last executing test programs: 5m17.046230076s ago: executing program 32 (id=8764): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0xd6) fcntl$notify(r0, 0x402, 0x8000003d) close_range(r0, 0xffffffffffffffff, 0x2) 4m9.727093985s ago: executing program 4 (id=10504): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x64, 0x30, 0x871a15abc695fb3d, 0x0, 0x25dfdbfe, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x8a1, 0x2, 0x2, 0x4, 0x7}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0xfe33) 4m9.652112041s ago: executing program 4 (id=10517): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)={0x24, r1, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x18) 4m9.60666494s ago: executing program 4 (id=10511): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0xe, 0x0, &(0x7f0000000000)="9dbaac999f69835fbc2825cd64f1", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4m9.51412615s ago: executing program 4 (id=10515): r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x19102) 4m9.308766664s ago: executing program 4 (id=10521): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) 4m9.297364207s ago: executing program 4 (id=10523): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x34, 0x24, 0xd0f, 0x50bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0xc, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4}}]}, 0x34}}, 0x44080) 3m55.153691383s ago: executing program 33 (id=10838): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x2000) 3m54.204601164s ago: executing program 34 (id=10523): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x34, 0x24, 0xd0f, 0x50bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0xc, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4}}]}, 0x34}}, 0x44080) 2m25.867754713s ago: executing program 5 (id=12477): setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x800, @empty, 0xfffffffe}}, 0x80000, 0x0, 0x0, 0x0, 0xb3550aa4ba878396, 0x0, 0x4}, 0x9c) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x30, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {{}, {}, {0x14, 0x18, {0x8, @bearer=@udp='udp:syz0\x00'}}}}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x40001) r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000080), &(0x7f0000000000)="15", 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r1}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'streebog512-generic\x00'}}) 2m25.867477175s ago: executing program 5 (id=12478): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x40) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x0) sendmsg$key(r0, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)={0x2, 0x9, 0x0, 0x9, 0x2, 0x0, 0x70bd2b, 0x25dfdbfe}, 0x10}}, 0x0) 2m25.718263424s ago: executing program 5 (id=12479): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x4}) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f0000000240)) 2m25.718115714s ago: executing program 5 (id=12480): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x21d000, 0x0) pivot_root(&(0x7f00000002c0)='./file0/../file0/../file0\x00', &(0x7f00000000c0)='./file0\x00') 2m25.657983728s ago: executing program 5 (id=12481): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0) sendmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, &(0x7f0000000040), 0x0, 0x800}, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x400c000}, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000040), 0x4) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') 2m25.263316168s ago: executing program 1 (id=12483): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000000002000000", @ANYRES32=0x1], 0x50) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x1, 0x1000000}}}}}, 0x0) 2m25.184688724s ago: executing program 1 (id=12486): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0xf, 0x4, 0x8, 0x2}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB='\a'], 0x10) close(0x3) close(0x4) 2m25.18302626s ago: executing program 5 (id=12488): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000080), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r1, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r2}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r1], 0x48}}, 0x0) 2m25.046045169s ago: executing program 35 (id=12488): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000080), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r1, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r2}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r1], 0x48}}, 0x0) 2m25.028011933s ago: executing program 1 (id=12491): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0xb4, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c) listen(r0, 0x100101) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000180)=ANY=[], 0x8) accept4(r0, 0x0, 0x0, 0x80000) 2m24.945109884s ago: executing program 1 (id=12494): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) setns(r1, 0x24020000) syz_clone(0x5a280000, 0x0, 0x0, 0x0, 0x0, 0x0) 2m24.456198081s ago: executing program 1 (id=12503): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x201, 0x4000003e, r0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8}) 2m24.384944208s ago: executing program 1 (id=12505): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e21, @empty}], 0x10) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000080)={0x26, 0x6a, 0xa, 0x3, 0x0, 0x85, 0x6, 0x21, 0x85, 0x0, 0x81, 0x4c, 0x2}, 0xe) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x2a000}], 0x1, 0x0, 0x0, 0x804c040}, 0x0) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e21, @local}}}, 0x84) 2m20.064638014s ago: executing program 7 (id=12531): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x0, 0x8000, 0x1402}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x24044092) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd26, 0x25dfdbfb, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {}, {0xc, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x55}, 0xc010) 2m19.995127876s ago: executing program 7 (id=12533): r0 = epoll_create1(0x0) r1 = fcntl$dupfd(r0, 0x406, r0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0x20000002}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000001}) 2m19.897654078s ago: executing program 7 (id=12535): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(streebog512-generic,ecb-twofish-avx)\x00'}, 0x58) r1 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e00000001300100000000000000000007374726565626f673531322d67656e65726963"], 0xe0}}, 0x0) sendmsg$nl_crypto(r1, &(0x7f00000001c0)={0x0, 0x2, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0) 2m19.787202108s ago: executing program 7 (id=12536): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x21d000, 0x0) pivot_root(&(0x7f00000002c0)='./file0/../file0/../file0\x00', &(0x7f00000000c0)='./file0\x00') 2m19.751072457s ago: executing program 7 (id=12538): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0}, 0x0) sendmsg$rds(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 2m18.276749284s ago: executing program 7 (id=12563): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x25, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) rmdir(&(0x7f0000000000)='./file0\x00') 2m18.162470396s ago: executing program 36 (id=12563): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x25, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) rmdir(&(0x7f0000000000)='./file0\x00') 2m9.34142041s ago: executing program 37 (id=12505): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e21, @empty}], 0x10) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000080)={0x26, 0x6a, 0xa, 0x3, 0x0, 0x85, 0x6, 0x21, 0x85, 0x0, 0x81, 0x4c, 0x2}, 0xe) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x2a000}], 0x1, 0x0, 0x0, 0x804c040}, 0x0) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e21, @local}}}, 0x84) 1m50.348833411s ago: executing program 0 (id=13009): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@loopback, 0x0, 0x0, 0x0, 0xb, 0xa}, {0x0, 0xc, 0x10000000, 0x0, 0x0, 0xffffffffffffffff, 0x400}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x400, 0x0, 0x1, 0x0, 0x6}}, 0xb8}}, 0x8000) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b80000001900010025bd700000000000ff010000000000000000000000000001fe8000000000000000000000000000aa00000000000000000a001030"], 0xb8}, 0x1, 0x0, 0x0, 0x8041}, 0x0) r2 = socket$kcm(0xa, 0x922000000003, 0x11) sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x7, 0x4}, 0x80, 0x0}, 0x0) 1m50.254606724s ago: executing program 0 (id=13011): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00') mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='smaps_rollup\x00') 1m50.198454029s ago: executing program 0 (id=13013): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) recvfrom(r1, &(0x7f00000023c0)=""/231, 0xe7, 0x20, 0x0, 0x0) 1m50.09119841s ago: executing program 0 (id=13017): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000)=0xa0, 0x4) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) symlinkat(&(0x7f0000000200)='./file0/file0\x00', r0, &(0x7f0000000240)='./file0\x00') 1m49.997364437s ago: executing program 0 (id=13019): sendmsg$netlink(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)=[{0x0}], 0x1}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_mtu=0x4}) r0 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x40, 0x3, 0x117}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000640)=[{0x0}], 0x178) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="6a0ac4ff02"], 0x0}, 0x94) io_uring_register$IORING_REGISTER_FILES(r0, 0x1e, &(0x7f0000000000)=[r0], 0x1) 1m49.707352365s ago: executing program 0 (id=13024): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@host}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x6, 0x244c, 0xffffffffffffffff, 0x101, 0x0, 0xfffffffc}) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000000)={{@host, 0xffffffff}, 0x200000000000, 0x0, 0x0, 0xfffffffc}) 1m49.629654994s ago: executing program 38 (id=13024): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@host}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x6, 0x244c, 0xffffffffffffffff, 0x101, 0x0, 0xfffffffc}) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000000)={{@host, 0xffffffff}, 0x200000000000, 0x0, 0x0, 0xfffffffc}) 1m23.392608784s ago: executing program 8 (id=13458): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000750000/0x14000)=nil, &(0x7f0000125000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x100c8a2, 0xc000, 0x2, 0x348}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x13, 0x21cd, 0x0, &(0x7f0000000680)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x76, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB=')'], 0x50) io_uring_enter(r0, 0x221d, 0xcf75, 0x37, 0x0, 0x0) 1m23.291620403s ago: executing program 8 (id=13460): unshare(0x2040400) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x4) r2 = openat$cgroup_ro(r1, &(0x7f0000000000)='cgroup.freeze\x00', 0x5000000, 0x0) readv(r2, &(0x7f00000012c0)=[{&(0x7f0000002c40)=""/4081, 0xff1}], 0x1) 1m23.269355258s ago: executing program 8 (id=13461): mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f00000000c0)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000180)={0x8, 0x8000000004, 0x4, 0x0, 0x4, 0x6, 0x6, 0x0, 0x100fff}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) 1m23.215369668s ago: executing program 8 (id=13463): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0xc, &(0x7f0000000040)={0x0, 0x62bf, 0xdb00, 0x8, 0x29}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r0, 0x2219, 0x7721, 0x1f, 0x0, 0x0) 1m23.112195814s ago: executing program 8 (id=13465): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000140)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="56c78e3c733d76696e65459beb1fb664f6ce6c0c7274696f7874656e642c6163638173733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000000)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) write$binfmt_script(r0, &(0x7f0000000080)={'#! ', './file0', [{}, {0x20, '9p\x00'}], 0xa, "a3e5e03a7070de8de6546a722ca49e214119cd421a432e5b5a82e4c1e855ae35e7be342704b14020dfe04545"}, 0x3c) 1m23.069324893s ago: executing program 8 (id=13466): r0 = socket(0x15, 0x5, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) getsockopt(r0, 0x200000000114, 0x271e, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9) 1m8.045735908s ago: executing program 39 (id=13466): r0 = socket(0x15, 0x5, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) getsockopt(r0, 0x200000000114, 0x271e, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9) 16.521939158s ago: executing program 2 (id=14376): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0xfffffff9, 0x0, 0xd, "0062007d82000000000000002240f7ffffff00"}) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x4, 0x3, 0x80000000, 0xe331, 0x11, "c950799d731cb71b39895c097232cece668044"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000200)=0x17) 16.425062321s ago: executing program 2 (id=14379): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6313}], 0xfc, 0x200000000000000, 0x0}) 16.366045158s ago: executing program 2 (id=14381): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000), 0x10, 0x1}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1802"], 0x0}, 0x94) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180)) 16.238997471s ago: executing program 2 (id=14387): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x840) unshare(0x2c020400) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="000501"], 0x4) 15.29391444s ago: executing program 2 (id=14399): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0x10, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) 15.201058916s ago: executing program 2 (id=14401): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000180)={0x3b}, 0x8) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e21, @loopback}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7010fddbdf2505000000080009000200000008000c00a80a0000060001000500000008000b"], 0x3c}}, 0x20000034) 9.248090524s ago: executing program 9 (id=14464): readahead(0xffffffffffffffff, 0x6, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00'}, 0x80) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r2, 0x25, 0x4, @val=@uprobe_multi={0x0, 0x0, 0x0, 0xff}}, 0x40) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 9.141311453s ago: executing program 9 (id=14466): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="64670feea1096f00003e660f38054c880f323e26640fb9a9c94f660fc7b27f1a360f09366764f4660fdd40e69a3a00e300baa000b0e5ee", 0x37}], 0x1, 0x6, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8.122090895s ago: executing program 9 (id=14474): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 8.035785285s ago: executing program 9 (id=14475): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r1, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r1, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd}) fcntl$lock(r1, 0x26, &(0x7f00000000c0)={0x1, 0x2, 0x9, 0x401}) 8.021721059s ago: executing program 3 (id=14476): r0 = socket(0x1, 0x5, 0x0) close(r0) r1 = socket$inet6(0xa, 0x2, 0x0) shutdown(r1, 0x0) r2 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000440)={0x20000014}) epoll_pwait(r2, &(0x7f0000000140)=[{}], 0x1, 0x9, 0x0, 0x0) 7.917978391s ago: executing program 3 (id=14477): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 7.858471757s ago: executing program 3 (id=14478): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x5, 0x9}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x74, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x3, 0xf}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_EMATCHES={0x40, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0x34, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x5, 0x7, 0x4c2}, {{0x2}, {0xf0ffff, 0x1, 0x0, 0x1}}}}, @TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0x1fde, 0x3, 0x5}, {0x6, 0x2, 0x2}}}]}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x24000045}, 0x2008c014) 7.557059032s ago: executing program 3 (id=14480): r0 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0xd5) openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0) lseek(r2, 0x101, 0x1) 7.498123691s ago: executing program 3 (id=14481): modify_ldt$write(0x1, &(0x7f00000001c0)={0xfa, 0xffffffffdfffe7ff, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0x5, 0x0, 0x4000000000000004, 0x4, 0xfffffffffffffffb, 0x7, 0xfffffffffffffffa, 0x2002}, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r0, 0x1, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) 7.356891138s ago: executing program 6 (id=14484): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000340)='./binderfs/binder0\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f0000000180)=[@decrefs], 0x0, 0x0, 0x0}) 7.255828998s ago: executing program 6 (id=14485): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x20) ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140)) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000600)={0x1, 0x0, [{0x400000b0, 0x0, 0xfffffffffffffffd}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.153834693s ago: executing program 9 (id=14486): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000580)='smaps\x00') syz_usb_disconnect(0xffffffffffffffff) readv(r2, &(0x7f0000002e00)=[{&(0x7f0000000a80)=""/4096, 0x1000}], 0x1) 7.143840784s ago: executing program 6 (id=14487): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000340)=0x4, 0x12) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'hsr0\x00', 0x4}, 0x18) 7.045849896s ago: executing program 6 (id=14488): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) r2 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x4, 0x1, 0x5, 0x40000006, 0x3, 0x1, {0x1, 0x5, 0xff, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x40003ff, 0x1}}, {0x0, 0x11}}}, 0xa0) sendfile(r2, r2, &(0x7f0000000080)=0x2, 0x7f03) 7.02032539s ago: executing program 6 (id=14489): r0 = memfd_secret(0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ftruncate(r0, 0x51a9497) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 6.956940093s ago: executing program 6 (id=14490): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="6105"], 0xbe) 6.595345777s ago: executing program 3 (id=14491): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000240)="0f01390ff2f63e0fa10f01c966b80a00000066ba000000000f300f79d80f232d0f01c966b9024d564b0f32350280660f38dfec", 0x33}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@x86={0x4d, 0x4, 0x80, 0x0, 0x1000, 0x8, 0xaf, 0x7, 0x3, 0x80, 0xc9, 0xa, 0x0, 0x9, 0xf, 0x1, 0x71, 0x8d, 0x1, '\x00', 0xf8, 0x8000000000008001}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.448303939s ago: executing program 9 (id=14492): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4}, {}, {0x6, 0xffff}}, [@filter_kind_options=@f_bpf={{0x8}, {0xc, 0x2, [@TCA_BPF_FD={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0xc858}, 0x80) 0s ago: executing program 40 (id=14401): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000180)={0x3b}, 0x8) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e21, @loopback}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7010fddbdf2505000000080009000200000008000c00a80a0000060001000500000008000b"], 0x3c}}, 0x20000034) kernel console output (not intermixed with test programs): T40] audit: type=1400 audit(2000001306.247:32830): avc: denied { execmem } for pid=2469 comm="syz.6.13078" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 515.917559][ T2487] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13083'. [ 516.141364][ T5732] Bluetooth: hci0: command tx timeout [ 516.299444][ T2499] netlink: 'syz.6.13088': attribute type 1 has an invalid length. [ 516.332002][ T2499] 8021q: adding VLAN 0 to HW filter on device bond1 [ 516.365963][ T2499] bond1: (slave geneve2): making interface the new active one [ 516.370402][ T2499] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 516.424384][ T2503] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.13089'. [ 516.772519][ T2521] team0 (unregistering): Port device team_slave_0 removed [ 516.778436][ T2521] team0 (unregistering): Port device team_slave_1 removed [ 516.805652][ T2523] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 516.953599][ T2526] binder: 2525:2526 ioctl c0306201 200000000640 returned -22 [ 517.095412][ T2534] SELinux: ebitmap start bit (4294967168) is beyond the end of the bitmap (1472) [ 517.117933][ T2534] SELinux: failed to load policy [ 517.247065][ T5732] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 517.253605][ T5732] CPU: 2 UID: 0 PID: 5732 Comm: kworker/u33:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 517.253650][ T5732] Tainted: [L]=SOFTLOCKUP [ 517.253658][ T5732] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 517.253670][ T5732] Workqueue: hci1 hci_rx_work [ 517.253709][ T5732] Call Trace: [ 517.253733][ T5732] [ 517.253741][ T5732] dump_stack_lvl+0x100/0x190 [ 517.253767][ T5732] sysfs_warn_dup.cold+0x1c/0x28 [ 517.253793][ T5732] sysfs_create_dir_ns+0x24b/0x2b0 [ 517.253815][ T5732] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 517.253834][ T5732] ? find_held_lock+0x2b/0x80 [ 517.253850][ T5732] ? kobject_add_internal+0x25f/0x930 [ 517.253881][ T5732] ? kobject_add_internal+0x25f/0x930 [ 517.253907][ T5732] ? do_raw_spin_unlock+0x145/0x1e0 [ 517.253935][ T5732] kobject_add_internal+0x2c8/0x930 [ 517.253963][ T5732] kobject_add+0x16a/0x1e0 [ 517.253986][ T5732] ? __pfx_kobject_add+0x10/0x10 [ 517.254009][ T5732] ? class_to_subsys+0x10f/0x150 [ 517.254038][ T5732] ? kobject_put+0xb9/0x640 [ 517.254059][ T5732] ? _raw_spin_unlock+0x28/0x50 [ 517.254083][ T5732] device_add+0x294/0x1950 [ 517.254102][ T5732] ? __pfx_dev_set_name+0x10/0x10 [ 517.254125][ T5732] ? __pfx_device_add+0x10/0x10 [ 517.254144][ T5732] ? mgmt_send_event_skb+0x2fb/0x460 [ 517.254170][ T5732] hci_conn_add_sysfs+0x1a3/0x260 [ 517.254194][ T5732] le_conn_complete_evt+0x11eb/0x1f60 [ 517.254221][ T5732] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 517.254247][ T5732] hci_le_conn_complete_evt+0x23c/0x3a0 [ 517.254268][ T5732] ? skb_pull_data+0x15f/0x1e0 [ 517.254291][ T5732] hci_le_meta_evt+0x34a/0x5f0 [ 517.254313][ T5732] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 517.254336][ T5732] hci_event_packet+0x51c/0xcd0 [ 517.254354][ T5732] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 517.254375][ T5732] ? __pfx_hci_event_packet+0x10/0x10 [ 517.254397][ T5732] ? kcov_remote_start+0x374/0x660 [ 517.254417][ T5732] ? lockdep_hardirqs_on+0x78/0x100 [ 517.254444][ T5732] hci_rx_work+0x451/0xfc0 [ 517.254467][ T5732] process_one_work+0xa0e/0x1980 [ 517.254547][ T5732] ? __pfx_process_one_work+0x10/0x10 [ 517.254580][ T5732] ? __pfx_hci_rx_work+0x10/0x10 [ 517.254601][ T5732] worker_thread+0x5ef/0xe50 [ 517.254633][ T5732] ? kthread+0x13a/0x450 [ 517.254651][ T5732] ? __pfx_worker_thread+0x10/0x10 [ 517.254672][ T5732] kthread+0x370/0x450 [ 517.254690][ T5732] ? __pfx_kthread+0x10/0x10 [ 517.254712][ T5732] ret_from_fork+0x72b/0xd50 [ 517.254736][ T5732] ? __pfx_ret_from_fork+0x10/0x10 [ 517.254759][ T5732] ? __switch_to+0x800/0x1100 [ 517.254784][ T5732] ? __pfx_kthread+0x10/0x10 [ 517.254805][ T5732] ret_from_fork_asm+0x1a/0x30 [ 517.254842][ T5732] [ 517.254961][ T5732] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 517.358960][ T5732] Bluetooth: hci1: failed to register connection device [ 517.671563][ T2568] SELinux: ebitmap: empty map [ 517.677973][ T2568] SELinux: failed to load policy [ 517.994264][ T2593] netlink: 8 bytes leftover after parsing attributes in process `syz.9.13124'. [ 518.231670][ T5732] Bluetooth: hci0: command tx timeout [ 518.459028][ T2618] program syz.2.13134 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 519.521712][ T2714] netlink: 'syz.6.13167': attribute type 29 has an invalid length. [ 519.527274][ T2714] netlink: 'syz.6.13167': attribute type 29 has an invalid length. [ 519.538555][ T2714] netlink: 500 bytes leftover after parsing attributes in process `syz.6.13167'. [ 520.261331][T15931] usb 11-1: new high-speed USB device number 18 using dummy_hcd [ 520.301514][ T5732] Bluetooth: hci0: command tx timeout [ 520.431391][T15931] usb 11-1: Using ep0 maxpacket: 32 [ 520.435567][T15931] usb 11-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 520.440585][T15931] usb 11-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 520.443854][T15931] usb 11-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 520.446716][T15931] usb 11-1: Product: syz [ 520.448205][T15931] usb 11-1: Manufacturer: syz [ 520.449830][T15931] usb 11-1: SerialNumber: syz [ 520.455551][T15931] usb 11-1: config 0 descriptor?? [ 520.457921][ T2740] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 520.462810][T15931] hub 11-1:0.0: bad descriptor, ignoring hub [ 520.465116][T15931] hub 11-1:0.0: probe with driver hub failed with error -5 [ 520.524624][ T40] kauditd_printk_skb: 183 callbacks suppressed [ 520.524641][ T40] audit: type=1400 audit(2000001311.107:33014): avc: denied { read } for pid=2743 comm="syz.2.13176" dev="nsfs" ino=4026533748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 520.538445][ T40] audit: type=1400 audit(2000001311.107:33015): avc: denied { open } for pid=2743 comm="syz.2.13176" path="net:[4026533748]" dev="nsfs" ino=4026533748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 520.548850][ T40] audit: type=1400 audit(2000001311.107:33016): avc: denied { create } for pid=2743 comm="syz.2.13176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 520.556186][ T40] audit: type=1400 audit(2000001311.117:33017): avc: denied { ioctl } for pid=2743 comm="syz.2.13176" path="socket:[129520]" dev="sockfs" ino=129520 ioctlcmd=0x48d2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 520.566571][ T40] audit: type=1400 audit(2000001311.147:33018): avc: denied { read write } for pid=2745 comm="syz.9.13178" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 520.575074][ T40] audit: type=1400 audit(2000001311.147:33019): avc: denied { open } for pid=2745 comm="syz.9.13178" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 520.584170][ T40] audit: type=1400 audit(2000001311.157:33020): avc: denied { map } for pid=2745 comm="syz.9.13178" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 520.674320][ T40] audit: type=1400 audit(2000001311.257:33021): avc: denied { mount } for pid=2753 comm="syz.2.13180" name="/" dev="ramfs" ino=131478 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 520.746252][ T40] audit: type=1400 audit(2000001311.327:33022): avc: denied { name_bind } for pid=2755 comm="syz.8.13181" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 520.770356][ T40] audit: type=1400 audit(2000001311.327:33023): avc: denied { node_bind } for pid=2755 comm="syz.8.13181" saddr=224.0.0.1 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 520.782372][T15931] usb 11-1: USB disconnect, device number 18 [ 521.542514][ T2803] netlink: 16 bytes leftover after parsing attributes in process `syz.6.13198'. [ 521.666024][ T2810] netlink: 1363 bytes leftover after parsing attributes in process `syz.6.13200'. [ 521.798286][ T2822] netlink: 16 bytes leftover after parsing attributes in process `syz.8.13207'. [ 521.802331][ T2822] netem: incorrect gi model size [ 521.807072][ T2822] netem: change failed [ 521.828847][ T1162] wlan1: Trigger new scan to find an IBSS to join [ 521.961042][ T2839] IPv4: Oversized IP packet from 127.202.26.0 [ 522.050727][ T1162] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 522.347956][ T2882] netlink: 'syz.6.13229': attribute type 4 has an invalid length. [ 522.357789][ T2882] netlink: 'syz.6.13229': attribute type 4 has an invalid length. [ 522.604772][ T2903] evm: overlay not supported [ 522.657132][T27198] usb 13-1: new high-speed USB device number 4 using dummy_hcd [ 522.811730][T27198] usb 13-1: too many configurations: 51, using maximum allowed: 8 [ 522.827855][T27198] usb 13-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 522.831904][T27198] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.835366][T27198] usb 13-1: Product: syz [ 522.837057][T27198] usb 13-1: Manufacturer: syz [ 522.838741][T27198] usb 13-1: SerialNumber: syz [ 522.891505][ T2921] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 523.064561][T27198] lan78xx 13-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 523.078028][T27198] lan78xx 13-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 523.083251][T27198] lan78xx 13-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 523.124536][T27198] lan78xx 13-1:1.0: probe with driver lan78xx failed with error -71 [ 523.137831][T27198] usb 13-1: USB disconnect, device number 4 [ 523.501495][ T5732] Bluetooth: hci1: command 0x0406 tx timeout [ 525.062525][ T3017] netlink: 16 bytes leftover after parsing attributes in process `syz.6.13270'. [ 526.064203][ T40] kauditd_printk_skb: 149 callbacks suppressed [ 526.064216][ T40] audit: type=1400 audit(2000001316.647:33173): avc: denied { read append } for pid=3042 comm="syz.8.13279" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 526.076956][ T40] audit: type=1400 audit(2000001316.657:33174): avc: denied { open } for pid=3042 comm="syz.8.13279" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 526.085031][ T40] audit: type=1400 audit(2000001316.657:33175): avc: denied { ioctl } for pid=3042 comm="syz.8.13279" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 526.129518][ T40] audit: type=1400 audit(2000001316.707:33176): avc: denied { write } for pid=3042 comm="syz.8.13279" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 526.197718][ T40] audit: type=1400 audit(2000001316.777:33177): avc: denied { create } for pid=3049 comm="syz.6.13282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 526.223190][ T40] audit: type=1400 audit(2000001316.807:33178): avc: denied { create } for pid=3049 comm="syz.6.13282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 526.231553][ T40] audit: type=1400 audit(2000001316.807:33179): avc: denied { ioctl } for pid=3049 comm="syz.6.13282" path="socket:[132334]" dev="sockfs" ino=132334 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 526.240224][ T40] audit: type=1400 audit(2000001316.817:33180): avc: denied { recv } for pid=5639 comm="sshd-session" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=51672 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 526.360735][ T40] audit: type=1400 audit(2000001316.937:33181): avc: denied { node_bind } for pid=3058 comm="syz.8.13286" saddr=224.0.0.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 526.381833][ T40] audit: type=1400 audit(2000001316.967:33182): avc: denied { create } for pid=3060 comm="syz.6.13287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 526.440849][ T3063] SELinux: failed to load policy [ 526.518241][ T3065] kvm: kvm [3064]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x1000000000000000 [ 526.623930][ T3067] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13290'. [ 526.678032][ T3070] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 526.853150][ T3076] input: syz1 as /devices/virtual/input/input63 [ 526.941912][ T1160] wlan1: Trigger new scan to find an IBSS to join [ 526.999046][ T3080] input: syz1 as /devices/virtual/input/input64 [ 527.888420][ T3116] binder: 3115:3116 ioctl c0306201 200000000000 returned -22 [ 527.991679][T25927] wlan1: Creating new IBSS network, BSSID fe:2e:87:44:e1:a8 [ 528.295126][ T3126] Bluetooth: MGMT ver 1.23 [ 529.210477][ T3158] netlink: 4 bytes leftover after parsing attributes in process `syz.6.13331'. [ 529.801606][ T39] usb 11-1: new high-speed USB device number 19 using dummy_hcd [ 529.812936][ T3176] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.13339'. [ 529.817488][ T3176] netlink: Unknown conntrack attr (0) [ 529.922007][ T3180] xt_hashlimit: size too large, truncated to 1048576 [ 529.983385][ T39] usb 11-1: Using ep0 maxpacket: 8 [ 529.987026][ T39] usb 11-1: config index 0 descriptor too short (expected 301, got 45) [ 529.991766][ T39] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 529.997346][ T39] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 530.005767][ T39] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 530.012386][ T39] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 530.026741][ T39] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 530.030721][ T39] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.250263][ T39] usb 11-1: usb_control_msg returned -32 [ 530.254863][ T39] usbtmc 11-1:16.0: can't read capabilities [ 530.491405][T29466] usb 14-1: new low-speed USB device number 5 using dummy_hcd [ 530.607111][ T3211] usbtmc 11-1:16.0: stb usb_control_msg returned -32 [ 530.619943][ T5807] usb 11-1: USB disconnect, device number 19 [ 530.624473][ T3209] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 530.631027][ T3209] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 530.638319][ T3213] netlink: 8 bytes leftover after parsing attributes in process `syz.8.13354'. [ 530.647906][ T3213] netlink: 8 bytes leftover after parsing attributes in process `syz.8.13354'. [ 530.677275][ T3198] netlink: 212348 bytes leftover after parsing attributes in process `syz.9.13348'. [ 530.692098][T29466] usb 14-1: unable to get BOS descriptor or descriptor too short [ 530.699537][T29466] usb 14-1: unable to read config index 0 descriptor/start: -71 [ 530.703379][T29466] usb 14-1: can't read configurations, error -71 [ 530.710211][ T3217] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(3) [ 530.713047][ T3217] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 530.721581][ T3217] vhci_hcd vhci_hcd.0: Device attached [ 530.729964][ T3217] : renamed from hsr0 (while UP) [ 530.748271][ T3218] vhci_hcd: connection closed [ 530.750120][ T161] vhci_hcd vhci_hcd.8: stop threads [ 530.755670][ T161] vhci_hcd vhci_hcd.8: release socket [ 530.757970][ T161] vhci_hcd vhci_hcd.8: disconnect device [ 531.161127][ T40] kauditd_printk_skb: 170 callbacks suppressed [ 531.164378][ T40] audit: type=1400 audit(2000001321.737:33353): avc: denied { name_bind } for pid=3221 comm="syz.6.13357" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 531.174207][ T40] audit: type=1400 audit(2000001321.747:33354): avc: denied { node_bind } for pid=3221 comm="syz.6.13357" saddr=224.0.0.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 531.234697][ T40] audit: type=1400 audit(2000001321.817:33355): avc: denied { read } for pid=3223 comm="syz.9.13358" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 531.251522][ T40] audit: type=1400 audit(2000001321.817:33356): avc: denied { open } for pid=3223 comm="syz.9.13358" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 531.271588][ T40] audit: type=1400 audit(2000001321.827:33357): avc: denied { ioctl } for pid=3223 comm="syz.9.13358" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 531.283704][ T40] audit: type=1400 audit(2000001321.857:33358): avc: denied { read write } for pid=1032 comm="syz-executor" name="loop8" dev="devtmpfs" ino=666 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 531.294866][ T40] audit: type=1400 audit(2000001321.857:33359): avc: denied { open } for pid=1032 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=666 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 531.307012][ T40] audit: type=1400 audit(2000001321.857:33360): avc: denied { ioctl } for pid=1032 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=666 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 531.318593][ T40] audit: type=1400 audit(2000001321.887:33361): avc: denied { prog_load } for pid=3225 comm="syz.6.13360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 531.328073][ T40] audit: type=1400 audit(2000001321.907:33362): avc: denied { prog_run } for pid=3225 comm="syz.6.13360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 531.448410][ T3231] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13361'. [ 531.635086][ T3244] : renamed from bond0 (while UP) [ 531.731821][ T1160] ip6_tunnel: syztnl0 xmit: Local address not yet configured! [ 531.738965][ T161] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 531.750493][ T161] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 531.755363][ T161] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 531.759343][ T161] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 532.182563][ T3277] netlink: 1319 bytes leftover after parsing attributes in process `syz.6.13378'. [ 532.476389][ T3290] kvm: user requested TSC rate below hardware speed [ 533.887877][ T3313] netlink: 52 bytes leftover after parsing attributes in process `syz.2.13392'. [ 533.899339][ T3313] bridge0: port 2(bridge_slave_1) entered disabled state [ 533.907981][ T3313] bridge0: port 1(bridge_slave_0) entered disabled state [ 534.841697][ T3262] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 535.144436][ T1162] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x2 [ 535.247963][ T3355] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13408'. [ 535.254418][ T3355] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13408'. [ 535.257584][ T3355] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13408'. [ 535.321347][T29466] usb 14-1: new high-speed USB device number 7 using dummy_hcd [ 535.361285][T27198] usb 13-1: new high-speed USB device number 5 using dummy_hcd [ 535.488108][T29466] usb 14-1: Using ep0 maxpacket: 8 [ 535.492731][T29466] usb 14-1: config index 0 descriptor too short (expected 301, got 45) [ 535.501971][T29466] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 535.511975][T29466] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 535.522300][T27198] usb 13-1: Using ep0 maxpacket: 8 [ 535.523439][T29466] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 535.526440][T27198] usb 13-1: config index 0 descriptor too short (expected 301, got 45) [ 535.533640][T29466] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 535.538121][T27198] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 535.541446][T29466] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 535.547574][T27198] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 535.551740][T29466] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.559869][T27198] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 535.568019][T27198] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 535.573454][T27198] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 535.576833][T27198] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.591328][ C3] ip6_tunnel: syztnl0 xmit: Local address not yet configured! [ 535.771137][T29466] usb 14-1: GET_CAPABILITIES returned 0 [ 535.775412][T29466] usbtmc 14-1:16.0: can't read capabilities [ 535.822471][T27198] usb 13-1: usb_control_msg returned -32 [ 535.827214][T27198] usbtmc 13-1:16.0: can't read capabilities [ 535.866627][ T3398] netlink: 'syz.2.13422': attribute type 7 has an invalid length. [ 535.881876][ T3398] netlink: 'syz.2.13422': attribute type 7 has an invalid length. [ 535.979993][T27198] usb 14-1: USB disconnect, device number 7 [ 536.030274][ T39] usb 13-1: USB disconnect, device number 5 [ 536.070821][ T3406] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 536.193313][ T40] kauditd_printk_skb: 110 callbacks suppressed [ 536.193328][ T40] audit: type=1400 audit(2000001326.777:33473): avc: denied { create } for pid=3408 comm="syz.6.13427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 536.204699][ T40] audit: type=1400 audit(2000001326.787:33474): avc: denied { bind } for pid=3408 comm="syz.6.13427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 536.212983][ T40] audit: type=1400 audit(2000001326.787:33475): avc: denied { accept } for pid=3408 comm="syz.6.13427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 536.291855][ T40] audit: type=1400 audit(2000001326.877:33476): avc: denied { setopt } for pid=3412 comm="syz.6.13429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 536.302082][ T40] audit: type=1400 audit(2000001326.887:33477): avc: denied { write } for pid=3412 comm="syz.6.13429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 536.311532][ T40] audit: type=1400 audit(2000001326.897:33478): avc: denied { read } for pid=3412 comm="syz.6.13429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 536.358486][ T40] audit: type=1400 audit(2000001326.937:33479): avc: denied { mounton } for pid=3414 comm="syz.6.13430" path="/630/file0" dev="tmpfs" ino=3266 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 536.368427][ T40] audit: type=1400 audit(2000001326.937:33480): avc: denied { unlink } for pid=3414 comm="syz.6.13430" name="#2a" dev="tmpfs" ino=3272 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 536.368751][ T3415] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 536.377664][ T40] audit: type=1400 audit(2000001326.947:33481): avc: denied { mount } for pid=3414 comm="syz.6.13430" name="/" dev="overlay" ino=3267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 536.403337][ T3415] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 536.411363][ T3415] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 536.440350][ T40] audit: type=1400 audit(2000001327.017:33482): avc: denied { unmount } for pid=29280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 536.897961][ T3435] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13439'. [ 536.902322][ T3435] netlink: 12 bytes leftover after parsing attributes in process `syz.6.13439'. [ 536.907265][ T3435] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13439'. [ 536.910917][ T3435] netlink: 12 bytes leftover after parsing attributes in process `syz.6.13439'. [ 536.976319][ T3439] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13441'. [ 537.069700][ T3445] bond2: Invalid ad_actor_system MAC address. [ 537.072366][ T3445] bond2: option ad_actor_system: invalid value (27571) [ 537.079949][ T3445] bond2 (unregistering): Released all slaves [ 537.154258][ T3453] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 537.249757][ T3456] KVM: debugfs: duplicate directory 3456-5 [ 537.560027][ T3462] binder: 3461:3462 ioctl c0306201 2000000001c0 returned -14 [ 537.613672][ T3460] __nla_validate_parse: 1 callbacks suppressed [ 537.613693][ T3460] netlink: 348 bytes leftover after parsing attributes in process `syz.2.13450'. [ 538.198607][ T3482] netlink: 20 bytes leftover after parsing attributes in process `syz.2.13459'. [ 538.391477][ T3492] netfs: Couldn't get user pages (rc=-14) [ 538.738498][ T3496] netlink: 'syz.6.13467': attribute type 13 has an invalid length. [ 538.742225][ T3496] netlink: 4 bytes leftover after parsing attributes in process `syz.6.13467'. [ 538.803894][ T3496] netlink: 'syz.6.13467': attribute type 13 has an invalid length. [ 538.810857][ T3496] netlink: 4 bytes leftover after parsing attributes in process `syz.6.13467'. [ 539.335905][ T3509] netlink: 'syz.2.13473': attribute type 4 has an invalid length. [ 539.339733][ T3509] netlink: 156 bytes leftover after parsing attributes in process `syz.2.13473'. [ 539.344941][ T3509] bond_slave_1: mtu greater than device maximum [ 539.700960][ T3518] netlink: 'syz.9.13477': attribute type 20 has an invalid length. [ 539.704711][ T3518] netlink: 4 bytes leftover after parsing attributes in process `syz.9.13477'. [ 539.708939][ T3518] netlink: 'syz.9.13477': attribute type 20 has an invalid length. [ 539.714242][ T3518] netlink: 4 bytes leftover after parsing attributes in process `syz.9.13477'. [ 540.296159][ T3534] input: syz1 as /devices/virtual/input/input65 [ 540.973083][ T3559] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3559 comm=syz.2.13495 [ 540.985114][ T3559] ip6gre1: entered promiscuous mode [ 540.987525][ T3559] ip6gre1: entered allmulticast mode [ 541.213199][ T40] kauditd_printk_skb: 95 callbacks suppressed [ 541.213218][ T40] audit: type=1400 audit(2000001331.797:33578): avc: denied { create } for pid=3565 comm="syz.2.13498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 541.229278][ T40] audit: type=1400 audit(2000001331.797:33579): avc: denied { bind } for pid=3565 comm="syz.2.13498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 541.249393][ T40] audit: type=1400 audit(2000001331.797:33580): avc: denied { setopt } for pid=3565 comm="syz.2.13498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 541.263416][ T40] audit: type=1400 audit(2000001331.797:33581): avc: denied { accept } for pid=3565 comm="syz.2.13498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 541.271939][ T40] audit: type=1400 audit(2000001331.797:33582): avc: denied { write } for pid=3565 comm="syz.2.13498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 541.280107][ T40] audit: type=1400 audit(2000001331.827:33583): avc: denied { create } for pid=3567 comm="syz.9.13499" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 541.288169][ T40] audit: type=1400 audit(2000001331.827:33584): avc: denied { setopt } for pid=3567 comm="syz.9.13499" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 541.296623][ T40] audit: type=1400 audit(2000001331.827:33585): avc: denied { read } for pid=3567 comm="syz.9.13499" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 541.304799][ T40] audit: type=1400 audit(2000001331.887:33586): avc: denied { write } for pid=3567 comm="syz.9.13499" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 541.349841][ T40] audit: type=1400 audit(2000001331.927:33587): avc: denied { unlink } for pid=3572 comm="syz.2.13501" name="#2e" dev="tmpfs" ino=678 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 541.413969][ T3578] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.13503'. [ 543.194587][ T3615] pim6reg1: entered promiscuous mode [ 543.197081][ T3615] pim6reg1: entered allmulticast mode [ 543.298436][ T3618] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 543.301840][ T3618] IPv6: NLM_F_CREATE should be set when creating new route [ 543.448634][ T3628] netlink: 'syz.9.13522': attribute type 8 has an invalid length. [ 543.452358][ T3628] netlink: 4 bytes leftover after parsing attributes in process `syz.9.13522'. [ 543.751361][ C3] ip6_tunnel: syztnl0 xmit: Local address not yet configured! [ 544.022964][ T3644] xt_hashlimit: size too large, truncated to 1048576 [ 544.077713][ T3649] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.087408][ T3649] bridge_slave_0 (unregistering): left allmulticast mode [ 544.090181][ T3649] bridge_slave_0 (unregistering): left promiscuous mode [ 544.094709][ T3649] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.276928][ T3657] netlink: 48 bytes leftover after parsing attributes in process `syz.6.13530'. [ 544.477611][ T3669] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13536'. [ 544.524603][ T3672] netlink: 76 bytes leftover after parsing attributes in process `syz.9.13538'. [ 544.597494][ T3676] netlink: 'syz.9.13540': attribute type 11 has an invalid length. [ 544.601323][ T3676] netlink: 4 bytes leftover after parsing attributes in process `syz.9.13540'. [ 544.618843][T25923] netdevsim netdevsim9 netdevsim0: set [0, 1] type 1 family 0 port 8472 - 0 [ 544.618921][ T3676] netlink: 'syz.9.13540': attribute type 11 has an invalid length. [ 544.623003][T25923] netdevsim netdevsim9 netdevsim1: set [0, 1] type 1 family 0 port 8472 - 0 [ 544.626408][ T3676] netlink: 4 bytes leftover after parsing attributes in process `syz.9.13540'. [ 544.634466][T25923] netdevsim netdevsim9 netdevsim2: set [0, 1] type 1 family 0 port 8472 - 0 [ 544.638547][T25923] netdevsim netdevsim9 netdevsim3: set [0, 1] type 1 family 0 port 8472 - 0 [ 545.065100][ T3699] netlink: 28 bytes leftover after parsing attributes in process `syz.9.13550'. [ 545.310014][ T3714] netlink: 24 bytes leftover after parsing attributes in process `syz.9.13557'. [ 545.314551][ T3714] netlink: 24 bytes leftover after parsing attributes in process `syz.9.13557'. [ 545.562499][ T3727] binder: 3726:3727 ioctl c0306201 200000000640 returned -22 [ 545.714473][ T3733] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 545.831902][ T3741] xt_hashlimit: size too large, truncated to 1048576 [ 545.973113][ T3739] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13569'. [ 546.162942][ T3767] xt_hashlimit: size too large, truncated to 1048576 [ 546.230682][ T40] kauditd_printk_skb: 119 callbacks suppressed [ 546.230732][ T40] audit: type=1400 audit(2000001336.797:33707): avc: denied { create } for pid=3765 comm="syz.6.13581" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 546.262382][ T40] audit: type=1400 audit(2000001336.817:33708): avc: denied { recv } for pid=28 comm="ksoftirqd/1" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=51672 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 546.274962][ T40] audit: type=1400 audit(2000001336.817:33709): avc: denied { connect } for pid=3765 comm="syz.6.13581" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 546.284774][ T40] audit: type=1400 audit(2000001336.817:33710): avc: denied { write } for pid=3765 comm="syz.6.13581" laddr=fe80::13 lport=60 faddr=ff01::1 fport=3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 546.450901][ T40] audit: type=1400 audit(2000001337.027:33711): avc: denied { bind } for pid=3777 comm="syz.6.13587" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 546.452514][ T3778] xt_hashlimit: size too large, truncated to 1048576 [ 546.463541][ T40] audit: type=1400 audit(2000001337.027:33712): avc: denied { setopt } for pid=3777 comm="syz.6.13587" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 546.477210][ T40] audit: type=1400 audit(2000001337.047:33713): avc: denied { read write } for pid=3780 comm="syz.9.13586" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 546.490317][ T40] audit: type=1400 audit(2000001337.047:33714): avc: denied { open } for pid=3780 comm="syz.9.13586" path="/dev/raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 546.503321][ T40] audit: type=1400 audit(2000001337.047:33715): avc: denied { ioctl } for pid=3780 comm="syz.9.13586" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 546.515342][ T40] audit: type=1400 audit(2000001337.087:33716): avc: denied { create } for pid=3777 comm="syz.6.13587" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 546.701368][ T39] usb 14-1: new high-speed USB device number 8 using dummy_hcd [ 546.854198][ T39] usb 14-1: config 0 has an invalid interface number: 50 but max is 0 [ 546.857683][ T39] usb 14-1: config 0 has no interface number 0 [ 546.859888][ T39] usb 14-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 546.865847][ T39] usb 14-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 546.869494][ T39] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.873117][ T39] usb 14-1: Product: syz [ 546.874785][ T39] usb 14-1: Manufacturer: syz [ 546.876517][ T39] usb 14-1: SerialNumber: syz [ 546.880371][ T39] usb 14-1: config 0 descriptor?? [ 546.887533][ T39] yurex 14-1:0.50: USB YUREX device now attached to Yurex #0 [ 547.088414][ T39] usb 14-1: USB disconnect, device number 8 [ 547.096113][ T39] yurex 14-1:0.50: USB YUREX #0 now disconnected [ 549.603203][ T3791] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 549.768507][ T3856] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 549.941593][T27198] usb 11-1: new full-speed USB device number 20 using dummy_hcd [ 550.105768][T27198] usb 11-1: unable to get BOS descriptor or descriptor too short [ 550.111435][T27198] usb 11-1: unable to read config index 0 descriptor/start: -71 [ 550.114971][T27198] usb 11-1: can't read configurations, error -71 [ 550.311631][ T5821] usb 14-1: new high-speed USB device number 9 using dummy_hcd [ 550.371355][ T39] libceph: connect (1)[c::]:6789 error -101 [ 550.374447][ T39] libceph: mon0 (1)[c::]:6789 connect error [ 550.469176][ T3875] ceph: No mds server is up or the cluster is laggy [ 550.471308][ T5821] usb 14-1: Using ep0 maxpacket: 8 [ 550.476785][ T5821] usb 14-1: config index 0 descriptor too short (expected 301, got 45) [ 550.480709][ T5821] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 550.502468][ T5821] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 550.506947][ T5821] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 550.511475][ T5821] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 550.517274][ T5821] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 550.521811][ T5821] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.749678][ T5821] usb 14-1: usb_control_msg returned -32 [ 550.753581][ T5821] usbtmc 14-1:16.0: can't read capabilities [ 551.104591][ T3894] usbtmc 14-1:16.0: INITIATE_CLEAR returned 0 [ 551.311837][ T39] usb 14-1: USB disconnect, device number 9 [ 551.561872][ T40] kauditd_printk_skb: 70 callbacks suppressed [ 551.561890][ T40] audit: type=1400 audit(2000001342.137:33787): avc: denied { create } for pid=3897 comm="syz.2.13633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 551.574711][ T40] audit: type=1400 audit(2000001342.147:33788): avc: denied { map_read map_write } for pid=3899 comm="syz.6.13634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 551.586438][ T40] audit: type=1400 audit(2000001342.147:33789): avc: denied { bind } for pid=3897 comm="syz.2.13633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 551.596064][ T40] audit: type=1400 audit(2000001342.157:33790): avc: denied { setopt } for pid=3897 comm="syz.2.13633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 551.605017][ T40] audit: type=1400 audit(2000001342.157:33791): avc: denied { accept } for pid=3897 comm="syz.2.13633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 551.613776][ T40] audit: type=1400 audit(2000001342.157:33792): avc: denied { write } for pid=3897 comm="syz.2.13633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 551.625777][ T40] audit: type=1400 audit(2000001342.207:33793): avc: denied { read } for pid=3897 comm="syz.2.13633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 551.764426][ T40] audit: type=1400 audit(2000001342.347:33794): avc: denied { mount } for pid=3907 comm="syz.6.13637" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 551.891318][ T40] audit: type=1400 audit(2000001342.467:33795): avc: denied { create } for pid=3914 comm="syz.6.13641" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 551.901774][ T40] audit: type=1400 audit(2000001342.487:33796): avc: denied { bind } for pid=3914 comm="syz.6.13641" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 551.975558][ T3918] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 551.986986][ T3918] iommufd_mock iommufd_mock1: Adding to iommu group 10 [ 552.044467][ T3920] __nla_validate_parse: 1 callbacks suppressed [ 552.044486][ T3920] netlink: 27 bytes leftover after parsing attributes in process `syz.9.13643'. [ 553.178270][ T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 553.661279][ T5732] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 553.707576][ T5732] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 553.743106][ T5732] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 553.782661][ T5732] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 553.852995][ T5732] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 554.351518][T27198] libceph: connect (1)[b::]:6789 error -101 [ 554.354188][T27198] libceph: mon0 (1)[b::]:6789 connect error [ 554.380468][ T3256] libceph: connect (1)[c::]:6789 error -101 [ 554.383988][ T3256] libceph: mon0 (1)[c::]:6789 connect error [ 554.641775][T27198] libceph: connect (1)[b::]:6789 error -101 [ 554.644550][T27198] libceph: mon0 (1)[b::]:6789 connect error [ 554.659516][ T3256] libceph: connect (1)[c::]:6789 error -101 [ 554.662421][ T3256] libceph: mon0 (1)[c::]:6789 connect error [ 554.965588][ T3944] ceph: No mds server is up or the cluster is laggy [ 554.969213][ T3947] ceph: No mds server is up or the cluster is laggy [ 555.249357][ T3953] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13654'. [ 555.254346][ T3953] netlink: 12 bytes leftover after parsing attributes in process `syz.6.13654'. [ 555.804339][ T3953] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13654'. [ 555.807704][ T3953] netlink: 12 bytes leftover after parsing attributes in process `syz.6.13654'. [ 555.856575][ T3929] xfrm0 speed is unknown, defaulting to 1000 [ 555.859796][ T3929] wg1 speed is unknown, defaulting to 1000 [ 556.061315][ T5732] Bluetooth: hci2: command tx timeout [ 556.534559][ T4006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13671'. [ 556.535021][ T3929] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.538640][ T4006] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13671'. [ 556.542747][ T3929] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.546564][ T4006] netlink: 'syz.2.13671': attribute type 20 has an invalid length. [ 556.548785][ T3929] bridge_slave_0: entered allmulticast mode [ 556.556324][ T3929] bridge_slave_0: entered promiscuous mode [ 556.578359][ T4006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13671'. [ 556.578412][ T3929] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.578481][ T3929] bridge0: port 2(bridge_slave_1) entered disabled state [ 556.583310][ T4006] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13671'. [ 556.585926][ T3929] bridge_slave_1: entered allmulticast mode [ 556.588548][ T4006] netlink: 'syz.2.13671': attribute type 20 has an invalid length. [ 556.593404][ T3929] bridge_slave_1: entered promiscuous mode [ 556.604177][ T161] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 556.607929][ T161] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 556.620045][ T161] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 556.683278][ T40] kauditd_printk_skb: 87 callbacks suppressed [ 556.683294][ T40] audit: type=1400 audit(2000001347.267:33884): avc: denied { ioctl } for pid=4012 comm="syz.9.13674" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=135887 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 556.705517][ T161] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 556.711994][ T40] audit: type=1400 audit(2000001347.287:33885): avc: denied { execmem } for pid=4012 comm="syz.9.13674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 556.713932][ T3929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 556.724301][ T40] audit: type=1400 audit(2000001347.287:33886): avc: denied { execute } for pid=4012 comm="syz.9.13674" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=137599 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 556.725722][ T3929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 556.754570][ T40] audit: type=1400 audit(2000001347.337:33887): avc: denied { read } for pid=4012 comm="syz.9.13674" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=135887 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 556.794730][ T3929] team0: Port device team_slave_0 added [ 556.828708][ T40] audit: type=1400 audit(2000001347.407:33888): avc: denied { create } for pid=4020 comm="syz.9.13676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 556.858604][ T40] audit: type=1400 audit(2000001347.417:33889): avc: denied { connect } for pid=4020 comm="syz.9.13676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 556.869103][ T40] audit: type=1400 audit(2000001347.417:33890): avc: denied { ioctl } for pid=4020 comm="syz.9.13676" path="socket:[137610]" dev="sockfs" ino=137610 ioctlcmd=0x7436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 556.892299][ T3929] team0: Port device team_slave_1 added [ 556.893176][ T40] audit: type=1400 audit(2000001347.477:33891): avc: denied { recv } for pid=23 comm="ksoftirqd/2" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=51672 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 556.912673][ T3929] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 556.916567][ T3929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 556.925604][ T3929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 556.932314][ T3929] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 556.935310][ T3929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 556.945144][ T3929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 556.991075][ T40] audit: type=1400 audit(2000001347.567:33892): avc: denied { read write } for pid=4028 comm="syz.2.13679" name="virtual_nci" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 557.001499][ T40] audit: type=1400 audit(2000001347.567:33893): avc: denied { open } for pid=4028 comm="syz.2.13679" path="/dev/virtual_nci" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 557.009407][ T3929] hsr_slave_0: entered promiscuous mode [ 557.015500][ T3929] hsr_slave_1: entered promiscuous mode [ 557.685342][ T4078] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 557.961684][T29466] usb 14-1: new high-speed USB device number 10 using dummy_hcd [ 558.111484][T29466] usb 14-1: Using ep0 maxpacket: 16 [ 558.116859][T29466] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 558.128011][T29466] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 558.134759][T29466] usb 14-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 558.138904][T29466] usb 14-1: New USB device strings: Mfr=34, Product=0, SerialNumber=0 [ 558.142867][T29466] usb 14-1: Manufacturer: syz [ 558.152776][ T5732] Bluetooth: hci2: command tx timeout [ 558.156133][T29466] usb 14-1: config 0 descriptor?? [ 558.247316][ T3929] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 558.255640][ T3929] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 558.259418][ T3929] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 558.265796][ T3929] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 558.269741][ T3929] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 558.278666][ T3929] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 558.285226][ T3929] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 558.289914][ T3929] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 558.384058][ T3929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 558.406734][ T3929] 8021q: adding VLAN 0 to HW filter on device team0 [ 558.419726][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 558.422974][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 558.437248][T25927] bridge0: port 2(bridge_slave_1) entered blocking state [ 558.440489][T25927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 558.583618][T29466] input: syz as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:0.0/0003:041E:3100.001B/input/input66 [ 558.655795][T29466] creative-sb0540 0003:041E:3100.001B: input,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.9-1/input0 [ 558.805274][ T9] usb 14-1: USB disconnect, device number 10 [ 558.868075][ T3929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 558.916861][ T3929] veth0_vlan: entered promiscuous mode [ 558.932925][ T3929] veth1_vlan: entered promiscuous mode [ 558.959361][ T3929] veth0_macvtap: entered promiscuous mode [ 558.969283][ T3929] veth1_macvtap: entered promiscuous mode [ 558.981979][ T3929] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 558.999682][ T3929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 559.015185][T25927] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.019322][T25927] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.026709][T25927] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.034583][T25927] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.168439][ T1160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 559.174090][ T1160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 559.203293][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 559.206794][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 559.315577][ T4156] netlink: 208240 bytes leftover after parsing attributes in process `syz.6.13703'. [ 559.615795][ T4181] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 559.677410][ T4189] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 559.751411][ C3] ip6_tunnel: syztnl0 xmit: Local address not yet configured! [ 559.833725][ T4198] SELinux: ebitmap: high bit 1536 is not equal to the expected value 1152 [ 559.844758][ T4198] SELinux: failed to load policy [ 560.221593][ T5732] Bluetooth: hci2: command tx timeout [ 560.385252][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 560.394628][ T39] usb 14-1: new high-speed USB device number 11 using dummy_hcd [ 560.571580][ T39] usb 14-1: Using ep0 maxpacket: 8 [ 560.577548][ T39] usb 14-1: config index 0 descriptor too short (expected 301, got 45) [ 560.583215][ T39] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 560.588263][ T39] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 560.593292][ T39] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 560.602159][ T39] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 560.607723][ T39] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 560.613735][ T39] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.834335][ T39] usb 14-1: usb_control_msg returned -32 [ 560.840525][ T39] usbtmc 14-1:16.0: can't read capabilities [ 561.254870][ T4260] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.13745'. [ 561.473019][ T4266] kvm: user requested TSC rate below hardware speed [ 561.479997][ T4266] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 561.800128][ T1694] usb 14-1: USB disconnect, device number 11 [ 561.832827][ T40] kauditd_printk_skb: 567 callbacks suppressed [ 561.832842][ T40] audit: type=1400 audit(2000001352.417:34461): avc: denied { prog_load } for pid=4274 comm="syz.2.13752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 561.843424][ T40] audit: type=1400 audit(2000001352.427:34462): avc: denied { bpf } for pid=4274 comm="syz.2.13752" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 561.852360][ T40] audit: type=1400 audit(2000001352.427:34463): avc: denied { perfmon } for pid=4274 comm="syz.2.13752" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 561.987041][ T40] audit: type=1400 audit(2000001352.567:34464): avc: denied { create } for pid=4278 comm="syz.2.13754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 561.997265][ T40] audit: type=1400 audit(2000001352.567:34465): avc: denied { bind } for pid=4278 comm="syz.2.13754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 562.006429][ T40] audit: type=1400 audit(2000001352.567:34466): avc: denied { setopt } for pid=4278 comm="syz.2.13754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 562.016818][ T40] audit: type=1400 audit(2000001352.567:34467): avc: denied { accept } for pid=4278 comm="syz.2.13754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 562.026266][ T40] audit: type=1400 audit(2000001352.567:34468): avc: denied { write } for pid=4278 comm="syz.2.13754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 562.041572][ T40] audit: type=1400 audit(2000001352.577:34469): avc: denied { read } for pid=4278 comm="syz.2.13754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 562.057028][ T40] audit: type=1400 audit(2000001352.637:34470): avc: denied { write } for pid=4280 comm="syz.2.13755" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 562.311978][ T5732] Bluetooth: hci2: command tx timeout [ 562.617367][ T4247] Set syz1 is full, maxelem 65536 reached [ 562.755281][ T4303] bridge0: port 3(vlan2) entered blocking state [ 562.758093][ T4303] bridge0: port 3(vlan2) entered disabled state [ 562.760895][ T4303] vlan2: entered allmulticast mode [ 562.764692][ T4303] ip6gretap0: entered allmulticast mode [ 562.768318][ T4303] vlan2: entered promiscuous mode [ 562.770521][ T4303] ip6gretap0: entered promiscuous mode [ 563.351242][ T4340] netlink: 'syz.6.13781': attribute type 3 has an invalid length. [ 563.730850][ T4365] netlink: 'syz.2.13792': attribute type 9 has an invalid length. [ 563.735295][ T4365] netlink: 32 bytes leftover after parsing attributes in process `syz.2.13792'. [ 563.865603][ T4375] loop2: detected capacity change from 0 to 7 [ 563.876740][ T4375] Dev loop2: unable to read RDB block 7 [ 563.879438][ T4375] loop2: unable to read partition table [ 563.882955][ T4375] loop2: partition table beyond EOD, truncated [ 563.885812][ T4375] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 563.953329][ T4379] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 563.972459][ T4381] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 563.998334][ T4379] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 564.005809][ T4379] overlayfs: failed to look up (tracing) for ino (-66) [ 564.226088][ T4399] veth1_macvtap: left promiscuous mode [ 564.229258][ T4399] macsec0: entered promiscuous mode [ 564.239749][ T4399] macsec0: entered allmulticast mode [ 564.269254][ T4399] veth1_macvtap: entered promiscuous mode [ 564.272835][ T4399] veth1_macvtap: entered allmulticast mode [ 564.275843][ T4399] macsec0: left promiscuous mode [ 564.278420][ T4399] macsec0: left allmulticast mode [ 564.280733][ T4399] veth1_macvtap: left allmulticast mode [ 564.745639][ T5821] libceph: connect (1)[c::]:6789 error -101 [ 564.747897][ T5821] libceph: mon0 (1)[c::]:6789 connect error [ 564.796487][T27198] libceph: connect (1)[c::]:6789 error -101 [ 564.799613][T27198] libceph: mon0 (1)[c::]:6789 connect error [ 564.900264][ T4438] SELinux: ebitmap: start bit 512 comes after start bit 768 [ 564.925281][ T4438] SELinux: failed to load policy [ 564.989474][ T4443] xt_hashlimit: size too large, truncated to 1048576 [ 565.019570][ T5821] libceph: connect (1)[c::]:6789 error -101 [ 565.021886][ T5821] libceph: mon0 (1)[c::]:6789 connect error [ 565.083122][T27198] libceph: connect (1)[c::]:6789 error -101 [ 565.090651][T27198] libceph: mon0 (1)[c::]:6789 connect error [ 565.325266][ T4458] xt_CT: No such helper "netbios-ns" [ 565.542891][ T4474] netlink: 'syz.3.13835': attribute type 1 has an invalid length. [ 565.543947][ T5821] libceph: connect (1)[c::]:6789 error -101 [ 565.546553][ T4474] netlink: 'syz.3.13835': attribute type 4 has an invalid length. [ 565.555469][ T4430] ceph: No mds server is up or the cluster is laggy [ 565.556565][ T5821] libceph: mon0 (1)[c::]:6789 connect error [ 565.557545][ T4474] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.13835'. [ 565.561812][ T4434] ceph: No mds server is up or the cluster is laggy [ 565.611653][T27198] libceph: connect (1)[c::]:6789 error -101 [ 565.614219][T27198] libceph: mon0 (1)[c::]:6789 connect error [ 565.893491][ T4486] tipc: Started in network mode [ 565.895181][ T4486] tipc: Node identity 9, cluster identity 4711 [ 565.901220][ T4486] tipc: Node number set to 9 [ 566.264392][ T4511] overlayfs: failed to set uuid (746/file1, err=-1); falling back to uuid=null. [ 566.267973][ T4511] overlayfs: failed to verify upper root origin [ 566.804052][ T4533] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 566.942007][ T40] kauditd_printk_skb: 166 callbacks suppressed [ 566.942024][ T40] audit: type=1400 audit(2000001357.527:34637): avc: denied { read } for pid=4538 comm="syz.6.13867" dev="nsfs" ino=4026533867 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 566.967104][ T40] audit: type=1400 audit(2000001357.527:34638): avc: denied { open } for pid=4538 comm="syz.6.13867" path="pid:[4026533867]" dev="nsfs" ino=4026533867 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 566.986325][ T40] audit: type=1400 audit(2000001357.537:34639): avc: denied { create } for pid=4539 comm="syz.2.13866" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 566.995796][ T40] audit: type=1400 audit(2000001357.537:34640): avc: denied { setopt } for pid=4539 comm="syz.2.13866" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 567.008041][ T40] audit: type=1400 audit(2000001357.537:34641): avc: denied { connect } for pid=4539 comm="syz.2.13866" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 567.020418][ T40] audit: type=1400 audit(2000001357.607:34642): avc: denied { module_request } for pid=4544 comm="syz.6.13870" kmod="rtnl-link-bridge_slave" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 567.037657][ T40] audit: type=1400 audit(2000001357.617:34643): avc: denied { perfmon } for pid=4547 comm="syz.9.13869" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 567.075617][ T4546] netlink: 40 bytes leftover after parsing attributes in process `syz.6.13870'. [ 567.079640][ T40] audit: type=1400 audit(2000001357.657:34644): avc: denied { create } for pid=4551 comm="syz.3.13871" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 567.089902][ T40] audit: type=1400 audit(2000001357.657:34645): avc: denied { write } for pid=4551 comm="syz.3.13871" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 567.110150][ T40] audit: type=1400 audit(2000001357.657:34646): avc: denied { read } for pid=4551 comm="syz.3.13871" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 567.146768][ T4558] 9pnet_virtio: no channels available for device syz [ 567.939556][ T4599] input: syz0 as /devices/virtual/input/input67 [ 567.952323][ T4599] input: failed to attach handler leds to device input67, error: -6 [ 568.055089][ T4601] gretap1: entered promiscuous mode [ 568.058881][ T4601] batman_adv: batadv0: Adding interface: gretap1 [ 568.066261][ T4601] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500. [ 568.077228][ T1433] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.083647][ T4601] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 569.006467][ T4623] netlink: 'syz.3.13904': attribute type 12 has an invalid length. [ 569.010149][ T4623] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13904'. [ 569.024057][T25923] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 569.024169][ T4623] netlink: 'syz.3.13904': attribute type 12 has an invalid length. [ 569.027930][T25923] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 569.032536][ T4623] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13904'. [ 569.036330][T25923] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 569.043703][T25923] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 569.201903][ T4629] veth0_to_team: entered promiscuous mode [ 569.208958][ T4629] veth0_to_team: left promiscuous mode [ 569.587352][ C0] vcan0: j1939_tp_rxtimer: 0xffff888036041800: rx timeout, send abort [ 569.590277][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888036041800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 570.307747][ T4693] input: syz0 as /devices/virtual/input/input68 [ 570.624406][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 571.332127][ T4748] netlink: 348 bytes leftover after parsing attributes in process `syz.9.13959'. [ 571.434048][ T7045] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 571.616175][ T4767] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 571.624289][ T4767] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 571.628266][ T4767] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 571.772739][ T1694] usb 11-1: new high-speed USB device number 22 using dummy_hcd [ 571.854103][ T4782] xfrm0 speed is unknown, defaulting to 1000 [ 571.868011][ T4782] wg1 speed is unknown, defaulting to 1000 [ 571.916418][ T4786] Bluetooth: MGMT ver 1.23 [ 571.921291][ T4786] Bluetooth: hci1: too big key_count value 41344 [ 571.931408][ T1694] usb 11-1: Using ep0 maxpacket: 16 [ 571.935794][ T1694] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 571.940653][ T1694] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 571.946771][ T1694] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 571.952877][ T1694] usb 11-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 571.956910][ T1694] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.967283][ T1694] usb 11-1: config 0 descriptor?? [ 571.971050][ T40] kauditd_printk_skb: 128 callbacks suppressed [ 571.971068][ T40] audit: type=1400 audit(2000001362.547:34775): avc: denied { mounton } for pid=4787 comm="syz.9.13975" path="/298/file0" dev="tmpfs" ino=1570 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 572.393037][ T1694] shield 0003:0955:7214.001C: unknown main item tag 0x0 [ 572.396259][ T1694] shield 0003:0955:7214.001C: unknown main item tag 0x0 [ 572.399552][ T1694] shield 0003:0955:7214.001C: unknown main item tag 0x0 [ 572.402668][ T1694] shield 0003:0955:7214.001C: unknown main item tag 0x0 [ 572.405652][ T1694] shield 0003:0955:7214.001C: unknown main item tag 0x0 [ 572.412544][ T1694] input: HID 0955:7214 Haptics as /devices/virtual/input/input69 [ 572.466028][ T7045] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 572.478720][ T1694] shield 0003:0955:7214.001C: Registered Thunderstrike controller [ 572.489499][ T1694] shield 0003:0955:7214.001C: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.6-1/input0 [ 572.554114][ T40] audit: type=1400 audit(2000001363.137:34776): avc: denied { egress } for pid=28 comm="ksoftirqd/1" saddr=fe80::a8aa:aaff:feaa:aa1b daddr=ff02::2 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 572.585253][ T40] audit: type=1400 audit(2000001363.167:34777): avc: denied { create } for pid=4759 comm="syz.6.13964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 572.595618][ T4761] netlink: 504 bytes leftover after parsing attributes in process `syz.6.13964'. [ 572.596711][ T40] audit: type=1400 audit(2000001363.177:34778): avc: denied { write } for pid=4759 comm="syz.6.13964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 572.602497][ T5821] usb 11-1: USB disconnect, device number 22 [ 572.609163][T27198] shield 0003:0955:7214.001C: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 572.625941][T27198] shield 0003:0955:7214.001C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 572.633759][T27198] shield 0003:0955:7214.001C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 572.644648][T27198] shield 0003:0955:7214.001C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 572.825008][ T40] audit: type=1400 audit(2000001363.407:34779): avc: denied { read write } for pid=1401 comm="syz-executor" name="loop9" dev="devtmpfs" ino=667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 572.836260][ T40] audit: type=1400 audit(2000001363.407:34780): avc: denied { open } for pid=1401 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 572.847139][ T40] audit: type=1400 audit(2000001363.407:34781): avc: denied { ioctl } for pid=1401 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=667 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 572.858540][ T40] audit: type=1400 audit(2000001363.437:34782): avc: denied { setopt } for pid=4792 comm="syz.9.13977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 572.910638][ T40] audit: type=1400 audit(2000001363.487:34783): avc: denied { read } for pid=4792 comm="syz.9.13977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 573.411264][T15931] usb 11-1: new high-speed USB device number 23 using dummy_hcd [ 573.512257][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 573.571351][T15931] usb 11-1: Using ep0 maxpacket: 8 [ 573.574428][T15931] usb 11-1: config index 0 descriptor too short (expected 301, got 45) [ 573.577239][T15931] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 573.580827][T15931] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 573.585525][T15931] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 573.589821][T15931] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 573.595557][T15931] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 573.599594][T15931] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.662006][T27198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 573.720159][ T4798] netlink: 'syz.9.13979': attribute type 7 has an invalid length. [ 573.723926][ T4798] netlink: 'syz.9.13979': attribute type 7 has an invalid length. [ 573.761861][ T40] audit: type=1400 audit(2000001364.347:34784): avc: denied { allowed } for pid=4799 comm="syz.9.13980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 573.814756][T15931] usb 11-1: usb_control_msg returned -32 [ 573.817107][T15931] usbtmc 11-1:16.0: can't read capabilities [ 574.523410][ T4807] usbtmc 11-1:16.0: usb_control_msg returned -71 [ 574.542287][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 574.677189][ T4811] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 574.724647][T15931] usb 11-1: USB disconnect, device number 23 [ 575.262456][ T5732] Bluetooth: hci4: command 0x0406 tx timeout [ 575.407098][ T4828] netlink: 'syz.6.13992': attribute type 10 has an invalid length. [ 575.410595][ T4828] netlink: 32 bytes leftover after parsing attributes in process `syz.6.13992'. [ 575.523739][ T4833] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13994'. [ 575.634975][ T4840] netlink: 'syz.9.13996': attribute type 3 has an invalid length. [ 575.735045][ T4847] ubi31: attaching mtd0 [ 575.739657][ T4847] ubi31: scanning is finished [ 575.929732][ T4847] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 575.933394][ T4847] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 575.937325][ T4847] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 575.940569][ T4847] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 575.946626][ T4847] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 575.949764][ T4847] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 575.954057][ T4847] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1779708972 [ 575.958570][ T4847] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 575.965988][ T4856] ubi31: background thread "ubi_bgt31d" started, PID 4856 [ 576.307861][ T4870] bad cache= option: noneg 440 [ 576.307861][ T4870] nr_mlock 0 [ 576.307861][ T4870] nr_zspages 1136 [ 576.307861][ T4870] nr_free_cma 0 [ 576.307861][ T4870] numa_hit 3551020 [ 576.307861][ T4870] numa_miss 499883 [ 576.307861][ T4870] numa_foreign 499883 [ 576.307861][ T4870] numa_interleave 8095 [ 576.307861][ T4870] numa_local 3542199 [ 576.307861][ T4870] numa_other 508704 [ 576.307861][ T4870] nr_inactive_anon 33174 [ 576.307861][ T4870] nr_active_anon 44420 [ 576.307861][ T4870] nr_inactive_file 16610 [ 576.307861][ T4870] nr_active_file 14745 [ 576.307861][ T4870] nr_unevictable 1768 [ 576.307861][ T4870] nr_slab_reclaimable 10348 [ 576.307861][ T4870] nr_slab_unreclaimable 101720 [ 576.307861][ T4870] nr_isolated_anon 0 [ 576.307861][ T4870] nr_isolated_file 0 [ 576.307861][ T4870] workingset_nodes 44 [ 576.307861][ T4870] workingset_refault_anon 13940 [ 576.307861][ T4870] workingset_refault_file 7068 [ 576.307861][ T4870] workingset_activate_anon 5945 [ 576.307861][ T4870] workingset_activate_file 6775 [ 576.307861][ T4870] workingset_restore_anon 0 [ 576.307861][ T4870] workingset_restore_file 1283 [ 576.307861][ T4870] workingset_nodereclaim 0 [ 576.307861][ T4870] nr_anon_pages 10026 [ 576.307861][ T4870] nr_mapped 28567 [ 576.307861][ T4870] nr_file_pages 100727 [ 576.307861][ T4870] nr_dirty 440 [ 576.307861][ T4870] nr_writeback 0 [ 576.307861][ T4870] nr_shmem 69125 [ 576.307861][ T4870] nr_shmem_hugepages 0 [ 576.307861][ T4870] nr_shmem_pmdmapped 0 [ 576.307861][ T4870] nr_file_hugepages 0 [ 576.307861][ T4870] nr_file_pmdmapped 0 [ 576.307861][ T4870] nr_anon_transparent_hugepages 0 [ 576.307861][ T4870] nr_vmscan_write 40269 [ 576.307861][ T4870] nr_vmscan_immediate_reclaim 4544 [ 576.307861][ T4870] nr_dirtied 37432 [ 576.307861][ T4870] nr_written 36988 [ 576.307861][ T4870] nr_throttled_written 0 [ 576.307861][ T4870] nr_kernel_misc_reclaimable 0 [ 576.307861][ T4870] nr_foll_pin_acquired 68516 [ 576.308307][ T4870] CIFS: VFS: bad cache= option: noneg 440 [ 576.308307][ T4870] nr_mlock 0 [ 576.308307][ T4870] nr_zspages 1136 [ 576.308307][ T4870] nr_free_cma 0 [ 576.308307][ T4870] numa_hit 3551020 [ 576.308307][ T4870] numa_miss 499883 [ 576.308307][ T4870] numa_foreign 499883 [ 576.308307][ T4870] numa_interleave 8095 [ 576.308307][ T4870] numa_local 3542199 [ 576.308307][ T4870] numa_other 508704 [ 576.308307][ T4870] nr_inactive_anon 33174 [ 576.308307][ T4870] nr_active_anon 44420 [ 576.308307][ T4870] nr_inactive_file 16610 [ 576.308307][ T4870] nr_active_file 14745 [ 576.308307][ T4870] nr_unevictable 1768 [ 576.308307][ T4870] nr_slab_reclaimable 10348 [ 576.308307][ T4870] nr_slab_unreclaimable 101720 [ 576.308307][ T4870] nr_isolated_anon 0 [ 576.308307][ T4870] nr_isolated_file 0 [ 576.308307][ T4870] workingset_nodes 44 [ 576.308307][ T4870] workingset_refault_anon 13940 [ 576.308307][ T4870] workingset_refault_file 7068 [ 576.308307][ T4870] workingset_activate_anon 5945 [ 576.308307][ T4870] workingset_activate_file 6775 [ 576.308307][ T4870] workingset_restore_anon 0 [ 576.308307][ T4870] workingset_restore_file 1283 [ 576.308307][ T4870] workingset_nodereclaim 0 [ 576.308307][ T4870] nr_anon_pages 10026 [ 576.308307][ T4870] nr_mapped 28567 [ 576.308307][ T4870] nr_file_pages 100727 [ 576.308307][ T4870] nr_dirty 440 [ 576.308307][ T4870] nr_writeback 0 [ 576.308307][ T4870] nr_shmem 69125 [ 576.308307][ T4870] nr_shmem_hugepages 0 [ 576.308307][ T4870] nr_shmem_pmdmapped 0 [ 576.308307][ T4870] nr_file_hugepages 0 [ 576.308307][ T4870] nr_file_pmdmapped 0 [ 576.308307][ T4870] nr_anon_transparent_hugepages 0 [ 576.308307][ T4870] nr_vmscan_write 40269 [ 576.308307][ T4870] nr_vmscan_immediate_reclaim 4544 [ 576.308307][ T4870] nr_dirtied 37432 [ 576.308307][ T4870] nr_written 36988 [ 576.308307][ T4870] nr_throttled_written 0 [ 576.308307][ T4870] nr_kernel_misc_reclaimable 0 [ 576.308307][ T4870] nr_foll_pin_acquired 68516 [ 576.385348][T29468] net_ratelimit: 83 callbacks suppressed [ 576.385368][T29468] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 576.399546][ T4872] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14010'. [ 576.631472][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 576.686033][ T4882] ip6gre2: entered promiscuous mode [ 576.688270][ T4882] ip6gre2: entered allmulticast mode [ 576.701505][T27198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 576.787096][ T4889] netlink: 32 bytes leftover after parsing attributes in process `syz.6.14017'. [ 576.805071][ T4889] netlink: 32 bytes leftover after parsing attributes in process `syz.6.14017'. [ 577.010912][ T4908] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 577.019260][ T4910] iommufd_mock iommufd_mock1: Adding to iommu group 10 [ 577.039310][ T40] kauditd_printk_skb: 98 callbacks suppressed [ 577.039323][ T40] audit: type=1400 audit(2000001367.617:34883): avc: denied { read write } for pid=4911 comm="syz.3.14028" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 577.071226][ T40] audit: type=1400 audit(2000001367.617:34884): avc: denied { open } for pid=4911 comm="syz.3.14028" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 577.085809][ T40] audit: type=1400 audit(2000001367.627:34885): avc: denied { mounton } for pid=4911 comm="syz.3.14028" path="/86/file0" dev="tmpfs" ino=492 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 577.097795][ T40] audit: type=1400 audit(2000001367.627:34886): avc: denied { mount } for pid=4911 comm="syz.3.14028" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 577.108876][ T40] audit: type=1400 audit(2000001367.667:34887): avc: denied { unmount } for pid=3929 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 577.194587][ T40] audit: type=1400 audit(2000001367.777:34888): avc: denied { setopt } for pid=4922 comm="syz.3.14033" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 577.253787][ T40] audit: type=1400 audit(2000001367.837:34889): avc: denied { module_request } for pid=4926 comm="syz.6.14035" kmod="netdev-vxcan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 577.292843][ T40] audit: type=1400 audit(2000001367.877:34890): avc: denied { sys_module } for pid=4926 comm="syz.6.14035" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 577.303697][ T4930] netlink: 65039 bytes leftover after parsing attributes in process `syz.6.14035'. [ 577.313514][ T40] audit: type=1400 audit(2000001367.877:34891): avc: denied { module_request } for pid=4926 comm="syz.6.14035" kmod="vxcan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 577.345287][ T40] audit: type=1400 audit(2000001367.927:34892): avc: denied { read write } for pid=29280 comm="syz-executor" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 577.661774][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 578.702399][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 579.741749][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 579.751706][ T39] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 580.151756][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 580.698436][ T4998] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.14065'. [ 580.793674][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 580.799677][ T5006] 9pnet_virtio: no channels available for device syz [ 581.823763][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 581.854156][ T5042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14086'. [ 581.864126][ T5042] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14086'. [ 581.874825][ T5042] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14086'. [ 581.982670][ T5042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14086'. [ 581.991324][ T5042] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14086'. [ 581.994796][ T5042] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14086'. [ 582.205281][ T40] kauditd_printk_skb: 87 callbacks suppressed [ 582.205298][ T40] audit: type=1400 audit(2000001372.787:34980): avc: denied { allowed } for pid=5054 comm="syz.2.14092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 582.233063][ T40] audit: type=1400 audit(2000001372.817:34981): avc: denied { name_bind } for pid=5056 comm="syz.6.14093" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 582.246773][ T40] audit: type=1400 audit(2000001372.817:34982): avc: denied { node_bind } for pid=5056 comm="syz.6.14093" saddr=224.0.0.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 582.290798][ T40] audit: type=1400 audit(2000001372.867:34983): avc: denied { mounton } for pid=5058 comm="syz.3.14094" path="/98/bus" dev="tmpfs" ino=557 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 582.317018][ T40] audit: type=1400 audit(2000001372.897:34984): avc: denied { unlink } for pid=5058 comm="syz.3.14094" name="#42" dev="tmpfs" ino=561 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 582.339428][ T40] audit: type=1400 audit(2000001372.897:34985): avc: denied { create } for pid=5060 comm="syz.6.14095" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 582.358933][ T40] audit: type=1400 audit(2000001372.897:34986): avc: denied { ioctl } for pid=5060 comm="syz.6.14095" path="socket:[143477]" dev="sockfs" ino=143477 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 582.373254][ T40] audit: type=1400 audit(2000001372.927:34987): avc: denied { mount } for pid=5058 comm="syz.3.14094" name="/" dev="overlay" ino=556 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 582.384355][ T40] audit: type=1400 audit(2000001372.957:34988): avc: denied { remount } for pid=5058 comm="syz.3.14094" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 582.395106][ T40] audit: type=1400 audit(2000001372.977:34989): avc: denied { unmount } for pid=3929 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 582.570165][ T5076] netlink: 168 bytes leftover after parsing attributes in process `syz.6.14101'. [ 582.781790][ T39] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 582.861640][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 583.150806][ T5104] netlink: 4 bytes leftover after parsing attributes in process `syz.6.14110'. [ 583.911646][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 584.307985][T25923] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 584.357224][ T5142] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14123'. [ 584.771085][ T5153] netlink: 4 bytes leftover after parsing attributes in process `syz.6.14127'. [ 584.951915][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 585.831621][T27198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 585.981591][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 585.993611][ T4684] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 586.409212][ T5204] tipc: Enabled bearer , priority 0 [ 586.488713][ T5204] tipc: Disabling bearer [ 586.758449][ T5732] block nbd6: Receive control failed (result -32) [ 586.783137][ T5732] Bluetooth: hci0: command 0x1407 tx timeout [ 586.788338][ T5737] Bluetooth: hci0: Opcode 0x1407 failed: -110 [ 586.892180][ T5219] block nbd6: shutting down sockets [ 587.021892][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 587.160242][ T5233] netlink: 'syz.3.14162': attribute type 1 has an invalid length. [ 587.167572][ T5233] netlink: 'syz.3.14162': attribute type 2 has an invalid length. [ 587.264481][ T5821] usb 11-1: new full-speed USB device number 24 using dummy_hcd [ 587.433429][ T5821] usb 11-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x2C, changing to 0xC [ 587.443627][ T5821] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0xC has an invalid bInterval 0, changing to 10 [ 587.450916][ T40] kauditd_printk_skb: 110 callbacks suppressed [ 587.450930][ T40] audit: type=1400 audit(2000001378.027:35100): avc: denied { bpf } for pid=5236 comm="syz.9.14164" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 587.461368][ T5821] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0xC has invalid maxpacket 64263, setting to 64 [ 587.467152][ T5821] usb 11-1: config 0 interface 0 has no altsetting 0 [ 587.472591][ T40] audit: type=1400 audit(2000001378.027:35101): avc: denied { recv } for pid=5639 comm="sshd-session" saddr=127.0.0.1 src=51672 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 587.474592][ T5821] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 587.491283][ T5821] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 587.495274][ T5821] usb 11-1: Product: syz [ 587.497289][ T5821] usb 11-1: Manufacturer: syz [ 587.499570][ T5821] usb 11-1: SerialNumber: syz [ 587.506589][ T5821] usb 11-1: config 0 descriptor?? [ 587.509904][ T5227] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 587.517783][ T5821] usb 11-1: selecting invalid altsetting 0 [ 587.628746][ T40] audit: type=1400 audit(2000001378.207:35102): avc: denied { read write } for pid=5238 comm="syz.2.14165" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 587.636721][ T40] audit: type=1400 audit(2000001378.207:35103): avc: denied { open } for pid=5238 comm="syz.2.14165" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 587.644779][ T40] audit: type=1400 audit(2000001378.207:35104): avc: denied { mounton } for pid=5238 comm="syz.2.14165" path="/296/file0" dev="tmpfs" ino=1578 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 587.655383][ T40] audit: type=1400 audit(2000001378.217:35105): avc: denied { mount } for pid=5238 comm="syz.2.14165" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 587.708654][ T40] audit: type=1400 audit(2000001378.287:35106): avc: denied { unmount } for pid=2319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 587.734605][ T5227] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled [ 587.744797][ T5821] usb 11-1: USB disconnect, device number 24 [ 587.890804][ T40] audit: type=1400 audit(2000001378.467:35107): avc: denied { read } for pid=5241 comm="syz.2.14166" dev="nsfs" ino=4026533748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 587.900611][ T40] audit: type=1400 audit(2000001378.477:35108): avc: denied { open } for pid=5241 comm="syz.2.14166" path="net:[4026533748]" dev="nsfs" ino=4026533748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 587.912314][ T40] audit: type=1400 audit(2000001378.477:35109): avc: denied { create } for pid=5241 comm="syz.2.14166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 588.061718][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 588.375223][ T5251] __nla_validate_parse: 6 callbacks suppressed [ 588.375242][ T5251] netlink: 12 bytes leftover after parsing attributes in process `syz.6.14167'. [ 588.390045][ T5248] netlink: 12 bytes leftover after parsing attributes in process `syz.6.14167'. [ 588.681334][ T5821] usb 11-1: new high-speed USB device number 25 using dummy_hcd [ 588.841430][ T5821] usb 11-1: Using ep0 maxpacket: 8 [ 588.846465][ T5821] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 588.851648][ T5821] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 588.855685][ T5821] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.862579][ T5821] usb 11-1: config 0 descriptor?? [ 588.866486][ T39] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 589.078226][ T5821] iowarrior 11-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 589.101613][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 589.280514][ C0] iowarrior 11-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19 [ 589.284508][T29466] usb 11-1: USB disconnect, device number 25 [ 590.031410][ T4684] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 590.141611][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 590.206079][ T5274] loop5: detected capacity change from 0 to 7 [ 590.210096][ T5274] Dev loop5: unable to read RDB block 7 [ 590.212526][ T5274] loop5: unable to read partition table [ 590.215232][ T5274] loop5: partition table beyond EOD, truncated [ 590.226711][ T5274] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 590.358964][ T5276] kvm: kvm [5275]: vcpu2, guest rIP: 0x9135 Unhandled WRMSR(0x11e) = 0x0 [ 590.461580][ C3] ip6_tunnel: syztnl0 xmit: Local address not yet configured! [ 590.799638][ T5246] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 591.191611][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 591.241319][ T5289] input: syz1 as /devices/virtual/input/input70 [ 591.409253][ T5293] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=3979591798 (509387750144 ns) > initial count (364801339648 ns). Using initial count to start timer. [ 591.902103][ T39] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 592.221573][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 592.246006][ T5325] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14199'. [ 592.248977][ T5325] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14199'. [ 592.253116][ T5325] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14199'. [ 592.257585][ T5325] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14199'. [ 592.391485][T25927] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 592.569858][ T40] kauditd_printk_skb: 87 callbacks suppressed [ 592.569876][ T40] audit: type=1400 audit(2000001383.147:35197): avc: denied { read } for pid=5332 comm="syz.6.14203" dev="nsfs" ino=4026534519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 592.582186][ T40] audit: type=1400 audit(2000001383.147:35198): avc: denied { open } for pid=5332 comm="syz.6.14203" path="net:[4026534519]" dev="nsfs" ino=4026534519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 592.591579][ T40] audit: type=1400 audit(2000001383.147:35199): avc: denied { bpf } for pid=5332 comm="syz.6.14203" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 592.599711][ T40] audit: type=1400 audit(2000001383.147:35200): avc: denied { perfmon } for pid=5332 comm="syz.6.14203" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 592.733615][ T40] audit: type=1400 audit(2000001383.317:35201): avc: denied { mount } for pid=5336 comm="syz.9.14205" name="/" dev="ramfs" ino=142065 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 592.767213][ T40] audit: type=1400 audit(2000001383.347:35202): avc: denied { read write } for pid=29280 comm="syz-executor" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 592.786840][ T40] audit: type=1400 audit(2000001383.347:35203): avc: denied { open } for pid=29280 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 592.797821][ T40] audit: type=1400 audit(2000001383.347:35204): avc: denied { ioctl } for pid=29280 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 592.817362][ T40] audit: type=1400 audit(2000001383.397:35205): avc: denied { map_create } for pid=5340 comm="syz.9.14206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 592.826121][ T40] audit: type=1400 audit(2000001383.397:35206): avc: denied { create } for pid=5340 comm="syz.9.14206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 593.057849][T27198] IPVS: starting estimator thread 0... [ 593.065028][ T5351] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 593.141646][ T5352] IPVS: using max 29 ests per chain, 69600 per kthread [ 593.241096][ T5360] loop5: detected capacity change from 0 to 7 [ 593.249355][ T5360] Dev loop5: unable to read RDB block 7 [ 593.252358][ T5360] loop5: unable to read partition table [ 593.254839][ T5360] loop5: partition table beyond EOD, truncated [ 593.257036][ T5360] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 593.264174][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 593.329972][ T5373] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14219'. [ 594.318861][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 594.509033][ T5433] kvm: user requested TSC rate below hardware speed [ 594.764776][ T5442] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 594.770991][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 594.803448][ T5442] 9pnet_fd: p9_fd_create_tcp (5442): problem connecting socket to 127.0.0.1 [ 594.855702][ T5444] netlink: 152868 bytes leftover after parsing attributes in process `syz.3.14248'. [ 594.871524][ T5444] netlink: Conntrack attr has 4 unknown bytes [ 594.956340][T27198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 595.021865][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 595.028327][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 595.351556][T29466] usb 14-1: new high-speed USB device number 12 using dummy_hcd [ 595.551282][T29466] usb 14-1: Using ep0 maxpacket: 8 [ 595.556238][T29466] usb 14-1: config 179 has an invalid interface number: 65 but max is 0 [ 595.571257][T29466] usb 14-1: config 179 has no interface number 0 [ 595.574468][T29466] usb 14-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 595.579620][T29466] usb 14-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 595.589082][T29466] usb 14-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 595.601249][T29466] usb 14-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 595.611324][T29466] usb 14-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 595.621275][T29466] usb 14-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 595.626656][T29466] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.641553][ T5455] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 595.882298][T29466] input: Generic X-Box pad as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:179.65/input/input71 [ 596.231263][ T5480] syz_tun: entered allmulticast mode [ 596.240225][ T5480] SELinux: failure in sel_netif_sid_slow(), invalid network interface (0) [ 596.248981][ T5479] syz_tun: left allmulticast mode [ 596.283558][T27198] usb 14-1: USB disconnect, device number 12 [ 596.283650][ C0] xpad 14-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 596.290190][ C0] xpad 14-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 596.638324][ T5494] loop3: detected capacity change from 0 to 7 [ 596.651455][ C3] blk_print_req_error: 10 callbacks suppressed [ 596.651474][ C3] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 596.658865][ C3] buffer_io_error: 10 callbacks suppressed [ 596.658882][ C3] Buffer I/O error on dev loop3, logical block 0, async page read [ 596.671711][ C3] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 596.675754][ C3] Buffer I/O error on dev loop3, logical block 0, async page read [ 596.679771][ C3] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 596.683895][ C3] Buffer I/O error on dev loop3, logical block 0, async page read [ 596.687719][ C3] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 596.691858][ C3] Buffer I/O error on dev loop3, logical block 0, async page read [ 596.696513][ C3] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 596.700697][ C3] Buffer I/O error on dev loop3, logical block 0, async page read [ 596.704956][ C3] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 596.709089][ C3] Buffer I/O error on dev loop3, logical block 0, async page read [ 596.713071][ C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 596.716622][ C0] Buffer I/O error on dev loop3, logical block 0, async page read [ 596.719380][ T5494] ldm_validate_partition_table(): Disk read failed. [ 596.723900][ C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 596.728005][ C0] Buffer I/O error on dev loop3, logical block 0, async page read [ 596.731637][ C3] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 596.735839][ C3] Buffer I/O error on dev loop3, logical block 0, async page read [ 596.739713][ C3] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 596.743779][ C3] Buffer I/O error on dev loop3, logical block 0, async page read [ 596.747663][ T5494] Dev loop3: unable to read RDB block 0 [ 596.751042][ T5494] loop3: unable to read partition table [ 596.754220][ T5494] loop3: partition table beyond EOD, truncated [ 596.758723][ T5494] loop_reread_partitions: partition scan of loop3 (Cj̖P=ý?}X %֐ȵ4FLQk݊5) failed (rc=-5) [ 596.925392][ T5507] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 596.939162][ T5507] iommufd_mock iommufd_mock1: Adding to iommu group 10 [ 597.421776][ T3256] net_ratelimit: 6 callbacks suppressed [ 597.421795][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 597.587688][ T40] kauditd_printk_skb: 108 callbacks suppressed [ 597.587706][ T40] audit: type=1400 audit(2000001388.167:35315): avc: denied { write } for pid=5541 comm="syz.2.14285" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 597.611794][ T40] audit: type=1400 audit(2000001388.187:35316): avc: denied { create } for pid=5545 comm="syz.3.14287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 597.629031][ T40] audit: type=1400 audit(2000001388.187:35317): avc: denied { write } for pid=5545 comm="syz.3.14287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 597.715749][ T40] audit: type=1400 audit(2000001388.297:35318): avc: denied { prog_load } for pid=5551 comm="syz.2.14290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 597.727901][ T40] audit: type=1400 audit(2000001388.297:35319): avc: denied { bpf } for pid=5551 comm="syz.2.14290" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 597.738123][ T40] audit: type=1400 audit(2000001388.297:35320): avc: denied { perfmon } for pid=5551 comm="syz.2.14290" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 597.748031][ T40] audit: type=1400 audit(2000001388.297:35321): avc: denied { prog_run } for pid=5551 comm="syz.2.14290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 597.761288][ T40] audit: type=1400 audit(2000001388.307:35322): avc: denied { read write } for pid=5550 comm="syz.3.14289" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 597.772455][ T40] audit: type=1400 audit(2000001388.307:35323): avc: denied { open } for pid=5550 comm="syz.3.14289" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 597.785671][ T40] audit: type=1400 audit(2000001388.317:35324): avc: denied { mount } for pid=5550 comm="syz.3.14289" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 597.981577][T27198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 598.467012][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 599.013466][ T5608] batadv_slave_1: entered allmulticast mode [ 599.018296][ T5607] batadv_slave_1: left allmulticast mode [ 599.392523][ T5807] usb 14-1: new high-speed USB device number 13 using dummy_hcd [ 599.512253][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 599.541280][ T5807] usb 14-1: Using ep0 maxpacket: 32 [ 599.544866][ T5807] usb 14-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 599.548476][ T5807] usb 14-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 599.554016][ T5807] usb 14-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 599.558852][ T5807] usb 14-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 599.568172][ T5807] usb 14-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 599.572270][ T5807] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.575841][ T5807] usb 14-1: Product: syz [ 599.577598][ T5807] usb 14-1: Manufacturer: syz [ 599.579186][ T5807] usb 14-1: SerialNumber: syz [ 599.597505][ C0] imon 14-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 599.617489][ T5807] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:155.0/input/input73 [ 599.811482][ T5807] imon 14-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 599.816365][ T5807] (id 0x00) [ 599.861539][ T5807] rc_core: IR keymap rc-imon-pad not found [ 599.863853][ T5807] Registered IR keymap rc-empty [ 599.865929][ T5807] imon 14-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 599.871525][ T5807] imon 14-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 600.017895][ T5807] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:155.0/rc/rc0 [ 600.045312][ T5807] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:155.0/rc/rc0/input74 [ 600.068278][ T5807] imon 14-1:155.0: iMON device (15c2:ffdc, intf0) on usb<14:13> initialized [ 600.308766][T15931] usb 14-1: USB disconnect, device number 13 [ 600.322762][ T5615] imon:send_packet: packet tx failed (-71) [ 600.341503][ T5615] imon:vfd_write: send packet #0 failed [ 600.344864][ T5646] imon:send_packet: error submitting urb(-19) [ 600.371966][ T5646] imon:vfd_write: send packet #0 failed [ 600.542041][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 601.031522][ T39] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 601.074300][ T5668] binder: 5667:5668 ioctl c0306201 0 returned -14 [ 601.523966][T29468] usb 11-1: new high-speed USB device number 26 using dummy_hcd [ 601.595144][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 601.671289][T29468] usb 11-1: Using ep0 maxpacket: 8 [ 601.674779][T29468] usb 11-1: config 179 has an invalid interface number: 65 but max is 0 [ 601.677667][T29468] usb 11-1: config 179 has no interface number 0 [ 601.679892][T29468] usb 11-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 601.683687][T29468] usb 11-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 601.687368][T29468] usb 11-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 601.691058][T29468] usb 11-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 601.694930][T29468] usb 11-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 601.699305][T29468] usb 11-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 601.702412][T29468] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.707429][ T5677] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 601.924715][T29468] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:179.65/input/input75 [ 602.169340][T15931] usb 11-1: USB disconnect, device number 26 [ 602.169359][ C1] xpad 11-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 602.175964][ C1] dummy_hcd dummy_hcd.6: timer fired with no URBs pending? [ 602.633027][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 602.676271][ T40] kauditd_printk_skb: 130 callbacks suppressed [ 602.676284][ T40] audit: type=1400 audit(2000001393.257:35455): avc: denied { recv } for pid=5697 comm="syz.3.14345" dest=20000 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 602.702407][ T40] audit: type=1400 audit(2000001393.277:35456): avc: denied { create } for pid=5702 comm="syz.6.14347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 602.715789][ T40] audit: type=1400 audit(2000001393.297:35457): avc: denied { setopt } for pid=5702 comm="syz.6.14347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 602.727191][ T40] audit: type=1400 audit(2000001393.307:35458): avc: denied { bind } for pid=5702 comm="syz.6.14347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 602.735661][ T40] audit: type=1400 audit(2000001393.307:35459): avc: denied { name_bind } for pid=5702 comm="syz.6.14347" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 602.751307][ T40] audit: type=1400 audit(2000001393.307:35460): avc: denied { node_bind } for pid=5702 comm="syz.6.14347" saddr=224.0.0.2 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 602.911787][ T40] audit: type=1400 audit(2000001393.497:35461): avc: denied { create } for pid=5705 comm="syz.9.14348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 602.922066][ T40] audit: type=1400 audit(2000001393.507:35462): avc: denied { connect } for pid=5705 comm="syz.9.14348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 602.932950][ T40] audit: type=1400 audit(2000001393.507:35463): avc: denied { create } for pid=5705 comm="syz.9.14348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 602.944501][ T40] audit: type=1400 audit(2000001393.517:35464): avc: denied { write } for pid=5705 comm="syz.9.14348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 603.468030][ T5733] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 603.661718][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 603.811354][T29468] usb 11-1: new high-speed USB device number 27 using dummy_hcd [ 603.973702][T29468] usb 11-1: config index 0 descriptor too short (expected 39, got 27) [ 603.977190][T29468] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 603.981540][T29468] usb 11-1: config 0 interface 0 has no altsetting 0 [ 603.986420][T29468] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 603.990235][T29468] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 603.993811][T29468] usb 11-1: Product: syz [ 603.995545][T29468] usb 11-1: Manufacturer: syz [ 603.997439][T29468] usb 11-1: SerialNumber: syz [ 604.002551][T29468] usb 11-1: config 0 descriptor?? [ 604.006671][T29468] hub 11-1:0.0: bad descriptor, ignoring hub [ 604.009195][T29468] hub 11-1:0.0: probe with driver hub failed with error -5 [ 604.016008][T29468] usb 11-1: selecting invalid altsetting 0 [ 604.073766][T27198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 604.254100][ T5754] A link change request failed with some changes committed already. Interface veth1_to_bod may have been left with an inconsistent configuration, please check. [ 604.293544][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 604.702031][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 604.948280][T27198] usb 11-1: USB disconnect, device number 27 [ 605.007325][ T5791] syzkaller0: entered promiscuous mode [ 605.009958][ T5791] syzkaller0: entered allmulticast mode [ 605.056193][ T5802] binder: 5795:5802 ioctl c0306201 200000000640 returned -22 [ 605.121671][T27198] usb 11-1: new full-speed USB device number 28 using dummy_hcd [ 605.183795][ T7045] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 605.193489][T29468] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 605.287625][T27198] usb 11-1: config index 0 descriptor too short (expected 39, got 27) [ 605.293796][T27198] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 605.300558][T27198] usb 11-1: config 0 interface 0 has no altsetting 0 [ 605.307994][T27198] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 605.312452][T27198] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 605.316188][T27198] usb 11-1: Product: syz [ 605.318092][T27198] usb 11-1: Manufacturer: syz [ 605.320285][T27198] usb 11-1: SerialNumber: syz [ 605.329697][T27198] usb 11-1: config 0 descriptor?? [ 605.335803][T27198] hub 11-1:0.0: bad descriptor, ignoring hub [ 605.338805][T27198] hub 11-1:0.0: probe with driver hub failed with error -5 [ 605.344949][T27198] usb 11-1: selecting invalid altsetting 0 [ 605.470632][ T5841] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 605.661509][ T39] usb 11-1: USB disconnect, device number 28 [ 605.751681][ T7045] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 605.982420][ T5737] Bluetooth: hci1: command 0x0406 tx timeout [ 606.105581][ T5827] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 606.792245][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 606.831375][ T39] usb 11-1: new high-speed USB device number 29 using dummy_hcd [ 606.995432][ T39] usb 11-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 607.004829][ T39] usb 11-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 607.009037][ T39] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 607.013984][ T39] usb 11-1: Product: syz [ 607.015957][ T39] usb 11-1: Manufacturer: syz [ 607.018354][ T39] usb 11-1: SerialNumber: syz [ 607.237757][ T39] usblp 11-1:1.0: usblp0: USB Unidirectional printer dev 29 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 607.505539][T27198] usb 11-1: USB disconnect, device number 29 [ 607.515750][T27198] usblp0: removed [ 607.601555][ T10] usb 14-1: new full-speed USB device number 14 using dummy_hcd [ 607.661740][ C3] net_ratelimit: 1 callbacks suppressed [ 607.661760][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 607.754892][ T10] usb 14-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 607.759563][ T10] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.763223][ T10] usb 14-1: Product: syz [ 607.765085][ T10] usb 14-1: Manufacturer: syz [ 607.766923][ T10] usb 14-1: SerialNumber: syz [ 607.821651][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 608.043145][ T40] kauditd_printk_skb: 180 callbacks suppressed [ 608.043158][ T40] audit: type=1400 audit(2000001398.627:35645): avc: denied { read } for pid=5919 comm="syz.6.14422" dev="nsfs" ino=4026534519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 608.052655][ T40] audit: type=1400 audit(2000001398.627:35646): avc: denied { open } for pid=5919 comm="syz.6.14422" path="net:[4026534519]" dev="nsfs" ino=4026534519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 608.060514][ T40] audit: type=1400 audit(2000001398.627:35647): avc: denied { create } for pid=5919 comm="syz.6.14422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 608.067679][ T40] audit: type=1400 audit(2000001398.627:35648): avc: denied { shutdown } for pid=5919 comm="syz.6.14422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 608.075609][ T40] audit: type=1400 audit(2000001398.627:35649): avc: denied { read } for pid=5919 comm="syz.6.14422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 608.086536][ T40] audit: type=1400 audit(2000001398.667:35650): avc: denied { create } for pid=5921 comm="syz.6.14423" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 608.094957][ T40] audit: type=1400 audit(2000001398.667:35651): avc: denied { map } for pid=5921 comm="syz.6.14423" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=147042 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 608.103379][ T40] audit: type=1400 audit(2000001398.667:35652): avc: denied { read write } for pid=5921 comm="syz.6.14423" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=147042 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 608.182051][ T40] audit: type=1400 audit(2000001398.767:35653): avc: denied { mount } for pid=5924 comm="syz.6.14424" name="/" dev="autofs" ino=147043 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 608.194249][ T10] usblp 14-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 0 proto 1 vid 0x04B8 pid 0x0202 [ 608.202542][ T40] audit: type=1400 audit(2000001398.787:35654): avc: denied { unmount } for pid=29280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 608.432751][ T5930] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 608.805375][ T5932] kvm_intel: kvm [5931]: vcpu1, guest rIP: 0x9114 Unhandled WRMSR(0x1d9) = 0x660b [ 608.822407][ T5932] kvm: kvm [5931]: vcpu1, guest rIP: 0x9114 Unhandled WRMSR(0x186) = 0x2a06 [ 608.842347][ T5932] kvm: kvm [5931]: vcpu1, guest rIP: 0x9114 Unhandled WRMSR(0x11e) = 0x262e [ 608.862077][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 609.021912][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 609.905045][ T3256] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 610.142196][T27198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 610.382700][T27198] usb 14-1: USB disconnect, device number 14 [ 610.394950][T27198] usblp0: removed [ 610.440567][ T5961] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 610.455475][ T5961] iommufd_mock iommufd_mock1: Adding to iommu group 10 [ 610.814475][ T5975] input: syz0 as /devices/virtual/input/input76 [ 610.951900][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 611.029475][ T5985] overlayfs: upper fs does not support file handles, falling back to index=off. [ 611.135845][ T5991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 611.141020][ T5991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 611.144349][ T5991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 611.540577][ T6005] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 611.562930][ T6005] iommufd_mock iommufd_mock1: Adding to iommu group 10 [ 611.837931][ T6013] xt_hashlimit: size too large, truncated to 1048576 [ 611.986420][ T6019] loop5: detected capacity change from 0 to 7 [ 611.990233][ T6019] Dev loop5: unable to read RDB block 7 [ 611.992715][ T6019] loop5: AHDI p4 [ 611.994118][ T6019] loop5: partition table partially beyond EOD, truncated [ 613.022530][T15931] net_ratelimit: 38 callbacks suppressed [ 613.022573][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 613.063093][ T40] kauditd_printk_skb: 100 callbacks suppressed [ 613.063109][ T40] audit: type=1400 audit(2000001403.647:35755): avc: denied { name_bind } for pid=6047 comm="syz.6.14471" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 613.091359][ T40] audit: type=1400 audit(2000001403.667:35756): avc: denied { node_bind } for pid=6047 comm="syz.6.14471" saddr=255.255.255.255 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 613.192010][T27198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 613.377769][ T40] audit: type=1400 audit(2000001403.957:35757): avc: denied { create } for pid=6060 comm="syz.9.14474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 613.391249][ T40] audit: type=1400 audit(2000001403.967:35758): avc: denied { bind } for pid=6060 comm="syz.9.14474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 613.404353][ T40] audit: type=1400 audit(2000001403.987:35759): avc: denied { read write } for pid=1401 comm="syz-executor" name="loop9" dev="devtmpfs" ino=667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 613.421419][ T40] audit: type=1400 audit(2000001403.987:35760): avc: denied { open } for pid=1401 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 613.432398][ T40] audit: type=1400 audit(2000001403.987:35761): avc: denied { ioctl } for pid=1401 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=667 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 613.547337][ T40] audit: type=1400 audit(2000001404.127:35762): avc: denied { create } for pid=6067 comm="syz.3.14477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 613.560172][ T40] audit: type=1400 audit(2000001404.137:35763): avc: denied { prog_load } for pid=6067 comm="syz.3.14477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 613.572256][ T40] audit: type=1400 audit(2000001404.137:35764): avc: denied { prog_run } for pid=6067 comm="syz.3.14477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 613.581660][ T5732] Bluetooth: hci4: command 0x0406 tx timeout [ 613.600960][ T3256] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 613.609698][ T3256] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 614.027115][ T6084] tls_set_device_offload: netdev not found [ 614.061659][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 614.103425][ T6086] SELinux: unknown common r [ 614.105799][ T6086] SELinux: failed to load policy [ 614.159492][ T1694] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 614.386147][ T6098] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 615.102362][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 615.901448][ T5732] Bluetooth: hci1: command 0x0406 tx timeout [ 615.903599][ T3256] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 615.909669][ T3256] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 616.141681][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 616.221806][ T1694] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 616.231428][ T5732] Bluetooth: hci3: command 0x0406 tx timeout [ 617.191588][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 618.222708][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 618.313242][ T5732] Bluetooth: hci3: command 0x0406 tx timeout [ 618.316038][ T3256] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 618.323365][ T3256] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 619.262625][ T1694] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 619.275152][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 620.302645][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 620.542045][ T40] kauditd_printk_skb: 45 callbacks suppressed [ 620.542065][ T40] audit: type=1400 audit(2000001411.127:35810): avc: denied { egress } for pid=28 comm="ksoftirqd/1" saddr=fe80::a8aa:aaff:feaa:aa1b daddr=ff02::2 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 620.621626][ T5732] Bluetooth: hci0: command 0x1407 tx timeout [ 620.621637][ T3256] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 620.621659][ T3256] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 621.342052][T15931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 621.488432][ T40] audit: type=1400 audit(2000001412.067:35811): avc: denied { execute } for pid=6117 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 621.497957][ T40] audit: type=1400 audit(2000001412.067:35812): avc: denied { execute_no_trans } for pid=6117 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 621.516434][ T40] audit: type=1400 audit(2000001412.097:35813): avc: denied { execmem } for pid=6117 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 621.585258][ T40] audit: type=1400 audit(2000001412.167:35814): avc: denied { create } for pid=6118 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 621.594441][ T40] audit: type=1400 audit(2000001412.177:35815): avc: denied { read write } for pid=6118 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 621.604236][ T40] audit: type=1400 audit(2000001412.177:35816): avc: denied { open } for pid=6118 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 622.302541][ T1694] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 622.391572][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 623.021596][ T3256] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 623.024721][ T3256] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 623.031356][ C3] ------------[ cut here ]------------ [ 623.034220][ C3] workqueue: cannot queue hci_cmd_timeout on wq hci2 [ 623.037073][ C3] WARNING: kernel/workqueue.c:2297 at __queue_work+0xcee/0x1130, CPU#3: swapper/3/0 [ 623.040969][ C3] Modules linked in: [ 623.043680][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Tainted: G L syzkaller #0 PREEMPT(full) [ 623.047825][ C3] Tainted: [L]=SOFTLOCKUP [ 623.049315][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 623.052680][ C3] RIP: 0010:__queue_work+0xcf2/0x1130 [ 623.054530][ C3] Code: 00 00 00 fc ff df 49 8d 94 24 70 01 00 00 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 00 04 00 00 48 8d 3d 92 92 0b 0f 48 8b 75 18 <67> 48 0f b9 3a e9 44 f7 ff ff e8 7f 80 39 00 90 0f 0b 90 e9 cc f5 [ 623.060732][ C3] RSP: 0018:ffffc900006f8bd0 EFLAGS: 00010046 [ 623.062901][ C3] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff1100a5ed94e [ 623.065456][ C3] RDX: ffff888057310170 RSI: ffffffff8a7fa260 RDI: ffffffff90da9c20 [ 623.068032][ C3] RBP: ffff888052f6ca58 R08: 0000000000000005 R09: 0000000000000000 [ 623.070701][ C3] R10: 0000000000000100 R11: 0000000000000000 R12: ffff888057310000 [ 623.073432][ C3] R13: 1ffff920000df18d R14: ffffffff81cf1aa0 R15: 0000000000000001 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 623.076046][ C3] FS: 0000000000000000(0000) GS:ffff8880d6676000(0000) knlGS:0000000000000000 [ 623.079173][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 623.081374][ C3] CR2: 00007f57f804fd86 CR3: 000000000e596000 CR4: 0000000000352ef0 [ 623.083989][ C3] Call Trace: [ 623.085087][ C3] [ 623.086041][ C3] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 623.087963][ C3] call_timer_fn+0x19a/0x640 [ 623.089569][ C3] ? __pfx_call_timer_fn+0x10/0x10 [ 623.091532][ C3] ? __run_timers+0x573/0xaf0 [ 623.093332][ C3] ? __run_timers+0x573/0xaf0 [ 623.095282][ C3] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 623.097625][ C3] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 623.099619][ C3] __run_timers+0x583/0xaf0 [ 623.101172][ C3] ? __pfx___run_timers+0x10/0x10 [ 623.102888][ C3] ? clockevents_program_event+0x1bf/0x820 [ 623.104844][ C3] ? _raw_spin_lock_irq+0x45/0x50 [ 623.106630][ C3] run_timer_base+0x114/0x190 [ 623.108546][ C3] ? __pfx_run_timer_base+0x10/0x10 [ 623.110421][ C3] ? rcu_is_watching+0x12/0xc0 [ 623.112051][ C3] run_timer_softirq+0x1a/0x50 [ 623.113768][ C3] handle_softirqs+0x1ea/0xa00 [ 623.115528][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 623.117420][ C3] ? _raw_spin_unlock+0x28/0x50 [ 623.119389][ C3] ? __hrtimer_rearm_deferred+0x9b/0x740 [ 623.121626][ C3] __irq_exit_rcu+0x162/0x210 [ 623.123602][ C3] irq_exit_rcu+0x9/0x30 [ 623.125438][ C3] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 623.127383][ C3] [ 623.128384][ C3] [ 623.129409][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 623.131411][ C3] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 623.133319][ C3] Code: 46 93 02 e9 c3 42 03 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 80 21 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 623.139613][ C3] RSP: 0018:ffffc90000197df0 EFLAGS: 00000202 [ 623.141669][ C3] RAX: 000000000031babf RBX: ffff88801ead2500 RCX: ffffffff8b8a1045 [ 623.144269][ C3] RDX: 0000000000000000 RSI: ffffffff8df1fea8 RDI: ffffffff8c1c3600 [ 623.146877][ C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d4e67b5 [ 623.149525][ C3] R10: ffff88806a733dab R11: 0000000000000000 R12: 0000000000000003 [ 623.152134][ C3] R13: ffffed1003d5a4a0 R14: 0000000000000003 R15: ffffffff90d79b50 [ 623.154773][ C3] ? ct_kernel_exit+0x125/0x180 [ 623.156415][ C3] default_idle+0x9/0x10 [ 623.157863][ C3] default_idle_call+0x6c/0xb0 [ 623.159491][ C3] do_idle+0x464/0x590 [ 623.160869][ C3] ? __pfx_do_idle+0x10/0x10 [ 623.162442][ C3] ? finish_task_switch.isra.0+0x152/0x1010 [ 623.164562][ C3] cpu_startup_entry+0x4f/0x60 [ 623.166428][ C3] start_secondary+0x21d/0x2d0 [ 623.168085][ C3] ? __pfx_start_secondary+0x10/0x10 [ 623.169883][ C3] common_startup_64+0x13e/0x148 [ 623.171558][ C3] [ 623.172599][ C3] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 623.175036][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Tainted: G L syzkaller #0 PREEMPT(full) [ 623.178809][ C3] Tainted: [L]=SOFTLOCKUP [ 623.180502][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 623.183915][ C3] Call Trace: [ 623.185065][ C3] [ 623.186032][ C3] dump_stack_lvl+0x100/0x190 [ 623.187554][ C3] vpanic+0x552/0x970 [ 623.189194][ C3] ? __pfx_vpanic+0x10/0x10 [ 623.191146][ C3] panic+0xd1/0xe0 [ 623.192749][ C3] ? __pfx_panic+0x10/0x10 [ 623.194348][ C3] ? check_panic_on_warn+0x1f/0x90 [ 623.196041][ C3] check_panic_on_warn.cold+0x19/0x34 [ 623.197882][ C3] ? __queue_work+0xcee/0x1130 [ 623.199617][ C3] __warn.cold+0x191/0x328 [ 623.201196][ C3] __report_bug+0x296/0x3d0 [ 623.202672][ C3] ? __queue_work+0xcee/0x1130 [ 623.204235][ C3] ? __pfx___report_bug+0x10/0x10 [ 623.205974][ C3] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 623.208070][ C3] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 623.210993][ C3] ? look_up_lock_class+0x64/0x120 [ 623.213134][ C3] report_bug_entry+0xe1/0x290 [ 623.215149][ C3] ? __queue_work+0xcf2/0x1130 [ 623.217211][ C3] handle_bug+0x1cd/0x2a0 [ 623.218995][ C3] exc_invalid_op+0x17/0x50 [ 623.220888][ C3] asm_exc_invalid_op+0x1a/0x20 [ 623.222922][ C3] RIP: 0010:__queue_work+0xcf2/0x1130 [ 623.225144][ C3] Code: 00 00 00 fc ff df 49 8d 94 24 70 01 00 00 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 00 04 00 00 48 8d 3d 92 92 0b 0f 48 8b 75 18 <67> 48 0f b9 3a e9 44 f7 ff ff e8 7f 80 39 00 90 0f 0b 90 e9 cc f5 [ 623.232941][ C3] RSP: 0018:ffffc900006f8bd0 EFLAGS: 00010046 [ 623.235470][ C3] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff1100a5ed94e [ 623.238767][ C3] RDX: ffff888057310170 RSI: ffffffff8a7fa260 RDI: ffffffff90da9c20 [ 623.242022][ C3] RBP: ffff888052f6ca58 R08: 0000000000000005 R09: 0000000000000000 [ 623.245323][ C3] R10: 0000000000000100 R11: 0000000000000000 R12: ffff888057310000 [ 623.248613][ C3] R13: 1ffff920000df18d R14: ffffffff81cf1aa0 R15: 0000000000000001 [ 623.251879][ C3] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 623.254386][ C3] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 623.256587][ C3] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 623.259045][ C3] call_timer_fn+0x19a/0x640 [ 623.260857][ C3] ? __pfx_call_timer_fn+0x10/0x10 [ 623.263052][ C3] ? __run_timers+0x573/0xaf0 [ 623.265052][ C3] ? __run_timers+0x573/0xaf0 [ 623.266995][ C3] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 623.269468][ C3] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 623.271867][ C3] __run_timers+0x583/0xaf0 [ 623.273813][ C3] ? __pfx___run_timers+0x10/0x10 [ 623.275899][ C3] ? clockevents_program_event+0x1bf/0x820 [ 623.277982][ C3] ? _raw_spin_lock_irq+0x45/0x50 [ 623.279475][ C3] run_timer_base+0x114/0x190 [ 623.280878][ C3] ? __pfx_run_timer_base+0x10/0x10 [ 623.282881][ C3] ? rcu_is_watching+0x12/0xc0 [ 623.284478][ C3] run_timer_softirq+0x1a/0x50 [ 623.286082][ C3] handle_softirqs+0x1ea/0xa00 [ 623.287678][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 623.289436][ C3] ? _raw_spin_unlock+0x28/0x50 [ 623.291009][ C3] ? __hrtimer_rearm_deferred+0x9b/0x740 [ 623.292867][ C3] __irq_exit_rcu+0x162/0x210 [ 623.294410][ C3] irq_exit_rcu+0x9/0x30 [ 623.295828][ C3] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 623.297676][ C3] [ 623.298686][ C3] [ 623.299681][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 623.301673][ C3] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 623.303569][ C3] Code: 46 93 02 e9 c3 42 03 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 80 21 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 623.309846][ C3] RSP: 0018:ffffc90000197df0 EFLAGS: 00000202 [ 623.311853][ C3] RAX: 000000000031babf RBX: ffff88801ead2500 RCX: ffffffff8b8a1045 [ 623.314493][ C3] RDX: 0000000000000000 RSI: ffffffff8df1fea8 RDI: ffffffff8c1c3600 [ 623.317108][ C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d4e67b5 [ 623.319720][ C3] R10: ffff88806a733dab R11: 0000000000000000 R12: 0000000000000003 [ 623.322319][ C3] R13: ffffed1003d5a4a0 R14: 0000000000000003 R15: ffffffff90d79b50 [ 623.324930][ C3] ? ct_kernel_exit+0x125/0x180 [ 623.326799][ C3] default_idle+0x9/0x10 [ 623.328221][ C3] default_idle_call+0x6c/0xb0 [ 623.329837][ C3] do_idle+0x464/0x590 [ 623.331332][ C3] ? __pfx_do_idle+0x10/0x10 [ 623.333041][ C3] ? finish_task_switch.isra.0+0x152/0x1010 [ 623.335066][ C3] cpu_startup_entry+0x4f/0x60 [ 623.336683][ C3] start_secondary+0x21d/0x2d0 [ 623.338311][ C3] ? __pfx_start_secondary+0x10/0x10 [ 623.340138][ C3] common_startup_64+0x13e/0x148 [ 623.341822][ C3] [ 623.343668][ C3] Kernel Offset: disabled [ 623.345123][ C3] Rebooting in 86400 seconds..