last executing test programs: 21.431256238s ago: executing program 3 (id=321): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0), 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) close(r0) 6.738804328s ago: executing program 3 (id=382): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x8014) recvmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000014c0)=""/4097, 0x1001}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c2d94f90424fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c2d94f90524fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0) 6.663756337s ago: executing program 3 (id=434): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b000100"], 0x0) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67a", 0x2a, 0x11, 0x0, 0x0) 3.585370195s ago: executing program 3 (id=494): socket$kcm(0x2, 0x2, 0x73) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r1, r0, 0x2, 0x0, 0x4000, @void, @value}, 0x10) socket$kcm(0x2, 0x2, 0x73) 3.584767529s ago: executing program 3 (id=495): socket(0x10, 0x80002, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0x0) r0 = syz_io_uring_setup(0x22e, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000440)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x6, 0x0, 0x0}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) 2.695528358s ago: executing program 2 (id=522): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) recvmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x3, 0x0, 0x0, &(0x7f00000035c0)=""/241, 0xf1}}, {{&(0x7f00000036c0)=@un=@abs, 0x80, &(0x7f0000003780)=[{&(0x7f0000003740)=""/4, 0x7ffff}], 0x1, &(0x7f00000037c0)=""/236, 0xec}}, {{0x0, 0x0, &(0x7f0000003bc0)=[{0x0, 0xe00000000000000}, {&(0x7f0000003a00)=""/190, 0xbe}, {&(0x7f0000003ac0)=""/131, 0x83}, {0x0}], 0x4, &(0x7f0000003c00)=""/73, 0x49}}, {{&(0x7f0000003c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0, 0x0, &(0x7f0000003e00)=""/48, 0x30}}], 0x4, 0x40000121, 0x0) 2.510913956s ago: executing program 3 (id=535): socket$inet(0x2, 0x3, 0x2) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x8, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x1}], 0x1}}], 0x1, 0x0) 2.333088064s ago: executing program 1 (id=540): r0 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote, 0x7}, 0x1c) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_matches\x00') sendfile(r0, r1, 0x0, 0x8000fff) 1.821169706s ago: executing program 2 (id=545): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r0, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) 1.75523481s ago: executing program 2 (id=547): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000000)=[@clear_death], 0x0, 0x0, 0x0}) 1.675296412s ago: executing program 2 (id=549): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 1.443717673s ago: executing program 1 (id=553): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) statfs(0x0, 0x0) 1.440412296s ago: executing program 2 (id=554): pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0xd0, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000008e25900ee8d386dd601646b085a2009a2f00ff020000000000000000000000000001fc010000000000000000000000000000000000000000000005020000000000000420880b00460000670c12d787bc48454ad5ab0dbcd795bf5fb1f628b38949083230f6690fa256ac9e09b06b584ba6ff"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020000000900010073797a3000000000aa000300"], 0x1e4}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0) 1.419892692s ago: executing program 1 (id=556): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000040)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000140)=""/144, 0x90}], 0x1) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x0, 0x8, 0x0, 0x0, 0xf}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) 1.297251617s ago: executing program 1 (id=560): unshare(0x22020600) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) unshare(0x2c060000) 1.272982327s ago: executing program 1 (id=562): syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec0000000109021200010000000009"], 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="70000000140009050000000000000000020100ff", @ANYRES32, @ANYBLOB="1400060006000000000000f0000000000000000008"], 0x70}}, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x16f, @time}) 1.186096744s ago: executing program 0 (id=563): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) timer_create(0x3, 0x0, &(0x7f00000003c0)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6}]}) syz_open_dev$ptys(0xc, 0x3, 0x0) timer_delete(0x0) 525.642379ms ago: executing program 2 (id=564): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000010003b15000000000000000000d2fd50", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a200012800800010068"], 0x40}}, 0x0) r2 = socket(0x11, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="77ba00000000000000001f000000080001000000000008000300", @ANYRES32=r3], 0x48}}, 0x0) 315.493884ms ago: executing program 0 (id=565): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000480)="0f01d12e0f3566b88a008ec8c74424000070c22dc744240203000000c7442406000000000f011c2464260f21ed3665f20f2c3fea090000000900b8010000000f01c1f466baf80cb864cc9e8cef66bafc0ced", 0x52}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 159.525941ms ago: executing program 0 (id=566): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000180)=0x100003, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x200008d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000280)=ANY=[], 0x8) sendto$inet6(r0, &(0x7f0000000280)="03", 0x1, 0x0, 0x0, 0x0) 111.209903ms ago: executing program 0 (id=567): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xa0bf83d7d46f2cbb}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f00000000c0)={0x800080, 0x0, 0x0, 0x0, 0xa965, 0x2}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000000)={0xffffffffffffffff}) close_range(r2, 0xffffffffffffffff, 0x0) 17.023981ms ago: executing program 0 (id=568): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) pivot_root(&(0x7f0000000900)='./file0\x00', &(0x7f0000000480)='./file1\x00') 15.14671ms ago: executing program 0 (id=569): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0}) 0s ago: executing program 1 (id=570): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xffd, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000003fffffe218110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDSKBSENT(r2, 0x4b49, &(0x7f0000000bc0)={0x1f, "0fab12613bc44071cce0b0fa775d257dc5eb19440512b5e71441453c3c411c5745cad3db366524ee8cfdca2a82b4bb0ace6cbba01a532790d33bd73fe8f9c3278895022c57996c648a51b1a92c35b582296f7a45334e97163dcbd82cba8949bdc2b288c2bd2caf631baf503e33ae5dbea92ea76a80da4b33b3a066f53d303d3ca5932ecdc23165b3612d95a1b610b686a61d25ddf199a7852de3193b14952dbdd5d9e73c5f636385cdff417ee05b028d7b2470c31007448449384468657318c015fa4619a6637eb6641760b4b1b6be91a3e0b6cff1a011424272de43fe1de4d44d0d659af72d8009ee9c18b474f9ed8ec84b6bd49d7968db842bb8bf55ca22933e7ed0e4fcd2437b842cbbf5f42e40abc4f423c9c638b2c4718d9cb33a46eaf098eb70e1121e25d3a923b530bf0f938b2796ff250773b1dff2f282117561933da91b8e63bb539c9c6597e0a0a4bb809fca37695e1fbe5b611847bf68176d2394915d6710aeebcd25f3aa3dffbfb930276fcb414a186b9add5334c285bebf7c3126f1fb7ed83a024413ed76b28a00c8afedfa3148089389af1ac37208cbe51fc7827988a525f08751b0ba528e409880428aa69ce9175c64bb9604b9c7ee2812e013cafe0abbdc8e5803e6fd47844d784cbd6cd68faff42662e045963bf18fc383cb626d095d3af71d73e63944c823d01da6787c3f5102dc7f45f67d3d820ea9c3"}) kernel console output (not intermixed with test programs): [ 30.779453][ T39] audit: type=1400 audit(1728052827.426:82): avc: denied { siginh } for pid=5251 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 31.597511][ T39] audit: type=1400 audit(1728052828.256:83): avc: denied { read } for pid=4816 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 31.603422][ T39] audit: type=1400 audit(1728052828.256:84): avc: denied { append } for pid=4816 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 31.609042][ T39] audit: type=1400 audit(1728052828.256:85): avc: denied { open } for pid=4816 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 31.614804][ T39] audit: type=1400 audit(1728052828.256:86): avc: denied { getattr } for pid=4816 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '[localhost]:50756' (ED25519) to the list of known hosts. [ 32.404969][ T39] audit: type=1400 audit(1728052829.066:87): avc: denied { name_bind } for pid=5307 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 34.138101][ T5314] cgroup: Unknown subsys name 'net' [ 34.264837][ T5314] cgroup: Unknown subsys name 'cpuset' [ 34.269772][ T5314] cgroup: Unknown subsys name 'rlimit' [ 34.475417][ T5329] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 35.093364][ T5314] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 37.322074][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 37.322087][ T39] audit: type=1400 audit(1728052833.986:105): avc: denied { execmem } for pid=5333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 37.506220][ T39] audit: type=1400 audit(1728052834.166:106): avc: denied { create } for pid=5336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 37.511480][ T39] audit: type=1400 audit(1728052834.166:107): avc: denied { read write } for pid=5336 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 37.517625][ T39] audit: type=1400 audit(1728052834.166:108): avc: denied { open } for pid=5336 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 37.524000][ T39] audit: type=1400 audit(1728052834.186:109): avc: denied { ioctl } for pid=5336 comm="syz-executor" path="socket:[5528]" dev="sockfs" ino=5528 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 37.551897][ T5345] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 37.554177][ T5345] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 37.557699][ T5345] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 37.560062][ T5345] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 37.562506][ T5345] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 37.564747][ T5345] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 37.565732][ T5347] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 37.566806][ T5345] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 37.569411][ T5347] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 37.570736][ T5345] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 37.571072][ T5350] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 37.571472][ T5350] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 37.571821][ T5350] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 37.572025][ T5350] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 37.572132][ T5350] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 37.572620][ T5347] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 37.575860][ T39] audit: type=1400 audit(1728052834.236:110): avc: denied { read } for pid=5336 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 37.578045][ T5347] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 37.581398][ T39] audit: type=1400 audit(1728052834.236:111): avc: denied { open } for pid=5336 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 37.583751][ T5347] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 37.584273][ T5352] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 37.584892][ T39] audit: type=1400 audit(1728052834.246:112): avc: denied { mounton } for pid=5336 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 37.585460][ T5352] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 37.586584][ T5352] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 37.588336][ T5352] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 37.588502][ T5352] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 37.591170][ T5347] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 37.675198][ T39] audit: type=1400 audit(1728052834.336:113): avc: denied { module_request } for pid=5339 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 37.694927][ T5339] chnl_net:caif_netlink_parms(): no params data found [ 37.783926][ T5337] chnl_net:caif_netlink_parms(): no params data found [ 37.793147][ T5336] chnl_net:caif_netlink_parms(): no params data found [ 37.804703][ T5339] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.807106][ T5339] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.809043][ T5339] bridge_slave_0: entered allmulticast mode [ 37.811149][ T5339] bridge_slave_0: entered promiscuous mode [ 37.815817][ T5339] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.817719][ T5339] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.819705][ T5339] bridge_slave_1: entered allmulticast mode [ 37.821692][ T5339] bridge_slave_1: entered promiscuous mode [ 37.894144][ T5339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.899595][ T5339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.935578][ T5348] chnl_net:caif_netlink_parms(): no params data found [ 37.962808][ T5339] team0: Port device team_slave_0 added [ 37.992169][ T5337] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.994120][ T5337] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.996123][ T5337] bridge_slave_0: entered allmulticast mode [ 37.998167][ T5337] bridge_slave_0: entered promiscuous mode [ 38.002069][ T5337] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.004614][ T5337] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.007247][ T5337] bridge_slave_1: entered allmulticast mode [ 38.010505][ T5337] bridge_slave_1: entered promiscuous mode [ 38.014475][ T5339] team0: Port device team_slave_1 added [ 38.041678][ T5336] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.043608][ T5336] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.045517][ T5336] bridge_slave_0: entered allmulticast mode [ 38.047832][ T5336] bridge_slave_0: entered promiscuous mode [ 38.085449][ T5336] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.087424][ T5336] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.089796][ T5336] bridge_slave_1: entered allmulticast mode [ 38.091805][ T5336] bridge_slave_1: entered promiscuous mode [ 38.102881][ T5337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.121678][ T5348] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.123600][ T5348] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.125473][ T5348] bridge_slave_0: entered allmulticast mode [ 38.127480][ T5348] bridge_slave_0: entered promiscuous mode [ 38.145996][ T5337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.148974][ T5339] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.151962][ T5339] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.160628][ T5339] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.164322][ T5348] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.166185][ T5348] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.168076][ T5348] bridge_slave_1: entered allmulticast mode [ 38.170905][ T5348] bridge_slave_1: entered promiscuous mode [ 38.174745][ T5336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.193564][ T5339] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.195503][ T5339] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.202579][ T5339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.225682][ T5336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.230426][ T5337] team0: Port device team_slave_0 added [ 38.233669][ T5337] team0: Port device team_slave_1 added [ 38.236369][ T5348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.281369][ T5348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.285277][ T5336] team0: Port device team_slave_0 added [ 38.288959][ T5339] hsr_slave_0: entered promiscuous mode [ 38.291065][ T5339] hsr_slave_1: entered promiscuous mode [ 38.320745][ T5336] team0: Port device team_slave_1 added [ 38.331751][ T5337] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.333613][ T5337] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.340250][ T5337] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.345324][ T5348] team0: Port device team_slave_0 added [ 38.356658][ T5337] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.358385][ T5337] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.365672][ T5337] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.380615][ T5348] team0: Port device team_slave_1 added [ 38.383195][ T5336] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.384944][ T5336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.391665][ T5336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.395493][ T5336] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.397237][ T5336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.404017][ T5336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.429580][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.431440][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.437907][ T5348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.477631][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.480493][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.487193][ T5348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.503906][ T5337] hsr_slave_0: entered promiscuous mode [ 38.505874][ T5337] hsr_slave_1: entered promiscuous mode [ 38.507691][ T5337] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.509965][ T5337] Cannot create hsr debugfs directory [ 38.523483][ T5336] hsr_slave_0: entered promiscuous mode [ 38.526255][ T5336] hsr_slave_1: entered promiscuous mode [ 38.528735][ T5336] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.530894][ T5336] Cannot create hsr debugfs directory [ 38.584098][ T5348] hsr_slave_0: entered promiscuous mode [ 38.586049][ T5348] hsr_slave_1: entered promiscuous mode [ 38.587884][ T5348] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.589952][ T5348] Cannot create hsr debugfs directory [ 38.680969][ T5339] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 38.686065][ T5339] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 38.690745][ T5339] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 38.696069][ T5339] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 38.793045][ T5336] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 38.796318][ T5336] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 38.807694][ T5336] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 38.811781][ T5336] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 38.828357][ T5348] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.832800][ T5348] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.836878][ T5348] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.840287][ T5348] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.880144][ T5337] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 38.886218][ T5337] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 38.891469][ T5337] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 38.897413][ T5339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.899372][ T5337] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 38.925201][ T5339] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.940005][ T93] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.942042][ T93] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.954947][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.956863][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.961133][ T5336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.978260][ T5336] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.991837][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.993783][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.996545][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.998418][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.005146][ T5348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.025740][ T5348] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.042330][ T5337] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.046474][ T39] audit: type=1400 audit(1728052835.706:114): avc: denied { sys_module } for pid=5339 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 39.046959][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.053975][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.065545][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.067827][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.077974][ T5337] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.092756][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.094725][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.101309][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.103227][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.117988][ T5348] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.132530][ T5339] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.158713][ T5339] veth0_vlan: entered promiscuous mode [ 39.165377][ T5339] veth1_vlan: entered promiscuous mode [ 39.178010][ T5336] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.200056][ T5339] veth0_macvtap: entered promiscuous mode [ 39.210376][ T5339] veth1_macvtap: entered promiscuous mode [ 39.221971][ T5348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.227349][ T5339] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.238205][ T5336] veth0_vlan: entered promiscuous mode [ 39.243111][ T5339] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.249114][ T5339] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.251666][ T5339] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.253934][ T5339] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.256262][ T5339] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.260403][ T5336] veth1_vlan: entered promiscuous mode [ 39.263640][ T5337] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.304021][ T5336] veth0_macvtap: entered promiscuous mode [ 39.312425][ T5336] veth1_macvtap: entered promiscuous mode [ 39.312753][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.317316][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.329617][ T5348] veth0_vlan: entered promiscuous mode [ 39.338711][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.339325][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.341429][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.343827][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.349058][ T5336] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.356102][ T5337] veth0_vlan: entered promiscuous mode [ 39.358060][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.361230][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.364303][ T5336] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.367102][ T5348] veth1_vlan: entered promiscuous mode [ 39.373443][ T5336] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.375768][ T5336] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.378235][ T5336] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.381210][ T5336] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.402334][ T5337] veth1_vlan: entered promiscuous mode [ 39.403301][ T5339] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 39.410152][ T5348] veth0_macvtap: entered promiscuous mode [ 39.416087][ T5348] veth1_macvtap: entered promiscuous mode [ 39.421434][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.423450][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.445389][ T5337] veth0_macvtap: entered promiscuous mode [ 39.447488][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.450457][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.452473][ T5401] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 39.453023][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.458416][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.462867][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.471735][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.473660][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.474043][ T5337] veth1_macvtap: entered promiscuous mode [ 39.481610][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.484344][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.487484][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.490677][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.494203][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.498635][ T5348] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.502687][ T5348] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.505001][ T5348] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.507269][ T5348] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.529105][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.532476][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.535033][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.537667][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.540306][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.543359][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.547303][ T5337] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.552465][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.555292][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.557788][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.561103][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.564174][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.567227][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.571132][ T5337] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.581649][ T5337] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.584179][ T5337] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.587915][ T5337] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.591225][ T5337] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.607668][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.612620][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.620135][ T5346] Bluetooth: hci1: command tx timeout [ 39.620456][ T5347] Bluetooth: hci3: command tx timeout [ 39.629803][ T5346] Bluetooth: hci2: command tx timeout [ 39.631463][ T5347] Bluetooth: hci0: command tx timeout [ 39.636525][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.639232][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.650677][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.652785][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.666838][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.668916][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.867121][ T5458] input: syz1 as /devices/virtual/input/input5 [ 40.918450][ T5461] veth1_to_team: entered promiscuous mode [ 40.923395][ T5460] veth1_to_team: left promiscuous mode [ 41.209633][ T5384] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 41.362205][ T5384] usb 8-1: config 0 has no interfaces? [ 41.363757][ T5384] usb 8-1: New USB device found, idVendor=1668, idProduct=0323, bcdDevice=5f.ca [ 41.366202][ T5384] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.370490][ T5384] usb 8-1: config 0 descriptor?? [ 41.721580][ T5347] Bluetooth: hci0: command tx timeout [ 41.723069][ T5347] Bluetooth: hci2: command tx timeout [ 41.724488][ T5347] Bluetooth: hci3: command tx timeout [ 41.725913][ T5347] Bluetooth: hci1: command tx timeout [ 41.808427][ T5376] usb 8-1: USB disconnect, device number 2 [ 41.938794][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 42.126920][ T5485] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 42.199074][ T5492] syz.0.36 uses obsolete (PF_INET,SOCK_PACKET) [ 42.202552][ T5492] syzkaller1: entered promiscuous mode [ 42.204049][ T5492] syzkaller1: entered allmulticast mode [ 42.341534][ T39] kauditd_printk_skb: 89 callbacks suppressed [ 42.341546][ T39] audit: type=1400 audit(1728052839.006:204): avc: denied { read write } for pid=5502 comm="syz.3.42" name="nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 42.349003][ T5503] loop4: detected capacity change from 0 to 524287999 [ 42.351223][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.351298][ T39] audit: type=1400 audit(1728052839.006:205): avc: denied { open } for pid=5502 comm="syz.3.42" path="/dev/nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 42.353721][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 42.359288][ T39] audit: type=1400 audit(1728052839.006:206): avc: denied { map } for pid=5502 comm="syz.3.42" path="/dev/nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 42.361558][ C2] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.367158][ T39] audit: type=1400 audit(1728052839.006:207): avc: denied { execute } for pid=5502 comm="syz.3.42" path="/dev/nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 42.369607][ C2] Buffer I/O error on dev loop4, logical block 0, async page read [ 42.378995][ C2] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.381489][ C2] Buffer I/O error on dev loop4, logical block 0, async page read [ 42.384326][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.386757][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 42.388882][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.391276][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 42.393543][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.396669][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 42.400768][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.403924][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 42.406924][ C2] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.409308][ C2] Buffer I/O error on dev loop4, logical block 0, async page read [ 42.411407][ T5503] ldm_validate_partition_table(): Disk read failed. [ 42.413355][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.415721][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 42.417818][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.420305][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 42.422951][ T5503] Dev loop4: unable to read RDB block 0 [ 42.425183][ T5503] loop4: unable to read partition table [ 42.426778][ T5503] loop_reread_partitions: partition scan of loop4 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 42.529607][ T5221] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 42.679658][ T5221] usb 7-1: Using ep0 maxpacket: 8 [ 42.682757][ T5221] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 42.685056][ T5221] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 42.687640][ T5221] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 42.690470][ T5221] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 42.693381][ T5221] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 42.696928][ T5221] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 42.699355][ T5221] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.910355][ T5221] usb 7-1: usb_control_msg returned -32 [ 42.912187][ T5221] usbtmc 7-1:16.0: can't read capabilities [ 43.388814][ T39] audit: type=1400 audit(1728052840.046:208): avc: denied { mount } for pid=5505 comm="syz.3.44" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 43.396740][ T39] audit: type=1400 audit(1728052840.056:209): avc: denied { search } for pid=5505 comm="syz.3.44" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 43.404481][ T39] audit: type=1400 audit(1728052840.056:210): avc: denied { read } for pid=5505 comm="syz.3.44" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 43.413022][ T39] audit: type=1400 audit(1728052840.056:211): avc: denied { open } for pid=5505 comm="syz.3.44" path="/16/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 43.421714][ T39] audit: type=1400 audit(1728052840.056:212): avc: denied { mount } for pid=5507 comm="syz.0.43" name="/" dev="ramfs" ino=7526 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 43.429488][ T39] audit: type=1400 audit(1728052840.066:213): avc: denied { unmount } for pid=5339 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 43.611759][ T5516] Falling back ldisc for ptm0. [ 43.659228][ T5526] Process accounting resumed [ 43.781378][ T5346] Bluetooth: hci1: command tx timeout [ 43.781429][ T5347] Bluetooth: hci3: command tx timeout [ 43.783337][ T5352] Bluetooth: hci2: command tx timeout [ 43.784660][ T5347] Bluetooth: hci0: command tx timeout [ 43.884179][ T35] usb 7-1: USB disconnect, device number 2 [ 44.555553][ T828] kernel write not supported for file /input/event0 (pid: 828 comm: kworker/0:2) [ 44.842180][ T5564] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 44.886213][ T5567] input: syz0 as /devices/virtual/input/input6 [ 44.929575][ T5569] syzkaller1: entered promiscuous mode [ 44.931176][ T5569] syzkaller1: entered allmulticast mode [ 45.057387][ T5573] mmap: syz.2.66 (5573) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 45.282885][ T5588] gretap0: entered promiscuous mode [ 45.860115][ T5347] Bluetooth: hci0: command tx timeout [ 45.860184][ T65] Bluetooth: hci2: command tx timeout [ 45.861584][ T5347] Bluetooth: hci3: command tx timeout [ 45.863073][ T5346] Bluetooth: hci1: command tx timeout [ 46.499339][ T5672] warning: `syz.0.95' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 46.521819][ T5672] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 46.524121][ T5672] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 46.771020][ T5694] kernel read not supported for file /eth0 (pid: 5694 comm: syz.3.106) [ 47.099577][ T35] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 47.250804][ T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 47.253732][ T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 47.256712][ T35] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 47.260133][ T35] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 47.262766][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.272719][ T35] usb 7-1: config 0 descriptor?? [ 47.274476][ T5699] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 47.534289][ T39] kauditd_printk_skb: 50 callbacks suppressed [ 47.534308][ T39] audit: type=1400 audit(1728052844.196:264): avc: denied { append } for pid=5709 comm="syz.0.110" name="file0" dev="9p" ino=35922650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 47.543434][ T39] audit: type=1400 audit(1728052844.196:265): avc: denied { open } for pid=5709 comm="syz.0.110" path="/29/file0/file0" dev="9p" ino=35922650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 47.687911][ T35] plantronics 0003:047F:FFFF.0002: ignoring exceeding usage max [ 47.691491][ T35] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 47.706214][ T35] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 47.717882][ T39] audit: type=1400 audit(1728052844.376:266): avc: denied { unmount } for pid=5348 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 48.723994][ T39] audit: type=1400 audit(1728052845.386:267): avc: denied { write } for pid=5730 comm="syz.3.121" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 48.887129][ T39] audit: type=1400 audit(1728052845.546:268): avc: denied { name_bind } for pid=5738 comm="syz.3.123" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 48.897979][ T39] audit: type=1400 audit(1728052845.556:269): avc: denied { nlmsg_write } for pid=5738 comm="syz.3.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 48.921332][ T39] audit: type=1400 audit(1728052845.586:270): avc: denied { write } for pid=5740 comm="syz.0.132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 48.977792][ T39] audit: type=1400 audit(1728052845.636:271): avc: denied { ioctl } for pid=5746 comm="syz.0.126" path="/dev/rtc0" dev="devtmpfs" ino=865 ioctlcmd=0x7008 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 49.249706][ T828] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 49.406313][ T828] usb 5-1: Using ep0 maxpacket: 8 [ 49.408852][ T828] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 49.411556][ T828] usb 5-1: config 0 has no interface number 0 [ 49.413960][ T828] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 49.417121][ T828] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 49.419812][ T828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.422311][ T39] audit: type=1400 audit(1728052846.086:272): avc: denied { create } for pid=5750 comm="syz.2.128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 49.427785][ T39] audit: type=1400 audit(1728052846.086:273): avc: denied { setopt } for pid=5750 comm="syz.2.128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 49.434176][ T828] usb 5-1: config 0 descriptor?? [ 49.438649][ T828] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1 [ 49.661786][ T5380] usb 7-1: USB disconnect, device number 3 [ 49.692610][ T35] usb 5-1: USB disconnect, device number 2 [ 49.703389][ T35] iowarrior 5-1:0.1: I/O-Warror #1 now disconnected [ 50.084809][ T5762] Zero length message leads to an empty skb [ 50.157788][ T5347] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 50.161708][ T5347] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 50.164702][ T5347] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 50.168030][ T5347] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 50.171720][ T5347] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 50.173763][ T5347] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 50.253684][ T5765] chnl_net:caif_netlink_parms(): no params data found [ 50.338579][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.340601][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.342754][ T5765] bridge_slave_0: entered allmulticast mode [ 50.344783][ T5765] bridge_slave_0: entered promiscuous mode [ 50.349248][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.351178][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.353042][ T5765] bridge_slave_1: entered allmulticast mode [ 50.355132][ T5765] bridge_slave_1: entered promiscuous mode [ 50.378760][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.384519][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.409908][ T5765] team0: Port device team_slave_0 added [ 50.412682][ T5765] team0: Port device team_slave_1 added [ 50.443286][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 50.445109][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 50.451681][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 50.456089][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 50.457857][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 50.464559][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 50.490802][ T5765] hsr_slave_0: entered promiscuous mode [ 50.493335][ T5765] hsr_slave_1: entered promiscuous mode [ 50.495589][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 50.497512][ T5765] Cannot create hsr debugfs directory [ 50.558273][ T5765] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.709944][ T5765] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.771642][ T5765] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.852181][ T5765] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.967050][ T5765] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 50.971533][ T5765] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 50.974857][ T5765] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 50.977909][ T5765] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 50.994506][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.996461][ T5765] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.999227][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.001199][ T5765] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.030319][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.037759][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.041070][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.056020][ T5765] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.067875][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.070523][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.074020][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.076598][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.185174][ T5787] input: syz0 as /devices/virtual/input/input7 [ 51.192953][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.225985][ T5765] veth0_vlan: entered promiscuous mode [ 51.230242][ T5765] veth1_vlan: entered promiscuous mode [ 51.251775][ T5765] veth0_macvtap: entered promiscuous mode [ 51.255086][ T5765] veth1_macvtap: entered promiscuous mode [ 51.264838][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 51.269639][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.272166][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 51.277167][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.280477][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 51.283157][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.285726][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 51.295813][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.299895][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 51.305645][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 51.308241][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.312019][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 51.315271][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.317643][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 51.322974][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.325650][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 51.330459][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.333764][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 51.343098][ T5765] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.345918][ T5765] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.349173][ T5765] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.353094][ T5765] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.419933][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.422076][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.427174][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.430418][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.456833][ T5812] vivid-004: disconnect [ 51.460586][ T5811] vivid-004: reconnect [ 51.541334][ T5822] Driver unsupported XDP return value 0 on prog (id 30) dev N/A, expect packet loss! [ 51.609928][ T5399] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 51.694654][ T5838] netlink: 8 bytes leftover after parsing attributes in process `syz.1.161'. [ 51.780328][ T5399] usb 8-1: Using ep0 maxpacket: 32 [ 51.783884][ T5399] usb 8-1: config index 0 descriptor too short (expected 35577, got 27) [ 51.786324][ T5399] usb 8-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 51.788692][ T5399] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 51.791618][ T5399] usb 8-1: config 1 has no interface number 0 [ 51.793245][ T5399] usb 8-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 51.797010][ T5399] usb 8-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 51.800397][ T5399] usb 8-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 51.802655][ T5399] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.807629][ T5399] snd_usb_pod 8-1:1.1: Line 6 Pocket POD found [ 52.180383][ T35] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 52.216616][ T5399] snd_usb_pod 8-1:1.1: Line 6 Pocket POD now attached [ 52.259801][ T5347] Bluetooth: hci4: command tx timeout [ 52.330852][ T35] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 52.333037][ T35] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 52.335480][ T35] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 52.337670][ T35] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 52.340799][ T35] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 52.345201][ T35] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 52.347382][ T35] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 52.349436][ T35] usb 7-1: Product: syz [ 52.350557][ T35] usb 7-1: Manufacturer: syz [ 52.354063][ T35] cdc_wdm 7-1:1.0: skipping garbage [ 52.355453][ T35] cdc_wdm 7-1:1.0: skipping garbage [ 52.357483][ T35] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 52.359001][ T35] cdc_wdm 7-1:1.0: Unknown control protocol [ 52.422465][ T5399] usb 8-1: USB disconnect, device number 3 [ 52.424713][ T5399] snd_usb_pod 8-1:1.1: Line 6 Pocket POD now disconnected [ 52.561616][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 52.563500][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 52.565632][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 52.567620][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 52.569828][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 52.571991][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 52.573890][ T828] usb 7-1: USB disconnect, device number 4 [ 52.575461][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 52.575472][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 52.575479][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 52.655740][ T39] kauditd_printk_skb: 41 callbacks suppressed [ 52.655756][ T39] audit: type=1400 audit(1728052849.316:315): avc: denied { create } for pid=5881 comm="syz.0.178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 52.666419][ T39] audit: type=1400 audit(1728052849.316:316): avc: denied { connect } for pid=5881 comm="syz.0.178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 52.673256][ T39] audit: type=1400 audit(1728052849.316:317): avc: denied { write } for pid=5881 comm="syz.0.178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 52.968654][ T5897] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 52.972590][ T5896] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 53.006611][ T5902] input: syz0 as /devices/virtual/input/input8 [ 53.137972][ T39] audit: type=1400 audit(1728052849.796:318): avc: denied { unlink } for pid=5914 comm="syz.0.191" name="#1" dev="tmpfs" ino=311 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 53.138868][ T5916] overlayfs: invalid origin (0000007900ff0000000000000000000000000000000000000000000000000000000000000000000000000000) [ 53.153789][ T39] audit: type=1400 audit(1728052849.806:319): avc: denied { mount } for pid=5914 comm="syz.0.191" name="/" dev="overlay" ino=305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 53.226970][ T39] audit: type=1400 audit(1728052849.886:320): avc: denied { write } for pid=5924 comm="syz.1.197" path="socket:[9138]" dev="sockfs" ino=9138 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 53.256358][ T39] audit: type=1400 audit(1728052849.916:321): avc: denied { setopt } for pid=5926 comm="syz.0.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 53.278719][ T5930] netlink: 'syz.1.200': attribute type 10 has an invalid length. [ 53.285959][ T39] audit: type=1400 audit(1728052849.936:322): avc: denied { bind } for pid=5928 comm="syz.1.200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 53.292855][ T39] audit: type=1400 audit(1728052849.936:323): avc: denied { open } for pid=5929 comm="syz.0.199" path="/dev/ptyq5" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 53.299000][ T39] audit: type=1400 audit(1728052849.936:324): avc: denied { setopt } for pid=5928 comm="syz.1.200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 53.306727][ T5930] team0: Port device netdevsim0 added [ 54.339622][ T5347] Bluetooth: hci4: command tx timeout [ 54.344114][ T5955] 9pnet: p9_errstr2errno: server reported unknown error œæçâ̼§6†Gµ [ 54.428514][ T5961] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 54.561129][ T5966] xt_hashlimit: size too large, truncated to 1048576 [ 54.566585][ T5967] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 54.827038][ T5985] netlink: 'syz.1.221': attribute type 9 has an invalid length. [ 54.839977][ T5985] netlink: 134660 bytes leftover after parsing attributes in process `syz.1.221'. [ 54.892122][ T5346] Bluetooth: hci5: sending frame failed (-49) [ 54.894252][ T5347] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 55.220085][ T6008] loop0: detected capacity change from 0 to 7 [ 55.223651][ T6008] Dev loop0: unable to read RDB block 7 [ 55.230542][ T6008] loop0: unable to read partition table [ 55.232684][ T6008] loop0: partition table beyond EOD, truncated [ 55.234770][ T6008] loop_reread_partitions: partition scan of loop0 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 55.234770][ T6008] ) failed (rc=-5) [ 55.535135][ T6029] syz.2.239 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 55.778082][ T6043] nullb0: AHDI p1 [ 56.039603][ T828] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 56.100369][ T6056] input: syz1 as /devices/virtual/input/input9 [ 56.189594][ T828] usb 6-1: Using ep0 maxpacket: 8 [ 56.198977][ T828] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 56.199005][ T828] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 56.199015][ T828] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 56.199027][ T828] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 56.199037][ T828] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 56.199056][ T828] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 56.199067][ T828] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.413860][ T828] usb 6-1: usb_control_msg returned -32 [ 56.415854][ T828] usbtmc 6-1:16.0: can't read capabilities [ 56.420346][ T5347] Bluetooth: hci4: command tx timeout [ 56.753190][ T6102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.268'. [ 56.755575][ T6102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 56.757529][ T6102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 56.761538][ T6102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 56.763546][ T6102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 56.922744][ T12] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x80 [ 56.966925][ T30] usb 6-1: USB disconnect, device number 2 [ 57.752779][ T39] kauditd_printk_skb: 25 callbacks suppressed [ 57.752792][ T39] audit: type=1400 audit(1728052854.416:350): avc: denied { read } for pid=6119 comm="syz.2.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 57.937142][ T9] libceph: connect (1)[c::]:6789 error -101 [ 57.939050][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 57.943017][ T9] libceph: connect (1)[c::]:6789 error -101 [ 57.944675][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 57.996600][ T30] libceph: connect (1)[c::]:6789 error -101 [ 57.999005][ T30] libceph: mon0 (1)[c::]:6789 connect error [ 58.201025][ T9] libceph: connect (1)[c::]:6789 error -101 [ 58.202775][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 58.261275][ T30] libceph: connect (1)[c::]:6789 error -101 [ 58.263527][ T30] libceph: mon0 (1)[c::]:6789 connect error [ 58.499757][ T5346] Bluetooth: hci4: command tx timeout [ 58.693507][ T6143] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 58.712689][ T9] libceph: connect (1)[c::]:6789 error -101 [ 58.714405][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 58.745647][ T6148] netlink: 'syz.2.280': attribute type 9 has an invalid length. [ 58.747850][ T6148] netlink: 134660 bytes leftover after parsing attributes in process `syz.2.280'. [ 58.764621][ T6134] ceph: No mds server is up or the cluster is laggy [ 58.771609][ T6137] ceph: No mds server is up or the cluster is laggy [ 58.779984][ T30] libceph: connect (1)[c::]:6789 error -101 [ 58.781927][ T30] libceph: mon0 (1)[c::]:6789 connect error [ 58.854861][ T39] audit: type=1400 audit(1728052855.516:351): avc: denied { read } for pid=6155 comm="syz.1.284" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 58.860934][ T39] audit: type=1400 audit(1728052855.516:352): avc: denied { open } for pid=6155 comm="syz.1.284" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 58.868514][ T39] audit: type=1400 audit(1728052855.526:353): avc: denied { listen } for pid=6157 comm="syz.3.285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 58.878700][ T39] audit: type=1400 audit(1728052855.536:354): avc: denied { accept } for pid=6157 comm="syz.3.285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 59.215557][ T6168] ======================================================= [ 59.215557][ T6168] WARNING: The mand mount option has been deprecated and [ 59.215557][ T6168] and is ignored by this kernel. Remove the mand [ 59.215557][ T6168] option from the mount to silence this warning. [ 59.215557][ T6168] ======================================================= [ 59.268248][ T6170] input: syz0 as /devices/virtual/input/input10 [ 59.381774][ T6176] netlink: 'syz.2.293': attribute type 10 has an invalid length. [ 59.387781][ T6176] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.392849][ T6176] team0: Port device batadv0 added [ 59.972652][ T6204] xt_hashlimit: size too large, truncated to 1048576 [ 60.122271][ T6218] program syz.2.308 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 60.129949][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 60.133516][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 60.137948][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 60.261437][ T5346] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 60.264559][ T5346] Bluetooth: hci2: Injecting HCI hardware error event [ 60.269370][ T5346] Bluetooth: hci2: hardware error 0x00 [ 60.445540][ T45] nci: nci_ntf_packet: unsupported ntf opcode 0xf06 [ 60.579666][ T5352] Bluetooth: hci4: command 0x0405 tx timeout [ 60.619623][ T5376] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 60.774667][ T5376] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 60.780607][ T5376] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 60.784135][ T5376] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 60.786423][ T5376] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.802198][ T6230] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 60.806253][ T5376] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 60.895160][ T6236] random: crng reseeded on system resumption [ 60.898271][ T39] audit: type=1400 audit(1728052857.556:355): avc: denied { append } for pid=6235 comm="syz.3.314" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 60.906588][ T39] audit: type=1400 audit(1728052857.556:356): avc: denied { open } for pid=6235 comm="syz.3.314" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 61.023970][ T5376] usb 5-1: USB disconnect, device number 3 [ 61.079016][ T39] audit: type=1400 audit(1728052857.736:357): avc: denied { ioctl } for pid=6235 comm="syz.3.314" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x330b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 62.559589][ T5346] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 69.949624][ T39] audit: type=1400 audit(1728052866.606:358): avc: denied { mount } for pid=6252 comm="syz.3.320" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 69.955242][ T39] audit: type=1400 audit(1728052866.616:359): avc: denied { mounton } for pid=6252 comm="syz.3.320" path="/87/bus/bus" dev="overlay" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 70.012377][ T6255] process 'syz.2.322' launched './file0' with NULL argv: empty string added [ 70.018723][ T39] audit: type=1400 audit(1728052866.676:360): avc: denied { execute_no_trans } for pid=6254 comm="syz.2.322" path="/98/file0" dev="tmpfs" ino=524 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 70.143982][ T12] nci: nci_rsp_packet: unsupported rsp opcode 0xf06 [ 70.159650][ T35] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 70.312651][ T35] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 70.314996][ T35] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.317003][ T35] usb 5-1: Product: syz [ 70.318079][ T35] usb 5-1: Manufacturer: syz [ 70.319316][ T35] usb 5-1: SerialNumber: syz [ 70.322573][ T35] usb 5-1: config 0 descriptor?? [ 70.528750][ T5376] usb 5-1: USB disconnect, device number 4 [ 70.530869][ T5471] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 70.700001][ T5471] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 70.703319][ T5471] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.705770][ T5471] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 70.708692][ T5471] usb 6-1: config 0 interface 0 has no altsetting 0 [ 70.711240][ T5471] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.713841][ T5471] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 70.716735][ T5471] usb 6-1: config 0 interface 0 has no altsetting 0 [ 70.719228][ T5471] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.721702][ T5471] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 70.724630][ T5471] usb 6-1: config 0 interface 0 has no altsetting 0 [ 70.727095][ T5471] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.729484][ T5471] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 70.732463][ T5471] usb 6-1: config 0 interface 0 has no altsetting 0 [ 70.734936][ T5471] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.737268][ T5471] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 70.740929][ T5471] usb 6-1: config 0 interface 0 has no altsetting 0 [ 70.744447][ T5471] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.748040][ T5471] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 70.753207][ T5471] usb 6-1: config 0 interface 0 has no altsetting 0 [ 70.759151][ T5471] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.762188][ T5471] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 70.765022][ T5471] usb 6-1: config 0 interface 0 has no altsetting 0 [ 70.779769][ T5471] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.782134][ T5471] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 70.784985][ T5471] usb 6-1: config 0 interface 0 has no altsetting 0 [ 70.788194][ T5471] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 70.792337][ T5471] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 70.794577][ T5471] usb 6-1: Product: syz [ 70.795806][ T5471] usb 6-1: Manufacturer: syz [ 70.797556][ T5471] usb 6-1: SerialNumber: syz [ 70.806137][ T5471] usb 6-1: config 0 descriptor?? [ 70.816594][ T5471] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 70.929217][ T39] audit: type=1400 audit(1728052867.586:361): avc: denied { create } for pid=6271 comm="syz.2.328" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 70.934405][ T39] audit: type=1400 audit(1728052867.596:362): avc: denied { ioctl } for pid=6271 comm="syz.2.328" path="socket:[11831]" dev="sockfs" ino=11831 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 71.031353][ T6270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.032466][ T39] audit: type=1400 audit(1728052867.696:363): avc: denied { read write } for pid=6269 comm="syz.1.327" name="raw-gadget" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.049864][ T39] audit: type=1400 audit(1728052867.696:364): avc: denied { open } for pid=6269 comm="syz.1.327" path="/dev/raw-gadget" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.059972][ T39] audit: type=1400 audit(1728052867.696:365): avc: denied { ioctl } for pid=6269 comm="syz.1.327" path="/dev/raw-gadget" dev="devtmpfs" ino=761 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.069773][ T6270] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.232567][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.234513][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.873317][ T39] audit: type=1400 audit(1728052868.536:366): avc: denied { create } for pid=6299 comm="syz.2.339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 71.880772][ T39] audit: type=1400 audit(1728052868.546:367): avc: denied { setopt } for pid=6299 comm="syz.2.339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 72.737631][ T5346] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 72.740469][ T5346] CPU: 3 UID: 0 PID: 5346 Comm: kworker/u33:4 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 72.743472][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.746322][ T5346] Workqueue: hci3 hci_rx_work [ 72.747628][ T5346] Call Trace: [ 72.748555][ T5346] [ 72.749539][ T5346] dump_stack_lvl+0x16c/0x1f0 [ 72.751177][ T5346] sysfs_warn_dup+0x7f/0xa0 [ 72.752537][ T5346] sysfs_create_dir_ns+0x24d/0x2b0 [ 72.754013][ T5346] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 72.755453][ T5346] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 72.756928][ T5346] ? kobject_add_internal+0x12d/0x990 [ 72.758521][ T5346] ? do_raw_spin_unlock+0x172/0x230 [ 72.759934][ T5346] kobject_add_internal+0x2c8/0x990 [ 72.761310][ T5346] kobject_add+0x16f/0x240 [ 72.762509][ T5346] ? __pfx_kobject_add+0x10/0x10 [ 72.763818][ T5346] ? class_to_subsys+0x3e/0x160 [ 72.765124][ T5346] ? do_raw_spin_unlock+0x172/0x230 [ 72.766500][ T5346] ? kobject_put+0xab/0x5a0 [ 72.767701][ T5346] device_add+0x289/0x1a70 [ 72.768924][ T5346] ? __pfx_dev_set_name+0x10/0x10 [ 72.770308][ T5346] ? __pfx_device_add+0x10/0x10 [ 72.771709][ T5346] ? mgmt_send_event_skb+0x2f2/0x460 [ 72.773051][ T5346] hci_conn_add_sysfs+0x17e/0x230 [ 72.774436][ T5346] le_conn_complete_evt+0x1078/0x1d80 [ 72.775852][ T5346] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 72.777350][ T5346] ? trace_contention_end+0xea/0x140 [ 72.778769][ T5346] hci_le_conn_complete_evt+0x23c/0x370 [ 72.780222][ T5346] hci_le_meta_evt+0x2e2/0x5d0 [ 72.781494][ T5346] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 72.783112][ T5346] hci_event_packet+0x666/0x1180 [ 72.784427][ T5346] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 72.785834][ T5346] ? __pfx_hci_event_packet+0x10/0x10 [ 72.787254][ T5346] ? mark_held_locks+0x9f/0xe0 [ 72.788521][ T5346] ? kcov_remote_start+0x3cf/0x6e0 [ 72.789881][ T5346] ? lockdep_hardirqs_on+0x7c/0x110 [ 72.791267][ T5346] hci_rx_work+0x2c6/0x16c0 [ 72.792488][ T5346] ? lock_acquire+0x2f/0xb0 [ 72.793697][ T5346] ? process_one_work+0x921/0x1ba0 [ 72.795065][ T5346] process_one_work+0x9c5/0x1ba0 [ 72.796373][ T5346] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 72.797846][ T5346] ? __pfx_process_one_work+0x10/0x10 [ 72.799273][ T5346] ? assign_work+0x1a0/0x250 [ 72.800510][ T5346] worker_thread+0x6c8/0xf00 [ 72.801745][ T5346] ? __pfx_worker_thread+0x10/0x10 [ 72.803102][ T5346] kthread+0x2c1/0x3a0 [ 72.804190][ T5346] ? _raw_spin_unlock_irq+0x23/0x50 [ 72.805574][ T5346] ? __pfx_kthread+0x10/0x10 [ 72.806814][ T5346] ret_from_fork+0x45/0x80 [ 72.807998][ T5346] ? __pfx_kthread+0x10/0x10 [ 72.809228][ T5346] ret_from_fork_asm+0x1a/0x30 [ 72.810630][ T5346] [ 72.811692][ T5346] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 72.815287][ T5346] Bluetooth: hci3: failed to register connection device [ 73.149798][ C2] usb 6-1: yurex_control_callback - control failed: -2 [ 73.154322][ T5376] usb 6-1: USB disconnect, device number 3 [ 73.164234][ T5376] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 73.934034][ T6336] batadv_slave_1: entered promiscuous mode [ 73.937403][ T6336] bridge0: entered promiscuous mode [ 73.940051][ T6335] bridge0: left promiscuous mode [ 73.941811][ T6335] batadv_slave_1: left promiscuous mode [ 74.057244][ T5346] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 74.061913][ T5346] CPU: 3 UID: 0 PID: 5346 Comm: kworker/u33:4 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 74.065453][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.068241][ T5346] Workqueue: hci4 hci_rx_work [ 74.069508][ T5346] Call Trace: [ 74.070509][ T5346] [ 74.071292][ T5346] dump_stack_lvl+0x16c/0x1f0 [ 74.072539][ T5346] sysfs_warn_dup+0x7f/0xa0 [ 74.073738][ T5346] sysfs_create_dir_ns+0x24d/0x2b0 [ 74.075134][ T5346] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 74.076613][ T5346] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 74.078226][ T5346] ? kobject_add_internal+0x12d/0x990 [ 74.079664][ T5346] ? do_raw_spin_unlock+0x172/0x230 [ 74.081039][ T5346] kobject_add_internal+0x2c8/0x990 [ 74.082431][ T5346] kobject_add+0x16f/0x240 [ 74.083616][ T5346] ? __pfx_kobject_add+0x10/0x10 [ 74.084960][ T5346] ? class_to_subsys+0x3e/0x160 [ 74.086257][ T5346] ? do_raw_spin_unlock+0x172/0x230 [ 74.087634][ T5346] ? kobject_put+0xab/0x5a0 [ 74.088831][ T5346] device_add+0x289/0x1a70 [ 74.090029][ T5346] ? __pfx_dev_set_name+0x10/0x10 [ 74.091376][ T5346] ? __pfx_device_add+0x10/0x10 [ 74.092678][ T5346] ? mgmt_send_event_skb+0x2f2/0x460 [ 74.094126][ T5346] hci_conn_add_sysfs+0x17e/0x230 [ 74.095557][ T5346] le_conn_complete_evt+0x1078/0x1d80 [ 74.096987][ T5346] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 74.098499][ T5346] ? trace_contention_end+0xea/0x140 [ 74.099900][ T5346] hci_le_conn_complete_evt+0x23c/0x370 [ 74.101361][ T5346] hci_le_meta_evt+0x2e2/0x5d0 [ 74.102650][ T5346] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 74.104343][ T5346] hci_event_packet+0x666/0x1180 [ 74.105655][ T5346] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 74.107059][ T5346] ? __pfx_hci_event_packet+0x10/0x10 [ 74.108470][ T5346] ? mark_held_locks+0x9f/0xe0 [ 74.109737][ T5346] ? kcov_remote_start+0x3cf/0x6e0 [ 74.111098][ T5346] ? lockdep_hardirqs_on+0x7c/0x110 [ 74.112475][ T5346] hci_rx_work+0x2c6/0x16c0 [ 74.113689][ T5346] ? lock_acquire+0x2f/0xb0 [ 74.114940][ T5346] ? process_one_work+0x921/0x1ba0 [ 74.116296][ T5346] process_one_work+0x9c5/0x1ba0 [ 74.117561][ T5346] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 74.119049][ T5346] ? __pfx_process_one_work+0x10/0x10 [ 74.120477][ T5346] ? assign_work+0x1a0/0x250 [ 74.121714][ T5346] worker_thread+0x6c8/0xf00 [ 74.122953][ T5346] ? __pfx_worker_thread+0x10/0x10 [ 74.124339][ T5346] kthread+0x2c1/0x3a0 [ 74.125448][ T5346] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.126844][ T5346] ? __pfx_kthread+0x10/0x10 [ 74.128078][ T5346] ret_from_fork+0x45/0x80 [ 74.129272][ T5346] ? __pfx_kthread+0x10/0x10 [ 74.130517][ T5346] ret_from_fork_asm+0x1a/0x30 [ 74.131796][ T5346] [ 74.133275][ T5346] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 74.137093][ T5346] Bluetooth: hci4: failed to register connection device [ 74.461419][ T5376] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 74.619753][ T5376] usb 5-1: Using ep0 maxpacket: 8 [ 74.622654][ T5376] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 74.624849][ T5376] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 74.628038][ T5376] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 74.631740][ T5376] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 74.634824][ T5376] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 74.639166][ T5376] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 74.641616][ T5376] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 74.645562][ T5376] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 74.650060][ T5376] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 74.653047][ T5376] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 74.657233][ T5376] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 74.659229][ T5376] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 74.663346][ T5376] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 74.666512][ T5376] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 74.669358][ T5376] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 74.674906][ T5376] usb 5-1: string descriptor 0 read error: -22 [ 74.676953][ T5376] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 74.679329][ T5376] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.699482][ T5376] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 74.715885][ T6350] syzkaller1: entered promiscuous mode [ 74.717390][ T6350] syzkaller1: entered allmulticast mode [ 74.962706][ T5376] usb 5-1: USB disconnect, device number 5 [ 74.969632][ T5390] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 75.024418][ T39] kauditd_printk_skb: 14 callbacks suppressed [ 75.024430][ T39] audit: type=1326 audit(1728052871.686:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6353 comm="syz.1.359" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f073077dff9 code=0x7fc00000 [ 75.130195][ T5390] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 75.133073][ T5390] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.135421][ T5390] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 75.138205][ T5390] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.141087][ T5390] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.143493][ T5390] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 75.146326][ T5390] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.148836][ T5390] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.152335][ T5390] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 75.155302][ T5390] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.157833][ T5390] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.160624][ T5390] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 75.163545][ T5390] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.165948][ T5390] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.168464][ T5390] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 75.171691][ T5390] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.174221][ T5390] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.176680][ T5390] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 75.179828][ T5390] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.182370][ T5390] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.184812][ T5390] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 75.187714][ T5390] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.191491][ T5390] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.193970][ T5390] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 75.196958][ T5390] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.200532][ T5390] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 75.203015][ T5390] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 75.205219][ T5390] usb 7-1: Product: syz [ 75.206353][ T5390] usb 7-1: Manufacturer: syz [ 75.207590][ T5390] usb 7-1: SerialNumber: syz [ 75.214910][ T5390] usb 7-1: config 0 descriptor?? [ 75.222776][ T5390] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 75.428376][ T6352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 75.432785][ T6352] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 75.647230][ T39] audit: type=1326 audit(1728052872.306:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6353 comm="syz.1.359" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f073077dff9 code=0x7fc00000 [ 76.353058][ T57] cfg80211: failed to load regulatory.db [ 76.999595][ T5380] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 77.169998][ T5380] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 77.172802][ T5380] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.175446][ T5380] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.178931][ T5380] usb 6-1: config 0 interface 0 has no altsetting 0 [ 77.190444][ T5380] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.192793][ T5380] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.196048][ T5380] usb 6-1: config 0 interface 0 has no altsetting 0 [ 77.210048][ T5380] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.212707][ T5380] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.215854][ T5380] usb 6-1: config 0 interface 0 has no altsetting 0 [ 77.220151][ T5380] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.222484][ T5380] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.225269][ T5380] usb 6-1: config 0 interface 0 has no altsetting 0 [ 77.228019][ T5380] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.230664][ T5380] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.233714][ T5380] usb 6-1: config 0 interface 0 has no altsetting 0 [ 77.236735][ T5380] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.239727][ T5380] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.242786][ T5380] usb 6-1: config 0 interface 0 has no altsetting 0 [ 77.245574][ T5380] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.247978][ T5380] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.250981][ T5380] usb 6-1: config 0 interface 0 has no altsetting 0 [ 77.253500][ T5380] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 77.255899][ T5380] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 77.258828][ T5380] usb 6-1: config 0 interface 0 has no altsetting 0 [ 77.262334][ T5380] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 77.264752][ T5380] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 77.267160][ T5380] usb 6-1: Product: syz [ 77.268303][ T5380] usb 6-1: Manufacturer: syz [ 77.269666][ T5380] usb 6-1: SerialNumber: syz [ 77.273578][ T5380] usb 6-1: config 0 descriptor?? [ 77.278048][ T5380] yurex 6-1:0.0: USB YUREX device now attached to Yurex #1 [ 77.469983][ C0] usb 7-1: yurex_control_callback - control failed: -2 [ 77.473734][ T5390] usb 7-1: USB disconnect, device number 5 [ 77.478852][ T5390] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 77.487169][ T5380] usb 6-1: USB disconnect, device number 4 [ 77.495346][ T5380] yurex 6-1:0.0: USB YUREX #1 now disconnected [ 78.479651][ T57] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 78.629662][ T57] usb 6-1: Using ep0 maxpacket: 8 [ 78.632988][ T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 78.635886][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 78.640238][ T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 78.644471][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 78.648473][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 78.653484][ T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 78.655811][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 78.659356][ T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 78.662716][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 78.665665][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 78.669373][ T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 78.671761][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 78.674844][ T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 78.677951][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 78.681147][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 78.687013][ T57] usb 6-1: string descriptor 0 read error: -22 [ 78.688818][ T57] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 78.691581][ T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.697941][ T57] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 78.841450][ T39] audit: type=1326 audit(1728052875.506:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6380 comm="syz.0.375" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f262517dff9 code=0x7fc00000 [ 78.969672][ T5376] usb 6-1: USB disconnect, device number 5 [ 78.979624][ T5352] Bluetooth: hci3: command 0x0406 tx timeout [ 79.272524][ T39] audit: type=1400 audit(1728052875.936:385): avc: denied { mount } for pid=6402 comm="syz.2.373" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 79.288822][ T39] audit: type=1400 audit(1728052875.946:386): avc: denied { unmount } for pid=5337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 80.160928][ T5347] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.172734][ T5347] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.176768][ T5347] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.182809][ T5347] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.186608][ T5347] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 80.191815][ T5347] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.259676][ T5352] Bluetooth: hci4: command 0x0405 tx timeout [ 80.278814][ T6429] chnl_net:caif_netlink_parms(): no params data found [ 80.425671][ T6429] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.426156][ T6455] input: syz1 as /devices/virtual/input/input11 [ 80.428194][ T6429] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.432268][ T6429] bridge_slave_0: entered allmulticast mode [ 80.434802][ T6429] bridge_slave_0: entered promiscuous mode [ 80.442664][ T6429] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.451796][ T6429] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.453865][ T6429] bridge_slave_1: entered allmulticast mode [ 80.463393][ T6429] bridge_slave_1: entered promiscuous mode [ 80.496747][ T39] audit: type=1400 audit(1728052877.156:387): avc: denied { mount } for pid=6462 comm="syz.2.386" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 80.507683][ T39] audit: type=1400 audit(1728052877.166:388): avc: denied { mounton } for pid=6462 comm="syz.2.386" path="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 80.517097][ T6429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.524456][ T6429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.534076][ T39] audit: type=1400 audit(1728052877.196:389): avc: denied { unmount } for pid=5337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 80.634013][ T6429] team0: Port device team_slave_0 added [ 80.655650][ T6429] team0: Port device team_slave_1 added [ 80.694584][ T6429] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.696995][ T6429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.709631][ T6429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.711758][ T39] audit: type=1400 audit(1728052877.366:390): avc: denied { rename } for pid=4816 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 80.713403][ T6429] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.718245][ T39] audit: type=1400 audit(1728052877.366:391): avc: denied { unlink } for pid=4816 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 80.723000][ T6429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.728093][ T39] audit: type=1400 audit(1728052877.366:392): avc: denied { create } for pid=4816 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 80.734828][ T6429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.742386][ T39] audit: type=1400 audit(1728052877.406:393): avc: denied { mount } for pid=6473 comm="syz.0.389" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 80.758237][ T39] audit: type=1400 audit(1728052877.416:394): avc: denied { unmount } for pid=5348 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 80.797824][ T6429] hsr_slave_0: entered promiscuous mode [ 80.814427][ T6429] hsr_slave_1: entered promiscuous mode [ 80.839595][ T6429] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.842214][ T6429] Cannot create hsr debugfs directory [ 80.993123][ T68] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.067844][ T5347] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.070937][ T5347] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.073252][ T5347] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.076561][ T5347] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.080436][ T5347] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.082590][ T5347] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.110585][ T68] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.150348][ T6487] IPv4: Oversized IP packet from 172.20.20.24 [ 81.153207][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 81.155343][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 81.342704][ T6429] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.384879][ T68] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.497655][ T6429] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.525822][ T68] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.601785][ T6429] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.624690][ T6483] chnl_net:caif_netlink_parms(): no params data found [ 81.772116][ T6429] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.779891][ T6483] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.781836][ T6483] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.784568][ T6483] bridge_slave_0: entered allmulticast mode [ 81.787967][ T6483] bridge_slave_0: entered promiscuous mode [ 81.804569][ T6483] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.806902][ T6483] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.808920][ T6483] bridge_slave_1: entered allmulticast mode [ 81.811961][ T6483] bridge_slave_1: entered promiscuous mode [ 81.882185][ T68] bridge_slave_1: left allmulticast mode [ 81.884012][ T68] bridge_slave_1: left promiscuous mode [ 81.886833][ T68] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.893450][ T68] bridge_slave_0: left allmulticast mode [ 81.895068][ T68] bridge_slave_0: left promiscuous mode [ 81.898963][ T68] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.269988][ T5352] Bluetooth: hci2: command tx timeout [ 82.319489][ T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 82.327371][ T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 82.332767][ T68] bond0 (unregistering): Released all slaves [ 82.341950][ T6483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.347895][ T39] audit: type=1400 audit(1728052879.006:395): avc: denied { search } for pid=4816 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 82.389611][ T6483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.491194][ T6483] team0: Port device team_slave_0 added [ 82.543038][ T6483] team0: Port device team_slave_1 added [ 82.605524][ T6483] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.607518][ T6483] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.614499][ T6483] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.633958][ T6483] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.635835][ T6483] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.646873][ T6483] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.705317][ T6483] hsr_slave_0: entered promiscuous mode [ 82.707790][ T6483] hsr_slave_1: entered promiscuous mode [ 82.711657][ T6483] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.714682][ T6483] Cannot create hsr debugfs directory [ 82.716608][ T6429] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.726048][ T6429] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.757727][ T6429] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.764639][ T6429] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.775303][ T68] hsr_slave_0: left promiscuous mode [ 82.778020][ T68] hsr_slave_1: left promiscuous mode [ 82.780164][ T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 82.782352][ T68] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 82.785869][ T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.787468][ T6558] atomic_op ffff8880493ee998 conn xmit_atomic 0000000000000000 [ 82.787946][ T68] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 82.807205][ T68] veth1_macvtap: left promiscuous mode [ 82.808949][ T68] veth0_macvtap: left promiscuous mode [ 82.813186][ T68] veth1_vlan: left promiscuous mode [ 82.815012][ T68] veth0_vlan: left promiscuous mode [ 82.849137][ T39] audit: type=1400 audit(1728052879.506:396): avc: denied { getopt } for pid=6563 comm="syz.0.418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 82.926554][ T6570] kernel read not supported for file /eth0Ò (pid: 6570 comm: syz.1.421) [ 83.139707][ T5352] Bluetooth: hci1: command tx timeout [ 83.549759][ T68] team0 (unregistering): Port device team_slave_1 removed [ 83.612686][ T68] team0 (unregistering): Port device team_slave_0 removed [ 83.955657][ T68] team0 (unregistering): Port device batadv0 removed [ 84.156948][ T6429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.166871][ T6429] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.171620][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.173512][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.184260][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.185796][ T6591] input: syz1 as /devices/virtual/input/input12 [ 84.186147][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.311551][ T6429] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.328251][ T6429] veth0_vlan: entered promiscuous mode [ 84.333411][ T6429] veth1_vlan: entered promiscuous mode [ 84.339614][ T5352] Bluetooth: hci2: command tx timeout [ 84.346977][ T6429] veth0_macvtap: entered promiscuous mode [ 84.394489][ T6429] veth1_macvtap: entered promiscuous mode [ 84.417665][ T6429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.420617][ T6429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.423156][ T6429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.428139][ T6429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.432048][ T6429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.435003][ T6429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.448131][ T6429] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.451835][ T6429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.454930][ T6429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.457509][ T6429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.461762][ T6429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.464299][ T6429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.466955][ T6429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.471453][ T6429] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.524928][ T6429] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.527272][ T6429] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.529748][ T6429] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.532189][ T6429] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.549639][ T5390] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 84.593999][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.596037][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.609699][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.612217][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.686348][ T6483] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.688370][ T6627] netlink: 'syz.3.382': attribute type 4 has an invalid length. [ 84.691779][ T6627] netlink: 'syz.3.382': attribute type 4 has an invalid length. [ 84.693850][ T6627] netlink: 126012 bytes leftover after parsing attributes in process `syz.3.382'. [ 84.700447][ T6483] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.705265][ T6483] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.708573][ T6483] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.710745][ T5390] usb 6-1: Using ep0 maxpacket: 32 [ 84.713686][ T5390] usb 6-1: config 0 has no interfaces? [ 84.717197][ T5390] usb 6-1: New USB device found, idVendor=06cd, idProduct=0108, bcdDevice=f3.0c [ 84.719490][ T5390] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1 [ 84.722062][ T5390] usb 6-1: Product: syz [ 84.729680][ T5390] usb 6-1: Manufacturer: syz [ 84.731330][ T5390] usb 6-1: SerialNumber: syz [ 84.751206][ T5390] usb 6-1: config 0 descriptor?? [ 84.762318][ T6483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.775873][ T6483] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.788223][ T90] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.790178][ T90] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.801929][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.802843][ T6643] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.436'. [ 84.803977][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.806167][ T6643] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 84.849975][ T6648] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 84.918319][ T6483] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.951193][ T6483] veth0_vlan: entered promiscuous mode [ 84.955558][ T6483] veth1_vlan: entered promiscuous mode [ 84.965427][ T6483] veth0_macvtap: entered promiscuous mode [ 84.968549][ T6483] veth1_macvtap: entered promiscuous mode [ 84.980665][ T6483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.984208][ T6483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.987044][ T63] usb 6-1: USB disconnect, device number 6 [ 84.991533][ T6483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.995150][ T6483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.998467][ T6483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.002384][ T6483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.005333][ T6483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.008016][ T6483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.012913][ T6483] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.017836][ T6483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.022007][ T6483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.025378][ T6483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.028799][ T6483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.032469][ T6483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.036013][ T6483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.039258][ T6483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.043168][ T6483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.047658][ T6483] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.054036][ T6483] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.057077][ T6483] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.060353][ T6483] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.063369][ T6483] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.107586][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.111113][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.123753][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.125890][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.219779][ T5352] Bluetooth: hci1: command tx timeout [ 85.730404][ T39] kauditd_printk_skb: 10 callbacks suppressed [ 85.730424][ T39] audit: type=1400 audit(1728052882.396:407): avc: denied { unmount } for pid=5765 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 85.854492][ T39] audit: type=1400 audit(1728052882.516:408): avc: denied { mount } for pid=6717 comm="syz.1.461" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1 [ 85.876354][ T39] audit: type=1400 audit(1728052882.536:409): avc: denied { read } for pid=6719 comm="syz.0.462" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 86.421908][ T5352] Bluetooth: hci2: command tx timeout [ 86.672977][ T39] audit: type=1400 audit(1728052883.336:410): avc: denied { read } for pid=6735 comm="syz.2.465" path="socket:[15869]" dev="sockfs" ino=15869 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 86.736869][ T6741] netlink: 176 bytes leftover after parsing attributes in process `syz.2.471'. [ 86.742964][ T6741] netlink: 176 bytes leftover after parsing attributes in process `syz.2.471'. [ 87.300137][ T5352] Bluetooth: hci1: command tx timeout [ 88.149947][ T39] audit: type=1400 audit(1728052884.816:411): avc: denied { create } for pid=6807 comm="syz.0.500" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 88.151917][ T5380] IPVS: starting estimator thread 0... [ 88.158537][ T39] audit: type=1400 audit(1728052884.816:412): avc: denied { write } for pid=6807 comm="syz.0.500" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 88.166823][ T6810] tipc: Started in network mode [ 88.168096][ T6810] tipc: Node identity ac1414aa, cluster identity 4711 [ 88.176990][ T6810] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 88.178984][ T6810] tipc: Enabled bearer , priority 10 [ 88.249956][ T6811] IPVS: using max 35 ests per chain, 84000 per kthread [ 88.320751][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 88.469738][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 88.609602][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 88.623027][ T39] audit: type=1400 audit(1728052885.286:413): avc: denied { create } for pid=6848 comm="syz.2.516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 88.629113][ T6849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.516'. [ 88.631202][ T39] audit: type=1400 audit(1728052885.286:414): avc: denied { write } for pid=6848 comm="syz.2.516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 88.637435][ T39] audit: type=1400 audit(1728052885.286:415): avc: denied { nlmsg_write } for pid=6848 comm="syz.2.516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 88.729315][ T6865] netlink: 24 bytes leftover after parsing attributes in process `syz.1.524'. [ 88.732347][ T6865] netlink: 'syz.1.524': attribute type 1 has an invalid length. [ 88.734466][ T6865] netlink: 36 bytes leftover after parsing attributes in process `syz.1.524'. [ 88.759572][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 88.775751][ T6872] netlink: 4 bytes leftover after parsing attributes in process `syz.0.527'. [ 88.908443][ T1104] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.909656][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 88.932597][ T39] audit: type=1400 audit(1728052885.596:416): avc: denied { execute } for pid=6889 comm="syz-executor" name="syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 88.996556][ T1104] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.032350][ T5347] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.035286][ T5347] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.037554][ T5347] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.039681][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 89.043580][ T5347] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.045702][ T5347] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 89.047701][ T5347] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.115183][ T1104] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.193313][ T6607] tipc: Node number set to 2886997162 [ 89.196296][ T1104] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.216153][ T6895] chnl_net:caif_netlink_parms(): no params data found [ 89.280362][ T6895] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.282287][ T6895] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.284154][ T6895] bridge_slave_0: entered allmulticast mode [ 89.289707][ T6895] bridge_slave_0: entered promiscuous mode [ 89.308776][ T6895] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.311260][ T6895] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.313770][ T6895] bridge_slave_1: entered allmulticast mode [ 89.316058][ T6895] bridge_slave_1: entered promiscuous mode [ 89.319608][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 89.382348][ T5352] Bluetooth: hci1: command tx timeout [ 89.405953][ T6895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.425518][ T6895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.437519][ T1104] bridge_slave_1: left allmulticast mode [ 89.439585][ T1104] bridge_slave_1: left promiscuous mode [ 89.443386][ T1104] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.448025][ T1104] bridge_slave_0: left allmulticast mode [ 89.458277][ T1104] bridge_slave_0: left promiscuous mode [ 89.462299][ T1104] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.599564][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 89.837323][ T1104] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 89.843883][ T1104] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 89.847588][ T1104] bond0 (unregistering): Released all slaves [ 89.865770][ T6895] team0: Port device team_slave_0 added [ 89.868912][ T6895] team0: Port device team_slave_1 added [ 89.879610][ T6936] netlink: 'syz.2.549': attribute type 4 has an invalid length. [ 89.884936][ T6939] netlink: 'syz.2.549': attribute type 4 has an invalid length. [ 89.932411][ T6939] syz.2.549 (6939) used greatest stack depth: 20976 bytes left [ 89.933385][ T6945] syz.1.553[6945] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 89.934419][ T6945] syz.1.553[6945] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 89.937449][ T6945] syz.1.553[6945] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 89.948140][ T6895] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.956423][ T6895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.967264][ T6895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.971411][ T6895] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.973287][ T6895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.986688][ T6895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.068107][ T6895] hsr_slave_0: entered promiscuous mode [ 90.070722][ T6895] hsr_slave_1: entered promiscuous mode [ 90.088083][ T6895] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.090108][ T6895] Cannot create hsr debugfs directory [ 90.119670][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 90.316048][ T1104] hsr_slave_0: left promiscuous mode [ 90.318791][ T1104] hsr_slave_1: left promiscuous mode [ 90.326227][ T1104] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.328906][ T1104] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 90.334552][ T1104] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.337218][ T1104] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 90.369794][ T30] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 90.382370][ T1104] veth1_macvtap: left promiscuous mode [ 90.383917][ T1104] veth0_macvtap: left promiscuous mode [ 90.386075][ T1104] veth1_vlan: left promiscuous mode [ 90.388097][ T1104] veth0_vlan: left promiscuous mode [ 90.536380][ T30] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 90.538920][ T30] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 90.546552][ T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.549872][ T30] usb 6-1: config 0 descriptor?? [ 90.846740][ T6607] usb 6-1: USB disconnect, device number 7 [ 90.860151][ T6984] netlink: 28 bytes leftover after parsing attributes in process `syz.2.564'. [ 91.141932][ T5352] Bluetooth: hci2: command tx timeout [ 91.356810][ T1104] team0 (unregistering): Port device team_slave_1 removed [ 91.412457][ T5380] ================================================================== [ 91.412473][ T5380] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x14c/0x1c0 [ 91.412536][ T5380] Read of size 8 at addr ffff88802b8a3688 by task kworker/3:3/5380 [ 91.412550][ T5380] [ 91.412590][ T5380] CPU: 3 UID: 0 PID: 5380 Comm: kworker/3:3 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 91.412612][ T5380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.412624][ T5380] Workqueue: events binder_deferred_func [ 91.412655][ T5380] Call Trace: [ 91.412661][ T5380] [ 91.412668][ T5380] dump_stack_lvl+0x116/0x1f0 [ 91.412693][ T5380] print_report+0xc3/0x620 [ 91.412728][ T5380] ? __virt_addr_valid+0x5e/0x590 [ 91.412749][ T5380] ? __phys_addr+0xc6/0x150 [ 91.412771][ T5380] kasan_report+0xd9/0x110 [ 91.412787][ T5380] ? __list_del_entry_valid_or_report+0x14c/0x1c0 [ 91.412807][ T5380] ? __list_del_entry_valid_or_report+0x14c/0x1c0 [ 91.412829][ T5380] __list_del_entry_valid_or_report+0x14c/0x1c0 [ 91.412850][ T5380] binder_release_work+0x9b/0x490 [ 91.412872][ T5380] binder_deferred_func+0xe6e/0x12e0 [ 91.412896][ T5380] process_one_work+0x9c5/0x1ba0 [ 91.412936][ T5380] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 91.412961][ T5380] ? __pfx_process_one_work+0x10/0x10 [ 91.412981][ T5380] ? assign_work+0x1a0/0x250 [ 91.413007][ T5380] worker_thread+0x6c8/0xf00 [ 91.413026][ T5380] ? __kthread_parkme+0x148/0x220 [ 91.413048][ T5380] ? __pfx_worker_thread+0x10/0x10 [ 91.413065][ T5380] kthread+0x2c1/0x3a0 [ 91.413085][ T5380] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.413103][ T5380] ? __pfx_kthread+0x10/0x10 [ 91.413123][ T5380] ret_from_fork+0x45/0x80 [ 91.413138][ T5380] ? __pfx_kthread+0x10/0x10 [ 91.413158][ T5380] ret_from_fork_asm+0x1a/0x30 [ 91.413187][ T5380] [ 91.413193][ T5380] [ 91.413196][ T5380] Allocated by task 6995: [ 91.413204][ T5380] kasan_save_stack+0x33/0x60 [ 91.413221][ T5380] kasan_save_track+0x14/0x30 [ 91.413236][ T5380] __kasan_kmalloc+0xaa/0xb0 [ 91.413250][ T5380] binder_thread_write+0xe19/0x4c60 [ 91.413269][ T5380] binder_ioctl+0x265b/0x6fa0 [ 91.413288][ T5380] __x64_sys_ioctl+0x18f/0x220 [ 91.413308][ T5380] do_syscall_64+0xcd/0x250 [ 91.413328][ T5380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.413347][ T5380] [ 91.413350][ T5380] Freed by task 5380: [ 91.413357][ T5380] kasan_save_stack+0x33/0x60 [ 91.413372][ T5380] kasan_save_track+0x14/0x30 [ 91.413387][ T5380] kasan_save_free_info+0x3b/0x60 [ 91.413408][ T5380] __kasan_slab_free+0x51/0x70 [ 91.413424][ T5380] kfree+0x14f/0x4b0 [ 91.413438][ T5380] binder_deferred_func+0xdd7/0x12e0 [ 91.413458][ T5380] process_one_work+0x9c5/0x1ba0 [ 91.413472][ T5380] worker_thread+0x6c8/0xf00 [ 91.413486][ T5380] kthread+0x2c1/0x3a0 [ 91.413504][ T5380] ret_from_fork+0x45/0x80 [ 91.413517][ T5380] ret_from_fork_asm+0x1a/0x30 [ 91.413536][ T5380] [ 91.413540][ T5380] The buggy address belongs to the object at ffff88802b8a3680 [ 91.413540][ T5380] which belongs to the cache kmalloc-64 of size 64 [ 91.413552][ T5380] The buggy address is located 8 bytes inside of [ 91.413552][ T5380] freed 64-byte region [ffff88802b8a3680, ffff88802b8a36c0) [ 91.413568][ T5380] [ 91.413572][ T5380] The buggy address belongs to the physical page: [ 91.413578][ T5380] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b8a3 [ 91.413592][ T5380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 91.413605][ T5380] page_type: f5(slab) [ 91.413619][ T5380] raw: 00fff00000000000 ffff88801b0428c0 dead000000000100 dead000000000122 [ 91.413634][ T5380] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [ 91.413642][ T5380] page dumped because: kasan: bad access detected [ 91.413666][ T5380] page_owner tracks the page as allocated [ 91.413672][ T5380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 2, tgid 2 (kthreadd), ts 12354100744, free_ts 12100050041 [ 91.413697][ T5380] post_alloc_hook+0x2d1/0x350 [ 91.413714][ T5380] get_page_from_freelist+0x101e/0x3070 [ 91.413732][ T5380] __alloc_pages_noprof+0x223/0x25c0 [ 91.413750][ T5380] new_slab+0xca/0x3f0 [ 91.413764][ T5380] ___slab_alloc+0xdac/0x1880 [ 91.413777][ T5380] __slab_alloc.constprop.0+0x56/0xb0 [ 91.413791][ T5380] __kmalloc_cache_node_noprof+0xf1/0x350 [ 91.413806][ T5380] __get_vm_area_node+0xe1/0x2d0 [ 91.413843][ T5380] __vmalloc_node_range_noprof+0x26a/0x15a0 [ 91.413859][ T5380] copy_process+0x2f12/0x8dc0 [ 91.413878][ T5380] kernel_clone+0xfd/0x960 [ 91.413896][ T5380] kernel_thread+0xc0/0x100 [ 91.413914][ T5380] kthreadd+0x4ef/0x7d0 [ 91.413935][ T5380] ret_from_fork+0x45/0x80 [ 91.413954][ T5380] ret_from_fork_asm+0x1a/0x30 [ 91.413974][ T5380] page last free pid 63 tgid 63 stack trace: [ 91.413983][ T5380] free_unref_page+0x5f4/0xdc0 [ 91.413999][ T5380] vfree+0x17a/0x890 [ 91.414013][ T5380] delayed_vfree_work+0x56/0x70 [ 91.414026][ T5380] process_one_work+0x9c5/0x1ba0 [ 91.414040][ T5380] worker_thread+0x6c8/0xf00 [ 91.414053][ T5380] kthread+0x2c1/0x3a0 [ 91.414070][ T5380] ret_from_fork+0x45/0x80 [ 91.414084][ T5380] ret_from_fork_asm+0x1a/0x30 [ 91.414104][ T5380] [ 91.414108][ T5380] Memory state around the buggy address: [ 91.414115][ T5380] ffff88802b8a3580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 91.414126][ T5380] ffff88802b8a3600: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 91.414136][ T5380] >ffff88802b8a3680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 91.414145][ T5380] ^ [ 91.414173][ T5380] ffff88802b8a3700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 91.414186][ T5380] ffff88802b8a3780: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 91.414194][ T5380] ================================================================== [ 91.414204][ T5380] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 91.414212][ T5380] CPU: 3 UID: 0 PID: 5380 Comm: kworker/3:3 Not tainted 6.12.0-rc1-syzkaller-00125-g0c559323bbaa #0 [ 91.414229][ T5380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.414239][ T5380] Workqueue: events binder_deferred_func [ 91.414260][ T5380] Call Trace: [ 91.414265][ T5380] [ 91.414271][ T5380] dump_stack_lvl+0x3d/0x1f0 [ 91.414290][ T5380] panic+0x71d/0x800 [ 91.414322][ T5380] ? rcu_poll_gp_seq_end_unlocked+0x90/0x130 [ 91.414335][ T5380] ? __pfx_panic+0x10/0x10 [ 91.414347][ T5380] ? rcu_is_watching+0x12/0xc0 [ 91.414364][ T5380] ? __pfx_lock_release+0x10/0x10 [ 91.414374][ T5380] ? check_panic_on_warn+0x1f/0xb0 [ 91.414391][ T5380] check_panic_on_warn+0xab/0xb0 [ 91.414405][ T5380] end_report+0x117/0x180 [ 91.414415][ T5380] kasan_report+0xe9/0x110 [ 91.414425][ T5380] ? __list_del_entry_valid_or_report+0x14c/0x1c0 [ 91.414437][ T5380] ? __list_del_entry_valid_or_report+0x14c/0x1c0 [ 91.414448][ T5380] __list_del_entry_valid_or_report+0x14c/0x1c0 [ 91.414459][ T5380] binder_release_work+0x9b/0x490 [ 91.414471][ T5380] binder_deferred_func+0xe6e/0x12e0 [ 91.414484][ T5380] process_one_work+0x9c5/0x1ba0 [ 91.414494][ T5380] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 91.414503][ T5380] ? __pfx_process_one_work+0x10/0x10 [ 91.414513][ T5380] ? assign_work+0x1a0/0x250 [ 91.414527][ T5380] worker_thread+0x6c8/0xf00 [ 91.414537][ T5380] ? __kthread_parkme+0x148/0x220 [ 91.414548][ T5380] ? __pfx_worker_thread+0x10/0x10 [ 91.414557][ T5380] kthread+0x2c1/0x3a0 [ 91.414567][ T5380] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.414577][ T5380] ? __pfx_kthread+0x10/0x10 [ 91.414587][ T5380] ret_from_fork+0x45/0x80 [ 91.414595][ T5380] ? __pfx_kthread+0x10/0x10 [ 91.414606][ T5380] ret_from_fork_asm+0x1a/0x30 [ 91.414620][ T5380] [ 91.419669][ T5380] Kernel Offset: disabled VM DIAGNOSIS: 14:41:28 Registers: info registers vcpu 0 CPU#0 RAX=0000000080010002 RBX=0000000000000000 RCX=ffffffff81331e30 RDX=ffff888025c20000 RSI=ffffffff81331e78 RDI=ffffffff937787c0 RBP=0000000000000000 RSP=ffffc90000007fd0 R8 =0000000000000001 R9 =fffffbfff26ef0f8 R10=ffffffff937787c7 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81331e79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f07316606c0 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020015000 CR3=000000002fba2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffefff0 Opmask01=0000000000000000 Opmask02=000000007ffbffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd869e0f60 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f07307f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f07307f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f07307f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f07307f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f07307f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f07307f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2e006a64615f65 726f63735f6d6f6f 2f666c65732f636f 72702f0030303031 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0b004f41445f40 574a46565f484a4a 0a434940560a464a 57550a0015151514 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff81331e30 RDX=ffff8880272ea440 RSI=ffffffff81331e78 RDI=ffffffff937787c0 RBP=0000000000000001 RSP=ffffc900008b0fd0 R8 =0000000000000001 R9 =fffffbfff26ef0f8 R10=ffffffff937787c7 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81331e79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007ff2eb2006c0 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020015000 CR3=000000003371a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=000000007ffbffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffb9c9f090 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff81331e30 RDX=ffff8880273c4880 RSI=ffffffff81331e78 RDI=ffffffff937787c0 RBP=0000000000000002 RSP=ffffc90000858fd0 R8 =0000000000000001 R9 =fffffbfff26ef0f8 R10=ffffffff937787c7 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81331e79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f2626047f98 CR3=000000004b9c0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0003000800000000 000100080000001f ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff813ee808 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f97095f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f970970b488 00007f970970b480 00007f970970b478 00007f970970b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f970a26d100 00007f970970b440 00007f9700040008 0000000f0010000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f970970b498 00007f970970b490 00007f970970b488 00007f970970b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff850a6c05 RDI=ffffffff9aae1b80 RBP=ffffffff9aae1b40 RSP=ffffc900038176d0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000038333554 R12=0000000000000000 R13=0000000000000020 R14=ffffffff850a6ba0 R15=0000000000000000 RIP=ffffffff850a6c2f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b31615ff8 CR3=000000003d516000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff813ee808 ffffffff813ee808 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff813ee808 ffffffff813ee808 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff813ee808 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f26251f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f26251f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f26251f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f26251f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f26251f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f26251f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f262530b488 00007f262530b480 00007f262530b478 00007f262530b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2625e6d100 00007f262530b440 00007f2600040008 0000000f0010000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f262530b498 00007f262530b490 00007f262530b488 00007f262530b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000