last executing test programs: 5.408931814s ago: executing program 1 (id=2543): r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000000080)={0xaf, 0x12, &(0x7f0000000680)="85a68a4f7080b7290c18b7da2740e604b6e0e6fadb647bb9ef82dd2cdcd851d84d5c13431ad96eaec36fcf0c56283d61345b5eebe2b785144f46c0f12fed81b84737da624fa67e08296779b5b5052b60b0a0d676e080d001c0cbf886913d3ee2810c772d44f2aafd9dfdc31029b02533f77d19f2d8190f0c2d6578b33a8586f54aa45c775e904be2f57061a49b779670d118ac74a6690a5276a86cff6492a9b8808de2656ab73dd9707615b7fb3f00a198ee228dff25bc723fc9844758beb36e48fb71d36aa322cd0f514a603456ae227f338264f24357e8b70bab52a28a3d9c98cbca392a3904e5b4f9e5e0966801526ffc7a42694521df5646afe7f69173eaaccd014f286d740ad768bb7a2f8ae273917b532890fd6510994c9204a0bef3887ff2eb50c0d32404cf186e513dbe30aa132c239b7f01c715282a979ed03bdd79215e48726f6036fb5905b886ef3e4c67ded1a75a06622d947ca57ca2a66466843c85eca9bd21f16f91eb3296faa88cec9146f9a68d2c66fa74912981927cc9dc14a179ca76440339476a62d180d7ed95498938e6b9b039c6b759e5ea465100852dd84bc4135e8bab1b9981ec56d89502ad086bb7c7105dd4262f42c58695d17c4996b175b4b875cc4dacdacbde6dbd9c8973cec4099879a41264e9cfc1d9aac2e0ce6cf107de4fd29e305fb66b311232860d7084eb55b13e07feec5b3cb10490697f2a0dcb89769a8579990e342c252d2cc4710a30aa8ca0d7b8b06963465986ddba47395bdf58a15103792bfdd65e12c2c22a2f7c062c3925406cc7a2338a8c863a132c61fd66e81dffd81642dd2055a32803ca167d4d58ecdb0699786bbfd10d692118dabd8b3aac3480a4e28d691c64227fc70e38dae0f16f180f6e4c80da48a4891480fcdb2a6a439e7fa9d0defd37728c5b81fc58537f085c92bf029034cd24eb888d38b8632d300f9bf072b1b126034f2c45e3604c761320122994bb160e2535afaa710dfbd1e93f6c76acc8c8f963888a8fc4c4a231c65f145064620741e6eb2c54557a6e1473088447584a7bda8d42135b1231c67b0a2fc44814e993bf6972db3c282e21b51db5e79a3d529d7f8c0c2a3288fcb66409c0f2cce79a6d289e97dcad52789cf22118e4c01169d9b9601f3a7db2c70fadfc551bb53a72f6dd8dfb546880ebe1320a20032fa385f989017c7d7183ddbc2ecce7cfa7b6c8cc22a4772c378a8824c0a85636235adf504d6191b2153fcd25873f382062d615e80f5073409b323daaf860c055ce9ef693066b4009154811045501e26ebb8749005c80e5fcbcb7f7b159388e4cd10c696e06747ef1eabacc3508aad2b5ff56f7ee3613ad0d4d3652f138a9aa1abab6804d5d08ccc3dc106c818dfb6bd2e93f89dc69732dffce92fd0c0c9497e0ec3efaac9179cca4dc8e1c31c8f95e4fd547de77"}) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0xb, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) ioctl$BLKZEROOUT(r1, 0xc0c0128e, &(0x7f0000000240)={0x4000000000002000, 0x2}) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd60000000"], 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0x1, 0x0, &(0x7f0000000000)="df", 0x0, 0x7, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x7000000}, 0x50) 5.340078716s ago: executing program 1 (id=2545): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00'}) ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc0e85667, &(0x7f00000003c0)={0x40f0f000, 0x8, "9a0400000066e134d198b1abaa7da80f00000000000009dcb674000000130028", 0x0, 0x10b, 0x100000, 0xfffffffffffffffd, 0x4, 0x1, 0x7}) socket$inet_tcp(0x2, 0x1, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local}) socket$nl_netfilter(0x10, 0x3, 0xc) mmap$fb(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xf, 0x40010, r0, 0x23000) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x0) ioctl$FUSE_DEV_IOC_BACKING_CLOSE(0xffffffffffffffff, 0x4004e502, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000080)=0x8, 0x4) syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc080}, 0x4004000) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) 4.380678295s ago: executing program 1 (id=2556): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000001f0000540000000e0001006e657464657673696d0000000f0002"], 0x34}}, 0x0) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r2, 0x1, 0x0, 0x0, {0x54}}, 0x14}}, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000002c0)=0x1) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000001f0000540000000e0001006e657464657673696d0000000f0002"], 0x34}}, 0x0) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r2, 0x1, 0x0, 0x0, {0x54}}, 0x14}}, 0x0) (async) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) (async) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000002c0)=0x1) (async) 3.98723721s ago: executing program 1 (id=2559): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000300)={@dev={0xfe, 0x80, '\x00', 0xe}, @loopback, @empty, 0x8, 0x0, 0x0, 0x500, 0xfffffffffffffffe, 0x500002, r2}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3) sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x34, r4, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}]}, @ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x9}]}, 0x34}, 0x1, 0x0, 0x0, 0x4044050}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl0\x00', r2, 0x29, 0x86, 0x0, 0x2, 0x2e, @private2, @mcast2, 0x7800, 0x80, 0x5, 0x9}}) 1.862636978s ago: executing program 2 (id=2577): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="ad43000000f45400000001"], 0x14}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x297d7, 0x4b7bc}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24004844}, 0x0) 1.576561873s ago: executing program 2 (id=2578): r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x80086f7, 0x10100, 0x3, 0x16a}, &(0x7f0000002000)=0x0, &(0x7f0000000440)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x22}) (async, rerun: 32) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (rerun: 32) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) (async) r4 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r4, 0x29, 0x8, 0x0, &(0x7f0000000240)) (async, rerun: 64) write(r3, &(0x7f0000000340)="41000000010001", 0x7) (rerun: 64) io_uring_enter(r0, 0x48e9, 0xf2bb, 0x2, 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) (async) r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x40200, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)=0xd) ioctl$TIOCOUTQ(r6, 0x5411, &(0x7f0000000040)) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0x0, 0xfffffffffffffcfe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000000c0)="a0", 0x0, 0x5}, 0x50) 1.460051477s ago: executing program 2 (id=2580): r0 = socket$netlink(0x10, 0x3, 0xf) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') r2 = memfd_create(&(0x7f0000000240)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\xe3l\x87\\\x15Hd~\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bI\xd8\x1c\xe8\x9bYS%\x1d\x10\x86\xa0\v\xea\xd9\x89\xda\xa7Wd\xa4Eu\x8csm\xa1.\xd1\xb2I\x1a\x0e\b$\x16\xb2\xfdA\x98\x16\xca\x83y\xf9\x1a\xe7\x06h\av\xa8\xd8\xceY\xc0\xe6v\xb5\xf5\x9d\xbe\xa58\xb42\xd8V$\xe6\xc8\x1c\xaf\x8e\xa1\xefa\xb1/\xee1=\xbfM\xeaw\f\xa2\x87\x1c(\x1a-\xeb\xfbV\xeb4\xd4C]\xc7{t\xf9\xd5`IZ\x03H\xd9\x86\xe12N\x1f\xd8{\xf5z@\xe0', 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000d58000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) read$FUSE(r1, &(0x7f00000046c0)={0x2020}, 0x2067) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="440000002000010000000000000000000a8000000000000800000000140001"], 0x44}, 0x1, 0x0, 0x0, 0x24040804}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f0000000340)=@delqdisc={0x128, 0x25, 0x400, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xa, 0x1c}, {0xffe0, 0x2}, {0x6, 0xffe0}}, [@TCA_RATE={0x6, 0x5, {0x2, 0x3}}, @TCA_STAB={0x54, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xe, 0xa, 0xfff4, 0x1, 0x2, 0x6, 0x4, 0x3}}, {0xa, 0x2, [0x8000, 0x9, 0x80]}}, {{0x1c, 0x1, {0x6, 0xfd, 0x2, 0x800, 0x1, 0x592c, 0x6, 0x4}}, {0xc, 0x2, [0x2, 0x935c, 0x3, 0x7f]}}]}, @TCA_STAB={0x80, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x80, 0x1, 0x5, 0x3ff, 0x0, 0x5, 0xa, 0x2}}, {0x8, 0x2, [0x400, 0x9]}}, {{0x1c, 0x1, {0x5, 0x5, 0x79a7, 0x3, 0x0, 0x2, 0x8, 0x5}}, {0xe, 0x2, [0x400, 0xb, 0x100, 0x7, 0x800]}}, {{0x1c, 0x1, {0x4, 0x7, 0x0, 0xbf, 0x2, 0x539, 0x8, 0x5}}, {0xe, 0x2, [0x4, 0x3, 0x0, 0x3, 0x5]}}]}, @qdisc_kind_options=@q_rr={{0x7}, {0x18, 0x2, {0xb7c, "029fdef95d13556a88df8b21baff2f81"}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x5}]}, 0x128}, 0x1, 0x0, 0x0, 0x40050}, 0x800) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0) 1.298054574s ago: executing program 2 (id=2581): mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0) execve(&(0x7f0000000140)='./file2\x00', 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)=""/154, 0x9a}], 0x1}, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180)='devtmpfs\x00', 0x2200892, 0x0) 1.295503851s ago: executing program 2 (id=2582): r0 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000000)) r1 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@loopback, @remote, 0x0}, &(0x7f0000000080)=0xc) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f00000000c0)={0x1, 0x1, 0x5, r2, 0x7}, 0xc) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000180)={0x3d0, r3, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_DEBUG_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x374, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x138, 0x3, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xf9a}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '.)%(@@\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '^\x00'}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '\\\\-\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x13, 0x2, '/,}/)%#[!/@\x14/]\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x10, 0x2, '&\\.{.)\xd6}[{*\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x101}, @ETHTOOL_A_BITSET_BIT_NAME={0xe, 0x2, '(+-\xe9./\'&[\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '-@--&:\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xa3}]}, {0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7f}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '$\xb1&\\.\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, ')/{\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ',\x00'}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x8d, 0x4, "b437c6857a0b1270095ad0921466896e74743e974d53bb5044bf3e6f49aa8ba1443c8d65d9930fcd63668addb68ca5cb193008d2fc7d0a14d16aa6a1499f7a2c4ea0065354ef51e0760e85712339bbbdd918c14d74a95a1cc2f2b4b7636dd470e072c550330dc08f30cc67a6fb14c12e7a9e6a4b9240170ae8e99597563487a492524bc8330599a809"}, @ETHTOOL_A_BITSET_BITS={0x110, 0x3, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '$@\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffff3a}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '.#(@+\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffff7}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '[[\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xdd1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xcd9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x200}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfcbf}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ',,\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}]}]}, @ETHTOOL_A_BITSET_MASK={0x65, 0x5, "5bd166b373c19a44414b27c1b8aa0147bc2e7f1a23dc372cae3a7596b74245632798533ce44d156e388947d743d244966e361e234d4e52f1334d6468e0bd0e3cdea3bd16d30218477177a12785fe405c7520fc5b20e6659c826fc6fe4cb2050785"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xfffffffe}, @ETHTOOL_A_BITSET_MASK={0x20, 0x5, "1643373ad432baa5ffc92056b078af9ee280405ac09db47e14ef324d"}]}, @ETHTOOL_A_DEBUG_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}]}]}, 0x3d0}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000850) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_udp_int(r4, 0x11, 0x66, &(0x7f0000000600), &(0x7f0000000640)=0x4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000780)={&(0x7f00000006c0)={0x94, 0x9, 0x6, 0x401, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xd}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x64, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0xd}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0x6}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x3}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @multicast}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x5}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x8800}, 0x20000080) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000840)={&(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, 0x0, 0xffffffffffffffff}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@bloom_filter={0x1e, 0xffff0ea8, 0x80, 0x1, 0x1000, r6, 0x3, '\x00', r2, 0xffffffffffffffff, 0x2, 0x1, 0x2, 0xd}, 0x50) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000900), 0x10c01, 0x0) ioctl$TUNSETDEBUG(r8, 0x400454c9, &(0x7f0000000940)=0xd5) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000980), 0x1c5003, 0x0) ioctl$TUNGETSNDBUF(r9, 0x800454d3, &(0x7f00000009c0)) ioctl$AUTOFS_IOC_PROTOVER(r4, 0x80049363, &(0x7f0000000a00)) sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x60, 0x0, 0x9, 0x404, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFCTH_STATUS={0x8}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x3}}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x13f}}]}, 0x60}, 0x1, 0x0, 0x0, 0x24004844}, 0x20040000) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000bc0), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_ADD_KEY(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x78, r10, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "6b79bdb7c0077ecc8b5b4151ba152fa640fef40f723a88a68ce22acbdf45f8b8"}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "5f439be6bac14786932ad919c4179b7d8e7d2f1d5ffe3c4e2ea0da9fc0f08a0a"}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES={0x5, 0x31, 0x6}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x8100}, 0x5) getsockname$packet(r6, &(0x7f0000000d00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000d40)=0x14) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000d80)={'veth0_to_bond\x00', 0x0}) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r6, 0xc0189375, &(0x7f0000000dc0)={{0x1, 0x1, 0x18, r5}, './file0\x00'}) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000e00)={0x3, 0x4, 0x4, 0xa, 0x0, r7, 0xfffffffd, '\x00', r11, r12, 0x3, 0x1, 0x2}, 0x50) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000f40)={'sit0\x00', &(0x7f0000000e80)={'sit0\x00', r11, 0x7800, 0x20, 0x6, 0x800, {{0x1a, 0x4, 0x1, 0x3, 0x68, 0x68, 0x0, 0x7, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x37}, @broadcast, {[@timestamp_prespec={0x44, 0xc, 0x36, 0x3, 0xa, [{@multicast1, 0x400}]}, @generic={0x82, 0xc, "8398bacbaa73a23ec3e1"}, @timestamp={0x44, 0x2c, 0x95, 0x0, 0x5, [0x2, 0x8, 0x6ea0, 0xffff8836, 0x9, 0x1, 0xfffffff6, 0x400, 0x3, 0xc0]}, @rr={0x7, 0xf, 0x94, [@multicast1, @remote, @private=0xa010102]}]}}}}}) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$batadv(&(0x7f0000000fc0), r12) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r13, &(0x7f00000010c0)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001080)={&(0x7f0000001000)={0x54, r14, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r11}, @BATADV_ATTR_HOP_PENALTY={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x41c}]}, 0x54}, 0x1, 0x0, 0x0, 0x20001055}, 0x20004081) 1.295147454s ago: executing program 2 (id=2583): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000002880), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'}) ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r4, 0x4068aea3, &(0x7f00000003c0)={0xdb, 0x0, 0xa84}) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fedbdf251000000008003b000300000008000600", @ANYRES32=r2, @ANYBLOB="08000300", @ANYRES32=r3], 0x34}, 0x1, 0x0, 0x0, 0x4c000}, 0x4040000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0x10, 0x803, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x1, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0x88}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0xeaddb0ce1851e778, 0x0, r8}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x374}]}, 0x34}}, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r8}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r11 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x123081) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r11, 0xab00, r12) ioctl$NBD_DO_IT(r11, 0xab03) dup3(r11, r13, 0x80000) r14 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r14, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)={0x40, r10, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r15}, @val={0x68}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9ee}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x40}, 0x1, 0x0, 0x0, 0xc885}, 0x0) 1.100160643s ago: executing program 1 (id=2563): set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa6, 0x0, 0x38, 0x10, &(0x7f0000002e00), &(0x7f0000001000), 0x8, 0x409e, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r1, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) (async) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, &(0x7f0000000480)=""/74, 0x4a) (async) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x40}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) (async) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r4, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44) sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000046000701fefffffffcdbdf25047c0000080001"], 0x1c}}, 0xc000) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg/1:0:0:0\x00', 0x155800, 0x0) ioctl$SG_SET_FORCE_PACK_ID(r5, 0x227b, &(0x7f0000000180)=0x1) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r6, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0x7}, 0x1c) connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) (async) r7 = fcntl$dupfd(r6, 0x406, r6) write$cgroup_pid(r7, &(0x7f0000000240), 0xfdef) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xc1, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x22}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) 710.388235ms ago: executing program 3 (id=2587): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x7c, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0xeeee0000, 0x8, 0x9, 0xff, 0x7, 0x40, 0x7, 0x0, 0x2e, 0x19}, {0xeeee0000, 0x5000, 0xa, 0x0, 0x40, 0x1, 0x7d, 0x7f, 0x5, 0x3, 0x3, 0xfc}, {0xdddd1000, 0xdddd0000, 0xe, 0x5, 0x3, 0x9, 0x0, 0x9, 0x21, 0xa7, 0x5, 0x81}, {0x9526c2d4b9cd9956, 0xeeee0000, 0xc, 0x6, 0x4, 0x42, 0x5, 0xff, 0x8, 0x7, 0xe, 0x8}, {0x2000, 0xdddd1000, 0xb, 0x3, 0x6, 0x7, 0xae, 0x7f, 0x7, 0x83, 0xf7, 0x83}, {0xffff4001, 0x80a0000, 0xb, 0xa0, 0xb1, 0x8, 0x8, 0xa0, 0x84, 0xf, 0x1, 0xfd}, {0xffff1000, 0x2, 0x10, 0x5, 0x7, 0x5, 0x7, 0x3, 0x5, 0x81, 0xff, 0x70}, {0x100000, 0x1000, 0x8, 0x5, 0xf, 0x7, 0x1, 0x34, 0x2, 0xc, 0x7, 0x6}, {0xeeef0000, 0x30}, {0x10000, 0x7}, 0xa0010030, 0x0, 0xffff1000, 0x52007, 0x5, 0x10800, 0x30000, [0x6800000000000000, 0x6, 0x5e, 0x3]}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r3) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000300)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="070600000000000400002d0000000c002d000201aaaaaaaaaaaa0c00050000000000000000000a0001007770616e3000000008002f000500000005002e001500000005002b0003000000"], 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x40000) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c310000401000000950074000000000031fb0d3a42319fa204399d17d34e075fdcda533ab1aa71ab1d764152e63925789381db3fe455e8dadc7dcf81189517730bed5d8036168bd2e27cc611027d29066927603deb92de3141e8ed7ac5b8902070213cdfdc506c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7964a2ba103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e623950c4f67581c92ef9e7e8ece17d566c93a114d68c577d694b9844e0d9e306404cfc3bfbead9e1b96c6a6cb639bca6d"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) writev(r5, &(0x7f0000000280)=[{&(0x7f0000000000)="6722542b9b8ab7cfc0c232d23a16d79dc63256685307a93750f3937788dfc341ee278bd7747ab27a6e28c317347583a5c1d79221990bdea254745b1108c772865a3695f432e805334f6266423f5fe85e401501e187c9ba45b994da613dc43e4bfb9d7a864e6041363d2c711700348dca049cdbde88bf335c49e3922d7c", 0x7d}, {&(0x7f0000000080)="e1012500492134e8720a06ce51432c72f527c899d20b577ca9b377f180d46323beffa35ba43b2044f7e7941e943785b217eee6cac38e0147718febeccfd8ad3b7482f1be1e4ccc19142d2fb73104a7eb7a45a2e5043992dcfca005813a24e3eacca697635add45d7b834c95f07f071e54b9c92cd45c4a72a30906f3a983f1ee36a1602637903b6a5545d11d9c4b0af69c86895ea90f3775f547838b33a1a4ecfb60f2975acb4d2b4c0d50b022a85988fcb177dc667ea8f5ed5769265ec4e5d4353d6aba681c758def26766b7c77407ff665116", 0xd3}, {&(0x7f0000000180)="e9c54d099a29ec39e588239eb6bccf5b0e4a70c5e0bc73a29ce0318f3530511372edbd5c0f0220654490a59f1989615b44f6ddbc88022a731c300e366c74c57c77cc85ed4d0e2569b9ad81364c197c4e7112da9a0d4a157ea9a595f5f23ea8a544d7917e967f98609691dac3c56e1fc80aba3c63cc9b320d13041042b28310b2aa16285bc59f", 0x86}, {&(0x7f0000000240)}], 0x4) 706.716763ms ago: executing program 3 (id=2588): r0 = socket(0x1, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f670600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1b172191d359645fae2d074ea5724ab77ea04fe507938b1213cdd4a92860e59808689382734d24b3123dd40c6d612c8a19948cd257748b1e7324adddbe61d51013f7d6b313c6df7b7b29678d70fc94dcc3e99e2472e78968ed94e7a54988656e8fff6b1d9b9993c71edd5cc10a2bea8d94d751b77fa7c48c712af35a9ffe670e8fa451942f48741119496bc30137e1202aed6bb5cd5c2d0256d049e4a335e2ea5545e5624be2391c37c0a2ae3bbb5b58778b85424bcdb84358359b2cb2782fc0e82f17b12d641ce6a72ab0ac794f878140897703bebe4420115d26675f27598841965fa91088252"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000000180)={0x2, 'vlan1\x00', {}, 0x9}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000d00)=ANY=[@ANYBLOB="18000000000000000000000000000000611080000000000095006e00000000007a6f005f596135d31c6833bb52305b95f2b64a33618975eadcecdbf444d77755de2b6373e106e80523bb553717ca08a8dcbbb2c09e5810105e13387341b12b316e016e9199c0b00dcde7b012dd58a25fa8946c249c77cf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x68, '\x00', 0x0, 0x9}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYRES32=r1, @ANYBLOB='&'], 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002400010026bd700001dbdf251cf9ffff060003"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$PTRACE_SETSIGMASK(0x420b, r5, 0x8, &(0x7f0000000040)={[0x401]}) ptrace$getregset(0x4204, r5, 0x200, &(0x7f0000000240)={&(0x7f0000000080)=""/49, 0x31}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r0}, 0x20) bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000)=[@mss={0x2, 0x4}, @mss, @window={0x3, 0x0, 0x1}], 0x3) r6 = syz_init_net_socket$ax25(0x3, 0x2, 0xce) r7 = syz_init_net_socket$ax25(0x3, 0x2, 0xcb) r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000)) bind$ax25(r7, 0x0, 0x0) bind$ax25(r6, &(0x7f0000000380)={{0x3, @default, 0x6}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$sock_ifreq(r9, 0x89f0, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) sendmmsg$unix(r0, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) 610.07817ms ago: executing program 3 (id=2589): mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0) execve(&(0x7f0000000140)='./file2\x00', 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)=""/154, 0x9a}], 0x1}, 0x0) mount(&(0x7f0000000300), 0x0, &(0x7f0000000180)='devtmpfs\x00', 0x2200892, 0x0) 609.839335ms ago: executing program 3 (id=2590): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) pipe2$watch_queue(&(0x7f0000002340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000010000104fcfffffffbdbdf2500000000", @ANYRES32=r0, @ANYBLOB="0315000004000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r1], 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 609.69506ms ago: executing program 3 (id=2591): mount(0x0, 0x0, &(0x7f0000000140)='hfsplus\x00', 0x204001, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) 528.936466ms ago: executing program 3 (id=2593): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) (async) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f0000000040)=[@in6={0xa, 0x4e20, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}], 0x1c) 428.981431ms ago: executing program 0 (id=2594): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async) r2 = accept4(r1, 0x0, 0x0, 0x80800) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4) (async) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000980)=@filter={'filter\x00', 0x4, 0x4, 0x340, 0xffffffff, 0x0, 0x0, 0xd0, 0xfeffffff, 0xffffffff, 0x270, 0x270, 0x270, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xd0}}, {{@ipv6={@private0, @loopback, [0xff, 0x0, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'team0\x00', 'batadv_slave_0\x00', {0xff}, {}, 0xff, 0xe7, 0x4, 0x44}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x9, 0x8, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0) (async) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000d40)=[@iv={0x1018, 0x117, 0x2, 0x1000, "4d9cd3e5b3fa122c1f3b3a48f0e7ad4b561d692cef477ca5cecff3f24370cf961704ba2eaf4c84d82174e65358d8a06ea7f3101c69f0a8d8dbf24031824a302e91ce0d47758e23c16f51cd3c53421399604b5fc90f48f8eadf1d438daee5189cf21d8c7480e70047efc2aa7ba0788857ca36ff9beabbef328dc28862c50a2202781b2db43df8dba9c0aa947694e8562a0649615be86b206b0408c0a02ed4c896624f56aebc478834ae3e18e81e83cf81e53c69f3004e6d827bdb8078a7c3b2a4a22ced2d92234b7c1ffc4d2cc2fd1e252166300238be0ba0402435a8fa9c32c8ccae165d188664ef5018d9ea25427225d3d83df1ee0a9da871cedb8d57579725a2c3e0c4e4ef8ce92cee35cd70d5009c3201527556d405679cd8ea6f3cf96df0a1f755aa16ca3b8f93db19bb3023ae04e2ed646a472627124245220a4e6582afb49248e4196d1c7586d9fffdfb9212d74ad4f9d10b396ec91a940a83a480caac92161449becf0c18846bd97617b92f4744493c63d275a4efe7d8404cddb981812829e7e2ed7df80c3814e65f86495ac456abd38a6ea335aa2eca75c0efd312881fd167bc5019442c755b5a4948a56ece836ef4b3e5351d84159e4de0a25d07248ffea90fece3035b3b8a20f7f30d1f179bf43da0301fa847c4a0dc66261e443ed8adbd6e33ca142bc44daa9c06e7e09ae74f0f138899e3a1ca14f9c23596d2e268e703674645929ec4c5cb25a5a50f00e068f7109d62491a6c9eaf3b5593b941407dd395509105d092118bb0b28d461c80dc2d9ccb495de06f5636bdf68314836a9abd819128070bad01ce37ef6590ff2ffa77cb9442d4ed7533dc4aabe7e15f741db9accc1e668d0455ddfa6b51cc20c9fb4304913a75dbe8775e1ce6e750464bfe77ebb0564ec564cd2b99257e282874384651d39656d4ff784668a9b677ec9264f348189164a4fbfc07c902036d72d47e9a77044904244ab8e8082e604261ec10e2759ae57c0c46bf19ed582bb4d25b8f9a93cbdc15911ec4ece602150f9733c9a87b990cc869f15817704e7d484b873908a5d95436193385eed971ce7e42e93efdcc5b10cd91dfe3fd17450518b81fd1db03b5b3c80e7a453d72e85849b22dcd968934e9de6817bacb713874b8dba8707f0b545b3245f4c7b9854de45513ca973a45223039adf949415bff68a9e85ca88bab8c2ed178da888f258e868a32c20fbf5cba212b01dbab014c1fac831460c7931081d2850265efc419f4d8426e181fa559ceccca08b701338f4094ec3334af69bf12d769900b87d87afea72ddcbbbc1d5fbeef0cdcadfe7642fbbb8ec1c08b36fe82865b7e390680ab49cdaf0089e8c859461161888f232e00c25ea886aa2974b5eb3ed564e5870cf7a7daacdcfc42718711c4e94ea60423722f5cda66430653171eceb6f634671806446006671ceef659bf1e80ab748ece367ee09d02b1def1e3027895e2302dc39f744d2aa7b6c8e1c8e7b90f04989b3c31800770e5a76a6ec6a9dd30a208f421f18f7db2918865deb3d66887f6939e64c06c2e7e3d62daabc2de06d104c1f20b76f2d24b11d05f0fd2f11fcd953ea5ad35cb9e866a9bba205cbe043c989f8ae657e0d9edc391335de3a186a21814f19f77a63bf4c34a45bb70a32bac3a5eedbe2913551857cdf131fae81ae21692d9bec7df8fa75dd73287b2a192dd82108a482229dd1a02df7938031ce8145fd41601ebfd16ee78fbcdec5994bcec4900ee4015e713a5f4842215240c39043a3110203176cf0220154294451e6798e8c7ec6dcc29a7496dca364e6ca88373b2f23b301b09b2d3dae6b765fba2c342ca645c97fd97c1418a1294548cc97f85dba24a1b1cca281f8536505caca4fd4a2dc884813e478f9fa3af50e607d3714621fb1f656f6fd8c839ca910bb8070c81ba7b8278d68feb71687b5fa606d3ab97b1e7be09517c0a8a6ae3ab63c486b92d48da7c18968e1551b338324454469c6c53536afc1fcb98b49534113fb13ed3cc97e0cd76ed5cfc4ebf5a858bdea1ddd9a6839f49be92bc3d74ff599cbe29b993bc9f22ff4d4d6ac2696d978e42d4cd93b82d11d767ceacf17bc97289b9d5a2eb7a4f992ff5c43f840697a127bb255ec4a44b347d80aad346d9a3ede227fb75ca10c1098b1fd9a4acbedc33a152352b4446e63d2e6887b76809f90135d0f20301acb873e67ae9b8b25dc3ae10ac0c034cd1ee935d5a5c3f47ecb386493fcb9fe36a63ae42c2f676051bc8a8d86d708d4bf032ebf7b09b21f6e2a9026704d68a687b881325a9d07540e528c1eacad688b7f6494ab9f6b72ded23476c43a87e688ec8dfab5d7d9ea6b24132c4734a7d96bdc5e317ad989efefbf81ea6f8ed31763f7548745c8c9c7d293dfb12c41519c5ca5f36458ee31cda3ab099054869e473e19a988e163c90ddce0ed40e2b8edef74fd1624c57cbecd4d45e248df44d46106633431468b741bc6f82af26552b4078baff6bee10d631b902cf4c5312cbe7d29823920a5e90d5c32a14cbd5e8ca41de8c5de97fd06aae800184f064e543e512ad54d02e605745a2ba4883310451b90763d6c2ba5ee490d830ae2bb008a468f94d4dbf2fa8446d0133cc0ec8ab5579cfd9147b83e0b891f9971a5d5cedf7d5087512dd9fb82157e48ec118f86e10884a3c5ab6b92f2f5ca44f279d8ebc8d8e18531c53e04850b7f9b700b79bf90c2704443012fac828a6be2be8928f711747c8c4854a6556f4283da1aa4804adcb5e78973a95ade4cc6565b7f4cf06cbcc229b8045e1ae1b1dcf8e43b510400c1b157c24c959a1df92471b47b1b937d3b2470b3f294d7ae2e5e03e880c9068e23aeab364ba9e4033344ff652a494eed894fe0c109acde2dc6cd380785d54d732b3a8c1781cc3dcc9f04d1337296d67941184d49b2b7fe9cd1ed471ea6e1b7fa7b91079cbdb66a7962e04371e84ba0debdaf4a481b26ff2b0222414dec850526c2d032d9d98813daf5218b3dad7baf0f0a7cb43e09a1e06a3b95c3eb7744effaf2222194f5c500c0840d8c0ee87c24ec961148af6f5ce9d3318e70f0213d5ad3bc991dbea42afb03aa490ffe56b8701dbc4ab0a6ea7df55bdbf9eacd9f4906afce1a593b9f6714115f2151e1f4badb0098456c6f3204ebb57b541a54bdfb6bad1a155da92c9909aa5d34abcb18a2254e88b84a4450475b61f7e38f95c7a762d81504805d12241fb1280e4dc36a6b2895514b02928ac2efaccd0b179334db75804f15ac96c46e05bc6f8470d3112639c4116268a5b11aad9185ace1b210c3899f67209d3a5fd77d7b4b9f2a9d00efc0fcdedca77ac0ff0cf5ed8eb74b9cdab10382c53afa4eda17fc9e1db26e32a1c621d54009c5130a3dfcd851542c7a5ada2bb328657a0c91aef71523a5ec2a8d933429435d06e1f8ab0644ee2930971b9c79f82687760b9af2c81c3f018bd2dc3de52a3c2de28aa7157f4a7a5c4cbf43432575494841fe92bbf0d4eb936c737507d62d2ea1ba5969529626dd7a4df38431bc091ce9221aad97deab35991cce86e724760b9a8f6e5aad8eb5dcc02bc69261b60108fc8d558fe3ddfc63c64e1ee09e845c9190c8b1c8798ef3abe85867fab6055b48c4864bd5913c63135696e03548225268ddb0f4ef5fb7995878ac341526fb856934b53b4b28a6c5f7515cddb430b4b3d7e48fcf3785abc95f87bb66076de49b7a02e314a4f2303aece3d184ebc83a53738644a71cf7eeb9c61548438024e16c61579b8140c6cd01b994d6c350d42b43f06218220b3e70d46c325cddd2880ed530e00abd4c721df68850117c47ea5a19427ea2acfac5f4fa5d8cfe00e802f0b55d16077a9e721aa0d5b809b85e525d92298741f3df0ce796a8d71aa1537ffa084eb3977f6a29d693b2ec52ba2870c7cd41bc587ef470c96d1c25ca4a295a93bd83ba3eba595e47d7b5cb26e436a01e00c1bfd70b4adbbfd7d721658725906c9ea5cd202fc5d9d8a0559ded13330b5e4ab7a8068b379b0c808d7804824bd25237a001fa49fe99acec4523815e6953bfa3cfbd850c86bd208a559d1904408c55c9343506b3eee8adba1712f2169eaccf2f9e1c9db5f451bf4b528028acfa6c1740000a5ab2acd967732aa9366e7d443653d50708a63ee25c69e36ba59a5ce04b4bd12ac1ffaf767a100f09333c9ecf56db8caba0f9ba426f9cadc3fcfc2d4b6d1f543ccd7cc4e76402accbbfafd709e830cf122901a89b5a7bf4f23264928a0575f7a393e392c6120b4c94f1a83487a94d5545a5901a606eb4ccf3837e569268fe54c7b7f371cc9d087e9808a6880e84cfeb7644e5cfc8a8c224028a6a376c25674913ae79b74ba0ab6b4394da8f0bbd8b40501699825c00b61aa3817144ff046b33d9c2a42306364229aa469b6970485dd23f7054e78d4f89bc70ea13c01f64b8a05d0304e064a9845093ac09a2c4d8e759fce6cf3d6dec59927f7aecdca3f807f42458635720c4d291e9705de51cce802db0ff3a025462bfebd6dd4b9568d9af989a3253ded5a853bb304969db0194133060fa09754b4fc997ba6f4aaa736ad0ee6fc055ebfa8d4c707f48d8b457aee0a598d3ea74b3a12a27f50f4fc4b86649886aa379d8659d0400dbc58348bdcdf5e81fc59f1213aa8e3d9962d420336cda2d6002f2023856f704de6fcb58a0bbbb7cf774b2c966b6fa856ca8e0a988c3d1e5e2f0e357ea797e8a3dbad8bc84fe4efe9b078d769ee2597275e4e85a89040c4ee7cf70b358ffc3a26d5db9e21ccc56278c58b724ec735277e3e47ff5fd2ddc1810e9c9b33f550544d35520c3de20366877585dd0a03c80b5b62ad19a0f638ea48a1cbca9160e41e78f82bdf82aeeafa00aaf900e63b1525aa67bbc2047546e8227faedc3bf40b7d37d2536af451c995d1d96c9010f6ffde0d44489e620dac8584714d8f2130556ec89d10de769a308ed7c25b4b7ab35dfdca92c4344dba7aeeaf04b80b3dc26cbc35e637c940b1c4b509100d25c24df707fb67612738409af10aa0f75158c23a98770c5f1a3871ee985de59bd3461c4f4bb01da9d16c5b00ff83a64499a2d7963c6451c7ffa91c992f41ef4997ea2566e70bca25d62b1faf5e2827eaa53989a2eee741e297ff3c66951f487e9e1221dbcb725dba44c5b1b111def8fca73c1e4e1fa808a7c7e7acd09526cf6b9925bf18907cf3d8c8ce945695a16f11f99815b97c45a90b9dd579ab3decb139f18b9cc28e578f0d7acfc96128972aec2a634a5dafc9141e52c78a5369df27ce27b13390d28cd90e55613fdbcf66022872dba93b0919cdde75ecf1824c53f064246de7ca7c66776ada1df61972d45ef7ce57c8dd7c94cf70160035bd55fda2a5de5269c12a2a0a9f8e56daaa4d592e4efb804888ab0b910412407a73a001ab384b05555cb53f6bb70750e67fd59462445b7b1be456403da8ef4b5a665a8dc24d8fd3b47a158d584d13860db51fd9788dd0f1bb6574a464feb0b20b7e315b82180bdfe16d7b851484e5cecddf3c954e69a223829229b26e1345508068808829249313acc7a4ea37133f5424cb2fc43404e940bda8bc6c2a7fa118b383404619467ae8beade1db932eb32e153e99bae4bc6f8087d6e864322d2e46942cdaee239d3bf19872dcee10137e25a44cd4787cc2021c0188dd07dfe54c3765a66245ebe03375a3b4966bc6e67e6b24dbcaee1ebbf584520542759156ed8908f1191dcd5edd0a6ded88e45091758c461edfd5ac7fe0d25de6f8fd7d7593df1f707c26c5bf5ff17f2696f0542f67"}], 0x1018}], 0x1, 0x40800) (async, rerun: 32) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007a00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) (rerun: 32) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r4, 0x4) (async) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)=0x10) read$dsp(r0, &(0x7f0000000100)=""/106, 0x6a) 338.334101ms ago: executing program 1 (id=2595): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f00000001c0)={r3, 0x8}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0xfd18, 0x5, 0x203, 0x9, 0x9, 0x10, 0x4, 0xffff, r3}, 0x20) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$x86(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$x86(r5, &(0x7f0000000040)={0x0, &(0x7f0000000080)=[@wrmsr={0x65, 0x20, {0xda0}}], 0x20}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 195.554896ms ago: executing program 0 (id=2596): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000003, 0x31, 0xffffffffffffffff, 0x1cef000) remap_file_pages(&(0x7f0000d98000/0x4000)=nil, 0x4000, 0x0, 0x1, 0x100) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) (async) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x80e40, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) (async) set_mempolicy_home_node(&(0x7f0000cef000/0x2000)=nil, 0x2000, 0x1, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x13) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x50009405, &(0x7f00000000c0)={0x7fe, 0xbff, 0x5}) (async) r2 = userfaultfd(0x80001) (async) r3 = socket(0x10, 0x803, 0x0) (async) r4 = socket(0x10, 0x803, 0x0) sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x0, 0x800, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000) (async) getsockname$packet(r3, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x38, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r5, 0x0, 0x1114}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xa}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x40000) (async) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x411b, 0xac}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0xa}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090) (async) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)) (async) r6 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000001040)=0x4) (async) ioctl$FIONREAD(r6, 0x541b, &(0x7f0000000880)) (async) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000}) 194.818384ms ago: executing program 0 (id=2597): creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0xfffffffffffffff9, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="b80000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000009000128009000100766c616e00000000800002800c0002000e0000000a000000340004800c00010017900000023f00000c000100f04ae965cb0b00000c00010004000000002000000c000100001000000900000006000100020000000c0002000a0000000c000000280003800c00010008000000090000000c00010009000000030000000c000100090000000080000008000500", @ANYRES8=r0], 0xb8}}, 0x2) 118.164418ms ago: executing program 0 (id=2598): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x190, 0x5230}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_SELECT={0x5, 0x16, 0x1}]}}}]}, 0x3c}}, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000141000001c00128009000100626f6e64000000000c00028005001f"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) (async) getpid() 319.424µs ago: executing program 0 (id=2599): mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0) execve(&(0x7f0000000140)='./file2\x00', 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)=""/154, 0x9a}], 0x1}, 0x0) mount(&(0x7f0000000300), 0x0, &(0x7f0000000180)='devtmpfs\x00', 0x2200892, 0x0) 0s ago: executing program 0 (id=2600): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140), 0x80482, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8ab43, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0x79}) r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x5) quotactl_fd$Q_SETINFO(r5, 0xffffffff80000602, 0xee00, &(0x7f0000000100)={0x4661, 0x4, 0x1, 0x4}) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x40000021, 0x0, 0x802}]}) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x45, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000640)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535e7976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fee30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac0b000000733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52ab50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472785521147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600000000000000000000000000000000000000000000000000000000000000000600"}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f00000000c0)={0x2, 0x8, 0x9, 0x7ff, 0x0, 0x4}) write$vga_arbiter(r0, &(0x7f0000000080)=ANY=[@ANYBLOB='decodes '], 0xd) kernel console output (not intermixed with test programs): ierarchical_memory_limit 314572800 [ 157.108966][T10327] hierarchical_memsw_limit 9223372036854771712 [ 157.111740][T10327] total_cache 302964736 [ 157.113714][T10327] total_rss 229376 [ 157.115464][T10327] total_rss_huge 0 [ 157.117236][T10327] total_shmem 302944256 [ 157.119144][T10327] total_mapped_file 4538368 [ 157.121174][T10327] total_dirty 0 [ 157.123042][T10327] total_writeback 0 [ 157.124545][T10327] total_workingset_refault_anon 85 [ 157.126306][T10327] total_workingset_refault_file 27374 [ 157.128215][T10327] total_swap 127913984 [ 157.129643][T10327] total_swapcached 81920 [ 157.131094][T10327] total_pgpgin 332720 [ 157.132487][T10327] total_pgpgout 258685 [ 157.134008][T10327] total_pgfault 153115 [ 157.135454][T10327] total_pgmajfault 780 [ 157.136871][T10327] total_inactive_anon 149483520 [ 157.138626][T10327] total_active_anon 153481216 [ 157.140263][T10327] total_inactive_file 8192 [ 157.141773][T10327] total_active_file 12288 [ 157.143300][T10327] total_unevictable 0 [ 157.144746][T10327] anon_cost 0 [ 157.145928][T10327] file_cost 0 [ 157.147092][T10327] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1523,pid=10327,uid=0 [ 157.152365][T10327] Memory cgroup out of memory: Killed process 10327 (syz.1.1523) total-vm:98620kB, anon-rss:1232kB, file-rss:32512kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:0 [ 157.206915][T10317] syz.1.1523 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 157.210619][T10317] CPU: 3 UID: 0 PID: 10317 Comm: syz.1.1523 Not tainted syzkaller #0 PREEMPT(full) [ 157.210640][T10317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 157.210649][T10317] Call Trace: [ 157.210654][T10317] [ 157.210661][T10317] dump_stack_lvl+0x100/0x190 [ 157.210687][T10317] dump_header+0xfb/0x606 [ 157.210705][T10317] oom_kill_process.cold+0xd/0x321 [ 157.210718][T10317] out_of_memory+0x340/0x14f0 [ 157.210737][T10317] ? __pfx_out_of_memory+0x10/0x10 [ 157.210755][T10317] mem_cgroup_out_of_memory+0xc6/0x130 [ 157.210766][T10317] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 157.210777][T10317] ? find_held_lock+0x2b/0x80 [ 157.210795][T10317] ? do_raw_spin_unlock+0x145/0x1e0 [ 157.210809][T10317] ? _raw_spin_unlock+0x28/0x50 [ 157.210820][T10317] try_charge_memcg+0x652/0xc90 [ 157.210839][T10317] ? __pfx_try_charge_memcg+0x10/0x10 [ 157.210854][T10317] ? find_held_lock+0x2b/0x80 [ 157.210873][T10317] ? rcu_read_unlock+0x17/0x60 [ 157.210888][T10317] ? rcu_read_unlock+0x17/0x60 [ 157.210909][T10317] charge_memcg+0xa6/0x280 [ 157.210924][T10317] __mem_cgroup_charge+0x2b/0x1e0 [ 157.210942][T10317] filemap_add_folio+0xe7/0x690 [ 157.210958][T10317] ? __pfx_filemap_add_folio+0x10/0x10 [ 157.210976][T10317] __filemap_get_folio_mpol+0x5d5/0xe70 [ 157.210996][T10317] filemap_fault+0x8b6/0x37c0 [ 157.211015][T10317] ? __pfx_filemap_fault+0x10/0x10 [ 157.211032][T10317] ? __pfx_filemap_map_pages+0x10/0x10 [ 157.211050][T10317] __do_fault+0x10d/0x550 [ 157.211066][T10317] do_fault+0xaf9/0x1990 [ 157.211085][T10317] __handle_mm_fault+0x1807/0x2b50 [ 157.211102][T10317] ? __pfx___handle_mm_fault+0x10/0x10 [ 157.211114][T10317] ? __pte_offset_map_lock+0x174/0x320 [ 157.211130][T10317] ? find_held_lock+0x2b/0x80 [ 157.211150][T10317] ? follow_page_pte+0x5b4/0x1410 [ 157.211168][T10317] handle_mm_fault+0x36d/0xa20 [ 157.211183][T10317] __get_user_pages+0xf9c/0x34d0 [ 157.211205][T10317] ? __pfx___get_user_pages+0x10/0x10 [ 157.211226][T10317] get_dump_page+0x27e/0x3d0 [ 157.211243][T10317] ? __pfx_get_dump_page+0x10/0x10 [ 157.211260][T10317] ? dump_user_range+0x73b/0xb50 [ 157.211277][T10317] dump_user_range+0x18d/0xb50 [ 157.211295][T10317] ? __pfx_dump_user_range+0x10/0x10 [ 157.211314][T10317] ? __pfx_writenote+0x10/0x10 [ 157.211333][T10317] elf_core_dump+0x2d16/0x3c60 [ 157.211357][T10317] ? __pfx_elf_core_dump+0x10/0x10 [ 157.211371][T10317] ? kasan_save_stack+0x30/0x50 [ 157.211383][T10317] ? kasan_save_track+0x14/0x30 [ 157.211395][T10317] ? __kasan_kmalloc+0xaa/0xb0 [ 157.211407][T10317] ? __kvmalloc_node_noprof+0x34d/0xac0 [ 157.211420][T10317] ? vfs_coredump+0x1f01/0x5530 [ 157.211433][T10317] ? arch_do_signal_or_restart+0x91/0x7a0 [ 157.211449][T10317] ? irqentry_exit+0x1f8/0x670 [ 157.211460][T10317] ? asm_exc_general_protection+0x26/0x30 [ 157.211474][T10317] ? 0xffffffffff600000 [ 157.211508][T10317] ? vfs_coredump+0x276c/0x5530 [ 157.211521][T10317] vfs_coredump+0x276c/0x5530 [ 157.211541][T10317] ? __pfx_vfs_coredump+0x10/0x10 [ 157.211555][T10317] ? __lock_acquire+0x4a5/0x2630 [ 157.211569][T10317] ? __lock_acquire+0x4a5/0x2630 [ 157.211581][T10317] ? lock_acquire+0x17c/0x330 [ 157.211595][T10317] ? lock_acquire+0x17c/0x330 [ 157.211609][T10317] ? bpf_ksym_find+0x128/0x1c0 [ 157.211622][T10317] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 157.211643][T10317] ? arch_stack_walk+0xa6/0xf0 [ 157.211664][T10317] ? stack_trace_save+0x8e/0xc0 [ 157.211680][T10317] ? __pfx_stack_trace_save+0x10/0x10 [ 157.211697][T10317] ? stack_depot_save_flags+0x27/0x9c0 [ 157.211713][T10317] ? __lock_acquire+0x4a5/0x2630 [ 157.211751][T10317] ? proc_coredump_connector+0x2d3/0x4f0 [ 157.211768][T10317] ? __pfx_proc_coredump_connector+0x10/0x10 [ 157.211789][T10317] ? rcu_is_watching+0x12/0xc0 [ 157.211806][T10317] get_signal+0x1f2a/0x21e0 [ 157.211842][T10317] ? __pfx_get_signal+0x10/0x10 [ 157.211864][T10317] arch_do_signal_or_restart+0x91/0x7a0 [ 157.211886][T10317] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 157.211907][T10317] ? exc_general_protection+0x12e/0x250 [ 157.211927][T10317] irqentry_exit+0x1f8/0x670 [ 157.211941][T10317] asm_exc_general_protection+0x26/0x30 [ 157.211952][T10317] RIP: 0033:0x7f7b23d9aec1 [ 157.211962][T10317] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 157.211973][T10317] RSP: 002b:00002000000000a0 EFLAGS: 00010217 [ 157.211983][T10317] RAX: 0000000000000000 RBX: 00007f7b24015fa0 RCX: 00007f7b23d9aeb9 [ 157.211991][T10317] RDX: 00002000000000c0 RSI: 00002000000000a0 RDI: 0000000006860000 [ 157.211998][T10317] RBP: 00007f7b23e08c1f R08: 0000200000000140 R09: 0000200000000140 [ 157.212004][T10317] R10: 0000200000000100 R11: 0000000000000206 R12: 0000000000000000 [ 157.212011][T10317] R13: 00007f7b24016038 R14: 00007f7b24015fa0 R15: 00007ffefcfa2818 [ 157.212026][T10317] [ 157.236356][T10770] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10770 comm=syz.3.1675 [ 157.236600][T10317] memory: usage 307200kB, limit 307200kB, failcnt 58051 [ 157.250716][T10770] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1675'. [ 157.251404][T10317] memory+swap: usage 432104kB, limit 9007199254740988kB, failcnt 0 [ 157.259181][ T40] audit: type=1400 audit(1770027421.343:538): avc: denied { write } for pid=10771 comm="syz.0.1676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 157.259905][T10317] kmem: usage 10972kB, limit 9007199254740988kB, failcnt 0 [ 157.259915][T10317] Memory cgroup stats for /syz1 [ 157.344616][T10774] overlayfs: failed to clone upperpath [ 157.345900][T10317] : [ 157.369721][T10772] netlink: 'syz.0.1676': attribute type 23 has an invalid length. [ 157.394414][T10317] cache 303054848 [ 157.407601][T10317] rss 229376 [ 157.409343][T10317] rss_huge 0 [ 157.410481][T10317] shmem 303042560 [ 157.411742][T10317] mapped_file 4538368 [ 157.413631][T10317] dirty 0 [ 157.414803][T10317] writeback 0 [ 157.415907][T10317] workingset_refault_anon 85 [ 157.417482][T10317] workingset_refault_file 27375 [ 157.419464][T10317] swap 127901696 [ 157.420698][T10317] swapcached 81920 [ 157.422438][T10317] pgpgin 332746 [ 157.423818][T10317] pgpgout 258689 [ 157.425086][T10317] pgfault 153118 [ 157.426241][T10317] pgmajfault 781 [ 157.427404][T10317] inactive_anon 187588608 [ 157.428858][T10317] active_anon 115736576 [ 157.430265][T10317] inactive_file 12288 [ 157.431557][T10317] active_file 0 [ 157.433304][T10317] unevictable 0 [ 157.434438][T10317] hierarchical_memory_limit 314572800 [ 157.436154][T10317] hierarchical_memsw_limit 9223372036854771712 [ 157.438077][T10317] total_cache 303054848 [ 157.439498][T10317] total_rss 229376 [ 157.440824][T10317] total_rss_huge 0 [ 157.443471][T10317] total_shmem 303042560 [ 157.448506][T10776] netlink: 'syz.2.1678': attribute type 5 has an invalid length. [ 157.449165][T10317] total_mapped_file 4538368 [ 157.455801][T10776] ip6erspan0: entered promiscuous mode [ 157.456363][T10317] total_dirty 0 [ 157.458978][T10317] total_writeback 0 [ 157.466673][T10317] total_workingset_refault_anon 85 [ 157.468299][T10317] total_workingset_refault_file 27375 [ 157.471804][T10317] total_swap 127901696 [ 157.473454][T10317] total_swapcached 81920 [ 157.474842][T10317] total_pgpgin 332746 [ 157.476123][T10317] total_pgpgout 258689 [ 157.477494][T10317] total_pgfault 153118 [ 157.478847][T10317] total_pgmajfault 781 [ 157.480383][T10317] total_inactive_anon 187588608 [ 157.482237][T10317] total_active_anon 115736576 [ 157.484216][T10317] total_inactive_file 12288 [ 157.485852][T10317] total_active_file 0 [ 157.487205][T10317] total_unevictable 0 [ 157.488814][T10317] anon_cost 0 [ 157.489945][T10317] file_cost 0 [ 157.491030][T10317] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1523,pid=10343,uid=0 [ 157.496867][T10317] Memory cgroup out of memory: Killed process 10343 (syz.1.1523) total-vm:98620kB, anon-rss:1184kB, file-rss:34032kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:0 [ 157.592126][T10721] syz.1.1658 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 157.595410][T10721] CPU: 0 UID: 0 PID: 10721 Comm: syz.1.1658 Not tainted syzkaller #0 PREEMPT(full) [ 157.595426][T10721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 157.595433][T10721] Call Trace: [ 157.595437][T10721] [ 157.595442][T10721] dump_stack_lvl+0x100/0x190 [ 157.595460][T10721] dump_header+0xfb/0x606 [ 157.595472][T10721] oom_kill_process.cold+0xd/0x321 [ 157.595484][T10721] out_of_memory+0x340/0x14f0 [ 157.595501][T10721] ? __pfx_out_of_memory+0x10/0x10 [ 157.595518][T10721] mem_cgroup_out_of_memory+0xc6/0x130 [ 157.595529][T10721] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 157.595539][T10721] ? find_held_lock+0x2b/0x80 [ 157.595556][T10721] ? do_raw_spin_unlock+0x145/0x1e0 [ 157.595569][T10721] ? _raw_spin_unlock+0x28/0x50 [ 157.595581][T10721] try_charge_memcg+0x652/0xc90 [ 157.595597][T10721] ? __pfx_try_charge_memcg+0x10/0x10 [ 157.595612][T10721] ? find_held_lock+0x2b/0x80 [ 157.595630][T10721] ? rcu_read_unlock+0x17/0x60 [ 157.595644][T10721] ? rcu_read_unlock+0x17/0x60 [ 157.595664][T10721] charge_memcg+0xa6/0x280 [ 157.595677][T10721] __mem_cgroup_charge+0x2b/0x1e0 [ 157.595694][T10721] shmem_alloc_and_add_folio+0x451/0xd40 [ 157.595710][T10721] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 157.595724][T10721] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 157.595740][T10721] shmem_get_folio_gfp+0x6ab/0x1900 [ 157.595756][T10721] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 157.595769][T10721] ? filemap_map_pages+0x9e0/0x2110 [ 157.595784][T10721] shmem_fault+0x1f9/0xa20 [ 157.595796][T10721] ? __lock_acquire+0x4a5/0x2630 [ 157.595807][T10721] ? __pfx_shmem_fault+0x10/0x10 [ 157.595821][T10721] ? __pfx_filemap_map_pages+0x10/0x10 [ 157.595838][T10721] __do_fault+0x10d/0x550 [ 157.595854][T10721] do_fault+0xaf9/0x1990 [ 157.595872][T10721] __handle_mm_fault+0x1807/0x2b50 [ 157.595887][T10721] ? __pfx___handle_mm_fault+0x10/0x10 [ 157.595899][T10721] ? __pte_offset_map_lock+0x174/0x320 [ 157.595913][T10721] ? find_held_lock+0x2b/0x80 [ 157.595932][T10721] ? follow_page_pte+0x5b4/0x1410 [ 157.595949][T10721] handle_mm_fault+0x36d/0xa20 [ 157.595963][T10721] __get_user_pages+0xf9c/0x34d0 [ 157.595983][T10721] ? __pfx___get_user_pages+0x10/0x10 [ 157.596003][T10721] populate_vma_page_range+0x267/0x3f0 [ 157.596020][T10721] ? __pfx_populate_vma_page_range+0x10/0x10 [ 157.596036][T10721] ? __pfx_find_vma_intersection+0x10/0x10 [ 157.596052][T10721] ? do_mmap+0x93f/0x12f0 [ 157.596068][T10721] __mm_populate+0x107/0x3a0 [ 157.596085][T10721] ? __pfx___mm_populate+0x10/0x10 [ 157.596102][T10721] ? up_write+0x290/0x4f0 [ 157.596116][T10721] vm_mmap_pgoff+0x37f/0x470 [ 157.596132][T10721] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 157.596151][T10721] ? __x64_sys_futex+0x34f/0x4d0 [ 157.596162][T10721] ? __x64_sys_futex+0x358/0x4d0 [ 157.596175][T10721] ksys_mmap_pgoff+0x7d/0x5b0 [ 157.596192][T10721] __x64_sys_mmap+0x125/0x190 [ 157.596207][T10721] do_syscall_64+0xc9/0xf80 [ 157.596220][T10721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.596230][T10721] RIP: 0033:0x7f7b23d9aeb9 [ 157.596240][T10721] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.596250][T10721] RSP: 002b:00007f7b24b95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 157.596261][T10721] RAX: ffffffffffffffda RBX: 00007f7b24015fa0 RCX: 00007f7b23d9aeb9 [ 157.596268][T10721] RDX: b635773f06ebbeef RSI: 0000000000b36000 RDI: 0000200000000000 [ 157.596274][T10721] RBP: 00007f7b23e08c1f R08: ffffffffffffffff R09: 0000000000000000 [ 157.596281][T10721] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 157.596287][T10721] R13: 00007f7b24016038 R14: 00007f7b24015fa0 R15: 00007ffefcfa2818 [ 157.596301][T10721] [ 157.596305][T10721] memory: usage 307124kB, limit 307200kB, failcnt 59321 [ 157.730342][T10721] memory+swap: usage 432116kB, limit 9007199254740988kB, failcnt 0 [ 157.752127][T10721] kmem: usage 10628kB, limit 9007199254740988kB, failcnt 0 [ 157.754605][T10721] Memory cgroup stats for /syz1: [ 157.754808][T10721] cache 301531136 [ 157.757693][T10721] rss 229376 [ 157.758816][T10721] rss_huge 0 [ 157.759956][T10721] shmem 301522944 [ 157.761194][T10721] mapped_file 4538368 [ 157.764305][T10807] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1688'. [ 157.777676][T10721] dirty 0 [ 157.778706][T10721] writeback 0 [ 157.779806][T10721] workingset_refault_anon 85 [ 157.781302][T10721] workingset_refault_file 27668 [ 157.791998][T10721] swap 127594496 [ 157.793230][T10721] swapcached 77824 [ 157.794445][T10721] pgpgin 337975 [ 157.795651][T10721] pgpgout 264291 [ 157.796834][T10721] pgfault 153344 [ 157.798010][T10721] pgmajfault 787 [ 157.811010][T10721] inactive_anon 143802368 [ 157.817821][T10807] bond0 (unregistering): Released all slaves [ 157.821726][T10721] active_anon 157896704 [ 157.828609][T10721] inactive_file 8192 [ 157.829900][T10721] active_file 0 [ 157.831038][T10721] unevictable 0 [ 157.832461][T10721] hierarchical_memory_limit 314572800 [ 157.834122][T10721] hierarchical_memsw_limit 9223372036854771712 [ 157.836089][T10721] total_cache 301531136 [ 157.837403][T10721] total_rss 229376 [ 157.838596][T10721] total_rss_huge 0 [ 157.859032][T10721] total_shmem 301522944 [ 157.860378][T10721] total_mapped_file 4538368 [ 157.868579][T10811] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1689'. [ 157.877363][T10721] total_dirty 0 [ 157.878347][T10811] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27098 sclass=netlink_route_socket pid=10811 comm=syz.3.1689 [ 157.878550][T10721] total_writeback 0 [ 157.879283][ T40] audit: type=1400 audit(1770027421.963:539): avc: denied { read } for pid=10810 comm="syz.3.1689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 157.901374][T10721] total_workingset_refault_anon 85 [ 157.912410][T10721] total_workingset_refault_file 27668 [ 157.914167][T10721] total_swap 127594496 [ 157.915884][T10721] total_swapcached 77824 [ 157.917469][T10721] total_pgpgin 337975 [ 157.918774][T10721] total_pgpgout 264291 [ 157.922335][T10721] total_pgfault 153344 [ 157.923742][T10721] total_pgmajfault 787 [ 157.925076][T10721] total_inactive_anon 143802368 [ 157.926744][T10721] total_active_anon 157896704 [ 157.928328][T10721] total_inactive_file 8192 [ 157.929857][T10721] total_active_file 0 [ 157.941977][T10721] total_unevictable 0 [ 157.943346][T10721] anon_cost 0 [ 157.944493][T10721] file_cost 0 [ 157.945593][T10721] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1523,pid=10303,uid=0 [ 157.953130][T10721] Memory cgroup out of memory: Killed process 10303 (syz.1.1523) total-vm:98620kB, anon-rss:1232kB, file-rss:38736kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:0 [ 157.963246][T10813] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1690'. [ 157.966443][T10813] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1690'. [ 158.001499][T10317] syz.1.1523 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 158.012252][T10317] CPU: 0 UID: 0 PID: 10317 Comm: syz.1.1523 Not tainted syzkaller #0 PREEMPT(full) [ 158.012268][T10317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 158.012275][T10317] Call Trace: [ 158.012279][T10317] [ 158.012284][T10317] dump_stack_lvl+0x100/0x190 [ 158.012302][T10317] dump_header+0xfb/0x606 [ 158.012313][T10317] oom_kill_process.cold+0xd/0x321 [ 158.012325][T10317] out_of_memory+0x340/0x14f0 [ 158.012342][T10317] ? __pfx_out_of_memory+0x10/0x10 [ 158.012359][T10317] mem_cgroup_out_of_memory+0xc6/0x130 [ 158.012370][T10317] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 158.012379][T10317] ? find_held_lock+0x2b/0x80 [ 158.012396][T10317] ? do_raw_spin_unlock+0x145/0x1e0 [ 158.012409][T10317] ? _raw_spin_unlock+0x28/0x50 [ 158.012420][T10317] try_charge_memcg+0x652/0xc90 [ 158.012437][T10317] ? __pfx_try_charge_memcg+0x10/0x10 [ 158.012451][T10317] ? find_held_lock+0x2b/0x80 [ 158.012464][T10317] ? rcu_read_unlock+0x17/0x60 [ 158.012479][T10317] ? rcu_read_unlock+0x17/0x60 [ 158.012498][T10317] charge_memcg+0xa6/0x280 [ 158.012512][T10317] __mem_cgroup_charge+0x2b/0x1e0 [ 158.012529][T10317] shmem_alloc_and_add_folio+0x451/0xd40 [ 158.012545][T10317] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 158.012558][T10317] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 158.012574][T10317] shmem_get_folio_gfp+0x6ab/0x1900 [ 158.012589][T10317] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 158.012611][T10317] shmem_write_begin+0x1a4/0x420 [ 158.012625][T10317] ? __pfx_shmem_write_begin+0x10/0x10 [ 158.012638][T10317] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 158.012657][T10317] generic_perform_write+0x292/0xa40 [ 158.012670][T10317] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 158.012688][T10317] ? __pfx_generic_perform_write+0x10/0x10 [ 158.012703][T10317] ? file_update_time_flags+0x31f/0x510 [ 158.012721][T10317] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 158.012735][T10317] shmem_file_write_iter+0x10e/0x140 [ 158.012751][T10317] __kernel_write_iter+0x2ac/0x920 [ 158.012764][T10317] ? __pfx___kernel_write_iter+0x10/0x10 [ 158.012776][T10317] ? __up_read+0x2c5/0x700 [ 158.012789][T10317] ? dump_user_range+0x73b/0xb50 [ 158.012806][T10317] dump_user_range+0x3f9/0xb50 [ 158.012822][T10317] ? __pfx_dump_user_range+0x10/0x10 [ 158.012840][T10317] ? __pfx_writenote+0x10/0x10 [ 158.012857][T10317] elf_core_dump+0x2d16/0x3c60 [ 158.012880][T10317] ? __pfx_elf_core_dump+0x10/0x10 [ 158.012893][T10317] ? kasan_save_stack+0x30/0x50 [ 158.012905][T10317] ? kasan_save_track+0x14/0x30 [ 158.012916][T10317] ? __kasan_kmalloc+0xaa/0xb0 [ 158.012927][T10317] ? __kvmalloc_node_noprof+0x34d/0xac0 [ 158.012938][T10317] ? vfs_coredump+0x1f01/0x5530 [ 158.012950][T10317] ? arch_do_signal_or_restart+0x91/0x7a0 [ 158.012966][T10317] ? irqentry_exit+0x1f8/0x670 [ 158.012976][T10317] ? asm_exc_general_protection+0x26/0x30 [ 158.012990][T10317] ? 0xffffffffff600000 [ 158.013021][T10317] ? vfs_coredump+0x276c/0x5530 [ 158.013033][T10317] vfs_coredump+0x276c/0x5530 [ 158.013052][T10317] ? __pfx_vfs_coredump+0x10/0x10 [ 158.013065][T10317] ? __lock_acquire+0x4a5/0x2630 [ 158.013078][T10317] ? __lock_acquire+0x4a5/0x2630 [ 158.013089][T10317] ? lock_acquire+0x17c/0x330 [ 158.013102][T10317] ? lock_acquire+0x17c/0x330 [ 158.013115][T10317] ? bpf_ksym_find+0x128/0x1c0 [ 158.013126][T10317] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 158.013147][T10317] ? arch_stack_walk+0xa6/0xf0 [ 158.013167][T10317] ? stack_trace_save+0x8e/0xc0 [ 158.013182][T10317] ? __pfx_stack_trace_save+0x10/0x10 [ 158.013197][T10317] ? stack_depot_save_flags+0x27/0x9c0 [ 158.013213][T10317] ? __lock_acquire+0x4a5/0x2630 [ 158.013246][T10317] ? proc_coredump_connector+0x2d3/0x4f0 [ 158.013262][T10317] ? __pfx_proc_coredump_connector+0x10/0x10 [ 158.013281][T10317] ? rcu_is_watching+0x12/0xc0 [ 158.013297][T10317] get_signal+0x1f2a/0x21e0 [ 158.013318][T10317] ? __pfx_get_signal+0x10/0x10 [ 158.013337][T10317] arch_do_signal_or_restart+0x91/0x7a0 [ 158.013353][T10317] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 158.013373][T10317] ? exc_general_protection+0x12e/0x250 [ 158.013391][T10317] irqentry_exit+0x1f8/0x670 [ 158.013404][T10317] asm_exc_general_protection+0x26/0x30 [ 158.013415][T10317] RIP: 0033:0x7f7b23d9aec1 [ 158.013423][T10317] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 158.013434][T10317] RSP: 002b:00002000000000a0 EFLAGS: 00010217 [ 158.013443][T10317] RAX: 0000000000000000 RBX: 00007f7b24015fa0 RCX: 00007f7b23d9aeb9 [ 158.013449][T10317] RDX: 00002000000000c0 RSI: 00002000000000a0 RDI: 0000000006860000 [ 158.013455][T10317] RBP: 00007f7b23e08c1f R08: 0000200000000140 R09: 0000200000000140 [ 158.013462][T10317] R10: 0000200000000100 R11: 0000000000000206 R12: 0000000000000000 [ 158.013468][T10317] R13: 00007f7b24016038 R14: 00007f7b24015fa0 R15: 00007ffefcfa2818 [ 158.013481][T10317] [ 158.013485][T10317] memory: usage 307064kB, limit 307200kB, failcnt 60359 [ 158.075460][T10822] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1693'. [ 158.122532][T10824] openvswitch: netlink: Unknown key attributes 2 [ 158.321952][ T40] audit: type=1400 audit(1770027422.403:540): avc: denied { setattr } for pid=10831 comm="syz.2.1696" name="SCTPv6" dev="sockfs" ino=23212 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 158.421911][T10317] memory+swap: usage 423028kB, limit 9007199254740988kB, failcnt 0 [ 158.425140][T10317] kmem: usage 10416kB, limit 9007199254740988kB, failcnt 0 [ 158.427775][T10317] Memory cgroup stats for /syz1: [ 158.427940][T10317] cache 294318080 [ 158.435031][T10317] rss 229376 [ 158.439899][T10317] rss_huge 0 [ 158.441329][T10317] shmem 294313984 [ 158.443311][T10317] mapped_file 5935104 [ 158.445052][T10317] dirty 0 [ 158.446321][T10317] writeback 0 [ 158.447788][T10317] workingset_refault_anon 85 [ 158.449809][T10317] workingset_refault_file 28438 [ 158.452109][T10317] swap 127913984 [ 158.456504][T10317] swapcached 77824 [ 158.457724][T10317] pgpgin 346440 [ 158.458934][T10317] pgpgout 274517 [ 158.460074][T10317] pgfault 154086 [ 158.461220][T10317] pgmajfault 795 [ 158.462482][T10317] inactive_anon 130805760 [ 158.464442][T10317] active_anon 162963456 [ 158.487628][T10317] inactive_file 0 [ 158.489669][T10317] active_file 4096 [ 158.491543][T10317] unevictable 0 [ 158.497816][T10317] hierarchical_memory_limit 314572800 [ 158.500096][T10317] hierarchical_memsw_limit 9223372036854771712 [ 158.502155][T10317] total_cache 294318080 [ 158.504820][T10317] total_rss 229376 [ 158.507317][T10317] total_rss_huge 0 [ 158.508747][T10317] total_shmem 294313984 [ 158.510258][T10317] total_mapped_file 5935104 [ 158.515859][T10317] total_dirty 0 [ 158.518881][T10317] total_writeback 0 [ 158.520745][T10317] total_workingset_refault_anon 85 [ 158.522807][T10317] total_workingset_refault_file 28438 [ 158.525789][T10317] total_swap 127913984 [ 158.529350][T10317] total_swapcached 77824 [ 158.531808][T10317] total_pgpgin 346440 [ 158.535054][T10317] total_pgpgout 274517 [ 158.536967][T10317] total_pgfault 154086 [ 158.538833][T10317] total_pgmajfault 795 [ 158.540725][T10317] total_inactive_anon 130805760 [ 158.544058][T10317] total_active_anon 162963456 [ 158.548228][T10317] total_inactive_file 0 [ 158.549787][T10317] total_active_file 4096 [ 158.551320][T10317] total_unevictable 0 [ 158.553095][T10317] anon_cost 0 [ 158.554358][T10317] file_cost 0 [ 158.555706][T10317] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1523,pid=10313,uid=0 [ 158.581029][T10317] Memory cgroup out of memory: Killed process 10313 (syz.1.1523) total-vm:98620kB, anon-rss:1232kB, file-rss:33272kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:0 [ 158.707513][T10860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1704'. [ 158.846175][T10865] CIFS mount error: No usable UNC path provided in device string! [ 158.846175][T10865] [ 158.850417][T10865] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 158.904687][T10868] gtp0: entered promiscuous mode [ 159.140942][T10305] syz.1.1523 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 159.152967][T10305] CPU: 2 UID: 0 PID: 10305 Comm: syz.1.1523 Not tainted syzkaller #0 PREEMPT(full) [ 159.152984][T10305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 159.152990][T10305] Call Trace: [ 159.152994][T10305] [ 159.152998][T10305] dump_stack_lvl+0x100/0x190 [ 159.153016][T10305] dump_header+0xfb/0x606 [ 159.153028][T10305] oom_kill_process.cold+0xd/0x321 [ 159.153040][T10305] out_of_memory+0x340/0x14f0 [ 159.153057][T10305] ? __pfx_out_of_memory+0x10/0x10 [ 159.153074][T10305] mem_cgroup_out_of_memory+0xc6/0x130 [ 159.153085][T10305] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 159.153095][T10305] ? find_held_lock+0x2b/0x80 [ 159.153112][T10305] ? do_raw_spin_unlock+0x145/0x1e0 [ 159.153125][T10305] ? _raw_spin_unlock+0x28/0x50 [ 159.153136][T10305] try_charge_memcg+0x652/0xc90 [ 159.153153][T10305] ? __pfx_try_charge_memcg+0x10/0x10 [ 159.153167][T10305] ? find_held_lock+0x2b/0x80 [ 159.153181][T10305] ? rcu_read_unlock+0x17/0x60 [ 159.153195][T10305] ? rcu_read_unlock+0x17/0x60 [ 159.153214][T10305] charge_memcg+0xa6/0x280 [ 159.153228][T10305] __mem_cgroup_charge+0x2b/0x1e0 [ 159.153244][T10305] filemap_add_folio+0xe7/0x690 [ 159.153259][T10305] ? __pfx_filemap_add_folio+0x10/0x10 [ 159.153276][T10305] __filemap_get_folio_mpol+0x5d5/0xe70 [ 159.153294][T10305] filemap_fault+0x8b6/0x37c0 [ 159.153312][T10305] ? __pfx_filemap_fault+0x10/0x10 [ 159.153328][T10305] ? __pfx_filemap_map_pages+0x10/0x10 [ 159.153345][T10305] __do_fault+0x10d/0x550 [ 159.153360][T10305] do_fault+0xaf9/0x1990 [ 159.153378][T10305] __handle_mm_fault+0x1807/0x2b50 [ 159.153393][T10305] ? __pfx___handle_mm_fault+0x10/0x10 [ 159.153405][T10305] ? __pte_offset_map_lock+0x174/0x320 [ 159.153419][T10305] ? find_held_lock+0x2b/0x80 [ 159.153438][T10305] ? follow_page_pte+0x5b4/0x1410 [ 159.153456][T10305] handle_mm_fault+0x36d/0xa20 [ 159.153469][T10305] __get_user_pages+0xf9c/0x34d0 [ 159.153490][T10305] ? __pfx___get_user_pages+0x10/0x10 [ 159.153510][T10305] get_dump_page+0x27e/0x3d0 [ 159.153525][T10305] ? __pfx_get_dump_page+0x10/0x10 [ 159.153541][T10305] ? dump_user_range+0x73b/0xb50 [ 159.153558][T10305] dump_user_range+0x18d/0xb50 [ 159.153574][T10305] ? __pfx_dump_user_range+0x10/0x10 [ 159.153592][T10305] ? __pfx_writenote+0x10/0x10 [ 159.153610][T10305] elf_core_dump+0x2d16/0x3c60 [ 159.153633][T10305] ? __pfx_elf_core_dump+0x10/0x10 [ 159.153646][T10305] ? kasan_save_stack+0x30/0x50 [ 159.153658][T10305] ? kasan_save_track+0x14/0x30 [ 159.153669][T10305] ? __kasan_kmalloc+0xaa/0xb0 [ 159.153680][T10305] ? __kvmalloc_node_noprof+0x34d/0xac0 [ 159.153691][T10305] ? vfs_coredump+0x1f01/0x5530 [ 159.153707][T10305] ? arch_do_signal_or_restart+0x91/0x7a0 [ 159.153723][T10305] ? irqentry_exit+0x1f8/0x670 [ 159.153733][T10305] ? asm_exc_general_protection+0x26/0x30 [ 159.153751][T10305] ? 0xffffffffff600000 [ 159.153785][T10305] ? vfs_coredump+0x276c/0x5530 [ 159.153798][T10305] vfs_coredump+0x276c/0x5530 [ 159.153816][T10305] ? __pfx_vfs_coredump+0x10/0x10 [ 159.153829][T10305] ? __lock_acquire+0x4a5/0x2630 [ 159.153847][T10305] ? __lock_acquire+0x4a5/0x2630 [ 159.153858][T10305] ? lock_acquire+0x17c/0x330 [ 159.153871][T10305] ? lock_acquire+0x17c/0x330 [ 159.153884][T10305] ? bpf_ksym_find+0x128/0x1c0 [ 159.153895][T10305] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 159.153916][T10305] ? arch_stack_walk+0xa6/0xf0 [ 159.153936][T10305] ? stack_trace_save+0x8e/0xc0 [ 159.153951][T10305] ? __pfx_stack_trace_save+0x10/0x10 [ 159.153966][T10305] ? stack_depot_save_flags+0x27/0x9c0 [ 159.153982][T10305] ? __lock_acquire+0x4a5/0x2630 [ 159.154016][T10305] ? proc_coredump_connector+0x2d3/0x4f0 [ 159.154032][T10305] ? __pfx_proc_coredump_connector+0x10/0x10 [ 159.154051][T10305] ? rcu_is_watching+0x12/0xc0 [ 159.154067][T10305] get_signal+0x1f2a/0x21e0 [ 159.154088][T10305] ? __pfx_get_signal+0x10/0x10 [ 159.154107][T10305] arch_do_signal_or_restart+0x91/0x7a0 [ 159.154124][T10305] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 159.154143][T10305] ? exc_general_protection+0x12e/0x250 [ 159.154162][T10305] irqentry_exit+0x1f8/0x670 [ 159.154174][T10305] asm_exc_general_protection+0x26/0x30 [ 159.154185][T10305] RIP: 0033:0x7f7b23d9aec1 [ 159.154194][T10305] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 159.154205][T10305] RSP: 002b:00002000000000a0 EFLAGS: 00010217 [ 159.154213][T10305] RAX: 0000000000000000 RBX: 00007f7b24015fa0 RCX: 00007f7b23d9aeb9 [ 159.154220][T10305] RDX: 00002000000000c0 RSI: 00002000000000a0 RDI: 0000000006860000 [ 159.154226][T10305] RBP: 00007f7b23e08c1f R08: 0000200000000140 R09: 0000200000000140 [ 159.154232][T10305] R10: 0000200000000100 R11: 0000000000000206 R12: 0000000000000000 [ 159.154239][T10305] R13: 00007f7b24016038 R14: 00007f7b24015fa0 R15: 00007ffefcfa2818 [ 159.154253][T10305] [ 159.154257][T10305] memory: usage 307200kB, limit 307200kB, failcnt 63850 [ 159.307820][T10305] memory+swap: usage 432064kB, limit 9007199254740988kB, failcnt 0 [ 159.310264][T10305] kmem: usage 9964kB, limit 9007199254740988kB, failcnt 0 [ 159.312537][T10305] Memory cgroup stats for /syz1: [ 159.312610][T10305] cache 304173056 [ 159.315361][T10305] rss 159744 [ 159.316402][T10305] rss_huge 0 [ 159.317436][T10305] shmem 304168960 [ 159.318616][T10305] mapped_file 3256320 [ 159.319860][T10305] dirty 0 [ 159.320790][T10305] writeback 0 [ 159.321915][T10305] workingset_refault_anon 101 [ 159.323430][T10305] workingset_refault_file 31332 [ 159.324979][T10305] swap 127860736 [ 159.326149][T10305] swapcached 135168 [ 159.327388][T10305] pgpgin 362996 [ 159.328525][T10305] pgpgout 288687 [ 159.329771][T10305] pgfault 155021 [ 159.331242][T10305] pgmajfault 865 [ 159.332960][T10305] inactive_anon 97198080 [ 159.334319][T10305] active_anon 207167488 [ 159.335626][T10305] inactive_file 4096 [ 159.336862][T10305] active_file 0 [ 159.338144][T10305] unevictable 0 [ 159.339798][T10305] hierarchical_memory_limit 314572800 [ 159.341564][T10305] hierarchical_memsw_limit 9223372036854771712 [ 159.343993][T10305] total_cache 304173056 [ 159.345324][T10305] total_rss 159744 [ 159.346490][T10305] total_rss_huge 0 [ 159.347655][T10305] total_shmem 304168960 [ 159.348995][T10305] total_mapped_file 3256320 [ 159.350677][T10305] total_dirty 0 [ 159.351782][T10305] total_writeback 0 [ 159.353488][T10305] total_workingset_refault_anon 101 [ 159.355147][T10305] total_workingset_refault_file 31332 [ 159.356839][T10305] total_swap 127860736 [ 159.358147][T10305] total_swapcached 135168 [ 159.359554][T10305] total_pgpgin 362996 [ 159.360833][T10305] total_pgpgout 288687 [ 159.362549][T10305] total_pgfault 155021 [ 159.363892][T10305] total_pgmajfault 865 [ 159.365246][T10305] total_inactive_anon 97198080 [ 159.366807][T10305] total_active_anon 207167488 [ 159.368302][T10305] total_inactive_file 4096 [ 159.369728][T10305] total_active_file 0 [ 159.371015][T10305] total_unevictable 0 [ 159.372741][T10305] anon_cost 0 [ 159.373845][T10305] file_cost 0 [ 159.374934][T10305] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1523,pid=10317,uid=0 [ 159.379584][T10305] Memory cgroup out of memory: Killed process 10317 (syz.1.1523) total-vm:98620kB, anon-rss:1232kB, file-rss:39084kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:0 [ 159.400538][T10305] syz.1.1523 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 159.405128][T10305] CPU: 0 UID: 0 PID: 10305 Comm: syz.1.1523 Not tainted syzkaller #0 PREEMPT(full) [ 159.405143][T10305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 159.405150][T10305] Call Trace: [ 159.405154][T10305] [ 159.405158][T10305] dump_stack_lvl+0x100/0x190 [ 159.405176][T10305] dump_header+0xfb/0x606 [ 159.405188][T10305] oom_kill_process.cold+0xd/0x321 [ 159.405200][T10305] out_of_memory+0x340/0x14f0 [ 159.405216][T10305] ? __pfx_out_of_memory+0x10/0x10 [ 159.405233][T10305] mem_cgroup_out_of_memory+0xc6/0x130 [ 159.405244][T10305] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 159.405253][T10305] ? find_held_lock+0x2b/0x80 [ 159.405270][T10305] ? do_raw_spin_unlock+0x145/0x1e0 [ 159.405284][T10305] ? _raw_spin_unlock+0x28/0x50 [ 159.405295][T10305] try_charge_memcg+0x652/0xc90 [ 159.405312][T10305] ? __pfx_try_charge_memcg+0x10/0x10 [ 159.405326][T10305] ? find_held_lock+0x2b/0x80 [ 159.405340][T10305] ? rcu_read_unlock+0x17/0x60 [ 159.405354][T10305] ? rcu_read_unlock+0x17/0x60 [ 159.405373][T10305] charge_memcg+0xa6/0x280 [ 159.405387][T10305] __mem_cgroup_charge+0x2b/0x1e0 [ 159.405404][T10305] filemap_add_folio+0xe7/0x690 [ 159.405418][T10305] ? __pfx_filemap_add_folio+0x10/0x10 [ 159.405436][T10305] __filemap_get_folio_mpol+0x5d5/0xe70 [ 159.405454][T10305] filemap_fault+0x8b6/0x37c0 [ 159.405472][T10305] ? __pfx_filemap_fault+0x10/0x10 [ 159.405487][T10305] ? __pfx_filemap_map_pages+0x10/0x10 [ 159.405504][T10305] __do_fault+0x10d/0x550 [ 159.405520][T10305] do_fault+0xaf9/0x1990 [ 159.405542][T10305] __handle_mm_fault+0x1807/0x2b50 [ 159.405557][T10305] ? __pfx___handle_mm_fault+0x10/0x10 [ 159.405569][T10305] ? __pte_offset_map_lock+0x174/0x320 [ 159.405584][T10305] ? find_held_lock+0x2b/0x80 [ 159.405603][T10305] ? follow_page_pte+0x5b4/0x1410 [ 159.405620][T10305] handle_mm_fault+0x36d/0xa20 [ 159.405634][T10305] __get_user_pages+0xf9c/0x34d0 [ 159.405655][T10305] ? __pfx___get_user_pages+0x10/0x10 [ 159.405674][T10305] get_dump_page+0x27e/0x3d0 [ 159.405690][T10305] ? __pfx_get_dump_page+0x10/0x10 [ 159.405706][T10305] ? dump_user_range+0x73b/0xb50 [ 159.405722][T10305] dump_user_range+0x18d/0xb50 [ 159.405742][T10305] ? __pfx_dump_user_range+0x10/0x10 [ 159.405761][T10305] ? __pfx_writenote+0x10/0x10 [ 159.405778][T10305] elf_core_dump+0x2d16/0x3c60 [ 159.405801][T10305] ? __pfx_elf_core_dump+0x10/0x10 [ 159.405815][T10305] ? kasan_save_stack+0x30/0x50 [ 159.405826][T10305] ? kasan_save_track+0x14/0x30 [ 159.405838][T10305] ? __kasan_kmalloc+0xaa/0xb0 [ 159.405848][T10305] ? __kvmalloc_node_noprof+0x34d/0xac0 [ 159.405860][T10305] ? vfs_coredump+0x1f01/0x5530 [ 159.405872][T10305] ? arch_do_signal_or_restart+0x91/0x7a0 [ 159.405888][T10305] ? irqentry_exit+0x1f8/0x670 [ 159.405898][T10305] ? asm_exc_general_protection+0x26/0x30 [ 159.405911][T10305] ? 0xffffffffff600000 [ 159.405943][T10305] ? vfs_coredump+0x276c/0x5530 [ 159.405956][T10305] vfs_coredump+0x276c/0x5530 [ 159.405974][T10305] ? __pfx_vfs_coredump+0x10/0x10 [ 159.405988][T10305] ? __lock_acquire+0x4a5/0x2630 [ 159.406001][T10305] ? __lock_acquire+0x4a5/0x2630 [ 159.406012][T10305] ? lock_acquire+0x17c/0x330 [ 159.406026][T10305] ? lock_acquire+0x17c/0x330 [ 159.406039][T10305] ? bpf_ksym_find+0x128/0x1c0 [ 159.406050][T10305] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 159.406070][T10305] ? arch_stack_walk+0xa6/0xf0 [ 159.406090][T10305] ? stack_trace_save+0x8e/0xc0 [ 159.406105][T10305] ? __pfx_stack_trace_save+0x10/0x10 [ 159.406121][T10305] ? stack_depot_save_flags+0x27/0x9c0 [ 159.406136][T10305] ? __lock_acquire+0x4a5/0x2630 [ 159.406170][T10305] ? proc_coredump_connector+0x2d3/0x4f0 [ 159.406186][T10305] ? __pfx_proc_coredump_connector+0x10/0x10 [ 159.406205][T10305] ? rcu_is_watching+0x12/0xc0 [ 159.406221][T10305] get_signal+0x1f2a/0x21e0 [ 159.406242][T10305] ? __pfx_get_signal+0x10/0x10 [ 159.406261][T10305] arch_do_signal_or_restart+0x91/0x7a0 [ 159.406278][T10305] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 159.406298][T10305] ? exc_general_protection+0x12e/0x250 [ 159.406316][T10305] irqentry_exit+0x1f8/0x670 [ 159.406329][T10305] asm_exc_general_protection+0x26/0x30 [ 159.406339][T10305] RIP: 0033:0x7f7b23d9aec1 [ 159.406348][T10305] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 159.406358][T10305] RSP: 002b:00002000000000a0 EFLAGS: 00010217 [ 159.406367][T10305] RAX: 0000000000000000 RBX: 00007f7b24015fa0 RCX: 00007f7b23d9aeb9 [ 159.406373][T10305] RDX: 00002000000000c0 RSI: 00002000000000a0 RDI: 0000000006860000 [ 159.406380][T10305] RBP: 00007f7b23e08c1f R08: 0000200000000140 R09: 0000200000000140 [ 159.406391][T10305] R10: 0000200000000100 R11: 0000000000000206 R12: 0000000000000000 [ 159.406398][T10305] R13: 00007f7b24016038 R14: 00007f7b24015fa0 R15: 00007ffefcfa2818 [ 159.406412][T10305] [ 159.406416][T10305] memory: usage 307200kB, limit 307200kB, failcnt 63986 [ 159.450694][T10671] udevd[10671]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 159.453541][T10305] memory+swap: usage 428448kB, limit 9007199254740988kB, failcnt 0 [ 159.453555][T10305] kmem: usage 9928kB, limit 9007199254740988kB, failcnt 0 [ 159.453562][T10305] Memory cgroup stats for /syz1: [ 159.453638][T10305] cache 303640576 [ 159.524449][ T40] audit: type=1400 audit(1770027423.613:541): avc: denied { create } for pid=10892 comm="syz.3.1712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 159.526418][T10305] rss 159744 [ 159.527047][ T40] audit: type=1400 audit(1770027423.613:542): avc: denied { write } for pid=10892 comm="syz.3.1712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 159.528847][T10305] rss_huge 0 [ 159.584834][T10305] shmem 303636480 [ 159.586016][T10305] mapped_file 3256320 [ 159.587293][T10305] dirty 0 [ 159.588250][T10305] writeback 0 [ 159.589344][T10305] workingset_refault_anon 101 [ 159.590877][T10305] workingset_refault_file 31332 [ 159.593419][T10305] swap 124481536 [ 159.594593][T10305] swapcached 131072 [ 159.595817][T10305] pgpgin 363883 [ 159.596937][T10305] pgpgout 289705 [ 159.598084][T10305] pgfault 155022 [ 159.599257][T10305] pgmajfault 865 [ 159.600398][T10305] inactive_anon 95617024 [ 159.601747][T10305] active_anon 208191488 [ 159.603637][T10305] inactive_file 0 [ 159.604820][T10305] active_file 4096 [ 159.606020][T10305] unevictable 0 [ 159.607152][T10305] hierarchical_memory_limit 314572800 [ 159.609053][T10305] hierarchical_memsw_limit 9223372036854771712 [ 159.611129][T10305] total_cache 303640576 [ 159.612990][T10305] total_rss 159744 [ 159.614215][T10305] total_rss_huge 0 [ 159.615435][T10305] total_shmem 303636480 [ 159.616757][T10305] total_mapped_file 3256320 [ 159.618179][T10305] total_dirty 0 [ 159.619353][T10305] total_writeback 0 [ 159.620605][T10305] total_workingset_refault_anon 101 [ 159.622745][T10305] total_workingset_refault_file 31332 [ 159.624473][T10305] total_swap 124481536 [ 159.625772][T10305] total_swapcached 131072 [ 159.627167][T10305] total_pgpgin 363883 [ 159.628412][T10305] total_pgpgout 289705 [ 159.629778][T10305] total_pgfault 155022 [ 159.631129][T10305] total_pgmajfault 865 [ 159.632950][T10305] total_inactive_anon 95617024 [ 159.634496][T10305] total_active_anon 208191488 [ 159.636081][T10305] total_inactive_file 0 [ 159.637463][T10305] total_active_file 4096 [ 159.638837][T10305] total_unevictable 0 [ 159.640108][T10305] anon_cost 0 [ 159.641203][T10305] file_cost 0 [ 159.643134][T10305] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1523,pid=10320,uid=0 [ 159.648275][T10305] Memory cgroup out of memory: Killed process 10320 (syz.1.1523) total-vm:98620kB, anon-rss:1232kB, file-rss:38972kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:0 [ 160.106650][ T40] audit: type=1400 audit(1770027424.193:543): avc: denied { mount } for pid=10913 comm="syz.3.1719" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 160.151693][T10921] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 160.258719][ T40] audit: type=1800 audit(1770027424.343:544): pid=10932 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.1726" name="file0" dev="tmpfs" ino=2302 res=0 errno=0 [ 160.267099][ T40] audit: type=1804 audit(1770027424.343:545): pid=10932 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.1726" name="file0" dev="tmpfs" ino=2302 res=1 errno=0 [ 160.382307][ T6000] libceph: connect (1)[c::]:6789 error -101 [ 160.385689][ T6000] libceph: mon0 (1)[c::]:6789 connect error [ 160.392773][ T6000] libceph: connect (1)[c::]:6789 error -101 [ 160.395558][ T6000] libceph: mon0 (1)[c::]:6789 connect error [ 160.436150][ T1027] libceph: connect (1)[c::]:6789 error -101 [ 160.438246][ T1027] libceph: mon0 (1)[c::]:6789 connect error [ 160.477838][T10305] syz.1.1523 (10305) used greatest stack depth: 18648 bytes left [ 160.663598][ T6000] libceph: connect (1)[c::]:6789 error -101 [ 160.665842][ T6000] libceph: mon0 (1)[c::]:6789 connect error [ 160.692147][ T1027] libceph: connect (1)[c::]:6789 error -101 [ 160.695028][ T1027] libceph: mon0 (1)[c::]:6789 connect error [ 161.182040][ T6000] libceph: connect (1)[c::]:6789 error -101 [ 161.184116][ T6000] libceph: mon0 (1)[c::]:6789 connect error [ 161.197232][T10944] ceph: No mds server is up or the cluster is laggy [ 161.200521][T10938] ceph: No mds server is up or the cluster is laggy [ 161.202033][ T1027] libceph: connect (1)[c::]:6789 error -101 [ 161.204816][ T1027] libceph: mon0 (1)[c::]:6789 connect error [ 161.237751][T10981] trusted_key: encrypted_key: keylen parameter is missing [ 161.444953][T10996] netem: incorrect ge model size [ 161.447650][T10996] netem: incorrect ge model size [ 161.520034][T11006] __nla_validate_parse: 3 callbacks suppressed [ 161.520055][T11006] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1744'. [ 161.733985][T11044] macvtap1: entered promiscuous mode [ 161.735738][T11044] macvtap1: entered allmulticast mode [ 161.737605][T11044] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 161.739831][T11044] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 161.744652][T11044] team0: Device macvtap1 failed to register rx_handler [ 161.749486][T11044] mac80211_hwsim hwsim6 wlan0: left allmulticast mode [ 161.752582][T11044] mac80211_hwsim hwsim6 wlan0: left promiscuous mode [ 162.051943][T11072] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pid=11072 comm=syz.1.1755 [ 162.057302][ T40] audit: type=1400 audit(1770027426.143:546): avc: denied { ioctl } for pid=11073 comm="syz.3.1756" path="socket:[21272]" dev="sockfs" ino=21272 ioctlcmd=0x941c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 162.103728][ T40] audit: type=1400 audit(1770027426.193:547): avc: denied { mounton } for pid=11079 comm="syz.0.1758" path="/442/file0" dev="tmpfs" ino=2351 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 162.140378][ T40] audit: type=1326 audit(1770027426.223:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11087 comm="syz.1.1761" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b23d9aeb9 code=0x7ffc0000 [ 162.226974][T11100] netlink: 'syz.3.1764': attribute type 13 has an invalid length. [ 162.305547][T11111] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1537 sclass=netlink_route_socket pid=11111 comm=syz.2.1767 [ 162.330488][T11115] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11115 comm=syz.1.1771 [ 162.401497][T11127] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.1774'. [ 162.406314][T11127] netlink: Unknown conntrack attr (0) [ 162.410004][T11127] netlink: 'syz.1.1774': attribute type 14 has an invalid length. [ 162.414092][T11127] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1774'. [ 162.425031][T11127] netlink: 'syz.1.1774': attribute type 14 has an invalid length. [ 162.428445][T11127] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1774'. [ 162.428632][T11039] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.435310][T11039] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.438943][T11039] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.441685][T11039] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.495779][T11139] netlink: 'syz.0.1776': attribute type 5 has an invalid length. [ 162.561473][T11148] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1782'. [ 162.598461][T11148] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11148 comm=syz.1.1782 [ 162.601740][T11151] overlay: Bad value for 'workdir' [ 162.609152][T11148] netlink: 492 bytes leftover after parsing attributes in process `syz.1.1782'. [ 162.669696][T11157] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 162.672867][T11157] overlayfs: missing 'lowerdir' [ 162.686139][T11159] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1784'. [ 162.749488][T11168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1787'. [ 162.754562][T11168] bridge_slave_1: left allmulticast mode [ 162.757264][T11168] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.765211][T11168] bridge_slave_0: left allmulticast mode [ 162.767407][T11168] bridge_slave_0: left promiscuous mode [ 162.769894][T11168] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.914565][T11182] netlink: 'syz.0.1791': attribute type 1 has an invalid length. [ 162.922893][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 162.922908][ T40] audit: type=1400 audit(1770027427.013:569): avc: denied { ioctl } for pid=11183 comm="syz.3.1792" path="/498/file0" dev="tmpfs" ino=2665 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 162.938813][T11182] bond4: entered promiscuous mode [ 162.940797][T11182] 8021q: adding VLAN 0 to HW filter on device bond4 [ 162.951122][T11182] bond4: (slave bridge4): making interface the new active one [ 162.953574][T11182] bridge4: entered promiscuous mode [ 162.956559][T11182] bond4: (slave bridge4): Enslaving as an active interface with an up link [ 162.963188][ T40] audit: type=1400 audit(1770027427.053:570): avc: denied { write } for pid=11181 comm="syz.0.1791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 162.964117][T11182] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11182 comm=syz.0.1791 [ 162.984470][T11182] bond4: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 162.988420][T11182] bond4: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 163.111997][T11197] futex_wake_op: syz.0.1797 tries to shift op by 32; fix this program [ 163.115814][T11198] futex_wake_op: syz.0.1797 tries to shift op by 32; fix this program [ 163.178988][T11210] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1801'. [ 163.204144][T11213] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 163.309799][T11231] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1810'. [ 163.318689][ T40] audit: type=1800 audit(1770027427.403:571): pid=11231 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.1810" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 163.410770][T11241] openvswitch: netlink: EtherType 50a is less than min 600 [ 163.590723][ T40] audit: type=1326 audit(1770027427.673:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11275 comm="syz.3.1821" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8bc9f9aeb9 code=0x0 [ 163.600790][ T40] audit: type=1326 audit(1770027427.673:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11275 comm="syz.3.1821" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8bc9f9aeb9 code=0x0 [ 163.705684][ T40] audit: type=1400 audit(1770027427.793:574): avc: denied { ioctl } for pid=11283 comm="syz.3.1822" path="socket:[24800]" dev="sockfs" ino=24800 ioctlcmd=0x8907 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 163.800488][ T40] audit: type=1400 audit(1770027427.883:575): avc: denied { relabelfrom } for pid=11302 comm="syz.1.1826" name="" dev="pipefs" ino=24818 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 163.900099][T11314] hsr_slave_1 (unregistering): left promiscuous mode [ 164.020676][T11346] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048) [ 164.510052][T11391] infiniband syû: set down [ 164.513594][T11391] infiniband syû: added bond_slave_0 [ 164.549615][T11391] RDS/IB: syû: added [ 164.551285][T11391] smc: adding ib device syû with port count 1 [ 164.556022][T11391] smc: ib device syû port 1 has no pnetid [ 164.925331][T11414] netlink: 'syz.2.1856': attribute type 8 has an invalid length. [ 164.929010][T11414] netlink: 'syz.2.1856': attribute type 8 has an invalid length. [ 164.968564][T11427] Option 'Ô_n'¶tr—1ZQ¥3Œ ¬-Öµ²ÙkÕXÜv~’' to dns_resolver key: bad/missing value [ 165.018808][ T40] audit: type=1326 audit(164.953:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11428 comm="syz.2.1862" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcd0779aeb9 code=0x0 [ 165.104335][T11447] netlink: zone id is out of range [ 165.112776][ T40] audit: type=1326 audit(165.053:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11428 comm="syz.2.1862" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcd0779aeb9 code=0x0 [ 165.411124][ T40] audit: type=1400 audit(165.343:578): avc: denied { create } for pid=11497 comm="syz.3.1880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 165.479640][T11506] 8021q: adding VLAN 0 to HW filter on device bond5 [ 165.985858][T11529] SELinux: Context system_u:object_r:null_device_t:s0 is not valid (left unmapped). [ 166.035206][T11535] netlink: 'syz.0.1893': attribute type 29 has an invalid length. [ 166.039120][T11535] netlink: 'syz.0.1893': attribute type 29 has an invalid length. [ 166.713442][T11590] __nla_validate_parse: 17 callbacks suppressed [ 166.713453][T11590] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1909'. [ 166.840549][T11595] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.908985][T11608] lo: entered allmulticast mode [ 166.919068][T11606] lo: left allmulticast mode [ 167.288376][T11643] netlink: 'syz.3.1926': attribute type 10 has an invalid length. [ 167.327085][T11670] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1933'. [ 168.030093][T11719] bond0: (slave bond_slave_0): Releasing backup interface [ 168.034995][T11719] bond0: (slave bond_slave_1): Releasing backup interface [ 168.040858][T11719] team0: Port device team_slave_0 removed [ 168.045568][T11719] team0: Port device team_slave_1 removed [ 168.047645][T11719] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.050963][T11719] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 168.054273][T11719] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 168.063625][T11718] ip6gre2: entered allmulticast mode [ 168.066707][T11718] team0: Port device ip6gre2 added [ 168.097122][T11722] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1943'. [ 168.102361][T11722] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1943'. [ 168.172680][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 168.172697][ T40] audit: type=1400 audit(168.113:581): avc: denied { read } for pid=11724 comm="syz.1.1944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 168.193818][T11727] overlayfs: empty lowerdir [ 168.265845][ T40] audit: type=1400 audit(168.203:582): avc: denied { read } for pid=11734 comm="syz.2.1948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 168.275260][ T40] audit: type=1400 audit(168.213:583): avc: denied { name_bind } for pid=11734 comm="syz.2.1948" src=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 168.354158][T11749] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1951'. [ 168.547644][T11766] veth1_to_bond: entered allmulticast mode [ 168.551041][T11765] veth1_to_bond: left allmulticast mode [ 168.556869][T11773] netlink: 'syz.1.1955': attribute type 15 has an invalid length. [ 168.665301][T11791] tipc: Enabling of bearer rejected, failed to enable media [ 168.768290][ T40] audit: type=1326 audit(168.703:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11805 comm="syz.1.1964" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7b23d9aeb9 code=0x0 [ 168.919261][T11826] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 169.661763][ T40] audit: type=1400 audit(169.593:585): avc: denied { ioctl } for pid=11858 comm="syz.1.1975" path="socket:[27995]" dev="sockfs" ino=27995 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 169.824056][T11865] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 169.828173][T11865] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1977'. [ 169.830414][ T40] audit: type=1400 audit(169.763:586): avc: denied { bind } for pid=11864 comm="syz.3.1977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 169.839014][ T40] audit: type=1400 audit(169.763:587): avc: denied { setopt } for pid=11864 comm="syz.3.1977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 170.059484][T11885] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1984'. [ 170.119146][T11888] netlink: 'syz.0.1985': attribute type 4 has an invalid length. [ 170.381319][T11914] netlink: 'syz.0.1992': attribute type 1 has an invalid length. [ 170.384873][T11914] netlink: 'syz.0.1992': attribute type 1 has an invalid length. [ 170.424728][ T40] audit: type=1400 audit(170.363:588): avc: denied { mount } for pid=11919 comm="syz.0.1994" name="/" dev="hugetlbfs" ino=27075 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 170.675557][T11948] overlay: filesystem on ./bus is read-only [ 170.675620][ T40] audit: type=1400 audit(170.613:589): avc: denied { mounton } for pid=11946 comm="syz.2.2004" path="/bus" dev="proc" ino=4026531853 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 170.675682][T11947] overlay: filesystem on ./bus is read-only [ 170.859645][ T40] audit: type=1400 audit(170.793:590): avc: denied { create } for pid=11971 comm="syz.2.2011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 170.997125][T11981] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.2012'. [ 171.025973][T11965] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2008'. [ 171.336721][T12015] overlayfs: failed to clone lowerpath [ 171.339571][T12015] 9pnet_fd: p9_fd_create_unix (12015): problem connecting socket: ./file0: -111 [ 171.395671][T12022] ip6gretap3: default qdisc (pfifo_fast) fail, fallback to noqueue [ 171.462378][T12024] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2028'. [ 171.540232][T12036] overlayfs: failed to clone upperpath [ 171.638782][T12046] sctp: [Deprecated]: syz.2.2033 (pid 12046) Use of struct sctp_assoc_value in delayed_ack socket option. [ 171.638782][T12046] Use struct sctp_sack_info instead [ 172.041503][T12059] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.164780][T11040] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20001 - 0 [ 172.167635][T11040] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20001 - 0 [ 172.170531][T11040] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20001 - 0 [ 172.174353][T11040] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20001 - 0 [ 172.320116][T12085] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2047'. [ 172.324670][T12085] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2047'. [ 172.327804][T12085] netlink: 'syz.0.2047': attribute type 5 has an invalid length. [ 172.375233][T12094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12094 comm=syz.2.2050 [ 172.379879][T12094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2578 sclass=netlink_route_socket pid=12094 comm=syz.2.2050 [ 172.384343][T12094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=12094 comm=syz.2.2050 [ 172.388551][T12094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2578 sclass=netlink_route_socket pid=12094 comm=syz.2.2050 [ 172.393425][T12094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=12094 comm=syz.2.2050 [ 172.397384][T12094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2562 sclass=netlink_route_socket pid=12094 comm=syz.2.2050 [ 172.400601][T12105] team0: Device gtp0 is of different type [ 172.401546][T12094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=12094 comm=syz.2.2050 [ 172.407595][T12094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2565 sclass=netlink_route_socket pid=12094 comm=syz.2.2050 [ 172.413252][T12094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=12094 comm=syz.2.2050 [ 172.417619][T12094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2571 sclass=netlink_route_socket pid=12094 comm=syz.2.2050 [ 172.563318][T12112] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 172.563318][T12112] The task syz.3.2053 (12112) triggered the difference, watch for misbehavior. [ 172.571292][T12114] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2055'. [ 172.591742][T12117] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.884689][ T63] Bluetooth: hci2: unexpected event 0x2f length: 1017 > 260 [ 173.028696][T12170] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2074'. [ 173.056764][T12174] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 173.176990][T12174] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2076'. [ 173.180143][T12174] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2076'. [ 173.183795][T12174] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2076'. [ 173.186964][T12174] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2076'. [ 173.189783][T12174] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2076'. [ 173.211674][T12172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2075'. [ 173.340152][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 173.340167][ T40] audit: type=1400 audit(173.273:595): avc: denied { mounton } for pid=12185 comm="syz.2.2079" path="/511/bus" dev="tmpfs" ino=2723 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 173.353536][T12186] MTD: Couldn't look up './bus': -15 [ 173.500448][T12203] PID 12203 killed due to inadequate hugepage pool [ 173.525544][T12205] chnl_net:caif_netlink_parms(): no params data found [ 173.677370][ T40] audit: type=1400 audit(173.613:596): avc: denied { create } for pid=12230 comm="syz.3.2090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 173.716906][T12243] vlan4: entered allmulticast mode [ 173.718641][T12243] veth0_to_bond: entered allmulticast mode [ 173.839684][ T40] audit: type=1400 audit(173.773:597): avc: denied { setopt } for pid=12258 comm="syz.2.2097" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 173.946325][ T40] audit: type=1400 audit(173.883:598): avc: denied { ioctl } for pid=12274 comm="syz.1.2101" path="socket:[28146]" dev="sockfs" ino=28146 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 174.432127][T11035] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 20001 - 0 [ 174.436037][T11035] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20001 - 0 [ 174.439865][T11035] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20001 - 0 [ 174.447510][T11035] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20001 - 0 [ 174.703385][T12380] netlink: zone id is out of range [ 174.705119][T12380] netlink: zone id is out of range [ 174.706769][T12380] netlink: zone id is out of range [ 174.708377][T12380] netlink: zone id is out of range [ 174.710113][T12380] netlink: zone id is out of range [ 174.711793][T12380] netlink: zone id is out of range [ 174.714244][T12380] netlink: zone id is out of range [ 174.715893][T12380] netlink: zone id is out of range [ 174.717507][T12380] netlink: zone id is out of range [ 174.851369][T12410] net_ratelimit: 65 callbacks suppressed [ 174.851382][T12410] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048) [ 174.887570][T12416] overlayfs: failed to clone upperpath [ 174.890115][ T40] audit: type=1400 audit(174.823:599): avc: denied { lock } for pid=12415 comm="syz.2.2141" path="socket:[27476]" dev="sockfs" ino=27476 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 175.053430][T12437] ip6gretap1: entered promiscuous mode [ 175.055292][T12437] ip6gretap1: entered allmulticast mode [ 175.592003][ T5948] Bluetooth: hci1: command 0x0406 tx timeout [ 175.592042][ T5942] Bluetooth: hci3: command 0x0406 tx timeout [ 175.594635][ T5933] Bluetooth: hci0: command 0x0406 tx timeout [ 175.594709][ T5943] Bluetooth: hci2: command 0x0406 tx timeout [ 175.872784][ T40] audit: type=1400 audit(175.803:600): avc: denied { getopt } for pid=12473 comm="syz.3.2161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 175.910805][T12481] netlink: 'syz.2.2164': attribute type 21 has an invalid length. [ 175.914097][T12481] IPv6: NLM_F_CREATE should be specified when creating new route [ 176.024970][T12500] fuse: Bad value for 'fd' [ 176.064361][T12506] netlink: 'syz.3.2172': attribute type 6 has an invalid length. [ 176.070349][ T40] audit: type=1400 audit(176.003:601): avc: denied { shutdown } for pid=12505 comm="syz.3.2172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 176.080158][T12500] netlink: 'syz.1.2169': attribute type 21 has an invalid length. [ 176.809893][T12579] overlayfs: failed to clone lowerpath [ 176.813540][T12579] overlayfs: failed to clone lowerpath [ 176.816837][T12579] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 176.828178][T12578] fuse: Unknown parameter 'fö' [ 176.859274][T12584] netlink: 'syz.0.2194': attribute type 7 has an invalid length. [ 176.862005][T12584] netlink: 'syz.0.2194': attribute type 8 has an invalid length. [ 176.922139][T12586] netlink: 'syz.0.2195': attribute type 1 has an invalid length. [ 177.225682][ T40] audit: type=1400 audit(177.163:602): avc: denied { execute } for pid=12612 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 177.237004][ T40] audit: type=1400 audit(177.163:603): avc: denied { execute_no_trans } for pid=12612 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 177.373628][ T5944] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 177.378670][ T5944] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 177.382630][ T5944] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 177.389116][ T5944] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 177.392092][ T5944] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 177.678215][T12621] chnl_net:caif_netlink_parms(): no params data found [ 177.751797][T12621] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.754770][T12621] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.757565][T12621] bridge_slave_0: entered allmulticast mode [ 177.761087][T12621] bridge_slave_0: entered promiscuous mode [ 177.766297][T12621] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.769129][T12621] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.772471][T12621] bridge_slave_1: entered allmulticast mode [ 177.776102][T12621] bridge_slave_1: entered promiscuous mode [ 177.801673][T12621] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.808114][T12621] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.834644][T12621] team0: Port device team_slave_0 added [ 177.839222][T12621] team0: Port device team_slave_1 added [ 177.867188][T12621] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.869880][T12621] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.880487][T12621] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 177.886357][T12621] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 177.888986][T12621] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.899164][T12621] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.937933][T12621] hsr_slave_0: entered promiscuous mode [ 177.940923][T12621] hsr_slave_1: entered promiscuous mode [ 178.104747][T12621] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 178.109223][T12621] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.117984][T12621] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 178.156641][ T40] audit: type=1326 audit(178.093:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12670 comm="syz.2.2219" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcd0779aeb9 code=0x0 [ 178.179445][T12621] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 178.184370][T12621] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.186034][T12675] __nla_validate_parse: 18 callbacks suppressed [ 178.186046][T12675] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2220'. [ 178.187836][T12621] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 178.283642][T12621] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 178.287896][T12621] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.291636][T12621] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 178.373713][T12621] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 178.377116][T12621] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.380478][T12621] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 178.391126][T12689] macvlan0: entered allmulticast mode [ 178.393588][T12689] veth1_vlan: entered allmulticast mode [ 178.399314][T12689] pim6reg: entered allmulticast mode [ 178.403955][T12689] veth1_vlan: left allmulticast mode [ 178.418060][T12689] macvlan0 (unregistering): left allmulticast mode [ 178.455697][T11019] bridge_slave_1: left allmulticast mode [ 178.458367][T11019] bridge_slave_1: left promiscuous mode [ 178.462072][T11019] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.467608][T11019] bridge_slave_0: left allmulticast mode [ 178.470018][T11019] bridge_slave_0: left promiscuous mode [ 178.472800][T11019] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.486157][T11019] batman_adv: batadv0: Interface deactivated: gretap2 [ 178.489515][T11019] batman_adv: batadv0: Interface deactivated: gretap3 [ 178.548727][T11019] bond2 (unregistering): (slave ip6gretap2): Releasing active interface [ 178.552483][T11038] wlan0: Trigger new scan to find an IBSS to join [ 178.625965][T11019] batman_adv: batadv0: Removing interface: gretap2 [ 178.634684][T11019] batman_adv: batadv0: Removing interface: gretap3 [ 178.856883][T11019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 178.863774][T11019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 178.868328][T11019] bond0 (unregistering): Released all slaves [ 178.944100][T11019] bond1 (unregistering): (slave veth3): Releasing active interface [ 178.949495][T11019] bond1 (unregistering): Released all slaves [ 179.020480][T11019] bond2 (unregistering): Released all slaves [ 179.030917][T11019] bond3 (unregistering): Released all slaves [ 179.083255][T12621] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 179.090967][T12621] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 179.109048][T12621] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 179.113629][T12621] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 179.127987][T11019] tipc: Left network mode [ 179.184708][T12719] netlink: 'syz.0.2230': attribute type 64 has an invalid length. [ 179.187722][T12719] netlink: 'syz.0.2230': attribute type 4 has an invalid length. [ 179.195145][T12719] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2230'. [ 179.205803][T12621] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.239854][T12621] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.246246][ T9911] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.248748][ T9911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.271099][ T9911] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.274210][ T9911] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.293434][T12730] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2233'. [ 179.344979][T12742] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2233'. [ 179.348125][T12742] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2233'. [ 179.348657][T12730] bond0: entered promiscuous mode [ 179.351151][T12742] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2233'. [ 179.359755][T12730] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.389754][T11019] hsr_slave_0: left promiscuous mode [ 179.392711][T11019] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 179.396529][T11019] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 179.422457][ T5944] Bluetooth: hci4: command tx timeout [ 179.443529][T12752] netlink: 'syz.2.2239': attribute type 10 has an invalid length. [ 179.634281][T12761] IPVS: set_ctl: invalid protocol: 22 172.20.20.170:20000 [ 179.641190][ T40] audit: type=1400 audit(179.573:605): avc: denied { accept } for pid=12760 comm="syz.0.2241" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 179.749021][ T40] audit: type=1400 audit(179.683:606): avc: denied { read } for pid=12764 comm="syz.1.2243" path="socket:[30744]" dev="sockfs" ino=30744 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 179.781199][T11019] team0 (unregistering): Port device team_slave_1 removed [ 179.817969][T11019] team0 (unregistering): Port device team_slave_0 removed [ 179.821204][ T40] audit: type=1400 audit(179.753:607): avc: denied { accept } for pid=12770 comm="syz.0.2246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 179.825276][T12771] netlink: 'syz.0.2246': attribute type 1 has an invalid length. [ 179.839216][T12771] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2246'. [ 179.888595][T11038] smc: removing ib device syû [ 180.065129][ T5944] Bluetooth: hci2: command 0x0406 tx timeout [ 180.279279][T12621] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.316694][T12796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2253'. [ 180.335186][T12621] veth0_vlan: entered promiscuous mode [ 180.340505][T12796] selinux_netlink_send: 1 callbacks suppressed [ 180.340515][T12796] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=12796 comm=syz.2.2253 [ 180.344622][T12621] veth1_vlan: entered promiscuous mode [ 180.403153][T12621] veth0_macvtap: entered promiscuous mode [ 180.414433][T12621] veth1_macvtap: entered promiscuous mode [ 180.428937][T12621] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 180.435808][T12621] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 180.462237][ T9911] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.465077][ T9911] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.492974][ T9911] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.496711][ T9911] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.547278][ T9911] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.550566][ T9911] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.577799][ T9904] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.581221][ T9904] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.597128][T11019] IPVS: stop unused estimator thread 0... [ 180.601390][ T40] audit: type=1400 audit(180.533:608): avc: denied { mounton } for pid=12621 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 180.914189][ T40] audit: type=1326 audit(180.853:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12826 comm="syz.2.2262" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcd0779aeb9 code=0x0 [ 180.995422][T12835] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 181.001475][T12835] Cannot find set identified by id 3 to match [ 181.204683][T12837] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2265'. [ 181.268336][T12856] overlay: Bad value for 'index' [ 181.477005][T12884] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 181.502119][ T5944] Bluetooth: hci4: command tx timeout [ 181.506121][T11019] wlan0: Trigger new scan to find an IBSS to join [ 181.516074][ T40] audit: type=1400 audit(181.453:610): avc: denied { open } for pid=12887 comm="syz.3.2279" path="/dev/ptyqa" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 181.523423][ T40] audit: type=1400 audit(181.453:611): avc: denied { ioctl } for pid=12887 comm="syz.3.2279" path="/dev/ptyqa" dev="devtmpfs" ino=137 ioctlcmd=0x5437 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 181.555406][ T40] audit: type=1400 audit(181.493:612): avc: denied { lock } for pid=12892 comm="syz.3.2282" path="socket:[29514]" dev="sockfs" ino=29514 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 181.563890][ T40] audit: type=1400 audit(181.503:613): avc: denied { read } for pid=12892 comm="syz.3.2282" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 181.571791][ T40] audit: type=1400 audit(181.503:614): avc: denied { open } for pid=12892 comm="syz.3.2282" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 181.862102][T12909] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.2287'. [ 181.883201][T12907] overlayfs: failed to clone upperpath [ 181.990523][T12920] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 182.152127][ T5944] Bluetooth: hci2: command 0x0406 tx timeout [ 182.267673][T12951] overlayfs: failed to clone upperpath [ 182.281541][T12953] delete_channel: no stack [ 182.406338][ T5947] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 182.410606][ T5947] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 182.416072][ T5947] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 182.420743][ T5947] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 182.424516][ T5947] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 182.599529][T12970] chnl_net:caif_netlink_parms(): no params data found [ 182.646215][T12970] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.648701][T12970] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.651113][T12970] bridge_slave_0: entered allmulticast mode [ 182.654193][T12970] bridge_slave_0: entered promiscuous mode [ 182.658054][T12970] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.660937][T12970] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.664297][T12970] bridge_slave_1: entered allmulticast mode [ 182.667416][T12970] bridge_slave_1: entered promiscuous mode [ 182.684696][T12970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.691772][T12970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.728026][T11035] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 182.731448][T11035] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.734784][T11035] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 182.748950][T12970] team0: Port device team_slave_0 added [ 182.753819][T12970] team0: Port device team_slave_1 added [ 182.777452][T12970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 182.780452][T12970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 182.795590][T12970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 182.801656][T12970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 182.804927][T12970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 182.815819][T12970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 182.833254][T11035] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 182.837875][T11035] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.842873][T11035] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 182.884632][T12970] hsr_slave_0: entered promiscuous mode [ 182.887920][T12970] hsr_slave_1: entered promiscuous mode [ 182.890901][T12970] debugfs: 'hsr0' already exists in 'hsr' [ 182.893170][T12970] Cannot create hsr debugfs directory [ 182.988714][T11035] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 182.993750][T11035] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.997020][T11035] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 183.112396][T11035] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 183.116733][T11035] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.121222][T11035] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 183.269031][T11035] bridge_slave_1: left allmulticast mode [ 183.271502][T11035] bridge_slave_1: left promiscuous mode [ 183.274326][T11035] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.281144][T11035] bridge_slave_0: left allmulticast mode [ 183.284732][T11035] bridge_slave_0: left promiscuous mode [ 183.287278][T11035] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.376350][T11035] bond1 (unregistering): (slave ip6gretap1): Releasing active interface [ 183.448129][T11035] gretap0 (unregistering): left promiscuous mode [ 183.582021][ T5947] Bluetooth: hci4: command tx timeout [ 183.750001][T11035] bond4 (unregistering): (slave bridge4): Releasing backup interface [ 183.752771][T11035] bridge4 (unregistering): left promiscuous mode [ 183.806270][T11035] bond0 (unregistering): left promiscuous mode [ 183.808874][T11035] bond_slave_0: left promiscuous mode [ 183.811481][T11035] bond_slave_1: left promiscuous mode [ 183.815744][T11035] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 183.821100][T11035] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 183.826022][T11035] bond0 (unregistering): Released all slaves [ 183.894037][T11035] bond1 (unregistering): Released all slaves [ 183.956666][T11035] bond2 (unregistering): Released all slaves [ 183.963357][T11035] bond3 (unregistering): Released all slaves [ 184.029871][T11035] bond4 (unregistering): Released all slaves [ 184.104005][T11035] bond5 (unregistering): Released all slaves [ 184.110285][T11035] bond6 (unregistering): Released all slaves [ 184.223133][ T5947] Bluetooth: hci2: command 0x0406 tx timeout [ 184.279585][T11035] : left promiscuous mode [ 184.354996][T13039] overlayfs: failed to clone upperpath [ 184.462088][ T5947] Bluetooth: hci1: command tx timeout [ 184.462168][ T9911] wlan0: Trigger new scan to find an IBSS to join [ 184.552043][ T5947] Bluetooth: hci5: command 0x1003 tx timeout [ 184.552532][ T5944] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 184.679116][T13061] syzkaller0: entered promiscuous mode [ 184.682094][T13061] syzkaller0: entered allmulticast mode [ 184.711264][T12970] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 184.718867][T12970] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 184.729998][T12970] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 184.743799][T11035] veth0: left promiscuous mode [ 184.749025][T11035] hsr_slave_0: left promiscuous mode [ 184.751318][T11035] hsr_slave_1: left promiscuous mode [ 184.753588][T11035] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 184.756116][T11035] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 184.759011][T11035] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 184.761392][T11035] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 184.771945][T11035] veth1_macvtap: left promiscuous mode [ 184.774656][T11035] veth0_macvtap: left promiscuous mode [ 184.777142][T11035] veth1_vlan: left promiscuous mode [ 184.779464][T11035] veth0_vlan: left promiscuous mode [ 184.830498][T11035] pim6reg (unregistering): left allmulticast mode [ 185.133088][T11035] team0 (unregistering): Port device team_slave_1 removed [ 185.155026][T11035] team0 (unregistering): Port device team_slave_0 removed [ 185.376830][T12970] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 185.383913][T11024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.395816][T13073] ªªªªªª: renamed from vlan0 [ 185.489829][T12970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.504884][T12970] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.512309][T11024] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.515283][T11024] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.522685][ T9911] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.525803][ T9911] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.579128][T13087] syzkaller0: entered promiscuous mode [ 185.581484][T13087] syzkaller0: entered allmulticast mode [ 185.588827][T13087] __nla_validate_parse: 1 callbacks suppressed [ 185.588841][T13087] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2326'. [ 185.598002][T13087] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2326'. [ 185.662232][ T5944] Bluetooth: hci4: command tx timeout [ 185.664884][T12970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.699171][T12970] veth0_vlan: entered promiscuous mode [ 185.708921][T12970] veth1_vlan: entered promiscuous mode [ 185.732639][T12970] veth0_macvtap: entered promiscuous mode [ 185.738883][T12970] veth1_macvtap: entered promiscuous mode [ 185.757024][T12970] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.768000][T12970] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.779349][T11023] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.786127][T11023] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.792037][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 185.792052][ T40] audit: type=1400 audit(185.723:625): avc: denied { name_connect } for pid=13095 comm="syz.3.2329" dest=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 185.792614][T11023] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.808835][T11023] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.857657][T11038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.860496][T11038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.876306][T11023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.878957][T11023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.890144][ T40] audit: type=1400 audit(185.823:626): avc: denied { mounton } for pid=12970 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 185.901086][ T40] audit: type=1400 audit(185.823:627): avc: denied { write } for pid=12970 comm="syz-executor" name="cgroup.procs" dev="cgroup" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:semanage_exec_t:s0" [ 185.941263][ T40] audit: type=1400 audit(185.823:628): avc: denied { open } for pid=12970 comm="syz-executor" path="/syzcgroup/cpu/syz0/cgroup.procs" dev="cgroup" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:semanage_exec_t:s0" [ 186.012419][ T40] audit: type=1400 audit(185.953:629): avc: denied { unmount } for pid=12970 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 186.074692][T13111] syzkaller0: entered promiscuous mode [ 186.077141][T13111] syzkaller0: entered allmulticast mode [ 186.143225][T13120] 9p: p9: multiple sources not supported [ 186.267054][T13135] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2345'. [ 186.273025][ T40] audit: type=1400 audit(186.203:630): avc: denied { write } for pid=13133 comm="syz.0.2345" name="001" dev="devtmpfs" ino=767 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 186.305414][ T5944] Bluetooth: hci2: command 0x0406 tx timeout [ 186.326035][T13148] validate_nla: 2 callbacks suppressed [ 186.326053][T13148] netlink: 'syz.3.2347': attribute type 8 has an invalid length. [ 186.338737][T13148] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2347'. [ 186.351172][T13148] bond0: entered promiscuous mode [ 186.354127][T13148] bond_slave_0: entered promiscuous mode [ 186.357181][T13148] bond_slave_1: entered promiscuous mode [ 186.362029][T13148] gretap0: entered promiscuous mode [ 186.365122][T13148] veth0: entered promiscuous mode [ 186.368072][T13148] hsr1: entered promiscuous mode [ 186.373267][T13154] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2346'. [ 186.379008][T13153] syzkaller0: entered promiscuous mode [ 186.380765][T13153] syzkaller0: entered allmulticast mode [ 186.495861][T13163] netlink: 'syz.3.2352': attribute type 2 has an invalid length. [ 186.568939][T13172] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2356'. [ 186.573257][ C3] vcan0: j1939_session_tx_dat: 0xffff8880358fac00: queue data error: -100 [ 186.585407][ T40] audit: type=1400 audit(186.523:631): avc: denied { read } for pid=5324 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 186.594775][ T40] audit: type=1400 audit(186.523:632): avc: denied { search } for pid=5324 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 186.603900][ T40] audit: type=1400 audit(186.523:633): avc: denied { search } for pid=5324 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 186.611749][ T40] audit: type=1400 audit(186.523:634): avc: denied { add_name } for pid=5324 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 186.677369][T13179] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 186.679727][T13179] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 186.703141][T13179] vhci_hcd vhci_hcd.0: Device attached [ 186.717194][T13179] vhci_hcd vhci_hcd.0: port 0 already used [ 186.721019][T13180] vhci_hcd: connection closed [ 186.723295][T11038] vhci_hcd vhci_hcd.3: stop threads [ 186.729821][T11038] vhci_hcd vhci_hcd.3: release socket [ 186.735603][T11038] vhci_hcd vhci_hcd.3: disconnect device [ 187.258182][T13226] netlink: 'syz.3.2373': attribute type 1 has an invalid length. [ 187.274295][T13226] 8021q: adding VLAN 0 to HW filter on device bond1 [ 187.323884][T13226] bond1: (slave veth3): Enslaving as an active interface with a down link [ 187.336138][T13226] bond1: (slave dummy0): making interface the new active one [ 187.339287][T13226] dummy0: entered promiscuous mode [ 187.341353][T13226] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 187.492476][T13248] syzkaller0: entered promiscuous mode [ 187.495061][T13248] syzkaller0: entered allmulticast mode [ 187.540484][T13252] overlayfs: conflicting options: userxattr,redirect_dir=on [ 187.633562][T13254] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2383'. [ 187.790924][T13275] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2388'. [ 187.844051][T13279] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2389'. [ 187.991295][T13295] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2395'. [ 188.054855][T13324] syzkaller0: entered promiscuous mode [ 188.056617][T13324] syzkaller0: entered allmulticast mode [ 188.221644][T13347] erspan1: entered promiscuous mode [ 188.254794][T13347] netlink: 'syz.0.2408': attribute type 10 has an invalid length. [ 188.291155][T13347] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.305180][T13347] bridge_slave_1: left allmulticast mode [ 188.307469][T13347] bridge_slave_1: left promiscuous mode [ 188.321263][T13347] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.340375][T13347] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 188.347118][ T5947] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 188.353716][ T5947] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 188.357563][ T5947] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 188.362075][ T5947] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 188.365586][ T5947] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 188.382376][ T5947] Bluetooth: hci2: command 0x0406 tx timeout [ 188.437560][T13369] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13369 comm=syz.0.2415 [ 188.497827][T11019] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.544918][T13360] chnl_net:caif_netlink_parms(): no params data found [ 188.563792][T13374] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2063 sclass=netlink_route_socket pid=13374 comm=syz.0.2415 [ 188.572965][ T6265] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 188.624804][T11019] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.647840][T13360] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.650137][T13360] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.653098][T13360] bridge_slave_0: entered allmulticast mode [ 188.655924][T13360] bridge_slave_0: entered promiscuous mode [ 188.659222][T13360] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.663496][T13360] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.665885][T13360] bridge_slave_1: entered allmulticast mode [ 188.668723][T13360] bridge_slave_1: entered promiscuous mode [ 188.685076][T13360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 188.689771][T13360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.703938][T11019] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.711948][ T6265] usb 8-1: device descriptor read/64, error -71 [ 188.735714][T13360] team0: Port device team_slave_0 added [ 188.740389][T13360] team0: Port device team_slave_1 added [ 188.795334][T11019] netdevsim netdevsim2 ªªªªªª (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.807494][T13360] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.810446][T13360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.823193][T13360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 188.831295][T13360] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 188.834244][T13360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.842610][T13360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.868571][T13360] hsr_slave_0: entered promiscuous mode [ 188.872005][T13360] hsr_slave_1: entered promiscuous mode [ 188.875662][T13360] debugfs: 'hsr0' already exists in 'hsr' [ 188.878243][T13360] Cannot create hsr debugfs directory [ 188.920132][T13388] x_tables: ip_tables: osf.0 match: invalid size 48 (kernel) != (user) 4096 [ 188.935372][T13388] syzkaller0: entered promiscuous mode [ 188.937204][T13388] syzkaller0: entered allmulticast mode [ 188.961984][ T6265] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 189.092489][ T6265] usb 8-1: device descriptor read/64, error -71 [ 189.141175][T11019] bond3 (unregistering): (slave ip6gretap2): Releasing active interface [ 189.202206][ T6265] usb usb8-port1: attempt power cycle [ 189.310088][ T5947] Bluetooth: unknown link type 128 [ 189.381303][T11019] bond2 (unregistering): (slave bridge1): Releasing backup interface [ 189.384956][T11019] bridge1 (unregistering): left promiscuous mode [ 189.387699][T11019] bridge1 (unregistering): left allmulticast mode [ 189.541879][T11019] bond4 (unregistering): (slave bridge3): Releasing backup interface [ 189.542080][ T6265] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 189.544619][T11019] bridge3 (unregistering): left promiscuous mode [ 189.563904][ T6265] usb 8-1: device descriptor read/8, error -71 [ 189.710477][T11019] bond1 (unregistering): Released all slaves [ 189.774454][T11019] bond2 (unregistering): Released all slaves [ 189.803490][ T6265] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 189.829484][ T6265] usb 8-1: device descriptor read/8, error -71 [ 189.842974][T11019] bond3 (unregistering): Released all slaves [ 189.904205][T11019] bond4 (unregistering): Released all slaves [ 189.932208][ T6265] usb usb8-port1: unable to enumerate USB device [ 189.972317][T11019] bond0 (unregistering): Released all slaves [ 189.979558][T11019] bond5 (unregistering): Released all slaves [ 190.077514][T11019] : left promiscuous mode [ 190.118839][T13413] netlink: 'syz.1.2427': attribute type 30 has an invalid length. [ 190.160534][T11019] tipc: Left network mode [ 190.326913][ T6000] IPVS: starting estimator thread 0... [ 190.383063][ T5947] Bluetooth: hci0: command tx timeout [ 190.396456][ T5947] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 190.399547][ T5947] Bluetooth: hci1: Injecting HCI hardware error event [ 190.403887][ T5947] Bluetooth: hci1: hardware error 0x00 [ 190.432147][T13439] IPVS: using max 44 ests per chain, 105600 per kthread [ 190.592920][T13460] netlink: 'syz.1.2436': attribute type 21 has an invalid length. [ 190.595069][T13360] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 190.616446][T13360] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 190.622840][T13360] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 190.649645][T13463] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.672349][T13360] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 190.769717][T13488] __nla_validate_parse: 6 callbacks suppressed [ 190.769735][T13488] netlink: 45 bytes leftover after parsing attributes in process `syz.1.2439'. [ 190.777896][T11019] hsr_slave_0: left promiscuous mode [ 190.781079][T11019] hsr_slave_1: left promiscuous mode [ 190.794725][T11019] veth0_macvtap: left promiscuous mode [ 190.797233][T11019] veth1_vlan: left promiscuous mode [ 190.800645][T11019] veth0_vlan: left promiscuous mode [ 191.351985][ T5944] Bluetooth: hci3: command 0x0406 tx timeout [ 191.416524][T13494] netlink: 'syz.3.2442': attribute type 10 has an invalid length. [ 191.420087][T13494] netlink: 228 bytes leftover after parsing attributes in process `syz.3.2442'. [ 191.474523][T13499] netlink: 'syz.0.2443': attribute type 9 has an invalid length. [ 191.496246][ T40] kauditd_printk_skb: 31 callbacks suppressed [ 191.496261][ T40] audit: type=1400 audit(191.433:666): avc: denied { bpf } for pid=13500 comm="syz.1.2444" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 191.570638][T13360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.595108][T13360] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.601787][ T9904] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.604168][ T9904] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.610505][ T9904] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.612975][ T9904] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.617440][ T40] audit: type=1800 audit(191.553:667): pid=13511 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.2446" name="policy" dev="tmpfs" ino=2987 res=0 errno=0 [ 191.755495][ T40] audit: type=1400 audit(191.693:668): avc: denied { append } for pid=13525 comm="syz.0.2449" name="ubi_ctrl" dev="devtmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 191.756841][T13526] ubi31: attaching mtd0 [ 191.778658][T13526] ubi31: scanning is finished [ 191.780693][T13526] ubi31: empty MTD device detected [ 191.790078][T13529] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2450'. [ 191.835178][T13360] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.851111][ T40] audit: type=1400 audit(191.783:669): avc: denied { mount } for pid=13539 comm="syz.3.2452" name="/" dev="overlay" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 191.851664][T13360] veth0_vlan: entered promiscuous mode [ 191.875306][T13540] evm: overlay not supported [ 191.877060][T13360] veth1_vlan: entered promiscuous mode [ 191.881497][T13544] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2453'. [ 191.892761][T13544] vlan0: entered allmulticast mode [ 191.895361][T13544] veth0_to_bond: entered allmulticast mode [ 191.923112][T13360] veth0_macvtap: entered promiscuous mode [ 191.940742][T13360] veth1_macvtap: entered promiscuous mode [ 191.946046][T11019] IPVS: stop unused estimator thread 0... [ 191.951611][T13526] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 191.969803][T13360] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 191.974983][ T40] audit: type=1400 audit(191.913:670): avc: denied { read } for pid=13548 comm="syz.3.2454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 191.984000][T13360] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 192.004156][T11035] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.007846][T11035] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.011398][T11035] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.051777][T11035] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.152367][ T9904] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.155567][ T9904] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.187131][T11023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.189665][T11023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.256532][ T40] audit: type=1400 audit(192.193:671): avc: denied { read } for pid=13573 comm="syz.0.2459" dev="nsfs" ino=4026533209 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 192.261250][T13581] nbd: must specify a size in bytes for the device [ 192.273509][ T40] audit: type=1400 audit(192.193:672): avc: denied { open } for pid=13573 comm="syz.0.2459" path="net:[4026533209]" dev="nsfs" ino=4026533209 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 192.302379][ T40] audit: type=1400 audit(192.203:673): avc: denied { associate } for pid=13573 comm="syz.0.2459" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 192.309596][T13585] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0. [ 192.313261][ T40] audit: type=1400 audit(192.243:674): avc: denied { mounton } for pid=13583 comm="syz.2.2460" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=38 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 192.350381][T13585] openvswitch: netlink: Tunnel attr 140 out of range max 16 [ 192.357815][ T40] audit: type=1400 audit(192.293:675): avc: denied { unmount } for pid=12621 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 192.366828][T13585] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 192.369955][T13585] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 192.462157][ T5944] Bluetooth: hci0: command tx timeout [ 192.463281][ T5947] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 192.499446][T13587] netlink: 184 bytes leftover after parsing attributes in process `syz.2.2462'. [ 192.679962][T13616] program syz.3.2468 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 192.690198][T13616] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 193.019826][T13638] netlink: 7 bytes leftover after parsing attributes in process `syz.3.2476'. [ 193.021209][T13641] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2477'. [ 193.111789][T13651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2481'. [ 193.115768][T13651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2481'. [ 193.151000][T13654] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=533 sclass=netlink_route_socket pid=13654 comm=syz.3.2482 [ 193.170864][T13651] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2481'. [ 193.238633][T13663] bridge0: entered promiscuous mode [ 193.270732][T13669] sctp: [Deprecated]: syz.1.2488 (pid 13669) Use of struct sctp_assoc_value in delayed_ack socket option. [ 193.270732][T13669] Use struct sctp_sack_info instead [ 193.314344][T13669] netlink: 'syz.1.2488': attribute type 1 has an invalid length. [ 193.425998][T13683] nbd: must specify a size in bytes for the device [ 193.870604][T13719] exFAT-fs (nbd2): unable to read boot sector [ 193.875692][T13719] exFAT-fs (nbd2): failed to read boot sector [ 193.878035][T13719] exFAT-fs (nbd2): failed to recognize exfat type [ 193.970347][T13735] netlink: 'syz.1.2510': attribute type 1 has an invalid length. [ 194.272752][T13762] befs: (loop3): No write support. Marking filesystem read-only [ 194.276581][T13762] befs: (loop3): unable to read superblock [ 194.312442][ T53] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 194.322845][T13764] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 194.441916][ T53] usb 5-1: device descriptor read/64, error -71 [ 194.458576][T13773] sctp: [Deprecated]: syz.1.2521 (pid 13773) Use of struct sctp_assoc_value in delayed_ack socket option. [ 194.458576][T13773] Use struct sctp_sack_info instead [ 194.541969][ T5947] Bluetooth: hci0: command tx timeout [ 194.681947][ T53] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 194.811992][ T53] usb 5-1: device descriptor read/64, error -71 [ 194.924050][ T53] usb usb5-port1: attempt power cycle [ 195.114208][T13782] nbd: must specify a size in bytes for the device [ 195.262354][ T53] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 195.282794][ T53] usb 5-1: device descriptor read/8, error -71 [ 195.385929][T13097] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 195.521981][ T53] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 195.542401][ T53] usb 5-1: device descriptor read/8, error -71 [ 195.543823][T13097] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 195.549248][T13097] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 195.553592][T13097] usb 8-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 195.557506][T13097] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.563260][T13097] usb 8-1: config 0 descriptor?? [ 195.652272][ T53] usb usb5-port1: unable to enumerate USB device [ 195.673072][T13804] : entered promiscuous mode [ 195.781715][T13808] netlink: 'syz.1.2530': attribute type 21 has an invalid length. [ 196.083369][T13817] loop2: detected capacity change from 0 to 7 [ 196.091086][T13817] Dev loop2: unable to read RDB block 7 [ 196.093275][T13817] loop2: unable to read partition table [ 196.095507][T13817] loop2: partition table beyond EOD, truncated [ 196.097898][T13817] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 196.196699][T13822] __nla_validate_parse: 9 callbacks suppressed [ 196.196717][T13822] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2534'. [ 196.318768][T13835] xt_hashlimit: max too large, truncated to 1048576 [ 196.325974][T13837] overlay: ./file0 is not a directory [ 196.472271][T13849] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2544'. [ 196.476161][T13849] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2544'. [ 196.479031][T13850] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2544'. [ 196.589314][T13856] netlink: 'syz.2.2547': attribute type 10 has an invalid length. [ 196.597685][T13856] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 196.622637][ T5947] Bluetooth: hci0: command tx timeout [ 196.634974][ T40] kauditd_printk_skb: 25 callbacks suppressed [ 196.635027][ T40] audit: type=1400 audit(196.573:701): avc: denied { accept } for pid=13860 comm="syz.2.2548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 196.643571][T13861] bridge0: port 3(veth0_to_bridge) entered blocking state [ 196.645980][T13861] bridge0: port 3(veth0_to_bridge) entered disabled state [ 196.648511][T13861] veth0_to_bridge: entered allmulticast mode [ 196.651296][T13861] veth0_to_bridge: entered promiscuous mode [ 196.653440][T13861] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 196.657870][T13861] bridge0: port 3(veth0_to_bridge) entered blocking state [ 196.660243][T13861] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 196.744315][T13865] policy can only be matched on NF_INET_PRE_ROUTING [ 196.744332][T13865] unable to load match [ 196.862360][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 196.866847][T13867] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2551'. [ 196.867439][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 196.875526][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 196.880445][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 196.885401][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 196.890380][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 196.895012][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 197.352006][ C1] net_ratelimit: 3471 callbacks suppressed [ 197.352019][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 197.352104][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 197.354357][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:3e:49:4d:da:13:bd, vlan:0) [ 197.359447][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 197.363801][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 197.368939][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 197.373608][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 197.378813][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 197.383626][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:3e:49:4d:da:13:bd, vlan:0) [ 197.388886][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 198.212431][ T5944] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 198.215640][ T5944] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 198.220625][ T5944] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 198.225377][ T5944] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 198.228215][ T5944] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 198.386472][T13906] chnl_net:caif_netlink_parms(): no params data found [ 198.456822][T13906] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.459983][T13906] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.464500][T13906] bridge_slave_0: entered allmulticast mode [ 198.468515][T13906] bridge_slave_0: entered promiscuous mode [ 198.474605][T13906] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.477742][T13906] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.480810][T13906] bridge_slave_1: entered allmulticast mode [ 198.484796][T13906] bridge_slave_1: entered promiscuous mode [ 198.510137][T13906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.516929][T13906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.538765][T13906] team0: Port device team_slave_0 added [ 198.542111][T13906] team0: Port device team_slave_1 added [ 198.556214][T13906] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.559015][T13906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 198.569090][T13906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.574296][T13906] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.577234][T13906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 198.588091][T13906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.640783][T13906] hsr_slave_0: entered promiscuous mode [ 198.643113][T13906] hsr_slave_1: entered promiscuous mode [ 198.645274][T13906] debugfs: 'hsr0' already exists in 'hsr' [ 198.647111][T13906] Cannot create hsr debugfs directory [ 198.768356][T13915] tmpfs: Unknown parameter 'm8g]AŒ\9²ëWpol' [ 198.771004][ T40] audit: type=1400 audit(198.703:702): avc: denied { mounton } for pid=13914 comm="syz.3.2564" path="/file0" dev="ramfs" ino=36993 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 198.792146][ T40] audit: type=1400 audit(198.713:703): avc: denied { remount } for pid=13914 comm="syz.3.2564" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 198.925436][T13097] usbhid 8-1:0.0: can't add hid device: -71 [ 198.928061][T13097] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 198.956559][T13906] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 198.970466][T13906] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 198.994361][T13097] usb 8-1: USB disconnect, device number 6 [ 199.112340][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.114410][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.180524][T13906] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 199.189303][T13906] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 199.367111][T13906] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 199.376155][T13906] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 199.495737][ T5944] Bluetooth: hci0: unexpected subevent 0x0a length: 108 > 30 [ 199.556592][T13906] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 199.559951][T13906] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 199.606478][T13938] netlink: 'syz.0.2570': attribute type 2 has an invalid length. [ 199.609211][T13938] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2570'. [ 199.622391][T11038] dummy0: left promiscuous mode [ 199.771419][ T40] audit: type=1400 audit(199.703:704): avc: denied { read } for pid=13954 comm="syz.3.2574" name="btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 199.786681][ T40] audit: type=1400 audit(199.713:705): avc: denied { open } for pid=13954 comm="syz.3.2574" path="/dev/btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 199.813443][ T40] audit: type=1400 audit(199.753:706): avc: denied { ioctl } for pid=13958 comm="syz.3.2575" path="socket:[37256]" dev="sockfs" ino=37256 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 199.822755][ T40] audit: type=1400 audit(199.763:707): avc: denied { getopt } for pid=13958 comm="syz.3.2575" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 199.843917][T13906] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 199.860397][T13906] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 199.893035][T13906] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 199.911405][T13962] netlink: 'syz.3.2576': attribute type 3 has an invalid length. [ 199.915384][T13906] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 199.928160][T13962] netfs: Couldn't get user pages (rc=-14) [ 199.931072][T13962] netfs: Zero-sized read [R=1] [ 200.029044][T13972] bridge1: entered promiscuous mode [ 200.031241][T13972] bridge1: entered allmulticast mode [ 200.070030][T13906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.077367][T13906] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.096272][T13906] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 200.099748][T13906] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 200.123213][T11038] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.125616][T11038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.129578][T11038] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.131955][T11038] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.134604][T13976] Bluetooth: MGMT ver 1.23 [ 200.302284][ T5947] Bluetooth: hci2: command tx timeout [ 200.310451][T13906] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.340624][T13906] veth0_vlan: entered promiscuous mode [ 200.350084][T13906] veth1_vlan: entered promiscuous mode [ 200.367102][T13988] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2583'. [ 200.369173][T13906] veth0_macvtap: entered promiscuous mode [ 200.377252][T13906] veth1_macvtap: entered promiscuous mode [ 200.387984][T13906] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 200.395472][T13906] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.403047][ T9904] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.405869][ T9904] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.409089][ T9904] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.413184][ T9904] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.501776][T13991] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2583'. [ 200.575754][T13994] xt_CT: You must specify a L4 protocol and not use inversions on it [ 200.582655][T11040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.588654][T13994] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2579'. [ 200.596789][T13994] veth0_to_bond: entered allmulticast mode [ 200.599570][T11040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.607858][T13994] Cannot find map_set index 65532 as target [ 200.617816][T13997] netlink: 'syz.0.2585': attribute type 1 has an invalid length. [ 200.631072][T11038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.639359][T11038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.686027][ T5947] block nbd2: Receive control failed (result -32) [ 200.710420][ T40] audit: type=1400 audit(200.643:708): avc: denied { mounton } for pid=13906 comm="syz-executor" path="/syzkaller.47F3Fb/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 200.718505][T14002] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 200.726499][T14002] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 200.800550][T13987] block nbd2: shutting down sockets [ 200.802697][T13997] gretap1: entered promiscuous mode [ 200.807433][T13997] bond1: (slave gretap1): making interface the new active one [ 200.817028][T13997] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 200.827649][T14005] macvlan2: entered promiscuous mode [ 200.829912][T14005] macvlan2: entered allmulticast mode [ 200.833096][T14005] bond1: entered promiscuous mode [ 200.836658][T14005] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 200.855055][T14005] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 200.877969][T14005] bond1: left promiscuous mode [ 201.052065][ T6000] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 201.212058][ T6000] usb 6-1: Using ep0 maxpacket: 8 [ 201.215952][ T6000] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 201.220555][ T6000] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 201.225131][ T6000] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.232552][ T6000] usb 6-1: config 0 descriptor?? [ 201.235982][T14019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2590'. [ 201.451237][ T6000] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 201.473946][ T53] usb 6-1: USB disconnect, device number 3 [ 201.582941][ T5947] Bluetooth: hci0: command 0x2016 tx timeout [ 201.585297][ T5944] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 201.629083][ T40] audit: type=1400 audit(201.563:709): avc: denied { append } for pid=14038 comm="syz.0.2596" name="btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 201.649548][ T40] audit: type=1400 audit(201.573:710): avc: denied { ioctl } for pid=14038 comm="syz.0.2596" path="/dev/btrfs-control" dev="devtmpfs" ino=1342 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 201.714605][T14046] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2598'. [ 201.717536][T14046] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2598'. [ 201.725561][T14046] netlink: 'syz.0.2598': attribute type 10 has an invalid length. [ 201.741372][T14046] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 201.798784][ T40] audit: type=1400 audit(201.733:711): avc: denied { append } for pid=14050 comm="syz.0.2600" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 201.902443][ T5944] ------------[ cut here ]------------ [ 201.904515][ T5944] refcnt < 0 [ 201.904525][ T5944] WARNING: net/bluetooth/hci_conn.c:567 at hci_conn_timeout+0x16a/0x230, CPU#3: kworker/u33:6/5944 [ 201.909152][ T5944] Modules linked in: [ 201.910795][ T5944] CPU: 3 UID: 0 PID: 5944 Comm: kworker/u33:6 Not tainted syzkaller #0 PREEMPT(full) [ 201.913944][ T5944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 201.917236][ T5944] Workqueue: hci0 hci_conn_timeout [ 201.918987][ T5944] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 201.920811][ T5944] Code: 44 0f b6 2d 6b 28 41 06 31 ff 41 83 e5 40 44 89 ee e8 ca 39 95 f7 45 84 ed 0f 84 02 ff ff ff e9 6c 9f ff f6 e8 67 3f 95 f7 90 <0f> 0b 90 e8 5e 3f 95 f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 201.927853][ T5944] RSP: 0018:ffffc90003a17bb0 EFLAGS: 00010293 [ 201.930438][ T5944] RAX: 0000000000000000 RBX: ffff88802c1e4a40 RCX: ffffffff8a71bb3f [ 201.933972][ T5944] RDX: ffff88802b508000 RSI: ffffffff8a71bc39 RDI: ffff88802b508000 [ 201.937329][ T5944] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 201.940465][ T5944] R10: 00000000ffffffff R11: 00000000000075a9 R12: ffff88802c1e4000 [ 201.943987][ T5944] R13: ffff88802b508484 R14: 0000000000000000 R15: ffff88810a146000 [ 201.947277][ T5944] FS: 0000000000000000(0000) GS:ffff8880d68d9000(0000) knlGS:0000000000000000 [ 201.951052][ T5944] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 201.953926][ T5944] CR2: 00007f080877f558 CR3: 00000000353bd000 CR4: 0000000000352ef0 [ 201.957303][ T5944] Call Trace: [ 201.958809][ T5944] [ 201.960122][ T5944] process_one_work+0x9c2/0x1840 [ 201.962384][ T5944] ? __pfx_process_one_work+0x10/0x10 [ 201.964755][ T5944] ? assign_work+0x19c/0x250 [ 201.966809][ T5944] worker_thread+0x5da/0xe40 [ 201.968832][ T5944] ? kthread+0x17d/0x730 [ 201.970705][ T5944] ? __pfx_worker_thread+0x10/0x10 [ 201.973004][ T5944] kthread+0x3b3/0x730 [ 201.974791][ T5944] ? __pfx_kthread+0x10/0x10 [ 201.976768][ T5944] ? ret_from_fork+0x79/0xaf0 [ 201.978809][ T5944] ? ret_from_fork+0x79/0xaf0 [ 201.980834][ T5944] ? rcu_is_watching+0x12/0xc0 [ 201.983020][ T5944] ? __pfx_kthread+0x10/0x10 [ 201.985282][ T5944] ret_from_fork+0x754/0xaf0 [ 201.987294][ T5944] ? __pfx_ret_from_fork+0x10/0x10 [ 201.989456][ T5944] ? __switch_to+0x7b9/0x10c0 [ 201.991630][ T5944] ? __pfx_kthread+0x10/0x10 [ 201.994008][ T5944] ret_from_fork_asm+0x1a/0x30 [ 201.996084][ T5944] [ 201.997540][ T5944] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 202.000575][ T5944] CPU: 3 UID: 0 PID: 5944 Comm: kworker/u33:6 Not tainted syzkaller #0 PREEMPT(full) [ 202.004543][ T5944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 202.008824][ T5944] Workqueue: hci0 hci_conn_timeout [ 202.010858][ T5944] Call Trace: [ 202.012030][ T5944] [ 202.013051][ T5944] dump_stack_lvl+0x100/0x190 [ 202.014618][ T5944] vpanic+0x20d/0x630 [ 202.015930][ T5944] panic+0xd1/0xd1 [ 202.017155][ T5944] ? __pfx_panic+0x10/0x10 [ 202.018941][ T5944] ? check_panic_on_warn+0x1f/0x90 [ 202.020798][ T5944] check_panic_on_warn.cold+0x19/0x34 [ 202.022546][ T5944] ? hci_conn_timeout+0x16a/0x230 [ 202.024196][ T5944] __warn.cold+0x191/0x2f8 [ 202.025658][ T5944] __report_bug+0x296/0x3d0 [ 202.027210][ T5944] ? hci_conn_timeout+0x16a/0x230 [ 202.029363][ T5944] ? __pfx___report_bug+0x10/0x10 [ 202.031514][ T5944] ? add_lock_to_list+0x99/0x110 [ 202.033813][ T5944] ? hci_conn_timeout+0x16a/0x230 [ 202.036012][ T5944] report_bug+0xb2/0x220 [ 202.037830][ T5944] ? hci_conn_timeout+0x16a/0x230 [ 202.040022][ T5944] handle_bug+0x166/0x2a0 [ 202.041902][ T5944] exc_invalid_op+0x17/0x50 [ 202.043916][ T5944] asm_exc_invalid_op+0x1a/0x20 [ 202.046025][ T5944] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 202.048433][ T5944] Code: 44 0f b6 2d 6b 28 41 06 31 ff 41 83 e5 40 44 89 ee e8 ca 39 95 f7 45 84 ed 0f 84 02 ff ff ff e9 6c 9f ff f6 e8 67 3f 95 f7 90 <0f> 0b 90 e8 5e 3f 95 f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 202.056478][ T5944] RSP: 0018:ffffc90003a17bb0 EFLAGS: 00010293 [ 202.058761][ T5944] RAX: 0000000000000000 RBX: ffff88802c1e4a40 RCX: ffffffff8a71bb3f [ 202.062063][ T5944] RDX: ffff88802b508000 RSI: ffffffff8a71bc39 RDI: ffff88802b508000 [ 202.065432][ T5944] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 202.068766][ T5944] R10: 00000000ffffffff R11: 00000000000075a9 R12: ffff88802c1e4000 [ 202.072106][ T5944] R13: ffff88802b508484 R14: 0000000000000000 R15: ffff88810a146000 [ 202.075471][ T5944] ? hci_conn_timeout+0x6f/0x230 [ 202.077593][ T5944] ? hci_conn_timeout+0x169/0x230 [ 202.079793][ T5944] process_one_work+0x9c2/0x1840 [ 202.081917][ T5944] ? __pfx_process_one_work+0x10/0x10 [ 202.084245][ T5944] ? assign_work+0x19c/0x250 [ 202.086248][ T5944] worker_thread+0x5da/0xe40 [ 202.088217][ T5944] ? kthread+0x17d/0x730 [ 202.090041][ T5944] ? __pfx_worker_thread+0x10/0x10 [ 202.092235][ T5944] kthread+0x3b3/0x730 [ 202.093995][ T5944] ? __pfx_kthread+0x10/0x10 [ 202.095987][ T5944] ? ret_from_fork+0x79/0xaf0 [ 202.098004][ T5944] ? ret_from_fork+0x79/0xaf0 [ 202.100036][ T5944] ? rcu_is_watching+0x12/0xc0 [ 202.102062][ T5944] ? __pfx_kthread+0x10/0x10 [ 202.104078][ T5944] ret_from_fork+0x754/0xaf0 [ 202.106054][ T5944] ? __pfx_ret_from_fork+0x10/0x10 [ 202.108246][ T5944] ? __switch_to+0x7b9/0x10c0 [ 202.110287][ T5944] ? __pfx_kthread+0x10/0x10 [ 202.112262][ T5944] ret_from_fork_asm+0x1a/0x30 [ 202.114330][ T5944] [ 202.116510][ T5944] Kernel Offset: disabled [ 202.118398][ T5944] Rebooting in 86400 seconds..