last executing test programs: 3.320314967s ago: executing program 3 (id=194): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_RESET(r1, 0x5100) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) getsockopt$bt_l2cap_L2CAP_CONNINFO(r2, 0x6, 0x2, 0x0, &(0x7f0000000300)) ppoll(&(0x7f0000000080)=[{r0, 0x2001}], 0x1, &(0x7f00000000c0)={0x0, 0x989680}, 0x0, 0x0) 3.245622915s ago: executing program 3 (id=196): r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000815}, 0x42baa86a2b4db544) r2 = socket$inet_tcp(0x2, 0x1, 0x0) (async) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, r5, 0x400, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x4080}, 0x40) (async) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x7002}) pread64(r3, 0x0, 0x0, 0xfffd) (async) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'veth0\x00', 0x0}) r9 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r7, r8, 0x25, 0x0, @val=@kprobe_multi=@addrs={0x0, 0x0, 0x0, 0x0, 0x6}}, 0x30) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000340)={r9, r7, 0x4, r7}, 0x10) (async) mount$9p_virtio(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=virtio,access=', @ANYRESDEC]) 3.107684405s ago: executing program 3 (id=199): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x8) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x50}, 0x1, 0x0, 0x0, 0xc000}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) faccessat2(r0, &(0x7f0000000040)='\x00', 0x1, 0x1300) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') 3.010849622s ago: executing program 3 (id=200): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') writev(r0, &(0x7f0000000800)=[{&(0x7f0000000280)='2', 0x1}], 0x1) (async) r1 = socket$kcm(0x10, 0x2, 0x0) pipe(&(0x7f0000000000)) (async) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x0) 2.740777686s ago: executing program 3 (id=201): r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0) sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x3c, r1, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "a48b11c412ee5948a4407364b336d2ed"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008006}, 0x4010) 2.739062695s ago: executing program 3 (id=203): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000140)) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, &(0x7f0000000300)=[{0x84, 0x77, 0x0, 0x0, @time={0x8, 0x80}, {0xfd}, {0x7}, @raw32={[0x2, 0x0, 0x8000000]}}, {0x2, 0x0, 0x5, 0x83, @tick, {0xfd}, {}, @note={0x81}}, {0x6, 0x3, 0x9, 0xff, @time={0x10000, 0x4}, {0x10, 0x5}, {0xc, 0x2}, @time=@time={0x5, 0xb436}}, {0x0, 0x3, 0xa, 0x4, @time={0x3, 0x6}, {0xbb, 0x3}, {0xdb}, @result={0x5, 0x9}}], 0x70) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000100)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x4, 0x0, 0x4a}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x2a}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48841}, 0x2000c010) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000000203030100000000000000000400000a"], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x2000c000) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000203010100004421000000000200000a08"], 0x1c}, 0x1, 0x0, 0x0, 0x20080041}, 0x20008090) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r5 = syz_open_dev$sg(&(0x7f0000000080), 0xffff0000, 0x40) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000040000009e"]) r6 = io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xd1}) r7 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000140)={'syztnl2\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x5c8c, 0x0, @empty, @mcast1, 0x80, 0x0, 0x0, 0x20000000}}) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x2d, 0x0, 0x1f, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4) syz_usb_connect$printer(0x1, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xfc, 0x60, 0x4, "", [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x7, 0x1, 0x2, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x3, 0x8, 0x80}}, [{{0x9, 0x5, 0x82, 0x2, 0x8, 0xa5, 0xe5, 0x8}}]}}}]}}]}}, &(0x7f0000000d40)={0xa, &(0x7f0000000c80)={0xa, 0x6, 0x300, 0x51, 0xf5, 0xbe, 0x10, 0x80}, 0x5, &(0x7f0000000cc0)={0x5, 0xf, 0x5}, 0x1, [{0x4, &(0x7f0000000d00)=@lang_id={0x4, 0x3, 0x445}}]}) io_uring_enter(r7, 0x2219, 0x7721, 0x16, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x38, &(0x7f0000000240)={0x20, 0x4}) ioctl$FE_READ_SNR(0xffffffffffffffff, 0x80026f48, &(0x7f0000000d80)) io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0) r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r0) sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x2c, r8, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r1}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e24}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c810}, 0x40) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtclass={0x904, 0x28, 0x2, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xffe0, 0x9}, {0x4, 0xfff3}, {0xf, 0xfff2}}, [@TCA_RATE={0x6, 0x5, {0x3, 0x9a}}, @tclass_kind_options=@c_htb={{0x8}, {0x888, 0x2, [@TCA_HTB_OFFLOAD, @TCA_HTB_CTAB={0x404, 0x3, [0x8, 0x1c08, 0x76a, 0x4, 0x1, 0xfffffff0, 0x0, 0xdf, 0x7, 0x51e05825, 0x5, 0x8, 0x9, 0x58, 0x10, 0x8, 0x0, 0xb8, 0x87, 0xffffff7f, 0x1, 0x3, 0xfffffffa, 0x4, 0x7, 0x0, 0xfffffffd, 0x0, 0x9, 0x8, 0x8000003, 0x7, 0x1000, 0x0, 0x1, 0x1, 0x2, 0x8001, 0x4, 0x6, 0x200, 0x9, 0x0, 0x9, 0x10001, 0x8, 0x3, 0x2, 0x0, 0xfffff148, 0xbae3, 0x6, 0x1ff, 0x0, 0x5, 0xf670, 0x0, 0x2, 0x7fffffff, 0x24, 0x0, 0x4, 0x52c, 0x7, 0x100, 0xff, 0x9, 0x0, 0x2, 0x5c7ea44c, 0x5, 0x7, 0x7, 0x714, 0x101, 0x80000001, 0x56, 0xba, 0x96e, 0x4, 0x5, 0x9, 0x3, 0x8, 0x7, 0xa520, 0x1, 0x6, 0x0, 0x68fb, 0x5, 0x80, 0x5, 0x706a, 0x3ff, 0x8d8, 0x6, 0xfffffff8, 0x9, 0xfffffffe, 0x3fb, 0xfff, 0xff, 0x8, 0x8, 0x1, 0xffffffff, 0x2, 0x8, 0xb5, 0x2, 0x6, 0x3, 0x401, 0x10001, 0x8001, 0xf, 0x2c446880, 0x2, 0x1, 0x200, 0x4, 0x9, 0x7, 0x8ba2, 0x8, 0x8c, 0x7, 0x9, 0xc, 0x14000000, 0x16f0, 0x5, 0xff, 0x7, 0xffffffff, 0xffffffc0, 0x1c6a, 0x2, 0x1, 0x8001, 0xd870, 0x7, 0x4, 0xf, 0x1, 0x2, 0x8, 0x5, 0x10001, 0x0, 0x9, 0x7, 0x7, 0xc8f, 0x5, 0x81, 0xffff0001, 0x8, 0x2, 0x4, 0x8, 0xfffffff7, 0x7, 0x1, 0x3ff, 0xffff, 0x7, 0x7, 0x3, 0x6, 0x9, 0x0, 0xd6ec, 0xfffffffa, 0x339, 0x8, 0x6, 0x2, 0x0, 0x96af, 0x6, 0x2a00, 0x2, 0xfffffffa, 0xf, 0xfffffe01, 0x2, 0x8, 0x8, 0xfffffff8, 0xffff, 0x389, 0x81, 0x3, 0x0, 0x1, 0x1, 0x5, 0x2, 0x8000, 0x7, 0x40000000, 0x4, 0x5, 0x5, 0xff, 0x10001, 0x80, 0x0, 0x3, 0x8, 0x8, 0x7, 0x2, 0x9, 0x9, 0x2, 0xd5, 0x6, 0x8001, 0xe90, 0x9, 0x2, 0x800, 0x0, 0x4, 0x7, 0x80, 0xd2, 0xfff, 0x5, 0x80000001, 0xaff, 0x4, 0x1645d812, 0x8, 0x0, 0x8, 0xff, 0x8, 0x9, 0x2, 0x4, 0x8000, 0x1, 0x82, 0x0, 0x4c, 0x7, 0x2, 0x4, 0x3, 0x1000, 0x6, 0x3]}, @TCA_HTB_PARMS={0x30, 0x1, {{0x6, 0x2, 0xb, 0x8, 0x9, 0x2}, {0x7, 0x0, 0x2, 0x10, 0xc000, 0x5}, 0x400, 0x7, 0x8000, 0x7, 0x9}}, @TCA_HTB_OFFLOAD={0x4}, @TCA_HTB_CEIL64={0xc, 0x7, 0x100000001}, @TCA_HTB_OFFLOAD={0x4}, @TCA_HTB_OFFLOAD={0x4}, @TCA_HTB_RTAB={0x404, 0x4, [0xd6f2, 0x9, 0x3, 0x80000001, 0x7, 0x9, 0x4, 0x2, 0x3, 0x4, 0x4, 0x3, 0x2, 0xaf, 0x3, 0x1, 0x1, 0xf, 0xffffffff, 0xfffffff7, 0x1, 0x10, 0x0, 0x4, 0x1, 0x8000, 0x80000001, 0x6, 0x0, 0x7a16, 0x8000, 0xe3e, 0x41b0, 0x79, 0x0, 0x2, 0x9, 0x9, 0x6, 0x8, 0x5, 0x5, 0x81, 0x2341, 0x9, 0xfffffff9, 0xaf5, 0x0, 0x1, 0x9, 0x5, 0x8, 0x72b, 0xf7f, 0x3ff, 0x8000, 0x4, 0x7ff, 0x9bf2, 0x5, 0x0, 0x8, 0x6, 0xffff, 0x200, 0x0, 0x8, 0x3, 0x3, 0x5, 0x10001, 0x0, 0x5, 0xde, 0x67, 0x5, 0x2, 0x8, 0x0, 0xffffffff, 0x3, 0x5, 0x7ff, 0x2, 0x8, 0x6, 0x5, 0x0, 0x2b6cd0b, 0xf3, 0xb6, 0x7ae, 0x8, 0xfffffff9, 0x3, 0x9dc7, 0x1, 0x0, 0x5, 0x6, 0x80, 0x5, 0x7, 0x0, 0x7, 0x0, 0x300000, 0x40, 0x1000, 0x1, 0x8eba, 0xfffffffb, 0xffff7fff, 0x8, 0x0, 0x9, 0x1, 0x100, 0x1403, 0x6, 0x9, 0x5b0c, 0x4, 0x9, 0x8, 0x4a0, 0x3ff, 0x400, 0x40000, 0xfffffffd, 0xb32b, 0x1, 0x3, 0x7, 0x5, 0x8, 0x1, 0x4, 0x7, 0x3, 0x101, 0xfff, 0x81, 0x9, 0x1ff, 0x8, 0x8, 0xfff, 0x0, 0x1, 0x100, 0x6, 0x1, 0x0, 0x1, 0x10000, 0x5, 0x8, 0xfffffffd, 0x0, 0x9, 0x8, 0xffffffc0, 0x6, 0xf414, 0xeef, 0x1, 0x5613062f, 0x3, 0x6, 0x1, 0x0, 0x0, 0x3, 0x1, 0x3, 0x0, 0x3ff, 0xb51, 0x1d370234, 0x6, 0x9, 0x10000, 0x2, 0x32, 0x4, 0xf, 0x8000, 0x925, 0x0, 0xdb3b, 0x40, 0xc0, 0x1, 0x6, 0xfa6, 0xf7b3f1e, 0x10, 0x4b2, 0x4, 0x9, 0xb, 0xb, 0x10000, 0x0, 0x776402fa, 0x5, 0x7ff, 0x6f4811b3, 0x7, 0x0, 0x4, 0xb, 0x7ff, 0xffffffff, 0x0, 0x1, 0x1, 0x6, 0x48c9b6b0, 0xfffffff9, 0x4, 0x6, 0x9, 0xd2, 0x8, 0xe, 0x1ff, 0x2, 0x6, 0x230c, 0x4, 0x4, 0x24298c2e, 0x1, 0x6, 0x4, 0x2, 0x1e56b871, 0x8, 0x1, 0x101, 0x5d9, 0x80000000, 0x40, 0x8, 0x5f, 0x10, 0x10, 0x10, 0x5, 0x8, 0x0, 0xe, 0x3, 0xeeb9]}, @TCA_HTB_PARMS={0x30, 0x1, {{0xc, 0x2, 0xc, 0x9, 0x101, 0x68}, {0x5, 0x0, 0x8, 0x7f, 0x5043, 0x35b5d05d}, 0x1, 0x1, 0x8, 0xfffffffd, 0x7}}]}}, @TCA_RATE={0x6}, @TCA_RATE={0x6, 0x5, {0x9, 0x9}}, @tclass_kind_options=@c_cake={0x9}, @tclass_kind_options=@c_tbf={0x8}, @TCA_RATE={0x6, 0x5, {0x30, 0x10}}, @tclass_kind_options=@c_tbf={0x8}, @tclass_kind_options=@c_red={0x8}, @tclass_kind_options=@c_cake={0x9}]}, 0x904}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) 879.186273ms ago: executing program 1 (id=244): bpf$MAP_CREATE(0x4000000000000, &(0x7f0000000140)=@base={0x41, 0x1, 0x6c02, 0x41}, 0x48) 876.491093ms ago: executing program 1 (id=247): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000035000900ffffffff02000000000000000c00018008001100", @ANYRES32=r0, @ANYBLOB], 0x20}}, 0x0) 797.751912ms ago: executing program 1 (id=248): bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x7, 0x4, 0x18, 0xa042, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x18}, 0x48) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000000300), 0x0, 0x0) openat$cgroup_devices(r1, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0x15, &(0x7f0000000000)=0xb, 0x4) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000680)=@newsa={0x170, 0x10, 0x633, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x4000, 0x0, 0x8001, 0x0, 0x20}, {@in=@dev, 0x0, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0xb}, {0x323}, {0x0, 0x6, 0x1}, {0x0, 0x8}, 0x70bd29, 0x0, 0xa, 0x1}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x20, {0x2, 0x4e22, 0x1, @in6=@empty}}, @encap={0x1c, 0x4, {0x2, 0x4e21, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}}}]}, 0x170}}, 0x0) 720.073192ms ago: executing program 2 (id=250): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {r1}}, './file0\x00'}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x1, 0x0, 0x7, 0x800005fffffffffd}) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x18, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 638.693138ms ago: executing program 1 (id=253): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x44) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fddbdf250c00000008000300", @ANYRES32=r2, @ANYBLOB='\b\x007\x00'], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x80) 578.795303ms ago: executing program 1 (id=255): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0xa9525000) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x118) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) utime(&(0x7f0000000640)='./file0\x00', &(0x7f0000000540)={0x4, 0x3}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r2, &(0x7f00000021c0), &(0x7f00000022c0)=""/136}, 0x20) add_key(&(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000180)="6e0c9b6b38", 0x5, 0xffffffffffffffff) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000600)=0x1, 0x4) ioctl$XFS_IOC_GETPARENTS_BY_HANDLE(r0, 0xc040583f, &(0x7f0000000340)={{@align=0x1ff, {0xfff3, 0x9, 0x1000, 0x4}}, {{[0xf7, 0x208, 0x40, 0x3]}, 0x0, 0x1, 0x1ff, 0x0, &(0x7f0000000300)=[{{@_ha_fsid={[0x45d, 0xfffffff9]}, {0x3, 0x100, 0x1, 0xcb3b}}, 0x4, 0x0, 'ceph\x00'}]}}) sendmsg$rds(r1, &(0x7f0000000980)={&(0x7f0000000000)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f00000007c0)=[{&(0x7f0000000040)=""/164, 0xa4}, {&(0x7f0000000140)=""/254, 0xfe}, {&(0x7f0000000240)=""/117, 0x75}, {&(0x7f00000002c0)=""/60, 0x3c}, {&(0x7f00000009c0)=""/221, 0xdd}, {&(0x7f0000000400)=""/241, 0xf1}, {&(0x7f0000000500)=""/48, 0x30}, {&(0x7f0000000540)=""/112, 0x70}, {&(0x7f0000000640)=""/212, 0xd4}, {&(0x7f0000000740)=""/71, 0x47}], 0xa, &(0x7f0000000900)=[@mask_cswp={0x58, 0x114, 0x9, {{0x4, 0x5}, &(0x7f0000000880)=0x594, &(0x7f00000008c0)=0x4, 0x46, 0x3, 0x5, 0x3e, 0x8, 0x3}}], 0x58, 0x4000}, 0x800) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x66) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file4\x00', 0x1, 0x20) r4 = syz_create_resource$binfmt(&(0x7f0000000000)='./file4\x00') openat$binfmt(0xffffffffffffff9c, r4, 0x41, 0x1ff) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0xc3072, 0xffffffffffffffff, 0x0) lseek(r5, 0x2000, 0x0) 450.164639ms ago: executing program 2 (id=257): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x8) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./cgroup/../file0\x00', &(0x7f00000000c0), &(0x7f0000000100)='./cgroup/../file0\x00', 0x12, 0x1) r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private2}, 0x0, @in6=@private1}}, &(0x7f0000000280)=0xe8) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000200)={0x40000002, "fa02791d2a69a2610f02000000000000001100010000000800"}) close(r2) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x181000, 0x0) read$snddsp(r3, &(0x7f0000000240)=""/203, 0xcb) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, r1, &(0x7f00000002c0)={0x8, 0xc, 0x4, 0x7, 0x1000, 0x7fff, 0x721c, 0xffffffff, 0x80}) 450.012224ms ago: executing program 0 (id=258): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x3c, r1, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "a48b11c412ee5948a4407364b336d2ed"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008006}, 0x4010) 449.666076ms ago: executing program 0 (id=259): r0 = syz_open_dev$dri(&(0x7f0000000340), 0x0, 0x141102) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000080)={0x1, 0x4, 0x20}) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) (async) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r1) (async, rerun: 32) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) (async, rerun: 32) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) (async, rerun: 32) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0) (rerun: 32) r5 = add_key$user(&(0x7f0000000180), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000001c0)="7f", 0x1, 0xffffffffffffffff) keyctl$set_timeout(0xf, r5, 0xfe35) preadv(r4, &(0x7f00000003c0)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0xfffffffd, 0x0) (async) r6 = socket$kcm(0xa, 0x2, 0x88) sendmsg$inet(r6, &(0x7f0000001600)={&(0x7f0000000140)={0x2, 0x5, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000001580)}, 0x8000) sendmsg$kcm(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000340), 0x1c00}, {&(0x7f00000004c0)}, {0x0}], 0x3, &(0x7f0000002640)}, 0x20000080) (async, rerun: 64) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[0x0], 0x0, 0x0, 0x0, 0x1}) (rerun: 64) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r7, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000680)={r8, 0x1, 0x4, 0x81, 0x1, [0x0, 0x0, 0x0, 0x0], [0x3fd86826, 0xfffffffd, 0x0, 0x5], [0x0, 0x7, 0x9], [0x8ca, 0x0, 0xfffffffffefffffc, 0x9]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r9, 0x0, 0x0, r10], [0x2b8]}) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r11, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r11, 0x0) (async, rerun: 64) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0}) (rerun: 64) mount(&(0x7f00000025c0)=@sg0, &(0x7f0000000300)='./file1\x00', &(0x7f0000000040)='erofs\x00', 0x0, &(0x7f0000000380)='acl') (async) close_range(r0, r0, 0x0) (async) r12 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) (async, rerun: 32) r13 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x1d9) (rerun: 32) ioctl$FS_IOC_FSSETXATTR(r13, 0x401c5820, &(0x7f0000000240)={0x10001, 0x402000, 0x1000000, 0xfffffffc, 0xc}) (async) r14 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FILTER(r14, 0x65, 0x1, 0x0, &(0x7f0000000040)) (async) ioctl$VIDIOC_QUERYSTD(r12, 0x8008563f, &(0x7f0000000000)) 380.539329ms ago: executing program 2 (id=260): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r3) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$getregset(0x4204, r5, 0x4, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r6], 0x1c}}, 0x4008054) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@ipv6_getaddrlabel={0x30, 0x4a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80}, [@IFAL_ADDRESS={0x14, 0x1, @mcast2}]}, 0x30}}, 0x4010080) sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x2c, r7, 0x4, 0x70bd26, 0x25dfdbfe, {{}, {}, {0x10, 0x13, @udp='udp:syz0\x00'}}, ["", "", "", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x200c4880}, 0x20004000) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x44) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fddbdf250c00000008000300", @ANYRES32=r9, @ANYBLOB='\b\x007\x00'], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x80) 380.395071ms ago: executing program 0 (id=261): socket$inet6_tcp(0xa, 0x1, 0x0) (async) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r1, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r0}, 0x20) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000500)='pstore\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='\x00', 0x0, 0x0, 0x0) (async) mount$overlay(0x0, &(0x7f0000000140)='\x00', 0x0, 0x0, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x40002003, 0x0, 0x0) 325.496773ms ago: executing program 0 (id=262): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x5, &(0x7f00000007c0)=@framed={{0x18, 0x2}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa}]}, &(0x7f00000005c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r1, &(0x7f0000000440), &(0x7f0000000040)=@udp=r0}, 0x20) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000080)=ANY=[@ANYBLOB="400082b13870c9147840a1ccf07e01d7c04b0000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0114000000000000140012800b0001006261746164760000040002800a000100ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x45844}, 0x4000080) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x101, 0x1}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94) ioctl$sock_netdev_private(r0, 0x89fd, &(0x7f0000001800)="750d54df2a083d008e00717e63cfd20895520892aadfb1aac1c383242651de893eccd7b94430743f3c5a1d050e0c66b4f8563cceea1806c7735e2f2ae68dcac6be6764aa16bcb30467216bee55341d63caa575c7794c290bc61f31829451887cd91e72da65717256f2456491a066eb6f4eb6f8dde0593cc509720de3871f925f66212870a95efbec1602bb4fe71f7f94a3ccae4eda5745f79c0b70d0f2944d661ade28f42e1185fdc9cfff06e433f601ea01500e570201a554d170cd09414857c3e94a777c67e51768c5598b6dfbd17d28bc34fa1a4fad141b7b") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000800)=""/4096, 0x1000}], 0x1}, 0xb}], 0x12, 0x40000021, 0x0) 140.738752ms ago: executing program 2 (id=263): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) (async) gettid() (async, rerun: 64) r2 = socket(0x10, 0x803, 0x0) (rerun: 64) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="3400000010000304f9ff876f46455a61d9ff7400", @ANYRES32=r1, @ANYBLOB="0898050006590500140019800f0002006e657464657673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x44803}, 0x4000010) 80.323621ms ago: executing program 2 (id=264): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x44) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fddbdf250c00000008000300", @ANYRES32=r2, @ANYBLOB='\b\x007\x00'], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x80) 79.229648ms ago: executing program 1 (id=265): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x1, 0x0, 0x7, 0x800005fffffffffd}) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x18, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 79.096087ms ago: executing program 2 (id=266): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e4587, 0xed}]}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 654.082µs ago: executing program 0 (id=267): r0 = socket(0x10, 0x2, 0x7) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x28, 0x0, 0x5, @rand_addr=' \x01\x00', @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x80, 0xfffffffc, 0xdc67}}) 0s ago: executing program 0 (id=268): r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000000)=0xb3b7, 0x4) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000380)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x3c, r3, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "a48b11c412ee5948a4407364b336d2ed"}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008006}, 0x4010) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:11332' (ED25519) to the list of known hosts. [ 46.062258][ T40] audit: type=1400 audit(1775129939.691:62): avc: denied { name_bind } for pid=5860 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 46.098311][ T40] audit: type=1400 audit(1775129939.721:63): avc: denied { execute } for pid=5861 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 46.105325][ T40] audit: type=1400 audit(1775129939.721:64): avc: denied { execute_no_trans } for pid=5861 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 48.288520][ T40] audit: type=1400 audit(1775129941.911:65): avc: denied { mounton } for pid=5861 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 48.298157][ T40] audit: type=1400 audit(1775129941.921:66): avc: denied { mount } for pid=5861 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 48.300679][ T5861] cgroup: Unknown subsys name 'net' [ 48.474576][ T5861] cgroup: Unknown subsys name 'cpuset' [ 48.479604][ T5861] cgroup: Unknown subsys name 'rlimit' [ 48.672343][ T5916] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 49.396062][ T5861] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.687172][ T40] kauditd_printk_skb: 15 callbacks suppressed [ 52.687186][ T40] audit: type=1400 audit(1775129946.311:82): avc: denied { execmem } for pid=5925 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 52.840085][ T40] audit: type=1400 audit(1775129946.461:83): avc: denied { create } for pid=5931 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.846674][ T40] audit: type=1400 audit(1775129946.461:84): avc: denied { read write } for pid=5931 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.854575][ T40] audit: type=1400 audit(1775129946.461:85): avc: denied { open } for pid=5931 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.862234][ T40] audit: type=1400 audit(1775129946.481:86): avc: denied { ioctl } for pid=5931 comm="syz-executor" path="socket:[2873]" dev="sockfs" ino=2873 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.912651][ T5943] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.915520][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.917300][ T5944] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.918748][ T5943] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.921164][ T5944] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.924773][ T5943] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.926837][ T5944] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.929327][ T5943] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.931124][ T5944] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.933862][ T5943] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.936385][ T5944] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.938017][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.938356][ T5945] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.939699][ T5946] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.940370][ T5946] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.941938][ T5946] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.943662][ T5944] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.945471][ T5946] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.949530][ T5293] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.950001][ T40] audit: type=1400 audit(1775129946.571:87): avc: denied { read } for pid=5933 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.956867][ T5293] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.957048][ T40] audit: type=1400 audit(1775129946.571:88): avc: denied { open } for pid=5933 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.978841][ T40] audit: type=1400 audit(1775129946.601:89): avc: denied { mounton } for pid=5933 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 53.167940][ T40] audit: type=1400 audit(1775129946.791:90): avc: denied { module_request } for pid=5933 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 53.260335][ T5933] chnl_net:caif_netlink_parms(): no params data found [ 53.289908][ T5938] chnl_net:caif_netlink_parms(): no params data found [ 53.302349][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 53.389509][ T5931] chnl_net:caif_netlink_parms(): no params data found [ 53.497488][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.499759][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.503303][ T5939] bridge_slave_0: entered allmulticast mode [ 53.506493][ T5939] bridge_slave_0: entered promiscuous mode [ 53.510700][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.513011][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.515358][ T5938] bridge_slave_0: entered allmulticast mode [ 53.518765][ T5938] bridge_slave_0: entered promiscuous mode [ 53.522597][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.524991][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.527418][ T5938] bridge_slave_1: entered allmulticast mode [ 53.530408][ T5938] bridge_slave_1: entered promiscuous mode [ 53.533728][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.536000][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.538351][ T5933] bridge_slave_0: entered allmulticast mode [ 53.542206][ T5933] bridge_slave_0: entered promiscuous mode [ 53.545451][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.547752][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.550232][ T5933] bridge_slave_1: entered allmulticast mode [ 53.552990][ T5933] bridge_slave_1: entered promiscuous mode [ 53.565120][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.567463][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.569702][ T5939] bridge_slave_1: entered allmulticast mode [ 53.572778][ T5939] bridge_slave_1: entered promiscuous mode [ 53.626050][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.631434][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.634377][ T5931] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.637194][ T5931] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.639630][ T5931] bridge_slave_0: entered allmulticast mode [ 53.643355][ T5931] bridge_slave_0: entered promiscuous mode [ 53.647529][ T5931] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.649769][ T5931] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.653220][ T5931] bridge_slave_1: entered allmulticast mode [ 53.656185][ T5931] bridge_slave_1: entered promiscuous mode [ 53.661097][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.665281][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.669806][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.695534][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.713402][ T5933] team0: Port device team_slave_0 added [ 53.725104][ T5933] team0: Port device team_slave_1 added [ 53.736225][ T5931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.740458][ T5938] team0: Port device team_slave_0 added [ 53.755162][ T5931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.759330][ T5938] team0: Port device team_slave_1 added [ 53.780517][ T5939] team0: Port device team_slave_0 added [ 53.782961][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.785254][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.794072][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.811782][ T5931] team0: Port device team_slave_0 added [ 53.814674][ T5939] team0: Port device team_slave_1 added [ 53.817022][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.819268][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.827788][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.832327][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.834490][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.842484][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.847396][ T5931] team0: Port device team_slave_1 added [ 53.860760][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.862970][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.871069][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.899473][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.901745][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.910488][ T5931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.914698][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.916911][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.925040][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.930014][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.932154][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.940139][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.944416][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.946658][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.955901][ T5931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.995838][ T5933] hsr_slave_0: entered promiscuous mode [ 53.998193][ T5933] hsr_slave_1: entered promiscuous mode [ 54.005389][ T5938] hsr_slave_0: entered promiscuous mode [ 54.007764][ T5938] hsr_slave_1: entered promiscuous mode [ 54.010063][ T5938] debugfs: 'hsr0' already exists in 'hsr' [ 54.011932][ T5938] Cannot create hsr debugfs directory [ 54.029495][ T5939] hsr_slave_0: entered promiscuous mode [ 54.032163][ T5939] hsr_slave_1: entered promiscuous mode [ 54.034336][ T5939] debugfs: 'hsr0' already exists in 'hsr' [ 54.036211][ T5939] Cannot create hsr debugfs directory [ 54.071896][ T5931] hsr_slave_0: entered promiscuous mode [ 54.074035][ T5931] hsr_slave_1: entered promiscuous mode [ 54.076054][ T5931] debugfs: 'hsr0' already exists in 'hsr' [ 54.078117][ T5931] Cannot create hsr debugfs directory [ 54.354492][ T5933] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.362792][ T5933] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.368202][ T5933] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.379058][ T5933] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.411613][ T5931] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.419768][ T5931] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.424190][ T5931] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.428719][ T5931] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.502496][ T5938] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.506843][ T5938] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.515497][ T5938] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.519898][ T5938] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.570028][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.587152][ T5939] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.592022][ T5939] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.596493][ T5939] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.600705][ T5939] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.628819][ T5933] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.648608][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.651111][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.665074][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.667390][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.679534][ T5931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.719208][ T5933] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.733184][ T5931] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.749833][ T168] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.752320][ T168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.757719][ T168] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.760105][ T168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.770673][ T40] audit: type=1400 audit(1775129948.401:91): avc: denied { sys_module } for pid=5933 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 54.789229][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.803116][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.824217][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.835261][ T5938] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.844231][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.846714][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.858507][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.860925][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.864346][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.866973][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.880557][ T168] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.882895][ T168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.898750][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.969674][ T5933] veth0_vlan: entered promiscuous mode [ 54.978675][ T5933] veth1_vlan: entered promiscuous mode [ 54.982353][ T5941] Bluetooth: hci3: command tx timeout [ 54.982887][ T5293] Bluetooth: hci2: command tx timeout [ 54.990228][ T5293] Bluetooth: hci0: command tx timeout [ 54.993057][ T5293] Bluetooth: hci1: command tx timeout [ 55.018064][ T5931] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.025127][ T5933] veth0_macvtap: entered promiscuous mode [ 55.030725][ T5933] veth1_macvtap: entered promiscuous mode [ 55.044914][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.056695][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.066734][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.085379][ T168] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.088895][ T168] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.103745][ T5931] veth0_vlan: entered promiscuous mode [ 55.105811][ T168] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.109475][ T168] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.123297][ T5931] veth1_vlan: entered promiscuous mode [ 55.156329][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.183746][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.186353][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.187440][ T5931] veth0_macvtap: entered promiscuous mode [ 55.205804][ T5939] veth0_vlan: entered promiscuous mode [ 55.218551][ T5931] veth1_macvtap: entered promiscuous mode [ 55.231071][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.233656][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.238008][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.245141][ T5939] veth1_vlan: entered promiscuous mode [ 55.250828][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.267741][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.272035][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.281819][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.288458][ T5933] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.297090][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.311291][ T5938] veth0_vlan: entered promiscuous mode [ 55.321810][ T5939] veth0_macvtap: entered promiscuous mode [ 55.332470][ T5938] veth1_vlan: entered promiscuous mode [ 55.345194][ T5939] veth1_macvtap: entered promiscuous mode [ 55.376522][ T5938] veth0_macvtap: entered promiscuous mode [ 55.383528][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.386090][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.397861][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.411629][ T5938] veth1_macvtap: entered promiscuous mode [ 55.419143][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.427027][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.429164][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.429826][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.440665][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.445218][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.452536][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.457260][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.469898][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.501222][ T168] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.505092][ T168] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.509196][ T168] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.532884][ T168] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.549293][ T168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.555022][ T168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.584746][ T168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.588304][ T168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.625150][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.632276][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.669478][ T168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.670648][ T6025] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5'. [ 55.678839][ T168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.802025][ T6034] FAULT_INJECTION: forcing a failure. [ 55.802025][ T6034] name failslab, interval 1, probability 0, space 0, times 1 [ 55.807198][ T6034] CPU: 1 UID: 0 PID: 6034 Comm: syz.3.4 Not tainted syzkaller #0 PREEMPT(full) [ 55.807214][ T6034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 55.807221][ T6034] Call Trace: [ 55.807243][ T6034] [ 55.807248][ T6034] dump_stack_lvl+0x100/0x190 [ 55.807270][ T6034] should_fail_ex.cold+0x5/0xa [ 55.807285][ T6034] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280 [ 55.807298][ T6034] should_failslab+0xc2/0x120 [ 55.807310][ T6034] __kmalloc_noprof+0xe0/0x850 [ 55.807329][ T6034] genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280 [ 55.807342][ T6034] ? cred_has_capability.isra.0+0x186/0x300 [ 55.807360][ T6034] genl_family_rcv_msg_doit+0xc7/0x300 [ 55.807372][ T6034] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 55.807388][ T6034] ? bpf_lsm_capable+0x9/0x10 [ 55.807399][ T6034] ? security_capable+0x80/0x260 [ 55.807413][ T6034] ? ns_capable+0xd2/0xf0 [ 55.807427][ T6034] genl_rcv_msg+0x560/0x800 [ 55.807442][ T6034] ? __pfx_genl_rcv_msg+0x10/0x10 [ 55.807462][ T6034] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 55.807481][ T6034] ? __pfx_nl80211_del_pmksa+0x10/0x10 [ 55.807497][ T6034] ? __pfx_nl80211_post_doit+0x10/0x10 [ 55.807524][ T6034] netlink_rcv_skb+0x159/0x420 [ 55.807547][ T6034] ? __pfx_genl_rcv_msg+0x10/0x10 [ 55.807564][ T6034] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 55.807586][ T6034] ? netlink_deliver_tap+0x1ae/0xcc0 [ 55.807603][ T6034] genl_rcv+0x28/0x40 [ 55.807613][ T6034] netlink_unicast+0x5aa/0x870 [ 55.807632][ T6034] ? __pfx_netlink_unicast+0x10/0x10 [ 55.807653][ T6034] netlink_sendmsg+0x8b0/0xda0 [ 55.807672][ T6034] ? __pfx_netlink_sendmsg+0x10/0x10 [ 55.807688][ T6034] ? __might_fault+0x50/0x140 [ 55.807707][ T6034] ____sys_sendmsg+0x9e1/0xb70 [ 55.807718][ T6034] ? __pfx_netlink_sendmsg+0x10/0x10 [ 55.807735][ T6034] ? __pfx_____sys_sendmsg+0x10/0x10 [ 55.807752][ T6034] ___sys_sendmsg+0x190/0x1e0 [ 55.807764][ T6034] ? __pfx____sys_sendmsg+0x10/0x10 [ 55.807791][ T6034] __sys_sendmsg+0x170/0x220 [ 55.807806][ T6034] ? __pfx___sys_sendmsg+0x10/0x10 [ 55.807829][ T6034] do_syscall_64+0x106/0xf80 [ 55.807845][ T6034] ? clear_bhb_loop+0x40/0x90 [ 55.807858][ T6034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.807869][ T6034] RIP: 0033:0x7f745df9c819 [ 55.807879][ T6034] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 55.807889][ T6034] RSP: 002b:00007f745ef06028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.807900][ T6034] RAX: ffffffffffffffda RBX: 00007f745e215fa0 RCX: 00007f745df9c819 [ 55.807906][ T6034] RDX: 0000000000004010 RSI: 0000200000000480 RDI: 0000000000000003 [ 55.807912][ T6034] RBP: 00007f745ef06090 R08: 0000000000000000 R09: 0000000000000000 [ 55.807918][ T6034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.807924][ T6034] R13: 00007f745e216038 R14: 00007f745e215fa0 R15: 00007fffb236da08 [ 55.807937][ T6034] [ 55.813046][ T6035] program syz.2.6 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 56.028623][ T6043] usb usb7: usbfs: process 6043 (syz.3.8) did not claim interface 0 before use [ 56.342450][ T6061] FAULT_INJECTION: forcing a failure. [ 56.342450][ T6061] name failslab, interval 1, probability 0, space 0, times 0 [ 56.348131][ T6061] CPU: 2 UID: 0 PID: 6061 Comm: syz.3.15 Not tainted syzkaller #0 PREEMPT(full) [ 56.348155][ T6061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 56.348166][ T6061] Call Trace: [ 56.348173][ T6061] [ 56.348182][ T6061] dump_stack_lvl+0x100/0x190 [ 56.348217][ T6061] should_fail_ex.cold+0x5/0xa [ 56.348245][ T6061] should_failslab+0xc2/0x120 [ 56.348265][ T6061] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 56.348293][ T6061] ? __alloc_skb+0x140/0x710 [ 56.348323][ T6061] __alloc_skb+0x140/0x710 [ 56.348346][ T6061] ? __alloc_skb+0x5b7/0x710 [ 56.348369][ T6061] ? __pfx___alloc_skb+0x10/0x10 [ 56.348392][ T6061] ? genl_rcv_msg+0x4be/0x800 [ 56.348420][ T6061] netlink_ack+0x117/0xb80 [ 56.348455][ T6061] netlink_rcv_skb+0x333/0x420 [ 56.348483][ T6061] ? __pfx_genl_rcv_msg+0x10/0x10 [ 56.348505][ T6061] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 56.348543][ T6061] ? netlink_deliver_tap+0x1ae/0xcc0 [ 56.348574][ T6061] genl_rcv+0x28/0x40 [ 56.348592][ T6061] netlink_unicast+0x5aa/0x870 [ 56.348623][ T6061] ? __pfx_netlink_unicast+0x10/0x10 [ 56.348661][ T6061] netlink_sendmsg+0x8b0/0xda0 [ 56.348699][ T6061] ? __pfx_netlink_sendmsg+0x10/0x10 [ 56.348726][ T6061] ? __might_fault+0x50/0x140 [ 56.348760][ T6061] ____sys_sendmsg+0x9e1/0xb70 [ 56.348780][ T6061] ? __pfx_netlink_sendmsg+0x10/0x10 [ 56.348811][ T6061] ? __pfx_____sys_sendmsg+0x10/0x10 [ 56.348842][ T6061] ___sys_sendmsg+0x190/0x1e0 [ 56.348867][ T6061] ? __pfx____sys_sendmsg+0x10/0x10 [ 56.348918][ T6061] __sys_sendmsg+0x170/0x220 [ 56.348946][ T6061] ? __pfx___sys_sendmsg+0x10/0x10 [ 56.348989][ T6061] do_syscall_64+0x106/0xf80 [ 56.349017][ T6061] ? clear_bhb_loop+0x40/0x90 [ 56.349041][ T6061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.349062][ T6061] RIP: 0033:0x7f745df9c819 [ 56.349078][ T6061] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 56.349097][ T6061] RSP: 002b:00007f745ef06028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.349116][ T6061] RAX: ffffffffffffffda RBX: 00007f745e215fa0 RCX: 00007f745df9c819 [ 56.349127][ T6061] RDX: 0000000000004010 RSI: 0000200000000480 RDI: 0000000000000003 [ 56.349139][ T6061] RBP: 00007f745ef06090 R08: 0000000000000000 R09: 0000000000000000 [ 56.349150][ T6061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 56.349161][ T6061] R13: 00007f745e216038 R14: 00007f745e215fa0 R15: 00007fffb236da08 [ 56.349182][ T6061] [ 56.481162][ T6067] netlink: 220 bytes leftover after parsing attributes in process `syz.0.19'. [ 56.485574][ T6067] netlink: 'syz.0.19': attribute type 2 has an invalid length. [ 56.531482][ T6075] netlink: 'syz.0.22': attribute type 11 has an invalid length. [ 56.609615][ T6087] netlink: 'syz.2.20': attribute type 3 has an invalid length. [ 56.613870][ T6087] netlink: 64 bytes leftover after parsing attributes in process `syz.2.20'. [ 56.865405][ T6101] ip6erspan0: entered promiscuous mode [ 57.060802][ T5293] Bluetooth: hci1: command tx timeout [ 57.061207][ T5941] Bluetooth: hci0: command tx timeout [ 57.063410][ T5293] Bluetooth: hci2: command tx timeout [ 57.070149][ T5293] Bluetooth: hci3: command tx timeout [ 57.074763][ T6114] 8021q: adding VLAN 0 to HW filter on device bond1 [ 57.082919][ T6114] Zero length message leads to an empty skb [ 57.092234][ T6114] bond1: (slave ip6gretap1): making interface the new active one [ 57.095536][ T6114] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 57.128638][ T6117] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 57.538898][ T6130] netlink: 12 bytes leftover after parsing attributes in process `syz.0.42'. [ 57.546424][ T6130] netlink: 'syz.0.42': attribute type 11 has an invalid length. [ 57.551952][ T6130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.42'. [ 57.691859][ T40] kauditd_printk_skb: 80 callbacks suppressed [ 57.691871][ T40] audit: type=1400 audit(1775129951.321:172): avc: denied { setopt } for pid=6137 comm="syz.1.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 57.717704][ T40] audit: type=1400 audit(1775129951.321:173): avc: denied { create } for pid=6137 comm="syz.1.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 57.730709][ T40] audit: type=1400 audit(1775129951.321:174): avc: denied { setopt } for pid=6137 comm="syz.1.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 57.774145][ T40] audit: type=1400 audit(1775129951.401:175): avc: denied { mount } for pid=6145 comm="syz.0.47" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 57.775109][ T6146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.47'. [ 57.786383][ T6146] netlink: 20 bytes leftover after parsing attributes in process `syz.0.47'. [ 57.789542][ T6146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.47'. [ 57.793480][ T40] audit: type=1400 audit(1775129951.421:176): avc: denied { write } for pid=6148 comm="syz.1.49" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 57.839393][ T40] audit: type=1400 audit(1775129951.461:177): avc: denied { mounton } for pid=6145 comm="syz.0.47" path="/file1" dev="bpf" ino=9074 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1 [ 57.839423][ T6146] overlay: Unknown parameter 'func' [ 57.850354][ T6146] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 57.904788][ T40] audit: type=1400 audit(1775129951.531:178): avc: denied { create } for pid=6155 comm="syz.0.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 57.912330][ T40] audit: type=1400 audit(1775129951.531:179): avc: denied { ioctl } for pid=6154 comm="syz.3.48" path="socket:[10469]" dev="sockfs" ino=10469 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 57.921802][ T40] audit: type=1400 audit(1775129951.551:180): avc: denied { mounton } for pid=6152 comm="syz.1.51" path="/syzcgroup/unified/syz1" dev="cgroup2" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 57.927925][ T6153] ntfs3(sr0): Primary boot signature is not NTFS. [ 57.932489][ T6153] ntfs3(sr0): try to read out of volume at offset 0xf800 [ 57.942699][ T6153] capability: warning: `syz.1.51' uses deprecated v2 capabilities in a way that may be insecure [ 57.953156][ T6153] atomic_op ffff888105df4198 conn xmit_atomic 0000000000000000 [ 57.956322][ T40] audit: type=1400 audit(1775129951.581:181): avc: denied { bind } for pid=6152 comm="syz.1.51" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 58.034537][ T6164] netlink: 'syz.0.52': attribute type 8 has an invalid length. [ 58.546489][ T6174] process 'syz.2.57' launched '/dev/fd/5' with NULL argv: empty string added [ 58.580070][ T6176] FAULT_INJECTION: forcing a failure. [ 58.580070][ T6176] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 58.585790][ T6176] CPU: 2 UID: 0 PID: 6176 Comm: syz.2.58 Not tainted syzkaller #0 PREEMPT(full) [ 58.585828][ T6176] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 58.585838][ T6176] Call Trace: [ 58.585844][ T6176] [ 58.585851][ T6176] dump_stack_lvl+0x100/0x190 [ 58.585883][ T6176] should_fail_ex.cold+0x5/0xa [ 58.585911][ T6176] _copy_to_user+0x32/0xd0 [ 58.585933][ T6176] simple_read_from_buffer+0xcb/0x170 [ 58.585952][ T6176] proc_fail_nth_read+0x1af/0x230 [ 58.585977][ T6176] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 58.585994][ T6176] ? rw_verify_area+0xce/0x6d0 [ 58.586009][ T6176] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 58.586025][ T6176] vfs_read+0x1e4/0xb30 [ 58.586036][ T6176] ? __pfx_vfs_read+0x10/0x10 [ 58.586045][ T6176] ? __fget_files+0x215/0x3d0 [ 58.586059][ T6176] ? __fget_files+0x21f/0x3d0 [ 58.586074][ T6176] ksys_read+0x12a/0x250 [ 58.586083][ T6176] ? __pfx_ksys_read+0x10/0x10 [ 58.586097][ T6176] do_syscall_64+0x106/0xf80 [ 58.586113][ T6176] ? clear_bhb_loop+0x40/0x90 [ 58.586127][ T6176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.586138][ T6176] RIP: 0033:0x7f694775d04e [ 58.586147][ T6176] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 58.586157][ T6176] RSP: 002b:00007f69459edfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 58.586168][ T6176] RAX: ffffffffffffffda RBX: 00007f69459ee6c0 RCX: 00007f694775d04e [ 58.586174][ T6176] RDX: 000000000000000f RSI: 00007f69459ee0a0 RDI: 0000000000000006 [ 58.586180][ T6176] RBP: 00007f69459ee090 R08: 0000000000000000 R09: 0000000000000000 [ 58.586186][ T6176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 58.586192][ T6176] R13: 00007f6947a16038 R14: 00007f6947a15fa0 R15: 00007ffda521fa18 [ 58.586205][ T6176] [ 58.900926][ T6186] bond1: (slave bond_slave_1): Device is not our slave [ 58.903439][ T6186] bond1: option active_slave: invalid value (bond_slave_1) [ 58.911721][ T6186] bond1 (unregistering): Released all slaves [ 58.968338][ T6196] netlink: 216 bytes leftover after parsing attributes in process `syz.1.63'. [ 59.090182][ T6202] netlink: 'syz.1.66': attribute type 1 has an invalid length. [ 59.116870][ T6205] netlink: 4 bytes leftover after parsing attributes in process `syz.2.67'. [ 59.140992][ T5293] Bluetooth: hci3: command tx timeout [ 59.141008][ T5936] Bluetooth: hci2: command tx timeout [ 59.150452][ T5936] Bluetooth: hci0: command tx timeout [ 59.151082][ T5293] Bluetooth: hci1: command tx timeout [ 59.285994][ T6214] sctp: [Deprecated]: syz.1.70 (pid 6214) Use of struct sctp_assoc_value in delayed_ack socket option. [ 59.285994][ T6214] Use struct sctp_sack_info instead [ 59.478434][ T6237] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 59.552400][ T6241] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 59.557955][ T6241] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 59.563582][ T6241] bond0 (unregistering): Released all slaves [ 59.758359][ T6190] Bluetooth: hci1: Opcode 0x0401 failed: -4 [ 59.878664][ T6260] binder: 6258:6260 ioctl c0306201 200000000080 returned -14 [ 60.031708][ T6264] overlay: filesystem on ./file0 not supported as upperdir [ 60.193201][ T5293] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 60.248444][ T6286] bridge1: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 60.249875][ T6287] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 60.278456][ T6287] program syz.3.91 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 60.380969][ T6299] xt_nat: multiple ranges no longer supported [ 60.413688][ T6303] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6303 comm=syz.2.92 [ 61.171133][ T6293] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 61.174025][ T6293] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 61.180963][ T6293] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 61.185905][ T6293] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 61.188914][ T6293] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 61.194123][ T6293] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 61.199343][ T6293] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 61.201896][ T6293] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 61.206296][ T6293] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 61.211387][ T6293] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 61.214829][ T6293] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 61.219510][ T6293] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 61.280797][ T6319] ======================================================= [ 61.280797][ T6319] WARNING: The mand mount option has been deprecated and [ 61.280797][ T6319] and is ignored by this kernel. Remove the mand [ 61.280797][ T6319] option from the mount to silence this warning. [ 61.280797][ T6319] ======================================================= [ 61.450482][ T6329] QAT: failed to copy from user cfg_data. [ 61.942522][ T5293] Bluetooth: hci2: Malformed LE Event: 0x0d [ 61.945537][ T5293] Bluetooth: hci2: Malformed LE Event: 0x0d [ 62.317789][ T6399] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6399 comm=syz.2.128 [ 62.420823][ T5293] Bluetooth: hci0: command 0x0c1a tx timeout [ 62.987505][ T40] kauditd_printk_skb: 70 callbacks suppressed [ 62.987523][ T40] audit: type=1400 audit(1775129956.611:252): avc: denied { map } for pid=6414 comm="syz.1.133" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=12411 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 63.000189][ T40] audit: type=1400 audit(1775129956.611:253): avc: denied { read write } for pid=6414 comm="syz.1.133" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=12411 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 63.012153][ T40] audit: type=1400 audit(1775129956.611:254): avc: granted { setsecparam } for pid=6414 comm="syz.1.133" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 63.063554][ T6421] FAULT_INJECTION: forcing a failure. [ 63.063554][ T6421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 63.068075][ T6421] CPU: 0 UID: 0 PID: 6421 Comm: syz.1.135 Not tainted syzkaller #0 PREEMPT(full) [ 63.068089][ T6421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.068096][ T6421] Call Trace: [ 63.068105][ T6421] [ 63.068110][ T6421] dump_stack_lvl+0x100/0x190 [ 63.068135][ T6421] should_fail_ex.cold+0x5/0xa [ 63.068150][ T6421] strncpy_from_user+0x3b/0x2d0 [ 63.068168][ T6421] do_getname+0x78/0x390 [ 63.068184][ T6421] __x64_sys_rmdir+0x36/0x70 [ 63.068197][ T6421] do_syscall_64+0x106/0xf80 [ 63.068219][ T6421] ? clear_bhb_loop+0x40/0x90 [ 63.068232][ T6421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.068243][ T6421] RIP: 0033:0x7f168139c819 [ 63.068254][ T6421] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 63.068264][ T6421] RSP: 002b:00007f1682262028 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 63.068274][ T6421] RAX: ffffffffffffffda RBX: 00007f1681615fa0 RCX: 00007f168139c819 [ 63.068281][ T6421] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 63.068287][ T6421] RBP: 00007f1682262090 R08: 0000000000000000 R09: 0000000000000000 [ 63.068292][ T6421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.068298][ T6421] R13: 00007f1681616038 R14: 00007f1681615fa0 R15: 00007ffc8d545538 [ 63.068311][ T6421] [ 63.156528][ T6425] __nla_validate_parse: 3 callbacks suppressed [ 63.156541][ T6425] netlink: 12 bytes leftover after parsing attributes in process `syz.1.136'. [ 63.220130][ T5293] Bluetooth: hci3: command 0x0c1a tx timeout [ 63.220186][ T5936] Bluetooth: hci2: command 0x0c1a tx timeout [ 63.222567][ T5293] Bluetooth: hci1: command 0x0419 tx timeout [ 63.273312][ T6434] FAULT_INJECTION: forcing a failure. [ 63.273312][ T6434] name failslab, interval 1, probability 0, space 0, times 0 [ 63.277819][ T6434] CPU: 3 UID: 0 PID: 6434 Comm: syz.2.140 Not tainted syzkaller #0 PREEMPT(full) [ 63.277835][ T6434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.277843][ T6434] Call Trace: [ 63.277848][ T6434] [ 63.277853][ T6434] dump_stack_lvl+0x100/0x190 [ 63.277878][ T6434] should_fail_ex.cold+0x5/0xa [ 63.277894][ T6434] should_failslab+0xc2/0x120 [ 63.277907][ T6434] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 63.277927][ T6434] ? __alloc_skb+0x140/0x710 [ 63.277946][ T6434] __alloc_skb+0x140/0x710 [ 63.277961][ T6434] ? __alloc_skb+0x5b7/0x710 [ 63.277976][ T6434] ? __pfx___alloc_skb+0x10/0x10 [ 63.277991][ T6434] ? genl_rcv_msg+0x4be/0x800 [ 63.278007][ T6434] netlink_ack+0x117/0xb80 [ 63.278031][ T6434] netlink_rcv_skb+0x333/0x420 [ 63.278050][ T6434] ? __pfx_genl_rcv_msg+0x10/0x10 [ 63.278063][ T6434] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 63.278088][ T6434] ? netlink_deliver_tap+0x1ae/0xcc0 [ 63.278108][ T6434] genl_rcv+0x28/0x40 [ 63.278119][ T6434] netlink_unicast+0x5aa/0x870 [ 63.278140][ T6434] ? __pfx_netlink_unicast+0x10/0x10 [ 63.278164][ T6434] netlink_sendmsg+0x8b0/0xda0 [ 63.278185][ T6434] ? __pfx_netlink_sendmsg+0x10/0x10 [ 63.278203][ T6434] ? __might_fault+0x50/0x140 [ 63.278225][ T6434] ____sys_sendmsg+0x9e1/0xb70 [ 63.278237][ T6434] ? __pfx_netlink_sendmsg+0x10/0x10 [ 63.278257][ T6434] ? __pfx_____sys_sendmsg+0x10/0x10 [ 63.278275][ T6434] ___sys_sendmsg+0x190/0x1e0 [ 63.278290][ T6434] ? __pfx____sys_sendmsg+0x10/0x10 [ 63.278320][ T6434] __sys_sendmsg+0x170/0x220 [ 63.278337][ T6434] ? __pfx___sys_sendmsg+0x10/0x10 [ 63.278363][ T6434] do_syscall_64+0x106/0xf80 [ 63.278381][ T6434] ? clear_bhb_loop+0x40/0x90 [ 63.278396][ T6434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.278408][ T6434] RIP: 0033:0x7f694779c819 [ 63.278420][ T6434] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 63.278435][ T6434] RSP: 002b:00007f69459ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.278448][ T6434] RAX: ffffffffffffffda RBX: 00007f6947a15fa0 RCX: 00007f694779c819 [ 63.278455][ T6434] RDX: 0000000000004010 RSI: 0000200000000480 RDI: 0000000000000003 [ 63.278461][ T6434] RBP: 00007f69459ee090 R08: 0000000000000000 R09: 0000000000000000 [ 63.278468][ T6434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.278474][ T6434] R13: 00007f6947a16038 R14: 00007f6947a15fa0 R15: 00007ffda521fa18 [ 63.278489][ T6434] [ 63.349900][ T40] audit: type=1400 audit(1775129956.971:255): avc: denied { setopt } for pid=6435 comm="syz.3.141" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 63.364890][ T6436] netlink: 'syz.3.141': attribute type 3 has an invalid length. [ 63.388188][ T6436] netlink: 'syz.3.141': attribute type 1 has an invalid length. [ 63.392109][ T6436] netlink: 224 bytes leftover after parsing attributes in process `syz.3.141'. [ 63.395777][ T6436] NCSI netlink: No device for ifindex 33022 [ 63.433872][ T40] audit: type=1400 audit(1775129957.061:256): avc: denied { read } for pid=6438 comm="syz.2.142" name="card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 63.436934][ T6439] overlayfs: conflicting options: userxattr,metacopy=on [ 63.440641][ T6441] FAULT_INJECTION: forcing a failure. [ 63.440641][ T6441] name failslab, interval 1, probability 0, space 0, times 0 [ 63.440680][ T6441] CPU: 0 UID: 0 PID: 6441 Comm: syz.0.144 Not tainted syzkaller #0 PREEMPT(full) [ 63.440694][ T6441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.440701][ T6441] Call Trace: [ 63.440706][ T6441] [ 63.440710][ T6441] dump_stack_lvl+0x100/0x190 [ 63.440733][ T6441] should_fail_ex.cold+0x5/0xa [ 63.440749][ T6441] ? tomoyo_realpath_from_path+0xb6/0x690 [ 63.440768][ T6441] should_failslab+0xc2/0x120 [ 63.440782][ T6441] __kmalloc_noprof+0xe0/0x850 [ 63.440802][ T6441] tomoyo_realpath_from_path+0xb6/0x690 [ 63.440824][ T6441] tomoyo_path_perm+0x276/0x460 [ 63.440838][ T6441] ? tomoyo_path_perm+0x262/0x460 [ 63.440855][ T6441] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 63.440870][ T6441] ? __lock_acquire+0x4a5/0x2630 [ 63.440886][ T6441] ? __lock_acquire+0x4a5/0x2630 [ 63.440904][ T6441] ? find_held_lock+0x2b/0x80 [ 63.440920][ T6441] ? __pfx___up_read+0x10/0x10 [ 63.440932][ T6441] ? kernfs_dop_revalidate+0x350/0x740 [ 63.440945][ T6441] ? kernfs_dop_revalidate+0x350/0x740 [ 63.440961][ T6441] tomoyo_path_rmdir+0x91/0xe0 [ 63.440973][ T6441] ? __pfx_tomoyo_path_rmdir+0x10/0x10 [ 63.440985][ T6441] ? lookup_dcache+0x66/0x170 [ 63.441003][ T6441] security_path_rmdir+0x145/0x2b0 [ 63.441019][ T6441] filename_rmdir+0x29d/0x5c0 [ 63.441035][ T6441] ? __pfx_filename_rmdir+0x10/0x10 [ 63.441157][ T6441] ? do_getname+0x191/0x390 [ 63.441173][ T6441] __x64_sys_rmdir+0x46/0x70 [ 63.441189][ T6441] do_syscall_64+0x106/0xf80 [ 63.441222][ T6441] ? clear_bhb_loop+0x40/0x90 [ 63.441237][ T6441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.441248][ T6441] RIP: 0033:0x7f678899c819 [ 63.441259][ T6441] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 63.441269][ T6441] RSP: 002b:00007f67898bd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 63.441280][ T6441] RAX: ffffffffffffffda RBX: 00007f6788c15fa0 RCX: 00007f678899c819 [ 63.441286][ T6441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 63.441292][ T6441] RBP: 00007f67898bd090 R08: 0000000000000000 R09: 0000000000000000 [ 63.441298][ T6441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.441304][ T6441] R13: 00007f6788c16038 R14: 00007f6788c15fa0 R15: 00007fff7b5ba158 [ 63.441317][ T6441] [ 63.441324][ T6441] ERROR: Out of memory at tomoyo_realpath_from_path. [ 63.450411][ T40] audit: type=1400 audit(1775129957.061:257): avc: denied { open } for pid=6438 comm="syz.2.142" path="/dev/dri/card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 63.569019][ T40] audit: type=1400 audit(1775129957.061:258): avc: denied { ioctl } for pid=6438 comm="syz.2.142" path="/dev/dri/card1" dev="devtmpfs" ino=636 ioctlcmd=0x64c6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 63.577170][ T6452] netlink: 12 bytes leftover after parsing attributes in process `syz.1.146'. [ 63.577488][ T40] audit: type=1400 audit(1775129957.081:259): avc: denied { append } for pid=6442 comm="syz.3.143" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 63.587822][ T40] audit: type=1400 audit(1775129957.081:260): avc: denied { ioctl } for pid=6442 comm="syz.3.143" path="/dev/sg0" dev="devtmpfs" ino=721 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 63.596026][ T40] audit: type=1400 audit(1775129957.191:261): avc: denied { append } for pid=6448 comm="syz.0.147" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 63.625390][ T6456] netlink: 12 bytes leftover after parsing attributes in process `syz.1.148'. [ 63.720100][ T6460] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 63.722963][ T6460] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 63.727372][ T6460] vhci_hcd vhci_hcd.0: Device attached [ 63.735394][ T6466] vhci_hcd: connection closed [ 63.737553][ T61] vhci_hcd vhci_hcd.1: stop threads [ 63.742705][ T61] vhci_hcd vhci_hcd.1: release socket [ 63.745125][ T61] vhci_hcd vhci_hcd.1: disconnect device [ 63.923296][ T6484] netlink: 12 bytes leftover after parsing attributes in process `syz.0.156'. [ 64.094778][ T6491] netlink: 12 bytes leftover after parsing attributes in process `syz.3.158'. [ 64.117845][ T6493] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=286 sclass=netlink_route_socket pid=6493 comm=syz.0.159 [ 64.123210][ T6494] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=286 sclass=netlink_route_socket pid=6494 comm=syz.0.159 [ 64.322938][ T6511] netlink: 12 bytes leftover after parsing attributes in process `syz.1.165'. [ 64.500371][ T5293] Bluetooth: hci0: command 0x0c1a tx timeout [ 64.718057][ T6541] FAULT_INJECTION: forcing a failure. [ 64.718057][ T6541] name failslab, interval 1, probability 0, space 0, times 0 [ 64.723887][ T6541] CPU: 3 UID: 0 PID: 6541 Comm: syz.2.173 Not tainted syzkaller #0 PREEMPT(full) [ 64.723902][ T6541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 64.723909][ T6541] Call Trace: [ 64.723912][ T6541] [ 64.723916][ T6541] dump_stack_lvl+0x100/0x190 [ 64.723949][ T6541] should_fail_ex.cold+0x5/0xa [ 64.723963][ T6541] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280 [ 64.723981][ T6541] should_failslab+0xc2/0x120 [ 64.724037][ T6541] __kmalloc_noprof+0xe0/0x850 [ 64.724063][ T6541] genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280 [ 64.724076][ T6541] ? cred_has_capability.isra.0+0x186/0x300 [ 64.724103][ T6541] genl_family_rcv_msg_doit+0xc7/0x300 [ 64.724116][ T6541] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 64.724131][ T6541] ? bpf_lsm_capable+0x9/0x10 [ 64.724142][ T6541] ? security_capable+0x80/0x260 [ 64.724156][ T6541] ? ns_capable+0xd2/0xf0 [ 64.724170][ T6541] genl_rcv_msg+0x560/0x800 [ 64.724183][ T6541] ? __pfx_genl_rcv_msg+0x10/0x10 [ 64.724196][ T6541] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 64.724210][ T6541] ? __pfx_nl80211_del_key+0x10/0x10 [ 64.724226][ T6541] ? __pfx_nl80211_post_doit+0x10/0x10 [ 64.724245][ T6541] netlink_rcv_skb+0x159/0x420 [ 64.724263][ T6541] ? __pfx_genl_rcv_msg+0x10/0x10 [ 64.724274][ T6541] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 64.724296][ T6541] ? netlink_deliver_tap+0x1ae/0xcc0 [ 64.724314][ T6541] genl_rcv+0x28/0x40 [ 64.724323][ T6541] netlink_unicast+0x5aa/0x870 [ 64.724342][ T6541] ? __pfx_netlink_unicast+0x10/0x10 [ 64.724363][ T6541] netlink_sendmsg+0x8b0/0xda0 [ 64.724382][ T6541] ? __pfx_netlink_sendmsg+0x10/0x10 [ 64.724399][ T6541] ? __might_fault+0x50/0x140 [ 64.724418][ T6541] ____sys_sendmsg+0x9e1/0xb70 [ 64.724433][ T6541] ? __pfx_netlink_sendmsg+0x10/0x10 [ 64.724451][ T6541] ? __pfx_____sys_sendmsg+0x10/0x10 [ 64.724467][ T6541] ___sys_sendmsg+0x190/0x1e0 [ 64.724480][ T6541] ? __pfx____sys_sendmsg+0x10/0x10 [ 64.724507][ T6541] __sys_sendmsg+0x170/0x220 [ 64.724522][ T6541] ? __pfx___sys_sendmsg+0x10/0x10 [ 64.724545][ T6541] do_syscall_64+0x106/0xf80 [ 64.724562][ T6541] ? clear_bhb_loop+0x40/0x90 [ 64.724575][ T6541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.724586][ T6541] RIP: 0033:0x7f694779c819 [ 64.724596][ T6541] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 64.724605][ T6541] RSP: 002b:00007f69459ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.724617][ T6541] RAX: ffffffffffffffda RBX: 00007f6947a15fa0 RCX: 00007f694779c819 [ 64.724623][ T6541] RDX: 0000000000000080 RSI: 0000200000000200 RDI: 0000000000000003 [ 64.724629][ T6541] RBP: 00007f69459ee090 R08: 0000000000000000 R09: 0000000000000000 [ 64.724635][ T6541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 64.724641][ T6541] R13: 00007f6947a16038 R14: 00007f6947a15fa0 R15: 00007ffda521fa18 [ 64.724654][ T6541] [ 64.924015][ T6547] vcan1: entered allmulticast mode [ 65.144022][ T6562] netlink: 12 bytes leftover after parsing attributes in process `syz.2.183'. [ 65.148384][ T6562] FAULT_INJECTION: forcing a failure. [ 65.148384][ T6562] name failslab, interval 1, probability 0, space 0, times 0 [ 65.153817][ T6562] CPU: 2 UID: 0 PID: 6562 Comm: syz.2.183 Not tainted syzkaller #0 PREEMPT(full) [ 65.153833][ T6562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 65.153840][ T6562] Call Trace: [ 65.153844][ T6562] [ 65.153849][ T6562] dump_stack_lvl+0x100/0x190 [ 65.153872][ T6562] should_fail_ex.cold+0x5/0xa [ 65.153901][ T6562] should_failslab+0xc2/0x120 [ 65.153916][ T6562] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 65.153933][ T6562] ? __alloc_skb+0x140/0x710 [ 65.153952][ T6562] __alloc_skb+0x140/0x710 [ 65.153966][ T6562] ? __alloc_skb+0x5b7/0x710 [ 65.153980][ T6562] ? __pfx___alloc_skb+0x10/0x10 [ 65.153994][ T6562] ? genl_rcv_msg+0x4be/0x800 [ 65.154010][ T6562] netlink_ack+0x117/0xb80 [ 65.154032][ T6562] netlink_rcv_skb+0x333/0x420 [ 65.154050][ T6562] ? __pfx_genl_rcv_msg+0x10/0x10 [ 65.154063][ T6562] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 65.154087][ T6562] ? netlink_deliver_tap+0x1ae/0xcc0 [ 65.154106][ T6562] genl_rcv+0x28/0x40 [ 65.154116][ T6562] netlink_unicast+0x5aa/0x870 [ 65.154136][ T6562] ? __pfx_netlink_unicast+0x10/0x10 [ 65.154159][ T6562] netlink_sendmsg+0x8b0/0xda0 [ 65.154179][ T6562] ? __pfx_netlink_sendmsg+0x10/0x10 [ 65.154196][ T6562] ? __might_fault+0x50/0x140 [ 65.154217][ T6562] ____sys_sendmsg+0x9e1/0xb70 [ 65.154228][ T6562] ? __pfx_netlink_sendmsg+0x10/0x10 [ 65.154247][ T6562] ? __pfx_____sys_sendmsg+0x10/0x10 [ 65.154265][ T6562] ___sys_sendmsg+0x190/0x1e0 [ 65.154278][ T6562] ? __pfx____sys_sendmsg+0x10/0x10 [ 65.154306][ T6562] __sys_sendmsg+0x170/0x220 [ 65.154321][ T6562] ? __pfx___sys_sendmsg+0x10/0x10 [ 65.154344][ T6562] do_syscall_64+0x106/0xf80 [ 65.154361][ T6562] ? clear_bhb_loop+0x40/0x90 [ 65.154374][ T6562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.154384][ T6562] RIP: 0033:0x7f694779c819 [ 65.154394][ T6562] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 65.154404][ T6562] RSP: 002b:00007f69459ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.154417][ T6562] RAX: ffffffffffffffda RBX: 00007f6947a15fa0 RCX: 00007f694779c819 [ 65.154423][ T6562] RDX: 0000000000000080 RSI: 0000200000000200 RDI: 0000000000000003 [ 65.154430][ T6562] RBP: 00007f69459ee090 R08: 0000000000000000 R09: 0000000000000000 [ 65.154435][ T6562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.154441][ T6562] R13: 00007f6947a16038 R14: 00007f6947a15fa0 R15: 00007ffda521fa18 [ 65.154454][ T6562] [ 65.304367][ T5293] Bluetooth: hci1: command 0x0419 tx timeout [ 65.304418][ T5941] Bluetooth: hci3: command 0x0c1a tx timeout [ 65.309169][ T5936] Bluetooth: hci2: command 0x0c1a tx timeout [ 65.722549][ T6594] netlink: 12 bytes leftover after parsing attributes in process `syz.3.193'. [ 65.830618][ T6603] 9p: Unknown access argument 18446744073709551615: -34 [ 65.897590][ T6605] program syz.1.197 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.039096][ T6616] netlink: 'syz.3.200': attribute type 39 has an invalid length. [ 66.328332][ T6621] netlink: 12 bytes leftover after parsing attributes in process `syz.0.202'. [ 66.333554][ T6623] program syz.3.203 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.453072][ T6631] openvswitch: netlink: Invalid VLAN frame [ 66.514975][ T6634] gfs2: not a GFS2 filesystem [ 66.580289][ T5936] Bluetooth: hci0: command 0x0c1a tx timeout [ 66.600545][ T6197] usb 8-1: new low-speed USB device number 2 using dummy_hcd [ 66.725738][ T6654] kAFS: unable to lookup cell '/,c¾ûL' [ 66.770080][ T6197] usb 8-1: Invalid ep0 maxpacket: 16 [ 66.920120][ T6197] usb 8-1: new low-speed USB device number 3 using dummy_hcd [ 67.070016][ T6197] usb 8-1: Invalid ep0 maxpacket: 16 [ 67.072383][ T6197] usb usb8-port1: attempt power cycle [ 67.380174][ T5936] Bluetooth: hci1: command 0x0419 tx timeout [ 67.390098][ T5936] Bluetooth: hci2: command 0x0c1a tx timeout [ 67.390127][ T5936] Bluetooth: hci3: command 0x0c1a tx timeout [ 67.420141][ T6197] usb 8-1: new low-speed USB device number 4 using dummy_hcd [ 67.442388][ T6197] usb 8-1: Invalid ep0 maxpacket: 16 [ 67.591327][ T6197] usb 8-1: new low-speed USB device number 5 using dummy_hcd [ 67.611620][ T6197] usb 8-1: Invalid ep0 maxpacket: 16 [ 67.614105][ T6197] usb usb8-port1: unable to enumerate USB device [ 67.842343][ T6712] tipc: Started in network mode [ 67.844296][ T6712] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711 [ 67.850536][ T6712] tipc: Enabled bearer , priority 10 [ 68.087127][ T6731] CIFS: iocharset name too long [ 68.262474][ T40] kauditd_printk_skb: 51 callbacks suppressed [ 68.262487][ T40] audit: type=1400 audit(1775129961.891:313): avc: denied { write } for pid=6749 comm="syz.1.248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 68.262753][ T6750] netlink: 'syz.1.248': attribute type 32 has an invalid length. [ 68.264546][ T40] audit: type=1400 audit(1775129961.891:314): avc: denied { nlmsg_write } for pid=6749 comm="syz.1.248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 68.418469][ T40] audit: type=1400 audit(1775129962.041:315): avc: denied { module_load } for pid=6768 comm="syz.0.252" path="/sys/kernel/hardlockup_count" dev="sysfs" ino=71051 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 68.452948][ T6772] __nla_validate_parse: 7 callbacks suppressed [ 68.452960][ T6772] netlink: 12 bytes leftover after parsing attributes in process `syz.1.253'. [ 68.637606][ T40] audit: type=1400 audit(1775129962.261:316): avc: denied { write } for pid=6788 comm="syz.0.259" name="card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 68.681585][ T40] audit: type=1400 audit(1775129962.311:317): avc: denied { mount } for pid=6798 comm="syz.0.261" name="/" dev="pstore" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 68.700096][ T40] audit: type=1400 audit(1775129962.321:318): avc: denied { unmount } for pid=5933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 68.798122][ T6809] netlink: 12 bytes leftover after parsing attributes in process `syz.2.260'. [ 68.857555][ T6794] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 68.966461][ T6816] netlink: 12 bytes leftover after parsing attributes in process `syz.2.264'. [ 68.975685][ T6197] tipc: Node number set to 4269801491 [ 69.102224][ C2] ------------[ cut here ]------------ [ 69.104898][ C2] sk->sk_forward_alloc [ 69.104912][ C2] WARNING: net/ipv4/af_inet.c:163 at inet_sock_destruct+0x653/0x800, CPU#2: kcompactd0/44 [ 69.111066][ C2] Modules linked in: [ 69.112671][ C2] CPU: 2 UID: 0 PID: 44 Comm: kcompactd0 Tainted: G L syzkaller #0 PREEMPT(full) [ 69.116275][ C2] Tainted: [L]=SOFTLOCKUP [ 69.117671][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 69.121028][ C2] RIP: 0010:inet_sock_destruct+0x653/0x800 [ 69.123148][ C2] Code: e3 4e ff e9 06 fd ff ff e8 7a 49 ff f7 90 0f 0b 90 e9 35 fe ff ff e8 6c 49 ff f7 90 0f 0b 90 e9 c5 fe ff ff e8 5e 49 ff f7 90 <0f> 0b 90 e9 04 ff ff ff e8 50 49 ff f7 90 0f 0b 90 e9 65 fe ff ff [ 69.130190][ C2] RSP: 0000:ffffc90000648d98 EFLAGS: 00010246 [ 69.132252][ C2] RAX: 0000000000000000 RBX: ffff888038524c80 RCX: ffffffff8a09b2c7 [ 69.134853][ C2] RDX: ffff88801d300000 RSI: ffffffff8a09b3c2 RDI: ffff88801d300000 [ 69.137780][ C2] RBP: 0000000000000f70 R08: 0000000000000005 R09: 0000000000000000 [ 69.140485][ C2] R10: 0000000000000f70 R11: 0000000000000000 R12: ffff888038524c80 [ 69.143137][ C2] R13: ffff888038524d10 R14: ffffffff81eebc9d R15: 0000000000000002 [ 69.145759][ C2] FS: 0000000000000000(0000) GS:ffff8880d653c000(0000) knlGS:0000000000000000 [ 69.148873][ C2] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.151277][ C2] CR2: 00007f6788c0d1f0 CR3: 000000000e598000 CR4: 0000000000352ef0 [ 69.153788][ C2] Call Trace: [ 69.154864][ C2] [ 69.155806][ C2] ? __pfx_udp_destruct_sock+0x10/0x10 [ 69.157618][ C2] ? rcu_core+0x59d/0x10d0 [ 69.159237][ C2] __sk_destruct+0x85/0xbb0 [ 69.161131][ C2] ? rcu_core+0x59d/0x10d0 [ 69.163115][ C2] rcu_core+0x5a2/0x10d0 [ 69.165103][ C2] ? __pfx_rcu_core+0x10/0x10 [ 69.167321][ C2] ? run_timer_base+0x121/0x190 [ 69.169051][ C2] ? __pfx_run_timer_base+0x10/0x10 [ 69.171092][ C2] handle_softirqs+0x1eb/0x9e0 [ 69.172648][ C2] ? __pfx_handle_softirqs+0x10/0x10 [ 69.174422][ C2] __irq_exit_rcu+0xef/0x150 [ 69.176005][ C2] irq_exit_rcu+0x9/0x30 [ 69.177410][ C2] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 69.179331][ C2] [ 69.180692][ C2] [ 69.181895][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 69.184416][ C2] RIP: 0010:isolate_migratepages_block+0x55a/0x6870 [ 69.187137][ C2] Code: 48 c7 44 24 30 00 00 00 00 48 c7 44 24 18 00 00 00 00 48 89 44 24 60 e8 a4 c2 b4 ff 0f b6 5c 24 17 31 ff 89 de e8 e6 bc b4 ff <84> db 0f 84 a4 00 00 00 e8 89 c2 b4 ff 48 8b 5c 24 20 4c 89 fe 48 [ 69.195269][ C2] RSP: 0000:ffffc900007cf7f8 EFLAGS: 00000293 [ 69.197736][ C2] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff82543a8a [ 69.201446][ C2] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88801d300000 [ 69.204551][ C2] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 69.207091][ C2] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900007cfb60 [ 69.210267][ C2] R13: ffffea00002466c0 R14: dffffc0000000000 R15: 000000000000919c [ 69.213463][ C2] ? isolate_migratepages_block+0x55a/0x6870 [ 69.215913][ C2] ? isolate_migratepages_block+0x55a/0x6870 [ 69.218706][ C2] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 69.221208][ C2] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 69.223291][ C2] ? __pfx___might_resched+0x10/0x10 [ 69.225018][ C2] compact_zone+0xf9f/0x44c0 [ 69.226597][ C2] ? do_raw_spin_lock+0x91/0x260 [ 69.228223][ C2] ? __pfx_compact_zone+0x10/0x10 [ 69.230042][ C2] ? lock_acquire+0x1cf/0x380 [ 69.231563][ C2] compact_node+0x17f/0x2c0 [ 69.233031][ C2] ? __pfx_compact_node+0x10/0x10 [ 69.234675][ C2] ? kcompactd+0xa8e/0xe00 [ 69.236333][ C2] ? rcu_is_watching+0x12/0xc0 [ 69.238259][ C2] kcompactd+0x74f/0xe00 [ 69.240386][ C2] ? __pfx_kcompactd+0x10/0x10 [ 69.242266][ C2] ? __kthread_parkme+0xbb/0x230 [ 69.243999][ C2] ? rcu_is_watching+0x12/0xc0 [ 69.245660][ C2] ? __pfx_autoremove_wake_function+0x10/0x10 [ 69.248297][ C2] ? __kthread_parkme+0x18c/0x230 [ 69.250481][ C2] ? kthread+0x13a/0x450 [ 69.252203][ C2] ? __pfx_kcompactd+0x10/0x10 [ 69.253875][ C2] kthread+0x370/0x450 [ 69.255414][ C2] ? __pfx_kthread+0x10/0x10 [ 69.257228][ C2] ret_from_fork+0x754/0xd80 [ 69.258834][ C2] ? __pfx_ret_from_fork+0x10/0x10 [ 69.261186][ C2] ? __switch_to+0x7b4/0x1120 [ 69.263350][ C2] ? __pfx_kthread+0x10/0x10 [ 69.265246][ C2] ret_from_fork_asm+0x1a/0x30 [ 69.267081][ C2] [ 69.268373][ C2] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 69.271144][ C2] CPU: 2 UID: 0 PID: 44 Comm: kcompactd0 Tainted: G L syzkaller #0 PREEMPT(full) [ 69.275492][ C2] Tainted: [L]=SOFTLOCKUP [ 69.277089][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 69.280716][ C2] Call Trace: [ 69.281972][ C2] [ 69.283184][ C2] dump_stack_lvl+0x100/0x190 [ 69.285168][ C2] vpanic+0x552/0x970 [ 69.286771][ C2] ? __pfx_vpanic+0x10/0x10 [ 69.288447][ C2] panic+0xd1/0xe0 [ 69.290017][ C2] ? __pfx_panic+0x10/0x10 [ 69.291862][ C2] ? check_panic_on_warn+0x1f/0x90 [ 69.293990][ C2] check_panic_on_warn.cold+0x19/0x34 [ 69.296388][ C2] ? inet_sock_destruct+0x653/0x800 [ 69.298723][ C2] __warn.cold+0x191/0x348 [ 69.300825][ C2] __report_bug+0x296/0x3d0 [ 69.302713][ C2] ? inet_sock_destruct+0x653/0x800 [ 69.304865][ C2] ? __pfx___report_bug+0x10/0x10 [ 69.306563][ C2] ? ret_from_fork+0x754/0xd80 [ 69.308139][ C2] ? ret_from_fork_asm+0x1a/0x30 [ 69.309789][ C2] ? inet_sock_destruct+0x653/0x800 [ 69.311968][ C2] report_bug+0xb2/0x220 [ 69.313900][ C2] ? inet_sock_destruct+0x653/0x800 [ 69.316404][ C2] handle_bug+0x16a/0x2a0 [ 69.318505][ C2] exc_invalid_op+0x17/0x50 [ 69.320570][ C2] asm_exc_invalid_op+0x1a/0x20 [ 69.322655][ C2] RIP: 0010:inet_sock_destruct+0x653/0x800 [ 69.325154][ C2] Code: e3 4e ff e9 06 fd ff ff e8 7a 49 ff f7 90 0f 0b 90 e9 35 fe ff ff e8 6c 49 ff f7 90 0f 0b 90 e9 c5 fe ff ff e8 5e 49 ff f7 90 <0f> 0b 90 e9 04 ff ff ff e8 50 49 ff f7 90 0f 0b 90 e9 65 fe ff ff [ 69.333363][ C2] RSP: 0000:ffffc90000648d98 EFLAGS: 00010246 [ 69.336224][ C2] RAX: 0000000000000000 RBX: ffff888038524c80 RCX: ffffffff8a09b2c7 [ 69.339432][ C2] RDX: ffff88801d300000 RSI: ffffffff8a09b3c2 RDI: ffff88801d300000 [ 69.342385][ C2] RBP: 0000000000000f70 R08: 0000000000000005 R09: 0000000000000000 [ 69.344955][ C2] R10: 0000000000000f70 R11: 0000000000000000 R12: ffff888038524c80 [ 69.347594][ C2] R13: ffff888038524d10 R14: ffffffff81eebc9d R15: 0000000000000002 [ 69.350893][ C2] ? rcu_core+0x59d/0x10d0 [ 69.352955][ C2] ? inet_sock_destruct+0x557/0x800 [ 69.354930][ C2] ? inet_sock_destruct+0x652/0x800 [ 69.356661][ C2] ? inet_sock_destruct+0x652/0x800 [ 69.358320][ C2] ? __pfx_udp_destruct_sock+0x10/0x10 [ 69.360199][ C2] ? rcu_core+0x59d/0x10d0 [ 69.361631][ C2] __sk_destruct+0x85/0xbb0 [ 69.363112][ C2] ? rcu_core+0x59d/0x10d0 [ 69.364543][ C2] rcu_core+0x5a2/0x10d0 [ 69.366149][ C2] ? __pfx_rcu_core+0x10/0x10 [ 69.368409][ C2] ? run_timer_base+0x121/0x190 [ 69.370828][ C2] ? __pfx_run_timer_base+0x10/0x10 [ 69.373310][ C2] handle_softirqs+0x1eb/0x9e0 [ 69.375261][ C2] ? __pfx_handle_softirqs+0x10/0x10 [ 69.377474][ C2] __irq_exit_rcu+0xef/0x150 [ 69.379474][ C2] irq_exit_rcu+0x9/0x30 [ 69.381290][ C2] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 69.383710][ C2] [ 69.384982][ C2] [ 69.386324][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 69.388964][ C2] RIP: 0010:isolate_migratepages_block+0x55a/0x6870 [ 69.392141][ C2] Code: 48 c7 44 24 30 00 00 00 00 48 c7 44 24 18 00 00 00 00 48 89 44 24 60 e8 a4 c2 b4 ff 0f b6 5c 24 17 31 ff 89 de e8 e6 bc b4 ff <84> db 0f 84 a4 00 00 00 e8 89 c2 b4 ff 48 8b 5c 24 20 4c 89 fe 48 [ 69.400574][ C2] RSP: 0000:ffffc900007cf7f8 EFLAGS: 00000293 [ 69.403113][ C2] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff82543a8a [ 69.406602][ C2] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88801d300000 [ 69.410134][ C2] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 69.413007][ C2] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900007cfb60 [ 69.416397][ C2] R13: ffffea00002466c0 R14: dffffc0000000000 R15: 000000000000919c [ 69.419745][ C2] ? isolate_migratepages_block+0x55a/0x6870 [ 69.422390][ C2] ? isolate_migratepages_block+0x55a/0x6870 [ 69.425399][ C2] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 69.428302][ C2] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 69.430537][ C2] ? __pfx___might_resched+0x10/0x10 [ 69.432337][ C2] compact_zone+0xf9f/0x44c0 [ 69.433830][ C2] ? do_raw_spin_lock+0x91/0x260 [ 69.435432][ C2] ? __pfx_compact_zone+0x10/0x10 [ 69.437079][ C2] ? lock_acquire+0x1cf/0x380 [ 69.438592][ C2] compact_node+0x17f/0x2c0 [ 69.440083][ C2] ? __pfx_compact_node+0x10/0x10 [ 69.441690][ C2] ? kcompactd+0xa8e/0xe00 [ 69.443162][ C2] ? rcu_is_watching+0x12/0xc0 [ 69.444690][ C2] kcompactd+0x74f/0xe00 [ 69.446124][ C2] ? __pfx_kcompactd+0x10/0x10 [ 69.447751][ C2] ? __kthread_parkme+0xbb/0x230 [ 69.449522][ C2] ? rcu_is_watching+0x12/0xc0 [ 69.451338][ C2] ? __pfx_autoremove_wake_function+0x10/0x10 [ 69.453522][ C2] ? __kthread_parkme+0x18c/0x230 [ 69.455140][ C2] ? kthread+0x13a/0x450 [ 69.456531][ C2] ? __pfx_kcompactd+0x10/0x10 [ 69.458063][ C2] kthread+0x370/0x450 [ 69.459410][ C2] ? __pfx_kthread+0x10/0x10 [ 69.460908][ C2] ret_from_fork+0x754/0xd80 [ 69.462382][ C2] ? __pfx_ret_from_fork+0x10/0x10 [ 69.464033][ C2] ? __switch_to+0x7b4/0x1120 [ 69.465543][ C2] ? __pfx_kthread+0x10/0x10 [ 69.467057][ C2] ret_from_fork_asm+0x1a/0x30 [ 69.468693][ C2] [ 69.470624][ C2] Kernel Offset: disabled [ 69.472084][ C2] Rebooting in 86400 seconds..