last executing test programs: 3.399871228s ago: executing program 2 (id=989): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000380)={0x43, 0x4, 0x3, 0x3}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0x75e}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27"}) ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, 0x0) ioctl$SW_SYNC_IOC_INC(0xffffffffffffffff, 0x40045701, &(0x7f0000000a40)=0xfff) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f00000002c0)=0xe) 3.050670724s ago: executing program 1 (id=990): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e24, 0x9, @mcast1, 0xfffffffe}], 0x1c) 3.050498048s ago: executing program 1 (id=991): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='netfs_rreq_ref\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$IOCTL_STOP_ACCEL_DEV(0xffffffffffffffff, 0x40096101, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x270, 0x0, &(0x7f0000000140)={0x0, 0x10}}, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r5, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, &(0x7f0000000040)={{0x6, 0x0, 0x0, 0x4}}, 0x0, 0x0}}) bind$unix(r4, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e) r6 = socket$tipc(0x1e, 0x2, 0x0) getsockopt$TIPC_NODE_RECVQ_DEPTH(r6, 0x10f, 0x83, 0x0, &(0x7f00000001c0)) 2.614312186s ago: executing program 3 (id=993): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000500)={0x2, 0x0, @ioapic={0xdddfa000, 0x8, 0x401, 0x80000002, 0x0, [{0x7, 0x10, 0xff, '\x00', 0x38}, {0x4, 0x1, 0x78, '\x00', 0x31}, {0x1, 0xb3, 0x1, '\x00', 0xc3}, {0x5, 0x9, 0x10, '\x00', 0x81}, {0x5, 0x82, 0x4, '\x00', 0x79}, {0xa, 0x80, 0x0, '\x00', 0x6}, {0x5, 0x8, 0x1, '\x00', 0x5}, {0x54, 0x3, 0x3, '\x00', 0xc}, {0x40, 0x0, 0x73, '\x00', 0xff}, {0x1, 0xb6, 0x9, '\x00', 0x82}, {0x6, 0x8, 0x7, '\x00', 0x1}, {0x1, 0x1, 0x18, '\x00', 0x4}, {0x8, 0xf, 0x5, '\x00', 0xf8}, {0x5, 0x10, 0x4, '\x00', 0x4}, {0x0, 0xc0, 0x0, '\x00', 0x1}, {0x5, 0x2, 0xfa, '\x00', 0x2}, {0x7, 0x6, 0x8, '\x00', 0x5}, {0x9, 0x0, 0xfa, '\x00', 0x5}, {0x1, 0x9, 0x9, '\x00', 0x46}, {0xf8, 0x8, 0xa, '\x00', 0xf8}, {0x8, 0x1, 0x0, '\x00', 0xf7}, {0x6, 0x6, 0x51, '\x00', 0xa}, {0xff, 0x2, 0x3, '\x00', 0x8}, {0x5, 0xe, 0x4, '\x00', 0xff}]}}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x41, 0x0, 0x40, 0x0, 0x0, 0x7, 0xf3, 0x3, 0x2, 0x4, 0x6, 0x1, 0x0, 0x8, 0x5, 0x0, 0x7, 0x2, 0x0, '\x00', 0x3, 0x9}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]}) 2.430817821s ago: executing program 2 (id=994): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) chdir(0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x400454e2, 0x110c230020) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r8, 0x400454e2, 0x110c230004) 2.311255402s ago: executing program 3 (id=995): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000001010101000000000000000002000000240001801400018008000100ac1e000108000200ac9414aa0c00028005000100010000000c001980080001000d"], 0x44}}, 0x0) 2.16307243s ago: executing program 3 (id=996): r0 = socket(0x29, 0x80805, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r0) syz_emit_ethernet(0x66, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private=0xe0, @multicast1=0xe000c800}, {{0x0, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4, 0x6558, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{}, 0xfffff788}}}}}}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000009c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x28}, 0x1, 0x0, 0x0, 0x20004}, 0x80) 2.021795847s ago: executing program 1 (id=997): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000700)={0x18, 0x1402, 0x1, 0x70bd25, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x4) 2.021500861s ago: executing program 3 (id=998): syz_usb_connect(0x5, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000a4d2ff40f3054002241b0102030109021b00010000000009040000014eaf32000905d6"], 0x0) 2.017963521s ago: executing program 1 (id=999): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)={0x1e0, 0x12, 0x400, 0x70bd29, 0x25dfdbff, {0x25, 0x0, 0xa, 0x7f, {0x4e24, 0x4e24, [0xfffffffe, 0x6, 0xfee7, 0xf], [0x7, 0xa1, 0x7, 0xfffffffd], 0x0, [0x1, 0x8]}, 0x8, 0x6}, [@INET_DIAG_REQ_BYTECODE={0x12, 0x1, "714586e08bb122fa0dc300418345"}, @INET_DIAG_REQ_BYTECODE={0x5b, 0x1, "3e805a178f528905e0516c48e8bfb939c3808eebac89afa5a21a18910e322d3d12215006911dda71c49c597e5b2cdf45b467cf6cfbf8ca0c645dac8605deed47f22578a1159dba4a02a19f6d88a3e7e6fc52bc58674b5b"}, @INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0x5c, 0x1, "e7dcc377a2e1135ed656ae13e9bc8340265cce49a06682f8bd9d6a0a8db1c4d27e31ee2da8253de23e9fb45a6123992a257a3e7d2f82e6521991a50435534f996b9dc474848aeb369452407b2a4c33da7a5ced9cc257615b"}, @INET_DIAG_REQ_BYTECODE={0xc4, 0x1, "df6116c2a44bf1dff191fb0e4ea96746a07f40ccd0b8801df296d62fb40065337dd243d9ab1db8674d08710b235d85a275a24039e2b089088583632af37a80e4817161e0521c5ba1f0d1c18a33b101dae9b3fb03f705c9c47647285f173ac84d6483632c9e7fd83f1adf38206fd80bda460f9a03e26cb67a2a8b99cfb55c2f79592541c424d04cf1b22d6e137691916ab4fb867a0495ffa5670e07ffa2dd1ee65add92f7aaf9c1b5f457d58884b938dea3bba8eb8b9cf5394fda5b733d0985fd"}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x80}, 0x2000005c) connect$phonet_pipe(r4, &(0x7f0000000040)={0x23, 0x1, 0x9, 0xfe}, 0x10) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00'}) r6 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r6, &(0x7f0000000280)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x8000, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}}, 0x24) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r6, 0x110, 0x3) ioctl(0xffffffffffffffff, 0x8b25, &(0x7f0000000040)) 1.628744132s ago: executing program 0 (id=1008): splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x39000, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@ipv6_newrule={0x2c, 0x18, 0x409, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}, @FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e23, 0x4e23}}]}, 0xfc80}}, 0x0) 1.416844954s ago: executing program 2 (id=1001): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000180)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x40043) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r3, 0x0, r0, 0x0, 0xffff, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 1.415660558s ago: executing program 0 (id=1010): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e21, @rand_addr=0x64010102}, {0x2, 0x4a24, @broadcast}, {0x2, 0x4e21, @rand_addr=0x640100ff}, 0x1da, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x1ff, 0x9}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc) 1.259835024s ago: executing program 0 (id=1002): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180400000000000400"/21], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000a40)=ANY=[@ANYBLOB="1801000000050000000000000000ea0485000000d000000095"], &(0x7f0000000a00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket(0x22, 0x2, 0x3) r4 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9) sendmsg$can_raw(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@can={{0x4, 0x1}, 0x2, 0x1, 0x0, 0x0, "054cded48f95b7b5"}, 0x10}, 0x1, 0x0, 0x0, 0x40}, 0xbab3fa9a080f6fe8) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000060000b000000000000000008500000017000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r5, 0x0, 0x8005, 0x0, &(0x7f0000000000)='\a\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x8005, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xfb, 0x7fff0000}]}) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x101402, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x5, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x8, 0x18, 0x9, 0x3, 0x4, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0) 1.160619013s ago: executing program 0 (id=1003): creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_pidfd_open(r1, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000500)={0x2, 0x0, @ioapic={0xdddfa000, 0x8, 0x401, 0x80000002, 0x0, [{0x7, 0x10, 0xff, '\x00', 0x38}, {0x4, 0x1, 0x78, '\x00', 0x31}, {0x1, 0xb3, 0x1, '\x00', 0xc3}, {0x5, 0x9, 0x10, '\x00', 0x81}, {0x5, 0x82, 0x4, '\x00', 0x79}, {0xa, 0x80, 0x0, '\x00', 0x6}, {0x5, 0x8, 0x1, '\x00', 0x5}, {0x54, 0x3, 0x3, '\x00', 0xc}, {0x40, 0x0, 0x73, '\x00', 0xff}, {0x1, 0xb6, 0x9, '\x00', 0x82}, {0x6, 0x8, 0x7, '\x00', 0x1}, {0x1, 0x1, 0x18, '\x00', 0x4}, {0x8, 0xf, 0x5, '\x00', 0xf8}, {0x5, 0x10, 0x4, '\x00', 0x4}, {0x0, 0xc0, 0x0, '\x00', 0x1}, {0x5, 0x2, 0xfa, '\x00', 0x2}, {0x7, 0x6, 0x8, '\x00', 0x5}, {0x9, 0x0, 0xfa, '\x00', 0x5}, {0x1, 0x9, 0x9, '\x00', 0x46}, {0xf8, 0x8, 0xa, '\x00', 0xf8}, {0x8, 0x1, 0x0, '\x00', 0xf7}, {0x6, 0x6, 0x51, '\x00', 0xa}, {0xff, 0x2, 0x3, '\x00', 0x8}, {0x5, 0xe, 0x4, '\x00', 0xff}]}}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000140)=@x86={0x41, 0x0, 0x40, 0x0, 0x0, 0x7, 0xf3, 0x3, 0x2, 0x4, 0x6, 0x1, 0x0, 0x8, 0x5, 0x0, 0x7, 0x2, 0x0, '\x00', 0x3, 0x9}) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]}) 1.060713233s ago: executing program 1 (id=1004): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) read$msr(0xffffffffffffffff, &(0x7f0000003040)=""/102399, 0x18fff) sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, 0x0, 0x2000000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x2}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x1802, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) close(0x4) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) fchdir(r5) r6 = open(&(0x7f0000000480)='.\x00', 0x48800, 0x50) r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) pwrite64(r7, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) getdents(r6, &(0x7f0000001fc0)=""/184, 0xb8) 991.022032ms ago: executing program 0 (id=1005): openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x6, [@struct={0x8, 0x1, 0x0, 0xf, 0x0, 0x10005, [{0x2, 0x5, 0xa}]}, @var={0x4, 0x0, 0x0, 0xe, 0x2}]}, {0x0, [0x30, 0xcf, 0x0, 0x0]}}, 0x0, 0x46, 0x0, 0x6}, 0x28) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)={0x24c, 0x12, 0x400, 0x70bd29, 0x25dfdbff, {0x25, 0x0, 0xa, 0x7f, {0x4e24, 0x4e24, [0xfffffffe, 0x6, 0xfee7, 0xf], [0x7, 0xa1, 0x7, 0xfffffffd], 0x0, [0x1, 0x8]}, 0x8, 0x6}, [@INET_DIAG_REQ_BYTECODE={0x12, 0x1, "714586e08bb122fa0dc300418345"}, @INET_DIAG_REQ_BYTECODE={0x6a, 0x1, "3e805a178f528905e0516c48e8bfb939c3808eebac89afa5a21a18910e322d3d12215006911dda71c49c597e5b2cdf45b467cf6cfbf8ca0c645dac8605deed47f22578a1159dba4a02a19f6d88a3e7e6fc52bc58674b5bbc0e2c62bc9d3ddf3cd64147b54c26"}, @INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0xb6, 0x1, "e7dcc377a2e1135ed656ae13e9bc8340265cce49a06682f8bd9d6a0a8db1c4d27e31ee2da8253de23e9fb45a6123992a257a3e7d2f82e6521991a50435534f996b9dc474848aeb369452407b2a4c33da7a5ced9cc257615b3862fbec4994727865219b7cccb700dc850f68375cb0e31e4d9138b7a8fe19f1cd0cc3cb7890a2674326dfc6fbeeaf2690d2a66735b4f5b771be7f6329101567ce48388b4fa0bba156eaa0ac563d57b8894c99ac1ab5268d0c08"}, @INET_DIAG_REQ_BYTECODE={0xc4, 0x1, "df6116c2a44bf1dff191fb0e4ea96746a07f40ccd0b8801df296d62fb40065337dd243d9ab1db8674d08710b235d85a275a24039e2b089088583632af37a80e4817161e0521c5ba1f0d1c18a33b101dae9b3fb03f705c9c47647285f173ac84d6483632c9e7fd83f1adf38206fd80bda460f9a03e26cb67a2a8b99cfb55c2f79592541c424d04cf1b22d6e137691916ab4fb867a0495ffa5670e07ffa2dd1ee65add92f7aaf9c1b5f457d58884b938dea3bba8eb8b9cf5394fda5b733d0985fd"}]}, 0x24c}, 0x1, 0x0, 0x0, 0x80}, 0x2000005c) connect$phonet_pipe(r4, &(0x7f0000000040)={0x23, 0x1, 0x9, 0xfe}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r7, &(0x7f0000000280)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x8000, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}}, 0x24) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r7, 0x110, 0x3) ioctl(r6, 0x8b25, &(0x7f0000000040)) 534.932071ms ago: executing program 2 (id=1006): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x4f29, 0x0, 0xc139, 0x4, 0x5, 0x4, 0x0, 0x0, 0x54c6c7f3, 0xfe, 0x2, 0x1, 0xd5f, 0x89, 0x6, 0x101, 0xfffffffe, 0xffff, 0x3, 0x40000003, 0x89, 0xcaa3, 0x20001002, 0x20001e5b, 0x8000003, 0xe69, 0x3, 0x8, 0x8004086, 0x0, 0xfffffff8]}) 460.907085ms ago: executing program 2 (id=1007): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$sock_timeval(r0, 0x1, 0x42, &(0x7f0000001600)={0x0, 0xea60}, 0x10) readv(r0, &(0x7f0000002c80)=[{&(0x7f0000001ac0)=""/133, 0x85}], 0x1) 460.719333ms ago: executing program 3 (id=1009): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, 0x0, &(0x7f00000002c0)) 390.899612ms ago: executing program 3 (id=1011): setresuid(0x0, 0xee00, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r7 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2) fcntl$addseals(r7, 0x409, 0x7) ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f0000000000)={r7, 0x0, 0x0, 0x8000}) 330.380514ms ago: executing program 2 (id=1012): syz_usb_connect$hid(0x3, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x172f, 0x34, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x1}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xf}}}}}]}}]}}, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xebed, 0x400, 0x0, 0x378}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x47ba, 0x3e82, 0x60, 0x0, 0xa7ff) 356.443µs ago: executing program 1 (id=1013): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x0, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x129a02, 0x0) sendfile(r7, r6, &(0x7f0000000080)=0xb, 0x8) socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x4e20, @rand_addr=0x64010102}]}, &(0x7f0000000180)=0x10) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000000)=0x1ff, 0x4) sendto$inet(r0, 0x0, 0xffef, 0x20000000, &(0x7f0000000240)={0x2, 0x4e22, @remote}, 0x10) setsockopt$inet_int(r0, 0x0, 0xb, 0x0, 0x0) 0s ago: executing program 0 (id=1014): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f00000003c0)="0f326635004000000f300f00d636808a0d0001ba4300b80b00eb66b88c5000000f23d02a3ff866352000000e0f23f80f01c30f789deb32660f3a21cf220f2bb00058660f1bde", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x3, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c) ioctl$KVM_RUN(r5, 0xae80, 0x0) kernel console output (not intermixed with test programs): [ 44.092210][ T40] audit: type=1400 audit(1765891138.698:59): avc: denied { write } for pid=5835 comm="sh" path="pipe:[3837]" dev="pipefs" ino=3837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 44.105051][ T40] audit: type=1400 audit(1765891138.698:60): avc: denied { rlimitinh } for pid=5835 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 44.113017][ T40] audit: type=1400 audit(1765891138.698:61): avc: denied { siginh } for pid=5835 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:33563' (ED25519) to the list of known hosts. [ 46.581911][ T40] audit: type=1400 audit(1765891141.188:62): avc: denied { name_bind } for pid=5891 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 46.619366][ T40] audit: type=1400 audit(1765891141.228:63): avc: denied { execute } for pid=5892 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 46.626421][ T40] audit: type=1400 audit(1765891141.228:64): avc: denied { execute_no_trans } for pid=5892 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 48.771548][ T40] audit: type=1400 audit(1765891143.378:65): avc: denied { mounton } for pid=5892 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 48.781871][ T40] audit: type=1400 audit(1765891143.388:66): avc: denied { mount } for pid=5892 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 48.783776][ T5892] cgroup: Unknown subsys name 'net' [ 48.936566][ T5892] cgroup: Unknown subsys name 'cpuset' [ 48.941765][ T5892] cgroup: Unknown subsys name 'rlimit' [ 49.086144][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 49.086155][ T40] audit: type=1400 audit(1765891143.698:68): avc: denied { setattr } for pid=5892 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 49.095377][ T40] audit: type=1400 audit(1765891143.698:69): avc: denied { create } for pid=5892 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.101812][ T40] audit: type=1400 audit(1765891143.698:70): avc: denied { write } for pid=5892 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.108487][ T40] audit: type=1400 audit(1765891143.698:71): avc: denied { read } for pid=5892 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.115169][ T40] audit: type=1400 audit(1765891143.708:72): avc: denied { mounton } for pid=5892 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 49.122764][ T40] audit: type=1400 audit(1765891143.708:73): avc: denied { mount } for pid=5892 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 49.129905][ T40] audit: type=1400 audit(1765891143.708:74): avc: denied { read } for pid=5644 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 49.136221][ T40] audit: type=1400 audit(1765891143.718:75): avc: denied { read } for pid=5644 comm="dhcpcd" name="n102" dev="tmpfs" ino=1957 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 49.142684][ T40] audit: type=1400 audit(1765891143.718:76): avc: denied { open } for pid=5644 comm="dhcpcd" path="/run/udev/data/n102" dev="tmpfs" ino=1957 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 49.143807][ T5918] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 49.150367][ T40] audit: type=1400 audit(1765891143.718:77): avc: denied { getattr } for pid=5644 comm="dhcpcd" path="/run/udev/data/n102" dev="tmpfs" ino=1957 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 49.976981][ T5892] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.062780][ T5293] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.066612][ T5293] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.069688][ T5293] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.072308][ T5293] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.075315][ T5293] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.078000][ T5293] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.078998][ T5937] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.088459][ T5937] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.094077][ T5934] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.096853][ T5934] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.096867][ T5293] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.103283][ T5293] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.106188][ T64] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.109155][ T5293] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.113661][ T5934] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.124781][ T64] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.128665][ T64] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.132224][ T64] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.135616][ T64] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.138753][ T64] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.331354][ T5931] chnl_net:caif_netlink_parms(): no params data found [ 53.396332][ T5941] chnl_net:caif_netlink_parms(): no params data found [ 53.406274][ T5933] chnl_net:caif_netlink_parms(): no params data found [ 53.411105][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 53.460231][ T5931] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.463099][ T5931] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.465491][ T5931] bridge_slave_0: entered allmulticast mode [ 53.468127][ T5931] bridge_slave_0: entered promiscuous mode [ 53.501484][ T5931] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.504009][ T5931] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.506293][ T5931] bridge_slave_1: entered allmulticast mode [ 53.508941][ T5931] bridge_slave_1: entered promiscuous mode [ 53.595905][ T5931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.630348][ T5931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.634317][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.637490][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.640667][ T5941] bridge_slave_0: entered allmulticast mode [ 53.645227][ T5941] bridge_slave_0: entered promiscuous mode [ 53.649151][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.652172][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.655143][ T5933] bridge_slave_0: entered allmulticast mode [ 53.658902][ T5933] bridge_slave_0: entered promiscuous mode [ 53.663371][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.666054][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.668794][ T5944] bridge_slave_0: entered allmulticast mode [ 53.672627][ T5944] bridge_slave_0: entered promiscuous mode [ 53.685815][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.688841][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.691809][ T5944] bridge_slave_1: entered allmulticast mode [ 53.695593][ T5944] bridge_slave_1: entered promiscuous mode [ 53.699713][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.702693][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.705760][ T5941] bridge_slave_1: entered allmulticast mode [ 53.709598][ T5941] bridge_slave_1: entered promiscuous mode [ 53.713035][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.716080][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.719211][ T5933] bridge_slave_1: entered allmulticast mode [ 53.723209][ T5933] bridge_slave_1: entered promiscuous mode [ 53.755041][ T5931] team0: Port device team_slave_0 added [ 53.770576][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.776377][ T5931] team0: Port device team_slave_1 added [ 53.786343][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.791339][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.807603][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.812587][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.844072][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.867823][ T5944] team0: Port device team_slave_0 added [ 53.870802][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.874048][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.884587][ T5931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.910143][ T5933] team0: Port device team_slave_0 added [ 53.913114][ T5944] team0: Port device team_slave_1 added [ 53.915234][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.917732][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.925437][ T5931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.930478][ T5941] team0: Port device team_slave_0 added [ 53.934513][ T5933] team0: Port device team_slave_1 added [ 53.966867][ T5941] team0: Port device team_slave_1 added [ 53.989584][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.992069][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.002399][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.007323][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.009949][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.019180][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.032126][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.035068][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.045573][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.058281][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.061127][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.071422][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.076776][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.079548][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.089772][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.102642][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.104909][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.112925][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.134580][ T5931] hsr_slave_0: entered promiscuous mode [ 54.136828][ T5931] hsr_slave_1: entered promiscuous mode [ 54.172666][ T5941] hsr_slave_0: entered promiscuous mode [ 54.174930][ T5941] hsr_slave_1: entered promiscuous mode [ 54.177027][ T5941] debugfs: 'hsr0' already exists in 'hsr' [ 54.178860][ T5941] Cannot create hsr debugfs directory [ 54.202573][ T5944] hsr_slave_0: entered promiscuous mode [ 54.205765][ T5944] hsr_slave_1: entered promiscuous mode [ 54.207913][ T5944] debugfs: 'hsr0' already exists in 'hsr' [ 54.209751][ T5944] Cannot create hsr debugfs directory [ 54.214611][ T5933] hsr_slave_0: entered promiscuous mode [ 54.216866][ T5933] hsr_slave_1: entered promiscuous mode [ 54.218997][ T5933] debugfs: 'hsr0' already exists in 'hsr' [ 54.220820][ T5933] Cannot create hsr debugfs directory [ 54.467052][ T5931] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.484715][ T5931] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.489256][ T5931] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.499428][ T5941] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.505415][ T5941] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.509240][ T5931] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.514590][ T5941] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.521267][ T5941] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.565278][ T5944] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.571535][ T5944] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.576046][ T5944] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.580848][ T5944] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.638569][ T5933] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.646560][ T5933] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.654511][ T5933] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.659296][ T5933] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.694705][ T5931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.715627][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.725854][ T5931] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.736624][ T4018] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.738972][ T4018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.750820][ T4018] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.753191][ T4018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.759343][ T5941] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.770462][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.772836][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.783689][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.786006][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.797415][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.825338][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.830941][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.839967][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 54.839977][ T40] audit: type=1400 audit(1765891149.448:91): avc: denied { sys_module } for pid=5931 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 54.840762][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.851315][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.863456][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.865761][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.872623][ T5933] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.893669][ T4018] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.895986][ T4018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.904036][ T4018] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.906322][ T4018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.954590][ T5931] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.002704][ T5931] veth0_vlan: entered promiscuous mode [ 55.009003][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.030643][ T5931] veth1_vlan: entered promiscuous mode [ 55.050514][ T5941] veth0_vlan: entered promiscuous mode [ 55.057039][ T5931] veth0_macvtap: entered promiscuous mode [ 55.060296][ T5941] veth1_vlan: entered promiscuous mode [ 55.063716][ T5931] veth1_macvtap: entered promiscuous mode [ 55.076904][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.086802][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.094059][ T64] Bluetooth: hci1: command tx timeout [ 55.102269][ T1152] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.107299][ T5941] veth0_macvtap: entered promiscuous mode [ 55.110627][ T1152] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.115530][ T1152] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.121506][ T1152] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.126319][ T5941] veth1_macvtap: entered promiscuous mode [ 55.147869][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.152666][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.165062][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.171306][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.172906][ T64] Bluetooth: hci2: command tx timeout [ 55.173721][ T5934] Bluetooth: hci0: command tx timeout [ 55.181346][ T1146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.184546][ T5934] Bluetooth: hci3: command tx timeout [ 55.188067][ T1146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.204666][ T1146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.207565][ T1146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.228863][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.232563][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.261729][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.265102][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.276710][ T40] audit: type=1400 audit(1765891149.888:92): avc: denied { mount } for pid=5931 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 55.283886][ T40] audit: type=1400 audit(1765891149.888:93): avc: denied { mounton } for pid=5931 comm="syz-executor" path="/syzkaller.7XSYiU/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 55.291524][ T40] audit: type=1400 audit(1765891149.888:94): avc: denied { mount } for pid=5931 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 55.298692][ T40] audit: type=1400 audit(1765891149.888:95): avc: denied { mounton } for pid=5931 comm="syz-executor" path="/syzkaller.7XSYiU/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 55.307100][ T40] audit: type=1400 audit(1765891149.888:96): avc: denied { mounton } for pid=5931 comm="syz-executor" path="/syzkaller.7XSYiU/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7847 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 55.307826][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.318314][ T40] audit: type=1400 audit(1765891149.898:97): avc: denied { unmount } for pid=5931 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 55.322562][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.325290][ T40] audit: type=1400 audit(1765891149.908:98): avc: denied { mounton } for pid=5931 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 55.334489][ T40] audit: type=1400 audit(1765891149.908:99): avc: denied { mount } for pid=5931 comm="syz-executor" name="/" dev="gadgetfs" ino=7848 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 55.341319][ T40] audit: type=1400 audit(1765891149.918:100): avc: denied { mount } for pid=5931 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 55.344139][ T5933] veth0_vlan: entered promiscuous mode [ 55.354761][ T5931] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.355281][ T5944] veth0_vlan: entered promiscuous mode [ 55.366819][ T1237] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.369420][ T1237] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.369931][ T5933] veth1_vlan: entered promiscuous mode [ 55.387690][ T5944] veth1_vlan: entered promiscuous mode [ 55.410704][ T5944] veth0_macvtap: entered promiscuous mode [ 55.415436][ T5933] veth0_macvtap: entered promiscuous mode [ 55.426845][ T5944] veth1_macvtap: entered promiscuous mode [ 55.434458][ T5933] veth1_macvtap: entered promiscuous mode [ 55.449663][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.470501][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.487071][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.498700][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.507813][ T1237] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.515499][ T1237] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.524544][ T1237] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.527617][ T1237] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.538448][ T1237] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.541733][ T1237] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.563417][ T1237] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.566527][ T1237] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.621992][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.630640][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.638683][ T1182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.642230][ T1182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.657278][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.660789][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.692840][ T1237] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.695364][ T1237] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.865303][ T6132] netlink: 40 bytes leftover after parsing attributes in process `syz.2.48'. [ 56.877591][ T6132] netlink: 40 bytes leftover after parsing attributes in process `syz.2.48'. [ 57.173280][ T5934] Bluetooth: hci1: command tx timeout [ 57.252848][ T5934] Bluetooth: hci0: command tx timeout [ 57.263094][ T5934] Bluetooth: hci2: command tx timeout [ 57.263136][ T64] Bluetooth: hci3: command tx timeout [ 57.457429][ T6171] fuse: Bad value for 'group_id' [ 57.459117][ T6171] fuse: Bad value for 'group_id' [ 57.798839][ T6194] fuse: Bad value for 'group_id' [ 57.800857][ T6194] fuse: Bad value for 'group_id' [ 57.975651][ T6211] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 58.030543][ T6216] program syz.1.82 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 58.095140][ T6220] fuse: Bad value for 'group_id' [ 58.102783][ T6220] fuse: Bad value for 'group_id' [ 58.424395][ T6252] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 58.515745][ T6259] syzkaller0: tun_chr_ioctl cmd 1074812117 [ 58.517894][ T6259] syzkaller0: tun_chr_ioctl cmd 2148553947 [ 59.124592][ T6308] netlink: 12 bytes leftover after parsing attributes in process `syz.0.122'. [ 59.189830][ T9] kernel write not supported for file /vcs (pid: 9 comm: kworker/0:0) [ 59.262804][ T64] Bluetooth: hci1: command tx timeout [ 59.333557][ T64] Bluetooth: hci3: command tx timeout [ 59.333598][ T5293] Bluetooth: hci0: command tx timeout [ 59.337471][ T5934] Bluetooth: hci2: command tx timeout [ 59.932007][ T6352] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 60.565672][ T6389] fuse: Unknown parameter 'grou00000000000000000000' [ 60.574522][ T40] kauditd_printk_skb: 105 callbacks suppressed [ 60.574536][ T40] audit: type=1400 audit(1765891155.188:206): avc: denied { write } for pid=6387 comm="syz.1.155" lport=58854 faddr=fc01:: scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 60.861420][ T6413] fuse: Unknown parameter 'grou00000000000000000000' [ 60.908810][ T40] audit: type=1326 audit(1765891155.518:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.3.167" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843ab8f7c9 code=0x7ffc0000 [ 60.919541][ T40] audit: type=1326 audit(1765891155.518:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.3.167" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843ab8f7c9 code=0x7ffc0000 [ 60.930833][ T40] audit: type=1326 audit(1765891155.518:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.3.167" exe="/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f843ab8f7c9 code=0x7ffc0000 [ 60.939034][ T40] audit: type=1326 audit(1765891155.518:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.3.167" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843ab8f7c9 code=0x7ffc0000 [ 61.074530][ T40] audit: type=1400 audit(1765891155.688:211): avc: denied { mounton } for pid=6418 comm="syz.1.168" path="/41/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 61.125419][ T40] audit: type=1400 audit(1765891155.738:212): avc: denied { create } for pid=6433 comm="syz.1.174" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 61.173410][ T6439] fuse: Unknown parameter 'grou00000000000000000000' [ 61.261896][ T6445] 9p: Could not find request transport: xen [ 61.333477][ T5934] Bluetooth: hci1: command tx timeout [ 61.383739][ T40] audit: type=1400 audit(1765891155.988:213): avc: denied { create } for pid=6453 comm="syz.0.184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 61.392211][ T40] audit: type=1400 audit(1765891155.998:214): avc: denied { bind } for pid=6453 comm="syz.0.184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 61.397415][ T6462] fuse: Unknown parameter 'group_i00000000000000000000' [ 61.412880][ T5934] Bluetooth: hci3: command tx timeout [ 61.415175][ T5934] Bluetooth: hci2: command tx timeout [ 61.417199][ T5293] Bluetooth: hci0: command tx timeout [ 61.439037][ T40] audit: type=1400 audit(1765891156.048:215): avc: denied { accept } for pid=6453 comm="syz.0.184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 61.887466][ T6494] fuse: Unknown parameter 'group_i00000000000000000000' [ 62.173819][ T6512] capability: warning: `syz.0.204' uses deprecated v2 capabilities in a way that may be insecure [ 62.180996][ T6510] kvm: kvm [6509]: vcpu2, guest rIP: 0x9133 Unhandled WRMSR(0x11e) = 0xbe702111 [ 62.266174][ T6518] fuse: Unknown parameter 'group_i00000000000000000000' [ 62.573338][ T6535] capability: warning: `syz.3.213' uses 32-bit capabilities (legacy support in use) [ 62.728366][ T6543] fuse: Unknown parameter 'group_id00000000000000000000' [ 62.811989][ T6547] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 63.099827][ T6565] fuse: Unknown parameter 'group_id00000000000000000000' [ 63.300917][ T6591] fuse: Unknown parameter 'group_id00000000000000000000' [ 63.341394][ T6595] 8021q: VLANs not supported on tunl0 [ 63.570375][ T6621] fuse: Bad value for 'user_id' [ 63.572526][ T6621] fuse: Bad value for 'user_id' [ 63.842575][ T6645] netem: incorrect ge model size [ 63.844892][ T6645] netem: change failed [ 63.849894][ T6646] fuse: Bad value for 'user_id' [ 63.852012][ T6646] fuse: Bad value for 'user_id' [ 64.084738][ T6672] fuse: Bad value for 'user_id' [ 64.086701][ T6672] fuse: Bad value for 'user_id' [ 65.013633][ T6697] fuse: Bad value for 'fd' [ 65.687286][ T40] kauditd_printk_skb: 30 callbacks suppressed [ 65.687297][ T40] audit: type=1400 audit(1765891160.298:246): avc: denied { write } for pid=6715 comm="syz.2.287" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 65.695905][ T6722] fuse: Bad value for 'fd' [ 65.744442][ T40] audit: type=1400 audit(1765891160.358:247): avc: denied { ioctl } for pid=6726 comm="syz.0.292" path="socket:[16516]" dev="sockfs" ino=16516 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 65.975886][ T6744] fuse: Bad value for 'fd' [ 66.074201][ T6751] netlink: 28 bytes leftover after parsing attributes in process `syz.3.302'. [ 66.078886][ T40] audit: type=1400 audit(1765891160.688:248): avc: denied { execute } for pid=6750 comm="syz.0.301" dev="tmpfs" ino=3078 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 66.086676][ T6752] process 'syz.0.301' launched '/dev/fd/3' with NULL argv: empty string added [ 66.090205][ T40] audit: type=1400 audit(1765891160.698:249): avc: denied { execute_no_trans } for pid=6750 comm="syz.0.301" path=2F6D656D66643A5B0BDB58AE5B35A990FF631F1AA9FDFAADD16D64E7E27F9BD55210F3B6FF54BFD1C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=3078 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 66.245713][ T6765] fuse: Bad value for 'fd' [ 66.543975][ T6784] loop2: detected capacity change from 0 to 7 [ 66.551521][ T6784] Dev loop2: unable to read RDB block 7 [ 66.553545][ T6784] loop2: AHDI p1 p2 p3 [ 66.554858][ T6784] loop2: partition table partially beyond EOD, truncated [ 66.557934][ T6784] loop2: p1 start 1818582900 is beyond EOD, truncated [ 66.560175][ T6784] loop2: p3 start 335544320 is beyond EOD, truncated [ 66.659940][ T6789] netlink: 20 bytes leftover after parsing attributes in process `syz.1.317'. [ 66.694397][ T6793] fuse: Bad value for 'fd' [ 66.948142][ T40] audit: type=1400 audit(1765891161.558:250): avc: denied { setopt } for pid=6811 comm="syz.1.326" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 67.048871][ T6809] kvm: pic: non byte write [ 67.050682][ T6809] kvm: pic: non byte write [ 67.053432][ T6809] kvm: pic: non byte write [ 67.055156][ T6809] kvm: pic: non byte write [ 67.057805][ T6809] kvm: pic: non byte write [ 67.059521][ T6809] kvm: pic: non byte write [ 67.064547][ T6809] kvm: pic: non byte write [ 67.067588][ T6809] kvm: pic: non byte write [ 67.070284][ T6809] kvm: pic: non byte write [ 67.072059][ T6809] kvm: pic: non byte write [ 67.101229][ T6821] fuse: Bad value for 'fd' [ 67.335655][ T6834] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 67.385760][ T40] audit: type=1400 audit(1765891161.998:251): avc: denied { unlink } for pid=6825 comm="syz.1.331" name="#1" dev="tmpfs" ino=452 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 67.391829][ T40] audit: type=1400 audit(1765891161.998:252): avc: denied { mount } for pid=6825 comm="syz.1.331" name="/" dev="overlay" ino=447 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 67.457569][ T40] audit: type=1400 audit(1765891162.068:253): avc: denied { getopt } for pid=6841 comm="syz.2.337" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 67.506869][ T6845] fuse: Invalid rootmode [ 67.564079][ T6850] tap0: tun_chr_ioctl cmd 1074025675 [ 67.565850][ T6850] tap0: persist enabled [ 67.567312][ T6850] tap0: tun_chr_ioctl cmd 2147767517 [ 67.754553][ T6873] fuse: Invalid rootmode [ 67.802333][ T6878] netlink: 156 bytes leftover after parsing attributes in process `syz.0.350'. [ 67.889488][ T40] audit: type=1400 audit(1765891162.498:254): avc: denied { create } for pid=6886 comm="syz.1.354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 67.921972][ T40] audit: type=1400 audit(1765891162.528:255): avc: denied { sys_admin } for pid=6886 comm="syz.1.354" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 68.035946][ T6899] fuse: Invalid rootmode [ 68.210176][ T6917] loop7: detected capacity change from 0 to 16384 [ 68.311084][ T6926] fuse: Bad value for 'rootmode' [ 68.424806][ T6923] loop7: detected capacity change from 16384 to 16383 [ 68.506602][ T6933] kvm: emulating exchange as write [ 68.803901][ T6952] fuse: Bad value for 'rootmode' [ 69.073439][ T6975] fuse: Bad value for 'rootmode' [ 69.093213][ T6977] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 69.100977][ T6977] bond1: (slave lo): Enslaving as an active interface with an up link [ 69.105677][ T6977] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 69.369290][ T7009] fuse: Unknown parameter 'use00000000000000000000' [ 69.406628][ T7011] Driver unsupported XDP return value 0 on prog (id 30) dev N/A, expect packet loss! [ 69.607803][ T7028] kvm: pic: single mode not supported [ 69.607890][ T7028] kvm: pic: level sensitive irq not supported [ 69.610405][ T7028] kvm: pic: non byte read [ 69.614949][ T7037] fuse: Unknown parameter 'use00000000000000000000' [ 69.617058][ T7028] kvm: pic: non byte read [ 69.619292][ T7028] kvm: pic: non byte read [ 69.624176][ T7028] kvm: pic: non byte read [ 69.627744][ T7028] kvm: pic: single mode not supported [ 69.628193][ T7028] kvm: pic: non byte read [ 69.635835][ T7028] kvm: pic: level sensitive irq not supported [ 69.636172][ T7028] kvm: pic: non byte read [ 69.641967][ T7028] kvm: pic: non byte read [ 69.649806][ T7028] kvm: pic: non byte read [ 69.653476][ T7028] kvm: pic: non byte read [ 70.022188][ T7059] fuse: Unknown parameter 'use00000000000000000000' [ 70.730939][ T7088] fuse: Unknown parameter 'user_i00000000000000000000' [ 70.732497][ T40] kauditd_printk_skb: 22 callbacks suppressed [ 70.732506][ T40] audit: type=1400 audit(1765891165.338:278): avc: denied { create } for pid=7089 comm="syz.0.429" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 70.742493][ T40] audit: type=1400 audit(1765891165.348:279): avc: denied { mounton } for pid=7089 comm="syz.0.429" path="/110/file0" dev="tmpfs" ino=594 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 71.046721][ T7105] netlink: 112 bytes leftover after parsing attributes in process `syz.0.436'. [ 71.101296][ T40] audit: type=1326 audit(1765891165.708:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7106 comm="syz.0.437" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60b18f7c9 code=0x7ffc0000 [ 71.109426][ T40] audit: type=1326 audit(1765891165.718:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7106 comm="syz.0.437" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60b18f7c9 code=0x7ffc0000 [ 71.117307][ T40] audit: type=1326 audit(1765891165.728:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7106 comm="syz.0.437" exe="/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc60b18f7c9 code=0x7ffc0000 [ 71.125412][ T40] audit: type=1326 audit(1765891165.728:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7106 comm="syz.0.437" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60b18f7c9 code=0x7ffc0000 [ 71.140737][ T40] audit: type=1326 audit(1765891165.728:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7106 comm="syz.0.437" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60b18f7c9 code=0x7ffc0000 [ 71.148299][ T40] audit: type=1326 audit(1765891165.738:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7106 comm="syz.0.437" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc60b18f7c9 code=0x7ffc0000 [ 71.155605][ T40] audit: type=1326 audit(1765891165.738:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7106 comm="syz.0.437" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60b18f7c9 code=0x7ffc0000 [ 71.162662][ T40] audit: type=1326 audit(1765891165.738:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7106 comm="syz.0.437" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60b18f7c9 code=0x7ffc0000 [ 71.608121][ T7114] fuse: Unknown parameter 'user_i00000000000000000000' [ 72.146541][ T7134] fuse: Unknown parameter 'user_i00000000000000000000' [ 72.147158][ T7135] IPv6: addrconf: prefix option has invalid lifetime [ 72.151929][ T7135] IPv6: addrconf: prefix option has invalid lifetime [ 72.957046][ T7166] fuse: Unknown parameter 'user_id00000000000000000000' [ 73.406888][ T7177] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7177 comm=syz.1.464 [ 73.423637][ T7179] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 73.561715][ T7196] fuse: Unknown parameter 'user_id00000000000000000000' [ 73.742909][ T7206] Zero length message leads to an empty skb [ 73.887360][ T7236] fuse: Unknown parameter 'user_id00000000000000000000' [ 73.941365][ T7239] netlink: 64 bytes leftover after parsing attributes in process `syz.1.483'. [ 74.135418][ T7264] fuse: Bad value for 'fd' [ 74.199902][ T7260] sd 0:0:0:0: PR command failed: 1026 [ 74.201495][ T7260] sd 0:0:0:0: Sense Key : Illegal Request [current] [ 74.206336][ T7260] sd 0:0:0:0: Add. Sense: Invalid command operation code [ 74.217037][ T7271] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 74.378783][ T7289] fuse: Bad value for 'fd' [ 74.812161][ T7316] fuse: Bad value for 'fd' [ 75.172664][ T7323] ip6tnl1: entered allmulticast mode [ 75.565552][ T7341] fuse: Unknown parameter '0x0000000000000003' [ 76.051570][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 76.051667][ T40] audit: type=1400 audit(1765891170.658:302): avc: denied { create } for pid=7363 comm="syz.3.527" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 76.072009][ T40] audit: type=1400 audit(1765891170.658:303): avc: denied { write } for pid=7363 comm="syz.3.527" name="file0" dev="tmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 76.079101][ T40] audit: type=1400 audit(1765891170.658:304): avc: denied { open } for pid=7363 comm="syz.3.527" path="/139/file0" dev="tmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 76.087004][ T40] audit: type=1400 audit(1765891170.658:305): avc: denied { ioctl } for pid=7363 comm="syz.3.527" path="/139/file0" dev="tmpfs" ino=746 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 76.174383][ T7369] fuse: Unknown parameter '0x0000000000000003' [ 76.204363][ T40] audit: type=1400 audit(1765891170.818:306): avc: denied { unlink } for pid=5944 comm="syz-executor" name="file0" dev="tmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 76.226527][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.229143][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.255485][ T40] audit: type=1400 audit(1765891170.868:307): avc: denied { write } for pid=7370 comm="syz.1.531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 76.262314][ T40] audit: type=1400 audit(1765891170.868:308): avc: denied { read } for pid=7370 comm="syz.1.531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 76.456983][ T7377] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.460995][ T7377] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.525954][ T7377] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.531699][ T7377] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.575654][ T7380] kvm: vcpu 5: requested lapic timer restore with starting count register 0x390=2846233827 (22769870616 ns) > initial count (14430147192 ns). Using initial count to start timer. [ 76.583994][ T7380] kvm: Disabled LAPIC found during irq injection [ 76.635128][ T1182] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.639014][ T1182] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.642898][ T1182] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.646590][ T1182] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.692337][ T7387] tap0: tun_chr_ioctl cmd 2147767517 [ 76.839449][ T7395] fuse: Unknown parameter '0x0000000000000003' [ 76.944054][ T7405] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 76.950194][ T7402] kvm: kvm [7400]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 76.954305][ T7402] kvm: kvm [7400]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 77.069529][ T7414] netlink: 12 bytes leftover after parsing attributes in process `syz.0.548'. [ 77.088109][ T7414] 8021q: adding VLAN 0 to HW filter on device bond1 [ 77.156962][ T7414] bond1: (slave veth3): Enslaving as an active interface with an up link [ 77.174178][ T7421] bond1: (slave macvlan1): Enslaving as an active interface with an up link [ 77.258080][ T7430] fuse: Unknown parameter '0x0000000000000003' [ 77.526707][ T7450] fuse: Unknown parameter '0x0000000000000003' [ 77.638762][ T7457] netlink: 32 bytes leftover after parsing attributes in process `syz.3.565'. [ 77.680251][ T7459] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 77.871288][ T7475] fuse: Unknown parameter '0x0000000000000003' [ 78.121149][ T7501] loop2: detected capacity change from 0 to 7 [ 78.126144][ T7501] Dev loop2: unable to read RDB block 7 [ 78.128355][ T7501] loop2: AHDI p1 p2 p3 [ 78.129742][ T7501] loop2: partition table partially beyond EOD, truncated [ 78.132003][ T7501] loop2: p1 start 1818582900 is beyond EOD, truncated [ 78.134467][ T7501] loop2: p3 start 335544320 is beyond EOD, truncated [ 78.211669][ T7506] fuse: Unknown parameter 'fd0x0000000000000003' [ 78.229557][ T53] kernel write not supported for file bpf-prog (pid: 53 comm: kworker/1:1) [ 78.343498][ T7517] tap0: tun_chr_ioctl cmd 1074025677 [ 78.345843][ T7517] tap0: linktype set to 23 [ 78.575032][ T7522] picdev_write: 2 callbacks suppressed [ 78.575044][ T7522] kvm: pic: non byte write [ 78.637327][ T7532] fuse: Unknown parameter 'fd0x0000000000000003' [ 78.856257][ T7546] netlink: 20 bytes leftover after parsing attributes in process `syz.1.600'. [ 78.859529][ T7546] netlink: 20 bytes leftover after parsing attributes in process `syz.1.600'. [ 78.957259][ T7554] fuse: Unknown parameter 'fd0x0000000000000003' [ 79.272568][ T40] audit: type=1400 audit(1765891173.878:309): avc: denied { write } for pid=7574 comm="syz.1.612" name="ptp0" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 79.750158][ T7596] kvm: pic: non byte write [ 79.770380][ T7601] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 79.776370][ T7601] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 79.802161][ T40] audit: type=1400 audit(1765891174.408:310): avc: denied { unmount } for pid=5933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 81.057841][ T40] audit: type=1326 audit(1765891175.668:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7643 comm="syz.2.641" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcd2c18f7c9 code=0x0 [ 81.415160][ T40] audit: type=1400 audit(1765891176.028:312): avc: denied { connect } for pid=7651 comm="syz.0.645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 81.561348][ T40] audit: type=1400 audit(1765891176.168:313): avc: denied { setopt } for pid=7659 comm="syz.1.648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 81.595144][ T7662] netlink: 16 bytes leftover after parsing attributes in process `syz.3.649'. [ 81.657424][ T7668] sg_read: process 379 (syz.1.652) changed security contexts after opening file descriptor, this is not allowed. [ 82.330968][ T40] audit: type=1400 audit(1765891176.938:314): avc: denied { read write } for pid=7700 comm="syz.0.665" name="file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 82.344324][ T40] audit: type=1400 audit(1765891176.948:315): avc: denied { open } for pid=7700 comm="syz.0.665" path="/166/file0/file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 82.430126][ T40] audit: type=1326 audit(1765891177.038:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7714 comm="syz.2.671" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd2c18f7c9 code=0x7ffc0000 [ 82.437827][ T40] audit: type=1326 audit(1765891177.048:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7714 comm="syz.2.671" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd2c18f7c9 code=0x7ffc0000 [ 82.446357][ T40] audit: type=1326 audit(1765891177.048:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7714 comm="syz.2.671" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcd2c18f7c9 code=0x7ffc0000 [ 82.454099][ T40] audit: type=1326 audit(1765891177.048:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7714 comm="syz.2.671" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd2c18f7c9 code=0x7ffc0000 [ 82.462447][ T40] audit: type=1326 audit(1765891177.048:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7714 comm="syz.2.671" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd2c18f7c9 code=0x7ffc0000 [ 82.755978][ T7739] kvm: pic: non byte write [ 82.885482][ T7746] vlan2: entered allmulticast mode [ 82.886969][ T7746] veth1: entered allmulticast mode [ 83.434401][ T7774] netlink: 48 bytes leftover after parsing attributes in process `syz.3.694'. [ 84.519320][ T7835] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 84.531940][ T7837] ªªªªªª: renamed from vlan0 (while UP) [ 85.755195][ T7893] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 86.248806][ T40] kauditd_printk_skb: 23 callbacks suppressed [ 86.248823][ T40] audit: type=1400 audit(1765891180.858:344): avc: denied { kexec_image_load } for pid=7923 comm="syz.2.758" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 86.465451][ T10] cfg80211: failed to load regulatory.db [ 87.286817][ T7951] ip6gre1: entered allmulticast mode [ 87.406105][ T7960] evm: overlay not supported [ 87.476817][ T40] audit: type=1400 audit(1765891182.088:345): avc: denied { unmount } for pid=5941 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 88.309215][ T40] audit: type=1400 audit(1765891182.918:346): avc: denied { write } for pid=7986 comm="syz.1.785" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 88.313374][ T7987] ======================================================= [ 88.313374][ T7987] WARNING: The mand mount option has been deprecated and [ 88.313374][ T7987] and is ignored by this kernel. Remove the mand [ 88.313374][ T7987] option from the mount to silence this warning. [ 88.313374][ T7987] ======================================================= [ 88.544836][ T40] audit: type=1400 audit(1765891183.158:347): avc: denied { write } for pid=7997 comm="syz.1.790" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 89.141283][ T40] audit: type=1400 audit(1765891183.748:348): avc: denied { write } for pid=8028 comm="syz.0.804" name="snmp" dev="proc" ino=4026533055 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 89.180985][ T8034] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 89.193225][ T40] audit: type=1400 audit(1765891183.808:349): avc: denied { watch watch_reads } for pid=8028 comm="syz.0.804" path="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 89.374266][ T8044] Process accounting resumed [ 89.979555][ T8087] netlink: 44 bytes leftover after parsing attributes in process `syz.1.826'. [ 89.982415][ T8087] netlink: 8 bytes leftover after parsing attributes in process `syz.1.826'. [ 90.408036][ T40] audit: type=1400 audit(1765891185.018:350): avc: denied { watch } for pid=8117 comm="syz.1.839" path="/185/file0" dev="tmpfs" ino=993 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 90.415169][ T40] audit: type=1400 audit(1765891185.018:351): avc: denied { watch_sb } for pid=8117 comm="syz.1.839" path="/185/file0" dev="tmpfs" ino=993 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 90.462506][ T40] audit: type=1400 audit(1765891185.068:352): avc: denied { mount } for pid=8120 comm="syz.1.840" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 90.471237][ T40] audit: type=1400 audit(1765891185.078:353): avc: denied { mounton } for pid=8120 comm="syz.1.840" path="/186/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 90.473519][ T8121] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 91.230750][ T8150] Bluetooth: MGMT ver 1.23 [ 91.318106][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 91.318118][ T40] audit: type=1400 audit(1765891185.928:359): avc: denied { create } for pid=8153 comm="syz.3.852" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 91.323676][ T8155] input: syz1 as /devices/virtual/input/input5 [ 91.327823][ T40] audit: type=1400 audit(1765891185.928:360): avc: denied { setopt } for pid=8153 comm="syz.3.852" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 91.336003][ T40] audit: type=1400 audit(1765891185.928:361): avc: denied { ioctl } for pid=8153 comm="syz.3.852" path="/dev/uinput" dev="devtmpfs" ino=943 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 91.357653][ T40] audit: type=1400 audit(1765891185.968:362): avc: denied { read } for pid=8153 comm="syz.3.852" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 91.364984][ T40] audit: type=1400 audit(1765891185.968:363): avc: denied { open } for pid=8153 comm="syz.3.852" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 91.843135][ T6030] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 91.896661][ T40] audit: type=1400 audit(1765891186.508:364): avc: denied { create } for pid=8159 comm="syz.2.854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 91.905410][ T40] audit: type=1400 audit(1765891186.518:365): avc: denied { bind } for pid=8159 comm="syz.2.854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 91.913420][ T40] audit: type=1400 audit(1765891186.528:366): avc: denied { connect } for pid=8159 comm="syz.2.854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 91.923863][ T40] audit: type=1400 audit(1765891186.538:367): avc: denied { read write } for pid=8159 comm="syz.2.854" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 91.935742][ T40] audit: type=1400 audit(1765891186.538:368): avc: denied { open } for pid=8159 comm="syz.2.854" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 92.012915][ T6030] usb 6-1: Using ep0 maxpacket: 32 [ 92.013262][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 92.018757][ T6030] usb 6-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 92.024901][ T6030] usb 6-1: config 0 interface 0 has no altsetting 0 [ 92.027866][ T6030] usb 6-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.00 [ 92.031841][ T6030] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.040697][ T6030] usb 6-1: config 0 descriptor?? [ 92.063142][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.063242][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 92.204558][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.302814][ T6027] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 92.352839][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 92.463555][ T6027] usb 7-1: Using ep0 maxpacket: 8 [ 92.467222][ T6027] usb 7-1: unable to get BOS descriptor or descriptor too short [ 92.473790][ T6027] usb 7-1: config 4 has an invalid interface number: 30 but max is 0 [ 92.476660][ T6027] usb 7-1: config 4 has no interface number 0 [ 92.478742][ T6027] usb 7-1: config 4 interface 30 has no altsetting 0 [ 92.485669][ T6027] usb 7-1: string descriptor 0 read error: -22 [ 92.487845][ T6027] usb 7-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 92.490787][ T6027] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.492316][ T6030] ortek 0003:05A4:8003.0002: unknown main item tag 0x0 [ 92.496035][ T6030] ortek 0003:05A4:8003.0002: unknown main item tag 0x0 [ 92.498177][ T6030] ortek 0003:05A4:8003.0002: unknown main item tag 0x0 [ 92.500849][ T6030] ortek 0003:05A4:8003.0002: unknown main item tag 0x0 [ 92.506551][ T6027] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 92.509266][ T6030] ortek 0003:05A4:8003.0002: unknown main item tag 0x0 [ 92.509898][ T6027] dw2102: su3000_power_ctrl: 1, initialized 0 [ 92.516852][ T6027] dvb-usb: bulk message failed: -22 (2/0) [ 92.517032][ T6030] ortek 0003:05A4:8003.0002: hidraw1: USB HID v4.06 Device [HID 05a4:8003] on usb-dummy_hcd.1-1/input0 [ 92.526097][ T6027] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 92.531368][ T6027] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 92.535560][ T6027] usb 7-1: media controller created [ 92.538109][ T6027] dvb-usb: bulk message failed: -22 (6/0) [ 92.540424][ T6027] dw2102: i2c transfer failed. [ 92.542135][ T6027] dvb-usb: bulk message failed: -22 (6/0) [ 92.544954][ T6027] dw2102: i2c transfer failed. [ 92.546649][ T6027] dvb-usb: bulk message failed: -22 (6/0) [ 92.548570][ T6027] dw2102: i2c transfer failed. [ 92.550483][ T6027] dvb-usb: bulk message failed: -22 (6/0) [ 92.552361][ T6027] dw2102: i2c transfer failed. [ 92.555497][ T6027] dvb-usb: bulk message failed: -22 (6/0) [ 92.557546][ T6027] dw2102: i2c transfer failed. [ 92.559157][ T6027] dvb-usb: bulk message failed: -22 (6/0) [ 92.561097][ T6027] dw2102: i2c transfer failed. [ 92.563428][ T6027] dvb-usb: MAC address: 02:02:02:02:02:02 [ 92.578468][ T6027] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 92.593183][ T6027] dvb-usb: bulk message failed: -22 (3/0) [ 92.595724][ T6027] dw2102: command 0x0e transfer failed. [ 92.598006][ T6027] dvb-usb: bulk message failed: -22 (3/0) [ 92.599892][ T6027] dw2102: command 0x0e transfer failed. [ 92.684611][ T10] usb 6-1: USB disconnect, device number 2 [ 92.763444][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.766999][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.770462][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.902936][ T6027] dvb-usb: bulk message failed: -22 (3/0) [ 92.904920][ T6027] dw2102: command 0x0e transfer failed. [ 92.906842][ T6027] dvb-usb: bulk message failed: -22 (3/0) [ 92.908841][ T6027] dw2102: command 0x0e transfer failed. [ 92.910870][ T6027] dvb-usb: bulk message failed: -22 (1/0) [ 92.912845][ T6027] dw2102: command 0x51 transfer failed. [ 92.914787][ T6027] dvb-usb: bulk message failed: -22 (5/0) [ 92.917240][ T6027] dw2102: i2c probe for address 0x68 failed. [ 92.919817][ T6027] dvb-usb: bulk message failed: -22 (5/0) [ 92.922303][ T6027] dw2102: i2c probe for address 0x69 failed. [ 92.924941][ T6027] dvb-usb: bulk message failed: -22 (5/0) [ 92.927369][ T6027] dw2102: i2c probe for address 0x6a failed. [ 92.929933][ T6027] dw2102: probing for demodulator failed. Is the external power switched on? [ 92.933743][ T6027] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 93.189796][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.222892][ T6027] rc_core: IR keymap rc-tt-1500 not found [ 93.225551][ T6027] Registered IR keymap rc-empty [ 93.230544][ T6027] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.2/usb7/7-1/rc/rc0 [ 93.237586][ T6027] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.2/usb7/7-1/rc/rc0/input6 [ 93.250900][ T6027] dvb-usb: schedule remote query interval to 250 msecs. [ 93.255888][ T6027] dw2102: su3000_power_ctrl: 0, initialized 1 [ 93.257924][ T6027] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 93.291940][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.292137][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.533014][ T6027] dvb-usb: bulk message failed: -22 (1/0) [ 93.535630][ T6027] dw2102: i2c transfer failed. [ 93.677405][ T8185] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 93.910912][ T6027] dvb-usb: bulk message failed: -22 (1/0) [ 93.913870][ T6027] dw2102: i2c transfer failed. [ 94.172821][ T54] dvb-usb: bulk message failed: -22 (1/0) [ 94.175247][ T54] dw2102: i2c transfer failed. [ 94.178530][ T8195] netlink: 584 bytes leftover after parsing attributes in process `syz.3.862'. [ 94.432829][ T54] dvb-usb: bulk message failed: -22 (1/0) [ 94.434628][ T54] dw2102: i2c transfer failed. [ 94.692808][ T54] dvb-usb: bulk message failed: -22 (1/0) [ 94.694691][ T54] dw2102: i2c transfer failed. [ 94.952825][ T54] dvb-usb: bulk message failed: -22 (1/0) [ 94.954879][ T54] dw2102: i2c transfer failed. [ 95.164198][ T53] usb 7-1: USB disconnect, device number 2 [ 95.201747][ T53] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 95.548934][ T8216] netlink: 32 bytes leftover after parsing attributes in process `syz.3.870'. [ 96.917447][ T40] kauditd_printk_skb: 50 callbacks suppressed [ 96.917464][ T40] audit: type=1400 audit(1765891191.528:419): avc: denied { allowed } for pid=8234 comm="syz.3.878" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 97.007297][ T40] audit: type=1400 audit(1765891191.618:420): avc: denied { read } for pid=8241 comm="syz.0.880" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 97.016822][ T40] audit: type=1400 audit(1765891191.618:421): avc: denied { open } for pid=8241 comm="syz.0.880" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 97.473369][ T40] audit: type=1400 audit(1765891192.088:422): avc: denied { create } for pid=8241 comm="syz.0.880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 97.481050][ T40] audit: type=1400 audit(1765891192.088:423): avc: denied { connect } for pid=8241 comm="syz.0.880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 97.488095][ T40] audit: type=1400 audit(1765891192.088:424): avc: denied { create } for pid=8241 comm="syz.0.880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 97.497696][ T40] audit: type=1400 audit(1765891192.098:425): avc: denied { connect } for pid=8241 comm="syz.0.880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 97.505018][ T40] audit: type=1400 audit(1765891192.098:426): avc: denied { setopt } for pid=8241 comm="syz.0.880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 97.943833][ T8260] netlink: 'syz.0.884': attribute type 1 has an invalid length. [ 97.964382][ T8260] 8021q: adding VLAN 0 to HW filter on device bond2 [ 97.978534][ T8260] vlan2: entered allmulticast mode [ 97.981101][ T8260] veth0_to_bond: entered allmulticast mode [ 97.987214][ T8260] bond2: (slave vlan2): making interface the new active one [ 97.991099][ T8260] bond2: (slave vlan2): Enslaving as an active interface with an up link [ 98.192835][ T54] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 98.354691][ T54] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.359368][ T54] usb 8-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 98.363967][ T54] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.370939][ T54] usb 8-1: config 0 descriptor?? [ 98.783387][ T54] kye 0003:0458:4018.0003: hidraw1: USB HID v0.05 Device [HID 0458:4018] on usb-dummy_hcd.3-1/input0 [ 98.952904][ T40] audit: type=1400 audit(1765891193.488:427): avc: denied { setopt } for pid=8277 comm="syz.2.891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 98.961232][ T40] audit: type=1400 audit(1765891193.488:428): avc: denied { write } for pid=8277 comm="syz.2.891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 98.980004][ T54] usb 8-1: USB disconnect, device number 2 [ 102.030495][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 102.030511][ T40] audit: type=1400 audit(1765891196.638:438): avc: denied { bind } for pid=8330 comm="syz.2.907" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 102.522879][ T10] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 102.762798][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 102.766909][ T10] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 102.770779][ T10] usb 8-1: config 0 has no interface number 0 [ 102.773627][ T10] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 102.778307][ T10] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 102.782667][ T10] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 102.786199][ T10] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 102.792804][ T10] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 102.795655][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.801984][ T10] usb 8-1: config 0 descriptor?? [ 102.809702][ T10] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 103.756220][ T40] audit: type=1400 audit(1765891198.368:439): avc: denied { mount } for pid=8347 comm="syz.3.911" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 104.311435][ T6030] IPVS: starting estimator thread 0... [ 104.402901][ T8374] IPVS: using max 45 ests per chain, 108000 per kthread [ 104.699480][ T8377] kvm: pic: level sensitive irq not supported [ 104.699735][ T8377] kvm: pic: non byte read [ 104.705792][ T8377] kvm: pic: level sensitive irq not supported [ 104.706033][ T8377] kvm: pic: non byte read [ 104.709838][ T40] audit: type=1400 audit(1765891199.318:440): avc: denied { create } for pid=8379 comm="syz.1.921" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1 [ 104.840344][ T40] audit: type=1400 audit(1765891199.448:441): avc: denied { create } for pid=8379 comm="syz.1.921" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 104.849282][ T40] audit: type=1400 audit(1765891199.468:442): avc: denied { bind } for pid=8379 comm="syz.1.921" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 104.856664][ T40] audit: type=1400 audit(1765891199.478:443): avc: denied { write } for pid=8379 comm="syz.1.921" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 105.098862][ T40] audit: type=1400 audit(1765891199.708:444): avc: denied { getopt } for pid=8387 comm="syz.0.923" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 105.157942][ T40] audit: type=1400 audit(1765891199.768:445): avc: denied { read } for pid=8387 comm="syz.0.923" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 105.165312][ T40] audit: type=1400 audit(1765891199.768:446): avc: denied { open } for pid=8387 comm="syz.0.923" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 105.173372][ T40] audit: type=1400 audit(1765891199.768:447): avc: denied { ioctl } for pid=8387 comm="syz.0.923" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 105.289892][ T9] usb 8-1: USB disconnect, device number 3 [ 105.296927][ T9] ldusb 8-1:0.55: LD USB Device #0 now disconnected [ 107.524319][ T8438] input: syz0 as /devices/virtual/input/input7 [ 107.802849][ T54] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 107.897828][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 107.897901][ T40] audit: type=1400 audit(1765891202.508:453): avc: denied { ioctl } for pid=8441 comm="syz.0.938" path="socket:[29795]" dev="sockfs" ino=29795 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 107.962819][ T54] usb 8-1: Using ep0 maxpacket: 8 [ 107.965657][ T54] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 107.968197][ T54] usb 8-1: config 0 has no interface number 0 [ 107.970073][ T54] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 107.973920][ T54] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 107.977497][ T54] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 107.983222][ T54] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 107.987173][ T54] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 107.989904][ T54] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.995429][ T54] usb 8-1: config 0 descriptor?? [ 108.000513][ T54] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 108.018633][ T40] audit: type=1400 audit(1765891202.538:454): avc: denied { search } for pid=8444 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 108.110850][ T40] audit: type=1400 audit(1765891202.538:455): avc: denied { search } for pid=8444 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1896 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 108.121919][ T40] audit: type=1400 audit(1765891202.538:456): avc: denied { search } for pid=8444 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1900 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 108.130615][ T40] audit: type=1400 audit(1765891202.538:457): avc: denied { search } for pid=8444 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1901 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 108.140470][ T40] audit: type=1400 audit(1765891202.548:458): avc: denied { read open } for pid=8445 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1901 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 108.150339][ T40] audit: type=1400 audit(1765891202.548:459): avc: denied { getattr } for pid=8445 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1901 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 108.159938][ T40] audit: type=1400 audit(1765891202.548:460): avc: denied { add_name } for pid=8444 comm="dhcpcd-run-hook" name="resolv.conf.dummy0.ipv4ll" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 108.175751][ T40] audit: type=1400 audit(1765891202.548:461): avc: denied { create } for pid=8444 comm="dhcpcd-run-hook" name="resolv.conf.dummy0.ipv4ll" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 108.184690][ T40] audit: type=1400 audit(1765891202.548:462): avc: denied { write } for pid=8444 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.dummy0.ipv4ll" dev="tmpfs" ino=6158 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 108.559450][ T53] usb 8-1: USB disconnect, device number 4 [ 108.559589][ C2] ldusb 8-1:0.55: usb_submit_urb failed (-19) [ 110.570859][ T53] ldusb 8-1:0.55: LD USB Device #0 now disconnected [ 111.322819][ T29] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 111.472865][ T29] usb 5-1: Using ep0 maxpacket: 16 [ 111.723257][ T29] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 111.729002][ T29] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 111.733296][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.739756][ T29] usb 5-1: config 0 descriptor?? [ 111.745558][ T29] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 111.751091][ T29] IPVS: starting estimator thread 0... [ 111.842855][ T8504] IPVS: using max 46 ests per chain, 110400 per kthread [ 111.955633][ T8490] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.960277][ T8490] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.256652][ T8520] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 112.762898][ T6027] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 112.775281][ T8531] dlm: Unknown command passed to DLM device : 0 [ 112.775281][ T8531] [ 112.912858][ T6027] usb 6-1: Using ep0 maxpacket: 16 [ 112.922171][ T6027] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 112.927147][ T6027] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 112.934247][ T6027] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 112.938111][ T6027] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.954366][ T6027] usb 6-1: config 0 descriptor?? [ 112.974301][ T6027] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 113.110692][ T6029] usb 5-1: USB disconnect, device number 2 [ 113.245169][ T8534] netlink: 'syz.3.963': attribute type 10 has an invalid length. [ 113.249391][ T8534] team0: Device ipvlan1 failed to register rx_handler [ 113.537381][ T8537] tipc: Started in network mode [ 113.539726][ T8537] tipc: Node identity 1eac951f92ca, cluster identity 4711 [ 113.542993][ T8537] tipc: Enabled bearer , priority 0 [ 113.546976][ T8537] syzkaller0: entered promiscuous mode [ 113.549289][ T8537] syzkaller0: entered allmulticast mode [ 113.562507][ T8537] tipc: Resetting bearer [ 113.574302][ T8536] tipc: Resetting bearer [ 113.583709][ T8536] tipc: Disabling bearer [ 113.624973][ T29] usb 6-1: USB disconnect, device number 3 [ 113.725102][ T8539] netlink: 16 bytes leftover after parsing attributes in process `syz.3.965'. [ 113.883908][ T40] kauditd_printk_skb: 18 callbacks suppressed [ 113.883925][ T40] audit: type=1400 audit(1765891208.488:481): avc: denied { read write } for pid=8552 comm="syz.3.971" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 113.898632][ T40] audit: type=1400 audit(1765891208.508:482): avc: denied { open } for pid=8552 comm="syz.3.971" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 113.905808][ T40] audit: type=1400 audit(1765891208.508:483): avc: denied { map } for pid=8552 comm="syz.3.971" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 114.208083][ T40] audit: type=1400 audit(1765891208.818:484): avc: denied { write } for pid=8559 comm="syz.3.973" name="card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 114.226268][ T8563] netlink: 'syz.0.974': attribute type 39 has an invalid length. [ 114.361518][ T40] audit: type=1400 audit(1765891208.968:485): avc: denied { create } for pid=8568 comm="syz.1.976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 114.962874][ T40] audit: type=1400 audit(1765891209.418:486): avc: denied { connect } for pid=8575 comm="syz.2.978" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 114.989690][ T40] audit: type=1400 audit(1765891209.538:487): avc: denied { read } for pid=8575 comm="syz.2.978" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 115.015846][ T40] audit: type=1400 audit(1765891209.628:488): avc: denied { write } for pid=8575 comm="syz.2.978" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 115.071627][ T40] audit: type=1400 audit(1765891209.678:489): avc: denied { read } for pid=8575 comm="syz.2.978" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 115.082382][ T40] audit: type=1400 audit(1765891209.678:490): avc: denied { open } for pid=8575 comm="syz.2.978" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 115.539180][ T8597] syzkaller1: entered promiscuous mode [ 115.541084][ T8597] syzkaller1: entered allmulticast mode [ 117.582912][ T54] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 117.744159][ T54] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD6, changing to 0x86 [ 117.748012][ T54] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 117.753732][ T54] usb 8-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 117.756569][ T54] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.759022][ T54] usb 8-1: Product: syz [ 117.760411][ T54] usb 8-1: Manufacturer: syz [ 117.762251][ T54] usb 8-1: SerialNumber: syz [ 117.766531][ T54] usb 8-1: config 0 descriptor?? [ 117.773438][ T8647] syzkaller1: entered promiscuous mode [ 117.774901][ T54] powermate 8-1:0.0: probe with driver powermate failed with error -5 [ 117.775614][ T8647] syzkaller1: entered allmulticast mode [ 117.973296][ T53] usb 8-1: USB disconnect, device number 5 [ 119.104727][ T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 119.265353][ T9] usb 7-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00 [ 119.275024][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.292279][ T9] usb 7-1: config 0 descriptor?? [ 119.342273][ T8682] ------------[ cut here ]------------ [ 119.344996][ T8682] WARNING: arch/x86/kvm/vmx/vmx.c:5393 at handle_exception_nmi+0x14a2/0x1720, CPU#3: syz.0.1014/8682 [ 119.348945][ T8682] Modules linked in: [ 119.350865][ T8682] CPU: 3 UID: 0 PID: 8682 Comm: syz.0.1014 Tainted: G L syzkaller #0 PREEMPT(full) [ 119.355070][ T8682] Tainted: [L]=SOFTLOCKUP [ 119.356875][ T8682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 119.362009][ T8682] RIP: 0010:handle_exception_nmi+0x14a2/0x1720 [ 119.365044][ T8682] Code: 1e fe ff 31 ff 89 c5 89 c6 e8 3a 75 6a 00 85 ed 0f 85 ea fd ff ff e8 8d 7a 6a 00 90 0f 0b 90 e9 dc fd ff ff e8 7f 7a 6a 00 90 <0f> 0b 90 e9 fd f2 ff ff e8 71 7a 6a 00 31 f6 48 89 df e8 b7 e6 ec [ 119.374045][ T8682] RSP: 0018:ffffc90006b4f9c0 EFLAGS: 00010283 [ 119.376923][ T8682] RAX: 000000000000fc67 RBX: ffff8880597a0000 RCX: ffffc90007a72000 [ 119.380555][ T8682] RDX: 0000000000080000 RSI: ffffffff81546a01 RDI: 0000000000000001 [ 119.384394][ T8682] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 119.388049][ T8682] R10: 0000000000000000 R11: ffff888025200b30 R12: 000000000f6632eb [ 119.391665][ T8682] R13: 0000000000000007 R14: 0000000080000300 R15: ffff8880597a00d8 [ 119.395400][ T8682] FS: 00007fc60bf5b6c0(0000) GS:ffff8880d6bf6000(0000) knlGS:0000000000000000 [ 119.399543][ T8682] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.402832][ T8682] CR2: 000000000f6632eb CR3: 00000000556c0000 CR4: 0000000000352ef0 [ 119.406827][ T8682] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 000000000300002a [ 119.410845][ T8682] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 119.414747][ T8682] Call Trace: [ 119.416418][ T8682] [ 119.417920][ T8682] ? __pfx_handle_exception_nmi+0x10/0x10 [ 119.420648][ T8682] vmx_handle_exit+0x129b/0x1a00 [ 119.423351][ T8682] vcpu_run+0x3468/0x5a80 [ 119.425445][ T8682] ? __pfx_vcpu_run+0x10/0x10 [ 119.427769][ T8682] ? rcu_is_watching+0x12/0xc0 [ 119.430113][ T8682] ? kvm_arch_vcpu_ioctl_run+0xfd3/0x1860 [ 119.433090][ T8682] kvm_arch_vcpu_ioctl_run+0xfd3/0x1860 [ 119.435775][ T8682] kvm_vcpu_ioctl+0x76d/0x16d0 [ 119.438122][ T8682] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 119.440676][ T8682] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 119.443612][ T8682] ? do_vfs_ioctl+0x128/0x14f0 [ 119.445960][ T8682] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 119.448413][ T8682] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 119.451736][ T8682] ? hook_file_ioctl_common+0x144/0x410 [ 119.454506][ T8682] ? selinux_file_ioctl+0x180/0x270 [ 119.457063][ T8682] ? selinux_file_ioctl+0xb4/0x270 [ 119.459579][ T8682] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 119.462138][ T8682] __x64_sys_ioctl+0x18e/0x210 [ 119.464613][ T8682] do_syscall_64+0xcd/0xf80 [ 119.466831][ T8682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.469705][ T8682] RIP: 0033:0x7fc60b18f7c9 [ 119.471803][ T8682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.478725][ T8682] RSP: 002b:00007fc60bf5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 119.481743][ T8682] RAX: ffffffffffffffda RBX: 00007fc60b3e5fa0 RCX: 00007fc60b18f7c9 [ 119.484695][ T8682] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 119.487434][ T8682] RBP: 00007fc60b213f91 R08: 0000000000000000 R09: 0000000000000000 [ 119.490284][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.493325][ T8682] R13: 00007fc60b3e6038 R14: 00007fc60b3e5fa0 R15: 00007ffd564c6eb8 [ 119.496190][ T8682] [ 119.497373][ T8682] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 119.499961][ T8682] CPU: 3 UID: 0 PID: 8682 Comm: syz.0.1014 Tainted: G L syzkaller #0 PREEMPT(full) [ 119.503819][ T8682] Tainted: [L]=SOFTLOCKUP [ 119.505391][ T8682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 119.509229][ T8682] Call Trace: [ 119.510434][ T8682] [ 119.511542][ T8682] dump_stack_lvl+0x3d/0x1f0 [ 119.513209][ T8682] vpanic+0x640/0x6f0 [ 119.514653][ T8682] ? handle_exception_nmi+0x14a2/0x1720 [ 119.516879][ T8682] panic+0xca/0xd0 [ 119.518374][ T8682] ? __pfx_panic+0x10/0x10 [ 119.520097][ T8682] check_panic_on_warn+0xab/0xb0 [ 119.522058][ T8682] __warn+0x108/0x3c0 [ 119.523656][ T8682] __report_bug+0x2a0/0x520 [ 119.525421][ T8682] ? handle_exception_nmi+0x14a2/0x1720 [ 119.527403][ T8682] ? __pfx___report_bug+0x10/0x10 [ 119.529214][ T8682] ? __pfx_skip_emulated_instruction+0x10/0x10 [ 119.531451][ T8682] ? kvm_pmu_trigger_event.isra.0+0x23/0x7d0 [ 119.533604][ T8682] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 119.535725][ T8682] ? handle_exception_nmi+0x14a2/0x1720 [ 119.537698][ T8682] report_bug+0xb2/0x220 [ 119.539317][ T8682] ? handle_exception_nmi+0x14a2/0x1720 [ 119.541318][ T8682] handle_bug+0x127/0x260 [ 119.542847][ T8682] exc_invalid_op+0x17/0x50 [ 119.544412][ T8682] asm_exc_invalid_op+0x1a/0x20 [ 119.546015][ T8682] RIP: 0010:handle_exception_nmi+0x14a2/0x1720 [ 119.548058][ T8682] Code: 1e fe ff 31 ff 89 c5 89 c6 e8 3a 75 6a 00 85 ed 0f 85 ea fd ff ff e8 8d 7a 6a 00 90 0f 0b 90 e9 dc fd ff ff e8 7f 7a 6a 00 90 <0f> 0b 90 e9 fd f2 ff ff e8 71 7a 6a 00 31 f6 48 89 df e8 b7 e6 ec [ 119.554640][ T8682] RSP: 0018:ffffc90006b4f9c0 EFLAGS: 00010283 [ 119.556757][ T8682] RAX: 000000000000fc67 RBX: ffff8880597a0000 RCX: ffffc90007a72000 [ 119.559499][ T8682] RDX: 0000000000080000 RSI: ffffffff81546a01 RDI: 0000000000000001 [ 119.562244][ T8682] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 119.564983][ T8682] R10: 0000000000000000 R11: ffff888025200b30 R12: 000000000f6632eb [ 119.567683][ T8682] R13: 0000000000000007 R14: 0000000080000300 R15: ffff8880597a00d8 [ 119.570411][ T8682] ? handle_exception_nmi+0x14a1/0x1720 [ 119.572370][ T8682] ? __pfx_handle_exception_nmi+0x10/0x10 [ 119.574319][ T8682] vmx_handle_exit+0x129b/0x1a00 [ 119.576026][ T8682] vcpu_run+0x3468/0x5a80 [ 119.577549][ T8682] ? __pfx_vcpu_run+0x10/0x10 [ 119.579203][ T8682] ? rcu_is_watching+0x12/0xc0 [ 119.580930][ T8682] ? kvm_arch_vcpu_ioctl_run+0xfd3/0x1860 [ 119.582906][ T8682] kvm_arch_vcpu_ioctl_run+0xfd3/0x1860 [ 119.584852][ T8682] kvm_vcpu_ioctl+0x76d/0x16d0 [ 119.586574][ T8682] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 119.588422][ T8682] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 119.590483][ T8682] ? do_vfs_ioctl+0x128/0x14f0 [ 119.592182][ T8682] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 119.593945][ T8682] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 119.596323][ T8682] ? hook_file_ioctl_common+0x144/0x410 [ 119.598255][ T8682] ? selinux_file_ioctl+0x180/0x270 [ 119.600081][ T8682] ? selinux_file_ioctl+0xb4/0x270 [ 119.601866][ T8682] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 119.603516][ T8682] __x64_sys_ioctl+0x18e/0x210 [ 119.605199][ T8682] do_syscall_64+0xcd/0xf80 [ 119.606823][ T8682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.608907][ T8682] RIP: 0033:0x7fc60b18f7c9 [ 119.610476][ T8682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.617416][ T8682] RSP: 002b:00007fc60bf5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 119.620649][ T8682] RAX: ffffffffffffffda RBX: 00007fc60b3e5fa0 RCX: 00007fc60b18f7c9 [ 119.623618][ T8682] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 119.626608][ T8682] RBP: 00007fc60b213f91 R08: 0000000000000000 R09: 0000000000000000 [ 119.629516][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.632488][ T8682] R13: 00007fc60b3e6038 R14: 00007fc60b3e5fa0 R15: 00007ffd564c6eb8 [ 119.635528][ T8682] [ 119.637435][ T8682] Kernel Offset: disabled [ 119.638959][ T8682] Rebooting in 86400 seconds..