][ T1426] Read of size 8 at addr ffff888052f63020 by task aoe_tx0/1426 [ 132.897468][ T1426] [ 132.898248][ T1426] CPU: 2 UID: 0 PID: 1426 Comm: aoe_tx0 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 132.898263][ T1426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 132.898270][ T1426] Call Trace: [ 132.898275][ T1426] [ 132.898279][ T1426] dump_stack_lvl+0x116/0x1f0 [ 132.898299][ T1426] print_report+0xcd/0x680 [ 132.898315][ T1426] ? __virt_addr_valid+0x81/0x610 [ 132.898327][ T1426] ? __phys_addr+0xe8/0x180 [ 132.898338][ T1426] ? handle_tx+0x5a5/0x630 [ 132.898358][ T1426] kasan_report+0xe0/0x110 [ 132.898373][ T1426] ? handle_tx+0x5a5/0x630 [ 132.898391][ T1426] handle_tx+0x5a5/0x630 [ 132.898409][ T1426] dev_hard_start_xmit+0x94/0x740 [ 132.898425][ T1426] __dev_queue_xmit+0x7eb/0x43e0 [ 132.898440][ T1426] ? lockdep_hardirqs_on+0x7c/0x110 [ 132.898455][ T1426] ? finish_task_switch.isra.0+0x221/0xc10 [ 132.898470][ T1426] ? rcu_is_watching+0x12/0xc0 [ 132.898484][ T1426] ? __pfx___dev_queue_xmit+0x10/0x10 [ 132.898499][ T1426] ? __lock_acquire+0xb8a/0x1c90 [ 132.898516][ T1426] ? __lock_acquire+0xb8a/0x1c90 [ 132.898533][ T1426] ? do_raw_spin_lock+0x12c/0x2b0 [ 132.898544][ T1426] ? find_held_lock+0x2b/0x80 [ 132.898557][ T1426] ? skb_dequeue+0x126/0x180 [ 132.898568][ T1426] ? find_held_lock+0x2b/0x80 [ 132.898594][ T1426] ? rcu_is_watching+0x12/0xc0 [ 132.898607][ T1426] tx+0xcc/0x190 [ 132.898618][ T1426] ? __pfx_tx+0x10/0x10 [ 132.898626][ T1426] kthread+0x1e1/0x3e0 [ 132.898642][ T1426] ? find_held_lock+0x2b/0x80 [ 132.898654][ T1426] ? __pfx_kthread+0x10/0x10 [ 132.898669][ T1426] ? __pfx_default_wake_function+0x10/0x10 [ 132.898682][ T1426] ? lockdep_hardirqs_on+0x7c/0x110 [ 132.898698][ T1426] ? __kthread_parkme+0x19e/0x250 [ 132.898712][ T1426] ? __pfx_kthread+0x10/0x10 [ 132.898727][ T1426] kthread+0x3c5/0x780 [ 132.898736][ T1426] ? __pfx_kthread+0x10/0x10 [ 132.898745][ T1426] ? rcu_is_watching+0x12/0xc0 [ 132.898758][ T1426] ? __pfx_kthread+0x10/0x10 [ 132.898767][ T1426] ret_from_fork+0x5d4/0x6f0 [ 132.898782][ T1426] ? __pfx_kthread+0x10/0x10 [ 132.898791][ T1426] ret_from_fork_asm+0x1a/0x30 [ 132.898805][ T1426] [ 132.898809][ T1426] [ 132.964387][ T1426] Allocated by task 10136: [ 132.965897][ T1426] kasan_save_stack+0x33/0x60 [ 132.967365][ T1426] kasan_save_track+0x14/0x30 [ 132.968802][ T1426] __kasan_kmalloc+0xaa/0xb0 [ 132.970184][ T1426] alloc_tty_struct+0x96/0x8c0 [ 132.971603][ T1426] tty_init_dev.part.0+0x1e/0x500 [ 132.973074][ T1426] tty_open+0xa50/0xf90 [ 132.974361][ T1426] chrdev_open+0x231/0x6a0 [ 132.975807][ T1426] do_dentry_open+0x741/0x1c10 [ 132.977323][ T1426] vfs_open+0x82/0x3f0 [ 132.978714][ T1426] path_openat+0x1de4/0x2cb0 [ 132.980187][ T1426] do_filp_open+0x20b/0x470 [ 132.981613][ T1426] do_sys_openat2+0x11b/0x1d0 [ 132.983032][ T1426] __x64_sys_openat+0x174/0x210 [ 132.984490][ T1426] do_syscall_64+0xcd/0x4c0 [ 132.986271][ T1426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.988107][ T1426] [ 132.988837][ T1426] Freed by task 7505: [ 132.990045][ T1426] kasan_save_stack+0x33/0x60 [ 132.991571][ T1426] kasan_save_track+0x14/0x30 [ 132.992984][ T1426] kasan_save_free_info+0x3b/0x60 [ 132.994565][ T1426] __kasan_slab_free+0x51/0x70 [ 132.996479][ T1426] kfree+0x2b4/0x4d0 [ 132.997689][ T1426] process_one_work+0x9cf/0x1b70 [ 132.999251][ T1426] worker_thread+0x6c8/0xf10 [ 133.000675][ T1426] kthread+0x3c5/0x780 [ 133.001922][ T1426] ret_from_fork+0x5d4/0x6f0 [ 133.003345][ T1426] ret_from_fork_asm+0x1a/0x30 [ 133.004844][ T1426] [ 133.005620][ T1426] Last potentially related work creation: [ 133.007403][ T1426] kasan_save_stack+0x33/0x60 [ 133.008847][ T1426] kasan_record_aux_stack+0xa7/0xc0 [ 133.010440][ T1426] insert_work+0x36/0x230 [ 133.011777][ T1426] __queue_work+0x97e/0x10f0 [ 133.013186][ T1426] queue_work_on+0x1a4/0x1f0 [ 133.014667][ T1426] release_tty+0x4de/0x5d0 [ 133.016134][ T1426] tty_release_struct+0xb7/0xe0 [ 133.017659][ T1426] tty_release+0xe2d/0x1430 [ 133.019070][ T1426] __fput+0x3ff/0xb70 [ 133.020323][ T1426] task_work_run+0x14d/0x240 [ 133.021779][ T1426] exit_to_user_mode_loop+0xeb/0x110 [ 133.023722][ T1426] do_syscall_64+0x3f6/0x4c0 [ 133.025144][ T1426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.027314][ T1426] [ 133.028083][ T1426] The buggy address belongs to the object at ffff888052f63000 [ 133.028083][ T1426] which belongs to the cache kmalloc-cg-2k of size 2048 [ 133.032516][ T1426] The buggy address is located 32 bytes inside of [ 133.032516][ T1426] freed 2048-byte region [ffff888052f63000, ffff888052f63800) [ 133.036527][ T1426] [ 133.037272][ T1426] The buggy address belongs to the physical page: [ 133.039348][ T1426] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52f60 [ 133.041902][ T1426] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 133.044449][ T1426] memcg:ffff888053b81c81 [ 133.045853][ T1426] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 133.048206][ T1426] page_type: f5(slab) [ 133.049426][ T1426] raw: 00fff00000000040 ffff88801b84c140 0000000000000000 dead000000000001 [ 133.052070][ T1426] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff888053b81c81 [ 133.054694][ T1426] head: 00fff00000000040 ffff88801b84c140 0000000000000000 dead000000000001 [ 133.057368][ T1426] head: 0000000000000000 0000000000080008 00000000f5000000 ffff888053b81c81 [ 133.059909][ T1426] head: 00fff00000000003 ffffea00014bd801 00000000ffffffff 00000000ffffffff [ 133.062504][ T1426] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 133.065267][ T1426] page dumped because: kasan: bad access detected [ 133.067555][ T1426] page_owner tracks the page as allocated [ 133.069327][ T1426] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5947, tgid 5947 (syz-executor), ts 45841297206, free_ts 0 [ 133.075962][ T1426] post_alloc_hook+0x1c0/0x230 [ 133.077462][ T1426] get_page_from_freelist+0x1321/0x3890 [ 133.079204][ T1426] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 133.081035][ T1426] alloc_pages_mpol+0x1fb/0x550 [ 133.082547][ T1426] new_slab+0x23b/0x330 [ 133.083814][ T1426] ___slab_alloc+0xd9c/0x1940 [ 133.085373][ T1426] __slab_alloc.constprop.0+0x56/0xb0 [ 133.087113][ T1426] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 133.089017][ T1426] kmemdup_noprof+0x29/0x60 [ 133.090437][ T1426] neigh_sysctl_register+0xb2/0x670 [ 133.092122][ T1426] devinet_sysctl_register+0xb6/0x200 [ 133.093707][ T1426] inetdev_init+0x2b8/0x5a0 [ 133.095111][ T1426] inetdev_event+0xc5f/0x18a0 [ 133.096623][ T1426] notifier_call_chain+0xbc/0x410 [ 133.098157][ T1426] call_netdevice_notifiers_info+0xbe/0x140 [ 133.099983][ T1426] register_netdevice+0x182e/0x2270 [ 133.101543][ T1426] page_owner free stack trace missing [ 133.103140][ T1426] [ 133.103890][ T1426] Memory state around the buggy address: [ 133.105646][ T1426] ffff888052f62f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 133.108052][ T1426] ffff888052f62f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 133.110449][ T1426] >ffff888052f63000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 133.112977][ T1426] ^ [ 133.114708][ T1426] ffff888052f63080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 133.117207][ T1426] ffff888052f63100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 133.119587][ T1426] ================================================================== [ 133.122311][ T1426] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 133.124628][ T1426] CPU: 2 UID: 0 PID: 1426 Comm: aoe_tx0 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 133.128176][ T1426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.131462][ T1426] Call Trace: [ 133.132560][ T1426] [ 133.133548][ T1426] dump_stack_lvl+0x3d/0x1f0 [ 133.134998][ T1426] panic+0x71c/0x800 [ 133.136229][ T1426] ? __pfx_panic+0x10/0x10 [ 133.137598][ T1426] ? irqentry_exit+0x3b/0x90 [ 133.138989][ T1426] ? lockdep_hardirqs_on+0x7c/0x110 [ 133.140770][ T1426] ? handle_tx+0x5a5/0x630 [ 133.142174][ T1426] ? check_panic_on_warn+0x1f/0xb0 [ 133.143733][ T1426] ? handle_tx+0x5a5/0x630 [ 133.145134][ T1426] check_panic_on_warn+0xab/0xb0 [ 133.146624][ T1426] end_report+0x107/0x170 [ 133.148001][ T1426] kasan_report+0xee/0x110 [ 133.149393][ T1426] ? handle_tx+0x5a5/0x630 [ 133.150776][ T1426] handle_tx+0x5a5/0x630 [ 133.152104][ T1426] dev_hard_start_xmit+0x94/0x740 [ 133.153621][ T1426] __dev_queue_xmit+0x7eb/0x43e0 [ 133.155216][ T1426] ? lockdep_hardirqs_on+0x7c/0x110 [ 133.156826][ T1426] ? finish_task_switch.isra.0+0x221/0xc10 [ 133.158614][ T1426] ? rcu_is_watching+0x12/0xc0 [ 133.160079][ T1426] ? __pfx___dev_queue_xmit+0x10/0x10 [ 133.161698][ T1426] ? __lock_acquire+0xb8a/0x1c90 [ 133.163220][ T1426] ? __lock_acquire+0xb8a/0x1c90 [ 133.164751][ T1426] ? do_raw_spin_lock+0x12c/0x2b0 [ 133.166462][ T1426] ? find_held_lock+0x2b/0x80 [ 133.167969][ T1426] ? skb_dequeue+0x126/0x180 [ 133.169493][ T1426] ? find_held_lock+0x2b/0x80 [ 133.170956][ T1426] ? rcu_is_watching+0x12/0xc0 [ 133.172445][ T1426] tx+0xcc/0x190 [ 133.173554][ T1426] ? __pfx_tx+0x10/0x10 [ 133.174818][ T1426] kthread+0x1e1/0x3e0 [ 133.176173][ T1426] ? find_held_lock+0x2b/0x80 [ 133.177838][ T1426] ? __pfx_kthread+0x10/0x10 [ 133.179314][ T1426] ? __pfx_default_wake_function+0x10/0x10 [ 133.181056][ T1426] ? lockdep_hardirqs_on+0x7c/0x110 [ 133.182635][ T1426] ? __kthread_parkme+0x19e/0x250 [ 133.184194][ T1426] ? __pfx_kthread+0x10/0x10 [ 133.185832][ T1426] kthread+0x3c5/0x780 [ 133.187153][ T1426] ? __pfx_kthread+0x10/0x10 [ 133.188555][ T1426] ? rcu_is_watching+0x12/0xc0 [ 133.190006][ T1426] ? __pfx_kthread+0x10/0x10 [ 133.191455][ T1426] ret_from_fork+0x5d4/0x6f0 [ 133.192884][ T1426] ? __pfx_kthread+0x10/0x10 [ 133.194351][ T1426] ret_from_fork_asm+0x1a/0x30 [ 133.196005][ T1426] [ 133.197645][ T1426] Kernel Offset: disabled [ 133.198991][ T1426] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:12:39 Registers: info registers vcpu 0 CPU#0 RAX=0000000000156b0d RBX=0000000000000000 RCX=ffffffff8b7fbc99 RDX=0000000000000000 RSI=ffffffff8de18f75 RDI=ffffffff8c157060 RBP=fffffbfff1c52ef0 RSP=ffffffff8e207e08 R8 =0000000000000001 R9 =ffffed100d486645 R10=ffff88806a43322b R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e297780 R14=ffffffff90a80c50 R15=0000000000000000 RIP=ffffffff8b7fa7ff RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6754000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f4761044f98 CR3=00000000570ad000 CR4=00352ef0 DR0=0000000000000007 DR1=0000000000000005 DR2=0000000000000002 DR3=0000000000000009 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004090001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f88ede11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f88ede11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f88ede11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f88ede11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f88ede11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f88ede11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1f12000680020000 000f000a000e0000 0000000001000000 00010181a11304bc ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f88eeaed100 00007f88edf84440 00007f88edf80004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f88edf84498 00007f88edf84490 00007f88edf84488 00007f88edf84480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000004 RBX=0000000000000000 RCX=ffffffff81c3ec5f RDX=0000000000000002 RSI=ffff88805969af30 RDI=ffff88805969a440 RBP=ffff88805969a440 RSP=ffffc90006d5fa50 R8 =0000000000000000 R9 =0000000000000001 R10=ffffffff90a80c57 R11=0000000000000001 R12=0000000000000002 R13=ffff88805969af30 R14=ffff888048e90d80 R15=0000000000000000 RIP=ffffffff81984fe0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6854000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f4761045d58 CR3=00000000497f5000 CR4=00352ef0 DR0=0000000000000007 DR1=0000000000000005 DR2=0000000000000002 DR3=0000000000000009 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004090001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4765811b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4765811b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4765811b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4765811b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4765811bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4765811c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4765984488 00007f4765984480 00007f4765984478 00007f4765984450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f47664ed100 00007f4765984440 00007f4765980004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4765984498 00007f4765984490 00007f4765984488 00007f4765984480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000000005f RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855b5255 RDI=ffffffff9b0883a0 RBP=ffffffff9b088360 RSP=ffffc9000709f458 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=000000000000005f R14=ffffffff9b088360 R15=ffffffff855b51f0 RIP=ffffffff855b527f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6954000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffe2c55c008 CR3=000000000e382000 CR4=00352ef0 DR0=0000000000000007 DR1=0000000000000005 DR2=0000000000000002 DR3=0000000000000009 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063234423436d63 702f646e732f7665 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4760211b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4760211b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4760211b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4760211b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4760211bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4760211c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000dd7c7 RBX=0000000000000003 RCX=ffffffff8b7fbc99 RDX=0000000000000000 RSI=ffffffff8de18f75 RDI=ffffffff8c157060 RBP=ffffed1003c54000 RSP=ffffc90000197df8 R8 =0000000000000001 R9 =ffffed100d4e6645 R10=ffff88806a73322b R11=0000000000000001 R12=0000000000000003 R13=ffff88801e2a0000 R14=ffffffff90a80c50 R15=0000000000000000 RIP=ffffffff8b7fa7ff RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a54000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f4761086f98 CR3=000000004db2c000 CR4=00352ef0 DR0=0000000000000007 DR1=0000000000000005 DR2=0000000000000002 DR3=0000000000000009 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc21fde3c0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbe33811b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbe33811b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbe33811b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbe33811b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbe33811bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbe33811c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000