last executing test programs: 18.417383623s ago: executing program 2 (id=569): futex_waitv(&(0x7f0000001b00)=[{0xfff, &(0x7f0000000940)=0x6, 0x6}], 0x1, 0x0, 0x0, 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x403, 0x0, 0x4, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@vti_common_policy=[@IFLA_VTI_OKEY={0x8, 0x3, 0x9}]]}}}]}, 0x38}, 0x1, 0x2000000000000000}, 0x0) r1 = memfd_create(&(0x7f0000000180)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3', 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000100)={0x0, 0x0, 0x4, 0x600000}) r2 = dup(r1) write$binfmt_misc(r2, &(0x7f0000000280)="df", 0x1) syz_io_uring_setup(0x5222, &(0x7f0000000000)={0x0, 0x448f, 0x4000, 0x3, 0x188, 0x0, r2}, &(0x7f0000000080), &(0x7f00000000c0)) 18.317253612s ago: executing program 2 (id=570): r0 = socket$inet_icmp(0x2, 0x2, 0x1) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f00000003c0)={'filter\x00', 0x0, 0x4, 0x37, [0x6, 0x0, 0x9, 0x8, 0x4, 0x7fff], 0x6, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000240)=""/55}, &(0x7f0000000440)=0x78) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x0) write$uinput_user_dev(r1, &(0x7f0000000ec0)={'syz0\x00', {0x0, 0x0, 0x0, 0x9}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x1, 0x7, 0x0, 0x0, 0x0, 0x5, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x4, 0xb16, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x20, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x1000, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffd, 0x0, 0xfffffffa, 0x7, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0xe], [0x7, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffc, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x7, 0x4], [0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc045, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r1, &(0x7f0000001900)={'syz1\x00', {0x8, 0xf, 0x8001, 0x9}, 0x38, [0x800, 0x5, 0x3, 0xa, 0x16, 0x3, 0x7f, 0x8001, 0x0, 0x8, 0x2, 0x5, 0x8, 0x1, 0x1, 0xb7e0, 0x8, 0x4, 0x10000, 0x4, 0x0, 0x7, 0xfffffffa, 0x2, 0x7, 0x3ff, 0x1, 0x5, 0x0, 0x7, 0x0, 0x9, 0x200, 0x800, 0xe872, 0x800, 0x101, 0x3, 0xa9e, 0x8, 0x4b0d3841, 0x5, 0x0, 0x4, 0xff, 0x2, 0x3, 0x7, 0xa, 0x8, 0x3, 0x1, 0x3, 0xff, 0x4, 0x0, 0x5, 0xffff, 0x1, 0x4, 0x8, 0x6, 0x9], [0xa, 0x7d3a, 0x4, 0xfffffffc, 0x8, 0x7, 0x3, 0x51b0, 0x2, 0x7f, 0x7, 0x3, 0x8ba4, 0x1000, 0x9, 0xe, 0x1, 0x8, 0x87f7, 0x1000, 0x1, 0x0, 0xd1, 0x4c17, 0x80000001, 0x2, 0x4, 0x4, 0x2, 0x4, 0x6, 0x80, 0x5, 0x1eff, 0x8c5c, 0x3ff, 0xfd9, 0x5, 0x3, 0x9, 0x100, 0x1, 0x800, 0x7, 0x3ff, 0x3, 0x0, 0x5, 0x10, 0x8, 0x9, 0x101, 0x9, 0x15, 0x1, 0x1, 0x9f0, 0x2, 0x8000, 0xfffffff7, 0x408e, 0x3, 0x2, 0x40], [0x3, 0x2000000, 0x4, 0xf, 0x101, 0x2, 0xdb6, 0x3, 0xffff8001, 0xcd, 0x2, 0x10001, 0x7fff, 0xfffffff8, 0x9c9, 0x395, 0x1, 0x2, 0x50, 0x5, 0x7fffffff, 0x2, 0x8, 0x2, 0x6, 0x1, 0x7fff, 0x4, 0x0, 0x3, 0x9c3f, 0x2, 0x3ff, 0xd04e, 0x4, 0x5, 0x8, 0x8, 0x4, 0x5, 0xfffffffd, 0x9b64, 0x7ff, 0x8001, 0x7, 0x8001, 0x3, 0x327, 0x7, 0x1000, 0x5, 0x1, 0x4, 0x9, 0xc45f, 0x1, 0x3, 0x4b78, 0x41, 0x3, 0xfff, 0x2, 0x5, 0x1], [0x5, 0x2, 0xcf00, 0x1, 0x2, 0x3, 0x6, 0x6, 0x8, 0x5, 0x7, 0xfffffff7, 0x6, 0x4, 0x8, 0x3, 0x7, 0x7, 0x5, 0x799a, 0x6, 0x7fffffff, 0x8001, 0x3, 0x10, 0x1000, 0xb78, 0x9, 0xb50, 0xfffffffd, 0x5, 0x4, 0x7, 0x7, 0x1, 0x200, 0xd0, 0x6, 0x7fff, 0x3, 0x5, 0x1, 0x0, 0x9, 0x7, 0x9, 0x745, 0xa, 0x3, 0x482, 0x4, 0x0, 0x1, 0x4, 0x6, 0x80, 0x2, 0x0, 0xffffff25, 0xb4dd, 0x7, 0x400000, 0x4, 0x8]}, 0x45c) r2 = syz_io_uring_setup(0x37, &(0x7f0000000080)={0x0, 0x36c4, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$evdev(&(0x7f0000000180), 0xe8, 0x842) syz_io_uring_submit(r3, r4, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r7, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f0000000280)=""/204, 0xcc}], 0x1}, 0x0, 0x80002101}) io_uring_enter(r2, 0xd81, 0x0, 0x0, 0x0, 0x0) write(r6, &(0x7f0000000380)='\a', 0xf5) socket$inet_icmp(0x2, 0x2, 0x1) (async) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f00000003c0)={'filter\x00', 0x0, 0x4, 0x37, [0x6, 0x0, 0x9, 0x8, 0x4, 0x7fff], 0x6, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000240)=""/55}, &(0x7f0000000440)=0x78) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) (async) ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x0) (async) write$uinput_user_dev(r1, &(0x7f0000000ec0)={'syz0\x00', {0x0, 0x0, 0x0, 0x9}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x1, 0x7, 0x0, 0x0, 0x0, 0x5, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x4, 0xb16, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x20, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x1000, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffd, 0x0, 0xfffffffa, 0x7, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0xe], [0x7, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffc, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x7, 0x4], [0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc045, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) (async) write$uinput_user_dev(r1, &(0x7f0000001900)={'syz1\x00', {0x8, 0xf, 0x8001, 0x9}, 0x38, [0x800, 0x5, 0x3, 0xa, 0x16, 0x3, 0x7f, 0x8001, 0x0, 0x8, 0x2, 0x5, 0x8, 0x1, 0x1, 0xb7e0, 0x8, 0x4, 0x10000, 0x4, 0x0, 0x7, 0xfffffffa, 0x2, 0x7, 0x3ff, 0x1, 0x5, 0x0, 0x7, 0x0, 0x9, 0x200, 0x800, 0xe872, 0x800, 0x101, 0x3, 0xa9e, 0x8, 0x4b0d3841, 0x5, 0x0, 0x4, 0xff, 0x2, 0x3, 0x7, 0xa, 0x8, 0x3, 0x1, 0x3, 0xff, 0x4, 0x0, 0x5, 0xffff, 0x1, 0x4, 0x8, 0x6, 0x9], [0xa, 0x7d3a, 0x4, 0xfffffffc, 0x8, 0x7, 0x3, 0x51b0, 0x2, 0x7f, 0x7, 0x3, 0x8ba4, 0x1000, 0x9, 0xe, 0x1, 0x8, 0x87f7, 0x1000, 0x1, 0x0, 0xd1, 0x4c17, 0x80000001, 0x2, 0x4, 0x4, 0x2, 0x4, 0x6, 0x80, 0x5, 0x1eff, 0x8c5c, 0x3ff, 0xfd9, 0x5, 0x3, 0x9, 0x100, 0x1, 0x800, 0x7, 0x3ff, 0x3, 0x0, 0x5, 0x10, 0x8, 0x9, 0x101, 0x9, 0x15, 0x1, 0x1, 0x9f0, 0x2, 0x8000, 0xfffffff7, 0x408e, 0x3, 0x2, 0x40], [0x3, 0x2000000, 0x4, 0xf, 0x101, 0x2, 0xdb6, 0x3, 0xffff8001, 0xcd, 0x2, 0x10001, 0x7fff, 0xfffffff8, 0x9c9, 0x395, 0x1, 0x2, 0x50, 0x5, 0x7fffffff, 0x2, 0x8, 0x2, 0x6, 0x1, 0x7fff, 0x4, 0x0, 0x3, 0x9c3f, 0x2, 0x3ff, 0xd04e, 0x4, 0x5, 0x8, 0x8, 0x4, 0x5, 0xfffffffd, 0x9b64, 0x7ff, 0x8001, 0x7, 0x8001, 0x3, 0x327, 0x7, 0x1000, 0x5, 0x1, 0x4, 0x9, 0xc45f, 0x1, 0x3, 0x4b78, 0x41, 0x3, 0xfff, 0x2, 0x5, 0x1], [0x5, 0x2, 0xcf00, 0x1, 0x2, 0x3, 0x6, 0x6, 0x8, 0x5, 0x7, 0xfffffff7, 0x6, 0x4, 0x8, 0x3, 0x7, 0x7, 0x5, 0x799a, 0x6, 0x7fffffff, 0x8001, 0x3, 0x10, 0x1000, 0xb78, 0x9, 0xb50, 0xfffffffd, 0x5, 0x4, 0x7, 0x7, 0x1, 0x200, 0xd0, 0x6, 0x7fff, 0x3, 0x5, 0x1, 0x0, 0x9, 0x7, 0x9, 0x745, 0xa, 0x3, 0x482, 0x4, 0x0, 0x1, 0x4, 0x6, 0x80, 0x2, 0x0, 0xffffff25, 0xb4dd, 0x7, 0x400000, 0x4, 0x8]}, 0x45c) (async) syz_io_uring_setup(0x37, &(0x7f0000000080)={0x0, 0x36c4, 0x10100}, &(0x7f0000000000), &(0x7f0000000100)) (async) socket$inet6_sctp(0xa, 0x1, 0x84) (async) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, 0x0, 0x0) (async) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140)) (async) syz_open_dev$evdev(&(0x7f0000000180), 0xe8, 0x842) (async) syz_io_uring_submit(r3, r4, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r7, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f0000000280)=""/204, 0xcc}], 0x1}, 0x0, 0x80002101}) (async) io_uring_enter(r2, 0xd81, 0x0, 0x0, 0x0, 0x0) (async) write(r6, &(0x7f0000000380)='\a', 0xf5) (async) 18.247589917s ago: executing program 2 (id=571): socket$nl_route(0x10, 0x3, 0x0) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) mknod$loop(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1) rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000080)='./bus\x00') socket(0x10, 0x803, 0x4) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x20008880) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000080)=0x200000000) r4 = dup2(r3, r3) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000400)={0x1, 0x1, 0x0, &(0x7f0000000500)=""/130, 0x0}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x5) read$FUSE(r4, &(0x7f0000004d80)={0x2020}, 0x2020) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000180), 0x0, 0x0}) write$vhost_msg_v2(r4, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000440)=""/132, 0x84, 0x0, 0x1, 0x1}}, 0x48) getsockname$packet(r2, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = dup(r9) ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f00000005c0)=ANY=[@ANYBLOB="01000000002058ed3f000040"]) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r6, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r6], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) socket(0x10, 0x3, 0x0) 18.136210523s ago: executing program 2 (id=574): socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0xb3, 0xa}}]}, 0x2c}}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0) (async, rerun: 64) sendto$inet6(r3, &(0x7f00000000c0)="00a9d5c11069a58bc7cccf5f5d5796e36b8e91f8b01663bb0210278b8cf0c10bfdbb87c8381cbf99087ee16906a0bc0000000000000059", 0x37, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (rerun: 64) shutdown(r3, 0x1) syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x0) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) (async) r4 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_int(r4, 0x29, 0x7, &(0x7f0000fcb000)=0xffffffff, 0x4) socket(0x10, 0x80002, 0x0) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) r7 = gettid() (async, rerun: 64) r8 = socket$l2tp6(0xa, 0x2, 0x73) (rerun: 64) bind$l2tp6(r8, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x41000000}, 0x20) connect$l2tp6(r8, &(0x7f0000000100)={0xa, 0x0, 0x1, @dev={0xfe, 0x80, '\x00', 0x42}, 0x9, 0x4}, 0x20) (async, rerun: 32) r9 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r10 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="0100000000000000000001000500050007000000000008000900030000001400200000000000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0) (async) r11 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) read$ptp(r11, 0x0, 0x0) (async) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)=0x0) timer_settime(r12, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="3800000054000100040000000000000807000000", @ANYRES32=r6, @ANYBLOB="20000100", @ANYRES32=r6, @ANYBLOB="00000000e100000000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40080) 18.006487085s ago: executing program 2 (id=576): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) close(r0) socket(0x10, 0x803, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000500), 0x22, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000600)={0x1, @vbi={0x8, 0x8, 0x6, 0x35323645, [0x0, 0x2], [0x40, 0xfffffffd], 0x108}}) ioctl$SIOCSIFHWADDR(r0, 0x8b0b, &(0x7f0000000000)={'wlan1\x00'}) 17.916276062s ago: executing program 2 (id=577): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000540)='./bus\x00', 0x1, 0xffffbffd) chdir(&(0x7f0000000140)='./bus\x00') pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x121042, 0x18) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}}) splice(r1, 0x0, r3, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) (async) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) (async) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async) openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) (async) mknodat(r0, &(0x7f0000000540)='./bus\x00', 0x1, 0xffffbffd) (async) chdir(&(0x7f0000000140)='./bus\x00') (async) pipe2$9p(&(0x7f0000000080), 0x0) (async) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x121042, 0x18) (async) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}}) (async) splice(r1, 0x0, r3, 0x0, 0x2, 0x0) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async) 5.516384405s ago: executing program 0 (id=729): r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000009c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @rand_addr=0x65010101, @multicast1}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x6}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x3}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}], 0x68}, 0x20020014) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd) r2 = dup(r1) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c47000/0x3000)=nil, 0x3000, 0x4000, 0x7, &(0x7f0000d16000/0x4000)=nil) remap_file_pages(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) read$usbmon(r2, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000002c0)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f0000000940)=[{&(0x7f0000000600)="3282db78e0ea55c52d87bc2a166b9e46818f5faca0b3a411e056b7928ccacd30019d925e47ecd2f92675d1d8c795dd0ab0a9c457007d002ae359e2b5d768e71db355cf220bb96b7a64e1d2629c3e21c5decd0e2e6f107c35a8081587d3dc42a0bc0d0c5e85c355c9cbadd6e8f8014acb52d24b961a3989d5102d540829ad660fdca299e7e74a71ed264d75a3e1dfb8331f1b441972bc5982dbe74341fa418cfee6039c15eda91b1ecf8887e008b15c4c7505c31efe20a7b838369c2857906c492432ba88cd2591215c875a7c854aa65bcc2e04eabc2ef716297c6d5c1357ed811a106739f968547df4ae455ecd6b0566ef52705630df27d81e2a544ecc09f8c73cec559d206644acdc56c717e19f04613456b8d7a386c0a700c032d0165c3b3f5716aa7f24e6fca522f91350793d13ba7f887e7b48cd3e6e41139d0deb8de9aeac59bf750ce0", 0x146}, {&(0x7f0000000fc0)="da752f575198baaac222d34e85893d37a6bd281687872ed9151c56f415698f3fecf56eebf5edb42ed5d54e0419b2a13128d3ad19b6eed6b450aad46baaa57203e0d4f567d8d79fe07e7b3142de43e55cf69c65db2469175cf60c82f49d0f9d3f2ac908fd7099c4c4dde733a14d57f4117ed2f46aea5950ff0176d73349c2808eee62ce1c7d846ffdf65211f3192dabf5b3ac1516ad90e618d0ca9e4ac2778acabeac244f2f90af2616647e5cf8ab5e2ac404ebf2a866c8a73f68ae2cc4523e63e3a1aa5ab60a23e4c47534bda546042120c5333d91fefc68226bc9149d282937797a2fe036a58c9ecd19e54bcfb85d3f75ec7c74d86be94ef6b9191e0fa86d2a9330af3f592e24bc30b84632e5121bf04abc0e12f4073f6678ad97b786cc73b8175e35eda542e3631d283a3ca6fef91607ec7dee1b4a62bae169cc8fb64e8bdef95474f0b3c526f69ce55281e18016a4785875ba99e313fd63f66cfd36234bcc6048f25bce8cce39cf709eb10e1ea88497ff7401aae0d4a7e07f14691b6c4b75dc16e2586744317ffbb9966d8bfb16efcdf6ab308426e5c1aec6a6636122ffaca89af3b03834612b93989d0bbb251a42c1b48b86ac7162ad8d5cbf3d6cfccdc590724ff6caa85320f9d5beea2370b8c0533c19422c9097a7164651ad9d8f9cca4ea7815e53fd9c42eab1cb76b451cd3b18cf31c16d01731efd1506b844f52d2f173c825a7f8814ada5f6361a48f20250df6b98965d0c85f3df3b72b2ac49f3ed52e6fa30d7d3d54d95e8bd13ec2ed4883feb3b778d624ff0c1a3ec900671acd0ff00edc7b96d1cad51fba25565c67ce0e62302dbff8f68c0de8330c44704b2f019a7afc753538ed61f3744f286735af18a8f5e7ae3fd66e4562565b31a9e5d947a06ea69ee5f0ea97d2e832e1bbc9e74498a2f99473ef8822ad0254013fefff6c4c35d84072307633de00985a6477ff6480e75171a50915838168d3b1a5864450cc9b2fb1f71364095c0fd0c94610e4b9785dc39501ba75496d10907ada3ffa622225897c79c8e8efa27396ada49844f7664bd2eee3a156c0c89fc8ded3f1b8be73d1e60521c2789837b71fe63a320f233032f2bc0472f53165423fb6c8755e5f18ac54ea180f0486914f917f8b16b13b286248c2ed33bf7b95efc5b3c15664d036fcb721d19011d09a7efbb4863b021bd7b75c632a2bb13676a1ab1fed3f1101196625c09244c987825b515d662f4fcac27b9a4cf92ba0683b7eecbbff92c7250bf7c04bcc660840d91620bb214b46581f7f406b45019f01249be3a7ca79b97c9be7ae35f6d3594687c5207c029a2774f3a7df6681a206a59a9dd40a8f114e03f3b6a44a4e88960c9d6c79b5ac3ddfc4481ca5cdbf31816bfa9291879e0d7ea617add447d819aa30e2c3f9502c393cc9cce52dcbdac5e3c55a08a9b8ddaf52de96915f6635065a905aa94b7b20882dc3f72c3cbd2b5cab4e642b8defb3068b16582f9fad313682929d43e466c2448a9220bcdf2de3928078fbac197a7957bb9bb34e4778aca1626a984d4b1ac09517f1c353139739138fe320f5f34b17693c85e40d6f44e4750610a9e8463a400", 0x46e}], 0x2}, 0x8400) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f0000000100), &(0x7f0000000140)=r2}, 0x20) sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000980)}, 0x4004800) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r3, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000002180)={&(0x7f0000000240)=ANY=[@ANYBLOB="100000000a14918d"], 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x800) r4 = syz_open_dev$sndpcmc(&(0x7f0000000200), 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x5, 0xe, &(0x7f0000001440)=ANY=[@ANYRES8=0x0, @ANYRESOCT=0x0, @ANYRES64=r0], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0xffff0000, 0xe, 0x0, &(0x7f0000001a40)="2b206d074843b37ea49da2aa0000", 0x0, 0x80f000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b23, &(0x7f0000000080)={'veth0_to_team\x00', @broadcast}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000980)=ANY=[@ANYBLOB="0180c220000f0180c200000008004500001c00000000001190780a010100ac1414aa00004e220008907815"], 0x0) close(r7) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x2a) mmap$snddsp_control(&(0x7f0000ffc000/0x2000)=nil, 0x1000, 0x2000003, 0x82012, r4, 0x83000000) 4.657311914s ago: executing program 0 (id=734): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="440000001100a7cc5a8100ae541d002007000000", @ANYRES32, @ANYBLOB="00000a00100000001c001a80080002802d00ff0408000200f4"], 0x44}}, 0x0) (async, rerun: 64) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (rerun: 64) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@delchain={0x24, 0x65, 0x200, 0x70bd28, 0x25dfd3fc, {0x0, 0x0, 0x0, r0, {0xffe0, 0x2}, {0x2, 0x3}, {0x3, 0x7}}}, 0x24}}, 0x40004) (async) socket$nl_generic(0x10, 0x3, 0x10) 4.657039507s ago: executing program 0 (id=735): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000028c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r3, 0x1, 0x2f, &(0x7f0000002a40)=0xd3a0, 0x4) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000b00)={'hsr0\x00', 0x9}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r0}, 0x8) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000280)={'vxcan0\x00', 0x0}) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRES16], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r5}, 0x10) listen(r2, 0x6) r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_POST(r6, 0x5008, 0x0) r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r7, &(0x7f0000000180)=[{&(0x7f0000000080)="5d94d85d4f719ca12bec4755ba62aaafadf976930fe36c86b87398035ac8735935ddd0cfc1acec22070cc09f47cd8b974516575344fe74fb", 0x38}, {&(0x7f0000000340)="e1884afc2707acd93ad0dc5d9dcc0cbe2b9045792410934c366f2b6a6fcbeb10b891ea39e67df3eb043462a1b417797f001db7a3a28acaf42c862f19f8f2b0665a5bb6d2d61298c0a103b30fc12ec6926fa417ace6", 0x55}, {&(0x7f00000003c0)="c4f3c4cc8b0237149088907bfdcf6112b1342209c1429ed0c02dae9b0f9919a468813829b92f32bcf7ab4c3db29be0839f28163da141b620fbe86f26cad7fe3c2ee7261e1ae7b2acbb79", 0x4a}], 0x3) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = syz_io_uring_setup(0x7983, &(0x7f0000000440)={0x0, 0x6e23, 0x4000, 0x3, 0xfb}, &(0x7f0000000300), &(0x7f00000005c0)) io_uring_register$IORING_REGISTER_BUFFERS(r9, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000640)=""/4, 0x4}, {&(0x7f0000000680)=""/165, 0xa5}, {&(0x7f0000000740)=""/102, 0x66}], 0x3) sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0100001800010000000000000000001d0100001500030020000000000000007fa5bf073cff73aa010000001e010600fd00ff000071ec6d721744cd529f07f76cf8cfcad4c4ec6511ec028c5028564abce83afe14c93e15e556c2baed7f897fe841c155a2b2a4b9f3052995cdf66a9c79224d13d6af5b6c67281f1519cd7c32c2bf7563b9452575505da99ea128d37616896be8764a2c78edbad5bde7a5e405bdc893770338925f824bd24689c0d11a5568fc3aaa9ad0d7766d8ea8d3060006e3df494e2f373148ecb4adafdd39874e9808b118301f1e76054a64c6d243523f5de7b347f3b740e105d0ed18fae7289635301ebd8949268090b3bcd4cbed5f1cfe93cff41a9630802f96defe9e8ea850529827c5e301953a8abaafa1f121e590f74e28233f4129d4587eee87ec5d42c3ef0619022c005c8d586b2a88d81866930fca15c8a95d29e5b2ea0000"], 0x14c}}, 0x0) r10 = fsopen(&(0x7f0000000000)='udf\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000800)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r7, 0xc0245720, &(0x7f0000000000)={0x1}) r11 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r11, 0x5423, &(0x7f00000000c0)=0x5) ioctl$TIOCSTI(r11, 0x5412, &(0x7f0000000180)=0xdb) mount_setattr(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x47) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="2e00000011008188040f80ec59acbc0413a181003100000001090000000000000e000a000f00e4ff2f8002002d1f", 0x2e}], 0x1}, 0x4000) 3.085122061s ago: executing program 0 (id=739): socket$nl_xfrm(0x10, 0x3, 0x6) (async) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000640)={0x6c, 0x17, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x50}, 0x40) (async) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000640)={0x6c, 0x17, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x50}, 0x40) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000011000100000000000000000000000000000000000000000000000000000000000000000014000d00"], 0x3c}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xc, 0x6, &(0x7f0000002ec0)=ANY=[@ANYBLOB="84010000000000009c110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03bf3a48dfe3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f541cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc36b3d7c734a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9d74aa222038994dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b223ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bf050c719661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebebf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc02846ac5791278f18c6759e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6ddeb67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff8279421778d4a914512ca803da18db6fcf89715c2d338f78d8b9220171b41f528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef00000000000000000000373494cd59e8ba04ec8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac038e9e17136e7c698f73faaabb3d00000000000080014573789425c4c32da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767cd755783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a4af7464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f952b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf41ba88c7eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac80574fa3ea312997ab81bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be80bac1b6be04fd98610000000000000000000000000000139af5493f74751c5e2501a4936bc4a0fa516117f4ccadc692003adee0a080eba2f1059660c0ee0e9aec72d4d0fe095632e4f641b0e34c611c5b3e0ba05fa36542d4f237dda323910672a9097d68398fd3539686e4288db0d6bf7cb8a1835f46dfe11865a66ef47e736dada06677a5bca133d6cbc8fe5c4557e51b006bdccd7c5f32ff1d9e8b130f77df09236870fb3de5b87b4f8acc13df534eba329b8667b4dd0c"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x0, 0x313}, &(0x7f00000005c0), &(0x7f0000000100)) (async) r4 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) (async) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r5, r6, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r8, 0x0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x40000103}) (async) syz_io_uring_submit(r5, r6, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r8, 0x0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x40000103}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) io_uring_enter(r4, 0x46f3, 0x0, 0x0, 0x0, 0x0) write(r7, &(0x7f0000000200)='~', 0x1) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000340)=@mmap={0x0, 0x2, 0x4, 0x100, 0x10000000, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "186856f3"}}) (async) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000340)=@mmap={0x0, 0x2, 0x4, 0x100, 0x10000000, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "186856f3"}}) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000002000000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000081007d60b7030000000000006a0a00fefdff0000850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465c3a1f59916ffc9bf0bd09279c362f80e5cf8df265e1b40e4c8ae7a89cf8bd819b5c0c000000008da68076774bb4db2c769937000090af27db5b56024dcbbbd2cb2000ce94284673b4e8d5467e357754508535766c801100000000b290a248a120c9c6e39f3052aae80677eeba68562eaeaea5fecf298ca20f274233106e2baf69b1c60f0ce4099f366b89ab63ecf772de7b265040b6b1acbef92b2704550a4d1dd5c50b7420b58a93fe94c756008afcd0b2eb785632e0a85f02a5a6474ae549070000000000001294fba0ed5020e6477cc921fee1f6d8ad6a80d0947cd6d4a561ced23b0b4a902be6af7ec2d1ba000057f301000000000000000000000000100000aaf253886c0b9f6d4731d714ad72e5ad8530a6380ed2d29f47f96a576cd20cef7ed95157ab050000f0077e9d13d8b93eb0f2c6f8941e35e1577c10e509c9b133c849eb709df5c6ba73cccdfa3c58bc5204339b0b487f0eeed581cb202900000d322717c338033213c18a34ee0ca2cf61efb4b3797a642735d6d482ba98d252f36c54333aab1aa736369392239820f5f1557b0bf7ccb0a5a13c714e0b1a5bc3f9caff3283076cda3d0b1a2905cf7bd04f2db530abcbe44bc40528ad807970727fb819afa14aad99f93093ced7dd51995edcf53b907228fa9e83433eedb4ac88d0285594ffb0d14e71d5c57f33702f22b22417bfb38d04c8441ceec8bcaffbe800aa41307bd8325a76f395bc9a8b0c9d905979f34adddb521914f92eed3d3e9de82942a952e86bd67aff5bc2e3c1fcc00f61124dd06df4b8fd356cb365adc037e443820c05c5db160087a9cf471e0eff227f25b2c5cacebfcd55f8c81f5eb1f8d615ca27efb2193bb61665b8ce37f30c2efc9c3b5a4a5d95479fac471ba60fbd0e50223517a07a3484124c5563cd3700000000001825b05a580ea8cb7f85b77b35a06a895b287b47efbe220bc215aca4a65d7018a7f91c4228b35f71a7c183360ab7a7b6b7870086d851ff861ee07bbec801b79afa477ebab255c7265820456fdc3f34f9d729315d856be7ec564613d5e28cf7c405d6e2b6aeb20000b8505a36a8067cb459fab87c8de118117733d30f4fe049658a2c3edd43546ead9c7882858868cff89a49a693731140db1b7b7116060c30690a39de8b3e0eb4f5401e8354870848c546f9defe1a9c534c9030830fec3eeb5faf1d64bb8e80000000f6ff0000000000000055d843352632b829ceb5200a2cdeb63c0bc7e835e061f9ac3c052b5b6f689bf203aeb8858be07691bc83e178181fab55e6ed9e8a17819de49564d0f0c00dd507441b80cd499c39c5d03d6c00cf5be5215bae09a4f52abf8f1c1add498470a0bb9d7ab757a8b28e4accc939b3621e4c2c9e02741c51eeeaad40cf2e1c3659d83ed71fc628807739d70edda93542445e3204828c49bef648efdc2208341357dd158f411d379df9b1feffbe7c7ee80558a040fa3d5a303f36d5c1a66d9644fc0559aa0e291355ee3de6c7a705b8f7b45bb825044b9a82a6fd2f6eeb14eee0c3f71eeea9984e14c57022ef72850b6dc5fda167d6f98f6c1c73feb424b7937e3c7ca0d2525efbdac50eb94797cf3747b83b56cfea8c74dd3f957dc462e715b789934b422b7ddf3e11a6ad6ad9afd5389c728d14"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3f, 0x10, &(0x7f0000000000), 0x2ca, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r10 = syz_open_procfs(0x0, &(0x7f0000000140)='net/netfilter\x00') io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000b40)={0xff, 0x0, &(0x7f0000000500)=[{&(0x7f0000000840)=""/131, 0x83}, {&(0x7f00000003c0)=""/82, 0x52}, {&(0x7f0000000900)=""/213, 0xd5}, {&(0x7f0000000a00)=""/201, 0xc9}], &(0x7f0000000b00), 0x4}, 0x20) getdents64(r10, &(0x7f0000000240)=""/44, 0x7a) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r9, 0x18000000000002a0, 0xf, 0x304, &(0x7f0000000040)="b90703600000f007049e0ff008001fffffe10ec53308633a77fbac141441e0022001be3e7d2a2007ff", 0x0, 0x104, 0xa000000, 0x0, 0xfeb9, &(0x7f0000000640)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea02f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7", &(0x7f0000000100)}, 0x28) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r9, 0x18000000000002a0, 0xf, 0x304, &(0x7f0000000040)="b90703600000f007049e0ff008001fffffe10ec53308633a77fbac141441e0022001be3e7d2a2007ff", 0x0, 0x104, 0xa000000, 0x0, 0xfeb9, &(0x7f0000000640)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea02f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7", &(0x7f0000000100)}, 0x28) close_range(r2, r9, 0x2) syz_clone(0x2a809000, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f0000000780)=ANY=[@ANYBLOB="120110010200dedb48e15e8e3ee4500fee480f2b297a00082505a1a440000102030109025c0002018160080904000001020d000005240600010524004aa30d240f01060000003fd50200b406241a8b0b140905810320000903460904010000020d00000904010102020d0000090582022000070808090503020002f81801e788c78d8e23989c4503a89ec0fe884f02e8bbf2894c5f234e6fedd6707a43bd0000581cba4098a637b56e9e95cb7451689028"], &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000501000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00') read$FUSE(r11, &(0x7f0000001740)={0x2020}, 0x2020) fcntl$addseals(r4, 0x409, 0x0) syz_open_dev$usbfs(&(0x7f0000000240), 0xd, 0x101301) (async) syz_open_dev$usbfs(&(0x7f0000000240), 0xd, 0x101301) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) 2.895954306s ago: executing program 32 (id=577): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000540)='./bus\x00', 0x1, 0xffffbffd) chdir(&(0x7f0000000140)='./bus\x00') pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x121042, 0x18) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}}) splice(r1, 0x0, r3, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) (async) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) (async) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async) openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) (async) mknodat(r0, &(0x7f0000000540)='./bus\x00', 0x1, 0xffffbffd) (async) chdir(&(0x7f0000000140)='./bus\x00') (async) pipe2$9p(&(0x7f0000000080), 0x0) (async) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x121042, 0x18) (async) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}}) (async) splice(r1, 0x0, r3, 0x0, 0x2, 0x0) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async) 1.182082378s ago: executing program 1 (id=755): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x89) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000280)='.\x00', 0x25000001) sendfile(r0, r0, 0x0, 0xb) 1.126161976s ago: executing program 1 (id=758): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = dup(r1) r4 = fcntl$dupfd(0xffffffffffffffff, 0x406, r2) read$FUSE(r3, &(0x7f0000001180)={0x2020}, 0x2020) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, 0x0) ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, 0x0) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$fou(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYRES8=r0, @ANYRES32=r0, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20048091}, 0x0) sendmsg$FOU_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1c, r9, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}]}, 0x1c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x70bd26, 0x0, {0x2, 0x0, 0x0, 0xa6, 0x0, 0x0, 0x0, 0x0, 0x10008}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async) socket$packet(0x11, 0x2, 0x300) (async) dup(r1) (async) fcntl$dupfd(0xffffffffffffffff, 0x406, r2) (async) read$FUSE(r3, &(0x7f0000001180)={0x2020}, 0x2020) (async) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, 0x0) (async) ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, 0x0) (async) socket$kcm(0x2, 0xa, 0x2) (async) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async) socket$alg(0x26, 0x5, 0x0) (async) bind$alg(r6, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$fou(&(0x7f0000000480), 0xffffffffffffffff) (async) sendmsg$FOU_CMD_ADD(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYRES8=r0, @ANYRES32=r0, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20048091}, 0x0) (async) sendmsg$FOU_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1c, r9, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}]}, 0x1c}}, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x70bd26, 0x0, {0x2, 0x0, 0x0, 0xa6, 0x0, 0x0, 0x0, 0x0, 0x10008}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async) 967.165415ms ago: executing program 3 (id=763): r0 = syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x18}, &(0x7f0000000100), &(0x7f00000000c0)) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) (async) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) (async) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) (async) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) setpriority(0x0, 0xffffffffffffffff, 0xf6) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000080)={0x2, 0x9, 0x3}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f}) close_range(r1, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x22, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0, 0x0, 0x1}]}, 0x1}, 0x1) 953.001373ms ago: executing program 4 (id=741): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1/file3\x00', 0xde) r0 = landlock_create_ruleset(&(0x7f0000000140)={0x2000}, 0x10, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x111080, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0) landlock_restrict_self(r0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2) 884.779469ms ago: executing program 4 (id=764): bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x4) (async) r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x4) fallocate(r0, 0x4, 0x8, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, 0x200, 0x1}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_MCAST_FLOOD={0x5, 0x1b, 0x1}]}}}]}, 0x44}}, 0x8010) (async) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, 0x200, 0x1}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_MCAST_FLOOD={0x5, 0x1b, 0x1}]}}}]}, 0x44}}, 0x8010) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x5, '\x00', 0x0, r0, 0x0, 0x1, 0x3, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={0x0, 0xfffffffe, 0x8}, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1, &(0x7f0000000080)=@raw=[@generic={0x0, 0x0, 0x8, 0x4, 0xfffff001}], &(0x7f00000000c0)='GPL\x00', 0x7, 0x19, &(0x7f0000000100)=""/25, 0x41000, 0x32, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000140)={0x0, 0x3, 0x80000000, 0x8}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000240)=[r5, r6], &(0x7f0000000280)=[{0x2, 0x1, 0x9, 0xa}, {0x1, 0x5, 0x10, 0xb}, {0x1, 0x1, 0x2, 0x6}, {0x3, 0x5, 0x9, 0x5}, {0x3, 0x4, 0xa, 0xc}, {0x0, 0x2, 0x3, 0x5}], 0x10, 0x2, @void, @value}, 0x94) openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r7 = socket(0x10, 0x3, 0x0) write(r7, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000003c0000000000000008000f0001000000", 0x24) 884.515808ms ago: executing program 3 (id=765): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=ANY=[@ANYBLOB="1805000000000000002100"/24], 0x18}, 0x1, 0x0, 0x0, 0x11}, 0x40) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x24, &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100}, 0xc) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000140)={0x38, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x4}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r4, &(0x7f0000000100)={0x1f, 0x7, @none, 0x73, 0x1}, 0xe) 807.556532ms ago: executing program 3 (id=766): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) mmap$dsp(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100001e, 0x20010, r0, 0x0) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000240), &(0x7f0000000280)=0x8) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000000)) sendto$inet(r1, &(0x7f00000002c0)="9cf7e310923bb9bcddf5d4ce284b24dd75e6d8d40eae564a552c00ea315d4032d8bf3069ac83367591140e53b599120c091fa07587f2db17cde864d87bb091d53df2bc2f0961e0f6adb67bb3dd073ba401b045d2ae098136b9bf6cf2027a2cd734c083fb89505073cb294cce1a64b4fa54c9c86e42c288a807dbe9492587bbb96a7d468f55ca9402e16fa5c45f0079b820e65a128f0acec61993390c2672a7b49689a06b421840fc0bf180fef4b89cc0bc9a5a1eadd69b38ecd98cd5469df99671c13588484678d7f54d85b34cc8cd2fae892533f7dc5bba4049c51dac310c2a22c101e99b18da3244ddb5c5a58600ea96f643f7596896c2d72c068071bc3feb8091d7cce2582a8bea35883e4a3f2e14e53f16f04061ef2fa5098da7e74f2521b21aa7b99f5b5a69e0d3529df0da6a786fd993754443e33d682b8f051b6d05be854d1552247306a543424360ba71ab358e0e057c9588d694228dc4611179877d8b703cd71dbf5fd6fd1e99a830dcbc54dc6d2f03f0bdfa4011581ffd2e1a9205e383c3e6ded633414af6d8bbdadb08b6f95fa27e81e28e6783b21f2924f0b7ed269be7eaa4b3d96f1c03127fe89df858e5d16f49e9e9461218b15d388047da46e3e22e10b40620a2ca2e6caabec9fa1c139c1ea80b4bd5ab846d42fe8f3c37d5fc9b905f22a833f0c1abbb78afa92dc76783895de2dbddc82128f7a886ac38af7b642226f8844ab3f3f89b00782aeeb723083831f437c674f0bd4bc9b05ad5618f8a64ea22f3bb37c00c367e192a80e43fb7a5d0f5e46dee656e9770473d76bc5c2f583b86cc218649256d650253cd7e12eb0ab2dc687ed4ef7eb83800b80e482c721e97b74e44b389f65cedac3657fc6364454b857309b503fe08cb05700f94140dd6dc8627328b541facd49640279b2584f94bd8b9ee0029afce536c6bb145a8b58facdf62d93b1efe65fd305f95b99e6c6e96f325e9932e89f514f914742c1968ccf9993a5d113b6480779c35422f10ac5170d33cae277eb47792327a8365995a2c73729f4db61a2932a2ff09f458bc57ae206af16e4c84fbb8e1eb575ec35108efcc7622d8e8b9a226eb60236df44ad682d0fd93bc378c7fcee19e72c05f78599081776c0fbbc2757097927e8983eab5bd5bc77daefc808529e3af2555a2a540a040e8d017b2cb1a343df648280db39f27b1a41d8ff8b24fa5de22423e4e0feab7ed0a06f3690a77bd03782eccf38843635ef9a77eeabc179e433dd25709170b1ee4a6e0ddea88559bf9a570e97e6ea7821b1f6a649bb7e424c7429cfeade93bd61dbedf5f31436d0f89c418a13f53ae322434b6f6fbc9e2607677b7dc2029da438b5553fce7b1c83125f1b669509a486cbcb6937b6e6a5a61ae922e3a25b3d3922f47077df91e566f516d3a307dc53cd8ae560107d0683a525692b7f71bf4a34152d343608b4f967aa07fe3af4394c151d8b6bc34f19a17daa7333b6951d678e737d61d368765f92a8cab998ed3fc96029ccc4d189429047400d3c954861f7b14e003fa6e6fa83bfed88dddedbc252f9e821cc59838dac2c2bae92ff7a472d6c62035efd182f04e501e0810f96257481bab25d17be42655406d5d4d905c7eec2d8552b5df3ef6f395b76ebdb696c0bcdb13c914ce425920c6e3371b2d45aec7e309e841f0adc02549271b101a1198f3edb2863cb34fb0fca61041d260ceb27246ea73786980f125d00dadcfb440856e25c9ff5f0800e6ba933696004b7d5d7024f3e4e91fcf8d162ff8eeb9ca60aaac1f6be93508a7a9eda9dbbd1e80d93354e8b8112f3c25cfce3883b527709587623a3578bdd68f1445aa74b5f310c8ac60baea1313ce70551a8e77dc756b79fd27e9bb738545b43bdd8b5c062ffe272e290a743c190433be5ca67309c82210ddcd9c7fd17247f26b601de930eba03ec414fc14a5f4ae51db01ae23de5724427af5a7c4b3f2265e02bf2fef90c86f71bce8ca9218358d3d5a97edd3ece7d17b113b48f50300b15fc41fd744dcc45f5cd761fdc4e3e0c79a5d8d5dbd2b5f29e0e5d5798727773aa2fd65036b69595e2afb50e1f8b979a6bdc76eff1e3e0dc6e91115d14092f16326978f690ddf04d8cc4ca353cca9dd4a915682b339a77f7fb925e08c445d4884d6b4b2de7194ed66b39b80cadd4a49674b14b8766df45e5ed38865781c6e082b06082f45af3b92489970caed908875a58857456a9b2a1e44aa11181d707d8e8238cab7c920a6179b1e4d905730c2f17f630bab2ff99737acc36407d7607543ea6c6e10b2392a00e316b41f1f6fc231fd9788e5019ccde02f35ff15edb2d1dae54969b5a9e15e47a8fbba622c7de1ea798c572c4bdb881e9c6c08be8496e031c9b642ce97c19d406df0f7261c4cf071705a9bc2f86422c980858c75e419897c19a25c1f4846ec23049bb7abf5ae76f8fa2bf04e830c7b63bbb67316fc06ca355ecc1308dc5d6ccf6a44d63f9a23f5712f5a192c46d8ca969b998927b71ce1781fa3b11c65ea55d4c42d8108ea74854df645fbfddaf981aeffffa78933501afd981747bac8b740542c1046ce50eb95d8881d2bd83cf27ef0d3cd089694edef91758b42eb7c019b759ca21b360c015a9c5e104ffaafb8da717745cb6cfb4065ca992850b487ec181710df174cbfe990b268b93ba69468619a966a78ee55982d99c012dc335ab690dda9db95ba0000c6a04a3b63f72c8557c9c1a623a31d9f03279fb569e289520a8646cb951333c0afe4658713e942a089bf504bbd93a6edbe3864dbbbb8ac2950c208459a888a890e38cef4a30b42279e11657e905e70a9a19d57fcea203e14d5ebd5779e3da9153b5773b86301dbc8443d4a7c801e349e23a7d0f47af071239c2af372fb86ec9bfca8127d300ed9904a7eb5aa03fa9012ecc0f0f4abff694453e0d9fa4f8981edcac0bb5f8647d907c5073e3d26170fe2ddf9fe20ad95e61cf657bc1f705b633dca3923cc0df62423801a2fc182a87a694adf7312c22d6b43a5402412c696494689cc15ade1c7227b4a76eb984590692ef1bcb870e88056d0faaa340735667ede0dd221185847ce85d5d488baf4b32b7e8e48d915f22d18d29df2e80e377bd3df91828baa6198db208ab64aaad26d74a8049a51d398c5236da16cd6046bdd03681fbccfecc0bc5579097ff7085b883b5b64f48137a94ceda16e470c20e1bddc52941a29ae2936fcc6327158dd3623d38946040eb587fac27808b22e41a39c6a251093026cb7725593ed1db07fe8dfa07617154a6f9d7955c6b44e1a6c56f9a9070be6ebe0432f0be5a70f974c114b8f4c22288ccf6762a545d72f4c147cc13b04540c53184cf36eb1b392f14646287845b6eadcd4e872e179f84548b1ca6d1d00b741246f109c27edf2a440cc9bfae6634322e45d68aa7e63d077873167957cff067ad9e4492572d4c1cd773d9dca546e70835e6404d5486afb7176a3f100b4851aed59280fa2e5f2431537b37b33bb39a92aaadc5fe984f3379a9661f79157045b6c538c7a2d2e840837d74ff3c0753002dfcfab201b72e557b35b8dc25b8801fbae2fe52ed6d2446b30ee30c3fe5cdf7933d09391b288064d783ceef169e4836eac8c219eca9b4b3758fdebd44989295d746fbd24639ca556f5624b087268afaee50aee7adfa0f3d719cdabcbc6a34aa462e2d5008143e0d17c873589bb60cba395e1f0d0422aea8221accc32b15f5eac2401cd09be170adca605eccd32c374eec8670de3c2032bf8adef4cab5b7f09c0a735cf6e7ae07bcecb9f8f551de7b023ff826aa541b1436a0eb4ad49767859f8059a867a2f42692c7eece89801081ea7934f6c5a29f9c8852a33f94b6b6aff648eff1b567be68a336828fe49c5794506bfd88ba38164cf6a2333dbf261bf48c014dd3c0cd0fd282f3c3e0db6719e820324f828f2eea047badf6d5040edd9174ad4c4221246a87036533f25ab97ddee6105dd312c6dd212bd98230e5c6511e81dbf7f24e7c2373cb80e5d69c9d7b2a9e62c612f797adda6244efdbdd343cecca3301cb33b67810f3be439ae68a7183765ce100b0bfd487652295abd595d45a7cfb24b68eb92ba329cb0634f699dd76ff2af91b8405e5204278c26edcb6da8da8a383704873988b77a121a464654628aefac8879ff7a5f888a6517b1dbe56909d9b0cee9cc4b868973b622316e847bcc664b1de77ae8e0f5fb1ec433101046be09846837de3ca3f10ecddbfe67696c214089fd10b87e68d92f7335c4f83028bc68ea1d403621e43546f2559b706f60c6c39af827617ea5bef6a779dcd70adf0f066188fdfd3b589bb831835f50f573f405a3fdd4c5f738ec856e07ba5867d187190ce13c1ab1610aad54f91ba0b36a6d55714bfa5115473f738f5d50293e08b489b6d8814bec60355980dcc0195c45c97bd3154a890eacec3f2915fdacc586926b3561a2be940496ef8f184b263ee0b3535cd4ea3286def28b9a9c3898f3c734e4616cb61bdc03a8f989d72f60341d57bf9427b2e4282d60d148bde50ce99f07edd28189fa425b3105119ba16d3cb00d9fbaa19f2cf73509ab1f8355e3cee328f1671826a591f2bc9b000a9166d485348670924cfae2689b9ffe1a8759e6722dc976586c8a99f937a4cf028be2dfe14cbcea55c382e8654f44fb9f9e12e9c858cb5d207356a3e8d13ce39012dddf2887a255cde326f604ddc6ec2acfcbbbf4d88204bf534fab826c55ae6d517fd1add747f19884be7f80cb2de12fec7c60fc2b8133ad58ca4f3e767cb29c13c2c8c10cd981decb6fec331a15c7d01cadf2738f9e40f52891327ee33f7e4fc0958ab3e89748678d0f90a7c12e129e74b13826fe72d380bbac6ac39600e90465104b9cae614591e630f98228f7f747ab722e01c087db48621a663768450bf6268c252104d5fede8d8643b8ae5b5fcef4feb2e380c0ea238c31e72ad2ba0e6fecf3ba3ed6d7821f5885f8961a49c2eed6ff0fae0f6dbe751985839ae2aeb94460dcbc7162d951ef57e6e922839cbc81de714ce9bbfd8bd4210e0971d906662c0e228db52ea3e8449a5b3799e3f00117a123249d310c0a8dac1fc9e812aba2ea923837dd3561801478d2b884b2df8a726581a88e15c16532cea6a3b4c7bd827da05bdd26bfc57a5a0fd76f0e341df68f731da1d7c76e617edb06c888ec4b9826211221e778339c15ba20ca1f04514639a7286612ccf57885813f709b5516282e3e281ba57c6fbecdd2d0f3a937255d392da3190025643ac6ddd2912edba9d3b76007b8f87d939d26d270c65277925b09a3eb13b78c3a37a09c228ad9a73d73abf532df6537dc94d455130fdab56d564608dfbaef223744383b3588a18fa421f14e0b1c676da494705942b2e36c2a6c9f51497bc35f345bdae99a421a2795375eee1a215988759f2a001843131cf98abc10dd06b6a796bc0fea2c4ef434e4fa927e75a85824a29e57878f87648711c5294478ab64a6abb9ec9f12cbef2982e216544563f54bff1628b5b60cf3f8c25d218f892435f21de5edb1b3bf414b18ad086c5246297a1c3b45a5d20aa64ed87668f1dc07f96a7df3f06466a33674b2be98b879d53d5abd8efd4301bf3cc8374514aa9f244627b01d1698220e6926e9c271fbf66525d9a7420536c905ab43a279f065537b4896be89c6b704efa992f6e11c9e2e9efc4ed5a1c5af2dc94c07badbe75c2d59ded80b5d4f80c0d7a6da9f71bc57537b685067c92a6934b7b19886ebcc647c0cddef49ecf78abf791b297721922c", 0x1000, 0x4884, &(0x7f0000000040)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10) 806.460911ms ago: executing program 3 (id=767): sync() r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2ac00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000000)={0x80, 0x40000105, 0x0, 0x0}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000280)={0x80, 0x400000b4, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r2, 0x80041285, &(0x7f0000001080)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x100000000, 0x2, &(0x7f0000000080)=0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x1, 0x3, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) 697.586376ms ago: executing program 1 (id=768): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x1) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000080)=0x21ee, 0x4) sendmmsg$inet(r1, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800) r2 = socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, r2, 0x0) recvfrom(r1, &(0x7f0000000200)=""/131, 0xf92e58a67d38802c, 0x2101, 0x0, 0x0) ioctl$SG_GET_VERSION_NUM(r0, 0x2284, &(0x7f0000000080)) 694.919585ms ago: executing program 1 (id=776): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) close(r1) (async) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000001040)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000200)={r3, 0x9, 0x14c2, 0xa, 0x8, 0x200009e}, 0x14) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={r3, 0x8}, &(0x7f0000000080)=0x8) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') (async) open(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8080, 0x0) (async) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000300000058000180440004001f0001000a000000000090040000000000000000000000000000000100000000100002000a00000000000000fe8000000000000000000000000000bb000000000d0001"], 0x6c}, 0x1, 0x0, 0x0, 0x851}, 0x0) (async) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10) setsockopt$inet_udp_int(r6, 0x11, 0x67, &(0x7f0000000000)=0x507, 0x4) (async) sendmmsg$inet(r6, &(0x7f0000000600)=[{{&(0x7f0000000c00)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r6, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440606769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x6000000000000000, 0x0, 0x0) 265.300266ms ago: executing program 3 (id=769): syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$kcm(0x1e, 0x4, 0x0) sendmsg$kcm(r2, &(0x7f0000000300)={&(0x7f0000000000)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x1, 0x3}}, 0x80, 0x0}, 0x4000000) r3 = socket$kcm(0x29, 0x4, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) sendmsg$nl_route(r1, 0x0, 0x4c8d0) r4 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r4, 0x400442c8, &(0x7f0000000540)=ANY=[@ANYRES32=r0]) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r5, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816212096000155788943b846746ccb492175fc9e01", 0xf4}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def1f", 0xe9}, {&(0x7f0000000640)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287a4b9aaa18fd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365ff226c1523bf01617976641421438e16378094c94f2e55a44150d9a358d92606afb12f21a63daadbb143d6ccdae88d53521b9fe51ffabb08ff67cb98266eeb1fbf81ec", 0xe7}, {&(0x7f0000000040)="f96be6c391f1f8b23ae44a70a75f4a5ed0e013f80882907ab089ee65d16a6c6f5c666dad31257fb48b66d940a3819d0809971ea8274a65", 0x37}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0b8299192718c61227412dafd01e899723b33735bbec3e1429117362acc4139fc3565f183bd5568f47f4bc416adb360fdd9c497c2ad2ffe1ad738f4c073f1378d2b455e61844076a4a97ac1e13e2fb300ae69d55c501f96dcc39bf7ed835cc866f0fbd8e936e8374a484f111919dc610e0a36a0ee3df2", 0xde}], 0x5}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000840)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc48755381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b933aa9169f5f7b51dd5319b8016623d1863d70581691a79a6678db1e5e7fa1c98c5b9e4a87272e9c4a1bd98dbb2ab76919ba5c1020e80bd0659e82d861dc6fe4c62639134c504aa438689d28748", 0xc8}, {&(0x7f0000000e80)="5be3b011e12323e4ab88c0472f0700000000000000e71ba6231f303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000000000d6e36e737691a1c6bd2a64b2a85cbaaf646e72f8fe08c33a33b275787892f61fbb621794716f96031931b55af30fa01d72aa5a53ee4c07ab7c96a4a9ed93f4d20269982ab6feb22d8e77afb7b861622ab963b07f0026fd6424082bcd", 0xbc}], 0x2}}], 0x2, 0xc0) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r5, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) r6 = socket$kcm(0x2, 0x5, 0x84) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000940)={0x23fe3a8e, {{0x2, 0x4e23, @broadcast}}, {{0x2, 0x4e27, @initdev={0xac, 0x1e, 0xf9, 0x0}}}}, 0x108) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r7, 0x0, 0x0) r8 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_ADD_RULE(r8, 0x0, 0x11) setsockopt$sock_attach_bpf(r6, 0x84, 0x14, &(0x7f0000000000), 0x8) 263.749665ms ago: executing program 1 (id=778): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) close(0x3) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x5f, 0xffffffffffffffff, {0x29}}, './file0\x00'}) sync() 177.272315ms ago: executing program 1 (id=770): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000a0000000060a010400000000000000000100000008000b400000000078000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000400001800c00010062697477697365003000028008000340100000020800014000000014080002400000001208000580040001000c000480060001008a9500000900010073797a30"], 0x114}}, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x38) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000000)=@newtaction={0x60, 0x30, 0x36eac49ec043b62f, 0x0, 0x25dfdbc3, {}, [{0x4c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x8, 0x20000000, 0xd, 0xe}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) mount(&(0x7f00000004c0)=@sr0, &(0x7f0000000500)='./file0\x00', 0x0, 0x1000, 0x0) renameat(r1, &(0x7f0000000080)='./file0\x00', r1, &(0x7f00000000c0)='./file0\x00') move_mount(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 14.643333ms ago: executing program 0 (id=771): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e20, @multicast1}, {0x2, 0x4e23, @loopback}, {0x2, 0x4e24, @loopback}, 0x450, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)='macvtap0\x00', 0xbb52, 0x7}) (async, rerun: 32) r1 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 32) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000001100)=@nat={'nat\x00', 0x62, 0x5, 0x1520, 0x1298, 0x1298, 0xffffffff, 0x0, 0x1180, 0x1488, 0x1488, 0xffffffff, 0x1488, 0x1488, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00', {0xff}}, 0x0, 0x10a0, 0x10d8, 0x0, {0x22e}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.net/syz0\x00', 0x9, {0x100000001}}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x4f00, {0x0, @multicast1, @remote, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x3dc, {0x0, @rand_addr=0x64010102, @remote, @icmp_id, @gre_key}}}}, {{@ip={@broadcast, @rand_addr=0x64010100, 0x0, 0x0, 'veth1_to_team\x00', 'ipvlan0\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key, @icmp_id}}}}, {{@ip={@remote, @dev, 0x0, 0x0, 'pimreg1\x00', 'netdevsim0\x00'}, 0x0, 0x1b8, 0x1f0, 0x0, {}, [@common=@unspec=@comment={{0x120}}, @common=@icmp={{0x28}, {0x0, "6e82"}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x1580) 6.495463ms ago: executing program 0 (id=772): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd600a843500082f00fe8000000000000000000000000000bbfe8000000000000000000000000000aa000022eb", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0001000000000000"], 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000f100007b01"]) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x44c500, 0x0) sendto$l2tp(r3, &(0x7f0000000080)="094a82c3b60c", 0x6, 0x4804, &(0x7f00000000c0)={0x2, 0x0, @private=0xa010100, 0x2}, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_emit_ethernet(0x4a, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd600a843500082f00fe8000000000000000000000000000bbfe8000000000000000000000000000aa000022eb", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0001000000000000"], 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000f100007b01"]) (async) openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x44c500, 0x0) (async) sendto$l2tp(r3, &(0x7f0000000080)="094a82c3b60c", 0x6, 0x4804, &(0x7f00000000c0)={0x2, 0x0, @private=0xa010100, 0x2}, 0x10) (async) 0s ago: executing program 3 (id=773): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct={0xffffffff, 0x0, 0x0, 0x3}]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) (async) r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff) (async) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0xb3) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r2, 0xfffffffdffffffff) (async, rerun: 32) r4 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32) r5 = socket(0x2b, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xf) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$TCFLSH(r8, 0x400455c8, 0x8000000001) (async) ioctl$TIOCSETD(r8, 0x5412, &(0x7f0000000140)=0xffffffc0) (async, rerun: 32) r9 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) (rerun: 32) write$vga_arbiter(r9, &(0x7f0000000080)=@other={'decodes', ' ', 'none'}, 0xd) ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000040)=0xfc) (async) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32=r6, @ANYBLOB="0000000000000000240012800b000100627269646765000014000280060027000300"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0) kernel console output (not intermixed with test programs): rface: batadv_slave_1 [ 46.829500][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.840167][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.848895][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.851831][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.862028][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.938226][ T5939] team0: Port device team_slave_0 added [ 46.943666][ T5939] team0: Port device team_slave_1 added [ 47.071099][ T5933] hsr_slave_0: entered promiscuous mode [ 47.074221][ T5933] hsr_slave_1: entered promiscuous mode [ 47.077063][ T5933] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.080364][ T5933] Cannot create hsr debugfs directory [ 47.083247][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.087698][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.098052][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.108478][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.111347][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.123389][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.155060][ T5947] hsr_slave_0: entered promiscuous mode [ 47.157367][ T5947] hsr_slave_1: entered promiscuous mode [ 47.159485][ T5947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.162694][ T5947] Cannot create hsr debugfs directory [ 47.336460][ T5939] hsr_slave_0: entered promiscuous mode [ 47.338700][ T5939] hsr_slave_1: entered promiscuous mode [ 47.341057][ T5939] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.344042][ T5939] Cannot create hsr debugfs directory [ 47.518948][ T5934] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.529104][ T5934] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.537738][ T5934] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.543409][ T5934] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.554176][ T5945] Bluetooth: hci3: command tx timeout [ 47.563888][ T5945] Bluetooth: hci2: command tx timeout [ 47.564333][ T5937] Bluetooth: hci1: command tx timeout [ 47.564898][ T63] Bluetooth: hci0: command tx timeout [ 47.592937][ T5933] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.602712][ T5933] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.607769][ T5933] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.615823][ T5933] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.652793][ T5947] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.660558][ T5947] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.668610][ T5947] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.672385][ T5947] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.694798][ T5934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.744874][ T5934] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.747808][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.755424][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.764701][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.767273][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.770410][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.791769][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.799731][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.802757][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.847176][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.887370][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.894163][ T5933] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.906935][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.909993][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.919311][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.924834][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.927192][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.937552][ T1083] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.939795][ T1083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.949159][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.951462][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.977656][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.005611][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.014699][ T1083] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.016943][ T1083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.029618][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.031873][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.067133][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.102455][ T5934] veth0_vlan: entered promiscuous mode [ 48.109135][ T5934] veth1_vlan: entered promiscuous mode [ 48.127524][ T5934] veth0_macvtap: entered promiscuous mode [ 48.131492][ T5934] veth1_macvtap: entered promiscuous mode [ 48.138113][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.148051][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.158171][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.176071][ T5934] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.179031][ T5934] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.182454][ T5934] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.186998][ T5934] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.194796][ T5933] veth0_vlan: entered promiscuous mode [ 48.201341][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.206002][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.218286][ T5933] veth1_vlan: entered promiscuous mode [ 48.252746][ T5933] veth0_macvtap: entered promiscuous mode [ 48.267718][ T5933] veth1_macvtap: entered promiscuous mode [ 48.268165][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.271905][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.278523][ T5947] veth0_vlan: entered promiscuous mode [ 48.295585][ T5939] veth0_vlan: entered promiscuous mode [ 48.299181][ T5947] veth1_vlan: entered promiscuous mode [ 48.311004][ T5939] veth1_vlan: entered promiscuous mode [ 48.317020][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.317824][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.319726][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.335943][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.344166][ T5933] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.347007][ T5933] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.349740][ T5933] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.352623][ T5933] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.360711][ T5947] veth0_macvtap: entered promiscuous mode [ 48.368114][ T5947] veth1_macvtap: entered promiscuous mode [ 48.374352][ T5934] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.375698][ T5939] veth0_macvtap: entered promiscuous mode [ 48.384502][ T5939] veth1_macvtap: entered promiscuous mode [ 48.407000][ T1083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.407149][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.409510][ T1083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.418878][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.440174][ T5947] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.443068][ T5947] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.453314][ T5947] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.456042][ T5947] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.462597][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.467193][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.468907][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.469674][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.476831][ T5939] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.479542][ T5939] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.482206][ T5939] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.486153][ T5939] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.531209][ T1083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.538315][ T1083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.553617][ T6004] trusted_key: syz.1.6 sent an empty control message without MSG_MORE. [ 48.566090][ T1083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.568560][ T1083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.581984][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.589187][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.619729][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.622362][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.646934][ T6016] capability: warning: `syz.2.3' uses 32-bit capabilities (legacy support in use) [ 48.694122][ T6005] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 48.788665][ T6036] overlayfs: upper fs does not support file handles, falling back to index=off. [ 48.791631][ T6036] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 48.795287][ T6036] overlayfs: conflicting lowerdir path [ 48.812351][ T6036] overlayfs: upper fs does not support file handles, falling back to index=off. [ 48.815802][ T6036] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 48.819437][ T6036] overlayfs: conflicting lowerdir path [ 48.842465][ T6045] netlink: 'syz.0.14': attribute type 8 has an invalid length. [ 48.845157][ T6045] netlink: 16 bytes leftover after parsing attributes in process `syz.0.14'. [ 48.925994][ T6065] siw: device registration error -23 [ 48.936221][ T6064] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 48.937062][ T6069] syz.2.22 uses obsolete (PF_INET,SOCK_PACKET) [ 48.944285][ T6070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.946282][ T6064] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 48.947167][ T6070] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.952491][ T6073] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23'. [ 48.957013][ T6073] netlink: 12 bytes leftover after parsing attributes in process `syz.0.23'. [ 48.974959][ T6073] netlink: 20 bytes leftover after parsing attributes in process `syz.0.23'. [ 49.038339][ T6076] syzkaller0: entered promiscuous mode [ 49.040774][ T6076] syzkaller0: entered allmulticast mode [ 49.184474][ T6086] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27'. [ 49.187739][ T6086] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 49.190113][ T6086] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 49.305467][ T6090] netdevsim netdevsim1 netdevsim1: Unsupported IPsec algorithm [ 49.460212][ T6099] netlink: 4 bytes leftover after parsing attributes in process `syz.1.29'. [ 49.634846][ T5937] Bluetooth: hci2: command tx timeout [ 49.634944][ T5945] Bluetooth: hci1: command tx timeout [ 49.636692][ T5937] Bluetooth: hci3: command tx timeout [ 49.768425][ T6080] netlink: 'syz.3.25': attribute type 29 has an invalid length. [ 49.820088][ T6099] team0: Port device team_slave_0 removed [ 49.911217][ T1083] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 49.947226][ T6101] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 50.062351][ T6113] syz.3.32 (6113): /proc/6111/oom_adj is deprecated, please use /proc/6111/oom_score_adj instead. [ 50.073175][ T6112] Zero length message leads to an empty skb [ 50.075969][ T6113] netlink: 36 bytes leftover after parsing attributes in process `syz.3.32'. [ 50.117363][ T6128] process 'syz.2.35' launched '/dev/fd/4' with NULL argv: empty string added [ 50.204304][ T40] kauditd_printk_skb: 124 callbacks suppressed [ 50.204315][ T40] audit: type=1400 audit(1748711665.007:214): avc: denied { listen } for pid=6139 comm="syz.2.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 50.249378][ T40] audit: type=1400 audit(1748711665.047:215): avc: denied { append } for pid=6147 comm="syz.2.43" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 50.263851][ T40] audit: type=1400 audit(1748711665.057:216): avc: denied { watch watch_reads } for pid=6144 comm="syz.0.41" path="/10" dev="tmpfs" ino=67 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 50.311369][ T40] audit: type=1400 audit(1748711665.107:217): avc: denied { read } for pid=6154 comm="syz.2.45" path="socket:[10291]" dev="sockfs" ino=10291 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 50.323419][ T40] audit: type=1400 audit(1748711665.117:218): avc: denied { read write } for pid=6150 comm="syz.3.42" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 50.330741][ T40] audit: type=1400 audit(1748711665.117:219): avc: denied { ioctl open } for pid=6150 comm="syz.3.42" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 50.338915][ T40] audit: type=1400 audit(1748711665.117:220): avc: denied { create } for pid=6150 comm="syz.3.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 50.362527][ T6161] x_tables: duplicate underflow at hook 1 [ 50.367231][ T40] audit: type=1400 audit(1748711665.167:221): avc: denied { ioctl } for pid=6154 comm="syz.2.45" path="socket:[10361]" dev="sockfs" ino=10361 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 50.439417][ T40] audit: type=1400 audit(1748711665.237:222): avc: denied { read write } for pid=6169 comm="syz.3.49" name="uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 50.446663][ T40] audit: type=1400 audit(1748711665.237:223): avc: denied { open } for pid=6169 comm="syz.3.49" path="/dev/uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 50.490861][ T6176] Cannot find map_set index 0 as target [ 50.503890][ T6179] geneve2: entered promiscuous mode [ 50.505648][ T6179] geneve2: entered allmulticast mode [ 50.541961][ T6185] netlink: 20 bytes leftover after parsing attributes in process `syz.2.54'. [ 50.545415][ T6185] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 50.547819][ T6185] IPv6: NLM_F_CREATE should be set when creating new route [ 50.550222][ T6185] IPv6: NLM_F_CREATE should be set when creating new route [ 50.626034][ T5937] Bluetooth: hci2: Malformed LE Event: 0x1b [ 50.650321][ T6196] GUP no longer grows the stack in syz.2.59 (6196): 200000007000-20000000a000 (200000004000) [ 50.654464][ T6196] CPU: 3 UID: 0 PID: 6196 Comm: syz.2.59 Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) [ 50.654481][ T6196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 50.654488][ T6196] Call Trace: [ 50.654492][ T6196] [ 50.654497][ T6196] dump_stack_lvl+0x16c/0x1f0 [ 50.654528][ T6196] gup_vma_lookup+0x1d2/0x220 [ 50.654544][ T6196] __get_user_pages+0x250/0x3bb0 [ 50.654564][ T6196] ? stack_trace_save+0x8e/0xc0 [ 50.654576][ T6196] ? __pfx_stack_trace_save+0x10/0x10 [ 50.654587][ T6196] ? __pfx___get_user_pages+0x10/0x10 [ 50.654602][ T6196] ? check_path.constprop.0+0x24/0x50 [ 50.654619][ T6196] __gup_longterm_locked+0x5e7/0x1850 [ 50.654640][ T6196] ? __pfx___gup_longterm_locked+0x10/0x10 [ 50.654664][ T6196] pin_user_pages+0x13c/0x160 [ 50.654680][ T6196] ? __pfx_pin_user_pages+0x10/0x10 [ 50.654694][ T6196] ? trace_kmalloc+0x2b/0xd0 [ 50.654709][ T6196] ? xdp_umem_create+0x652/0x1270 [ 50.654723][ T6196] xdp_umem_create+0x73c/0x1270 [ 50.654737][ T6196] xsk_setsockopt+0x5b2/0x840 [ 50.654754][ T6196] ? __pfx_xsk_setsockopt+0x10/0x10 [ 50.654769][ T6196] ? __lock_acquire+0x622/0x1c90 [ 50.654785][ T6196] ? selinux_socket_setsockopt+0x6a/0x80 [ 50.654804][ T6196] ? __pfx_xsk_setsockopt+0x10/0x10 [ 50.654820][ T6196] do_sock_setsockopt+0x224/0x470 [ 50.654835][ T6196] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 50.654857][ T6196] __sys_setsockopt+0x1a0/0x230 [ 50.654870][ T6196] __x64_sys_setsockopt+0xbd/0x160 [ 50.654880][ T6196] ? do_syscall_64+0x91/0x4c0 [ 50.654891][ T6196] ? lockdep_hardirqs_on+0x7c/0x110 [ 50.654903][ T6196] do_syscall_64+0xcd/0x4c0 [ 50.654915][ T6196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.654926][ T6196] RIP: 0033:0x7f44b4f8e969 [ 50.654935][ T6196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.654945][ T6196] RSP: 002b:00007f44b5dc3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 50.654955][ T6196] RAX: ffffffffffffffda RBX: 00007f44b51b5fa0 RCX: 00007f44b4f8e969 [ 50.654962][ T6196] RDX: 0000000000000004 RSI: 000000000000011b RDI: 000000000000000a [ 50.654968][ T6196] RBP: 00007f44b5010ab1 R08: 0000000000000020 R09: 0000000000000000 [ 50.654973][ T6196] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 50.654979][ T6196] R13: 0000000000000000 R14: 00007f44b51b5fa0 R15: 00007ffce17fc338 [ 50.654992][ T6196] [ 50.753944][ T6204] binder: Unknown parameter 'smackfsroot' [ 50.776347][ T6204] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 50.907346][ T6228] netlink: 'syz.1.68': attribute type 2 has an invalid length. [ 50.910029][ T6228] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 50.986151][ T6233] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 51.206861][ T6238] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 51.304099][ T6240] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 51.315455][ T6240] CIFS mount error: No usable UNC path provided in device string! [ 51.315455][ T6240] [ 51.318988][ T6240] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 51.395816][ T6245] netlink: 20 bytes leftover after parsing attributes in process `syz.1.74'. [ 51.632398][ T6255] tipc: Started in network mode [ 51.636162][ T6255] tipc: Node identity 866c73415d58, cluster identity 4711 [ 51.639470][ T6255] tipc: Enabled bearer , priority 0 [ 51.642642][ T6258] tipc: Enabling of bearer rejected, already enabled [ 51.648128][ T6253] tipc: Disabling bearer [ 51.680874][ T6260] usb usb2: usbfs: process 6260 (syz.2.79) did not claim interface 7 before use [ 51.686416][ T6224] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 51.713495][ T5937] Bluetooth: hci1: command tx timeout [ 51.713701][ T63] Bluetooth: hci2: command tx timeout [ 51.715772][ T5937] Bluetooth: hci3: command tx timeout [ 51.780263][ T6272] capability: warning: `syz.3.84' uses deprecated v2 capabilities in a way that may be insecure [ 51.787586][ T6273] netlink: 96 bytes leftover after parsing attributes in process `syz.2.83'. [ 51.803827][ T6277] sg_write: data in/out 440207358/4056 bytes for SCSI command 0x45-- guessing data in; [ 51.803827][ T6277] program syz.1.85 not setting count and/or reply_len properly [ 51.882458][ T6270] mmap: syz.0.82 (6270) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 51.930842][ T6305] ======================================================= [ 51.930842][ T6305] WARNING: The mand mount option has been deprecated and [ 51.930842][ T6305] and is ignored by this kernel. Remove the mand [ 51.930842][ T6305] option from the mount to silence this warning. [ 51.930842][ T6305] ======================================================= [ 51.946011][ T6305] overlayfs: conflicting lowerdir path [ 52.101111][ T6320] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 52.182342][ T6333] QAT: Stopping all acceleration devices. [ 52.190761][ T6335] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 52.193871][ T6335] overlayfs: missing 'lowerdir' [ 52.220043][ T6335] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 52.222868][ T6335] overlayfs: missing 'lowerdir' [ 52.239445][ T6335] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 52.243483][ T6335] overlayfs: missing 'lowerdir' [ 52.754399][ T6368] fuseblk: Unknown parameter 'max_ [ 52.754399][ T6368] M.tread' [ 52.759577][ T6382] binder: 6380:6382 ioctl c0306201 200000000640 returned -22 [ 52.873531][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.919573][ T5937] Bluetooth: hci0: command 0x0401 tx timeout [ 53.014050][ T6410] Bluetooth: MGMT ver 1.23 [ 53.117614][ T6430] overlayfs: conflicting options: userxattr,redirect_dir=on [ 53.124088][ T6430] netlink: 'syz.0.120': attribute type 1 has an invalid length. [ 53.155190][ T6435] 0: renamed from hsr0 (while UP) [ 53.159181][ T6435] 0: entered allmulticast mode [ 53.160761][ T6435] hsr_slave_0: entered allmulticast mode [ 53.162528][ T6435] hsr_slave_1: entered allmulticast mode [ 53.168319][ T6435] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check. [ 53.173723][ T6435] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6435 comm=syz.1.121 [ 53.202748][ T6448] Cannot find set identified by id 0 to match [ 53.247246][ T6455] fuse: Unknown parameter 'fYmUu Gf_'1'(q<' [ 53.317088][ T6466] netlink: 'syz.1.129': attribute type 5 has an invalid length. [ 53.322590][ T6466] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 53.327678][ T6466] syz.1.129: attempt to access beyond end of device [ 53.327678][ T6466] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 53.380565][ T6464] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 53.713687][ C2] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 53.794443][ T5937] Bluetooth: hci2: command tx timeout [ 53.794679][ T5945] Bluetooth: hci1: command tx timeout [ 54.063722][ T6489] NILFS (nbd2): device size too small [ 54.131716][ T6492] __nla_validate_parse: 11 callbacks suppressed [ 54.131734][ T6492] netlink: 8 bytes leftover after parsing attributes in process `syz.2.136'. [ 54.324154][ T6505] netlink: 8 bytes leftover after parsing attributes in process `syz.0.141'. [ 54.327204][ T6505] netlink: 12 bytes leftover after parsing attributes in process `syz.0.141'. [ 54.330349][ T6505] netlink: 'syz.0.141': attribute type 19 has an invalid length. [ 54.343604][ T6501] netlink: 48 bytes leftover after parsing attributes in process `syz.1.139'. [ 54.345289][ T6507] tipc: Started in network mode [ 54.349956][ T6507] tipc: Node identity 6fc3, cluster identity 4711 [ 54.352755][ T6507] tipc: Node number set to 28611 [ 54.376238][ T6509] tmpfs: Unknown parameter 'us' [ 55.120919][ T6532] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 55.227675][ T40] kauditd_printk_skb: 92 callbacks suppressed [ 55.227685][ T40] audit: type=1400 audit(1748711671.021:316): avc: denied { ioctl } for pid=6541 comm="syz.1.152" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=12472 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 55.283995][ T6552] netlink: 88 bytes leftover after parsing attributes in process `syz.1.155'. [ 55.349581][ T40] audit: type=1400 audit(1748711671.141:317): avc: denied { mount } for pid=6555 comm="syz.1.157" name="/" dev="autofs" ino=11740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 55.351360][ T6556] overlay: filesystem on ./bus not supported [ 55.356597][ T40] audit: type=1400 audit(1748711671.141:318): avc: denied { mounton } for pid=6555 comm="syz.1.157" path="/51/file1/bus" dev="autofs" ino=11741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 55.374558][ T40] audit: type=1400 audit(1748711671.171:319): avc: denied { ioctl } for pid=6546 comm="syz.2.153" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 55.384705][ T40] audit: type=1400 audit(1748711671.181:320): avc: denied { unmount } for pid=5934 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 55.453099][ T6566] netlink: 'syz.3.161': attribute type 1 has an invalid length. [ 55.456467][ T6566] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.161'. [ 55.462125][ T40] audit: type=1400 audit(1748711671.251:321): avc: denied { create } for pid=6565 comm="syz.3.161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 55.469364][ T40] audit: type=1400 audit(1748711671.261:322): avc: denied { setopt } for pid=6565 comm="syz.3.161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 55.477559][ T40] audit: type=1400 audit(1748711671.261:323): avc: denied { read write } for pid=6565 comm="syz.3.161" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 55.484726][ T40] audit: type=1400 audit(1748711671.261:324): avc: denied { open } for pid=6565 comm="syz.3.161" path="/dev/raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 55.502066][ T40] audit: type=1400 audit(1748711671.291:325): avc: denied { bind } for pid=6570 comm="syz.1.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 55.513468][ T9] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 55.677420][ T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 55.680648][ T9] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 55.683694][ T9] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 55.686518][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.691376][ T9] usb 7-1: config 0 descriptor?? [ 55.701548][ T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 55.703861][ T5996] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 55.706702][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 55.715929][ T9] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 55.719502][ T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 55.721716][ T9] usb 7-1: media controller created [ 55.724834][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 55.735501][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 55.737912][ T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 55.746332][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input8 [ 55.753155][ T9] dvb-usb: schedule remote query interval to 150 msecs. [ 55.756778][ T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 55.867276][ T5996] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 55.871818][ T5996] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 55.876345][ T5996] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 55.881067][ T5996] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 55.885442][ T5996] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.889258][ T5996] usb 8-1: config 0 descriptor?? [ 55.900563][ T6547] bridge0: port 3(veth0_to_bridge) entered blocking state [ 55.903218][ T6547] bridge0: port 3(veth0_to_bridge) entered disabled state [ 55.906053][ T6547] veth0_to_bridge: entered allmulticast mode [ 55.908834][ T6547] veth0_to_bridge: entered promiscuous mode [ 55.910928][ T6547] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 55.916217][ T5997] dvb-usb: bulk message failed: -22 (1/0) [ 55.916334][ T6547] bridge0: port 3(veth0_to_bridge) entered blocking state [ 55.918229][ T5997] dvb-usb: error while querying for an remote control event. [ 55.923511][ T6547] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 55.929558][ T5995] usb 7-1: USB disconnect, device number 2 [ 55.946853][ T5995] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 56.296309][ T5996] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd [ 56.300604][ T5996] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 56.309964][ T5996] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 56.624319][ T6605] netlink: 4 bytes leftover after parsing attributes in process `syz.2.172'. [ 56.645850][ T9] usb 8-1: USB disconnect, device number 2 [ 56.753380][ T6612] netlink: 28 bytes leftover after parsing attributes in process `syz.2.174'. [ 56.850930][ T6618] netlink: 112 bytes leftover after parsing attributes in process `syz.1.176'. [ 56.932910][ T6622] mkiss: ax0: crc mode is auto. [ 57.314543][ T5945] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 57.314592][ T5937] Bluetooth: hci0: command 0x0401 tx timeout [ 57.409208][ T6628] binder: 6627:6628 ioctl 4018620d 0 returned -22 [ 57.411713][ T6628] binder: 6627:6628 ioctl c0306201 0 returned -14 [ 57.414816][ T6628] binder: 6627:6628 ioctl c0306201 0 returned -14 [ 57.416958][ T6628] binder: 6627:6628 ioctl c0306201 0 returned -14 [ 57.419210][ T6628] binder: 6627:6628 ioctl c0306201 0 returned -14 [ 57.423460][ T6628] netlink: 112 bytes leftover after parsing attributes in process `syz.2.180'. [ 57.511592][ T6637] netlink: 'syz.0.182': attribute type 21 has an invalid length. [ 57.573219][ T6638] Cannot find add_set index 0 as target [ 57.729174][ T6644] 9pnet_virtio: no channels available for device syz [ 57.841290][ T6652] could not open pipe file descriptor [ 57.995251][ T6665] sp0: Synchronizing with TNC [ 58.005584][ T6670] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 58.314864][ T6698] support for cryptoloop has been removed. Use dm-crypt instead. [ 58.357734][ T6700] 9pnet_virtio: no channels available for device 127.0.0.1 [ 58.360958][ T6700] 9pnet_virtio: no channels available for device 127.0.0.1 [ 58.364513][ T6700] 9pnet_virtio: no channels available for device 127.0.0.1 [ 58.387823][ T9] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 58.444229][ T6709] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 58.447645][ T6709] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 58.492159][ T6716] hugetlbfs: syz.0.206 (6716): Using mlock ulimits for SHM_HUGETLB is obsolete [ 58.545486][ T9] usb 6-1: config 1 interface 0 altsetting 7 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 58.548893][ T9] usb 6-1: config 1 interface 0 has no altsetting 0 [ 58.552491][ T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 58.555319][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.557797][ T9] usb 6-1: Product: syz [ 58.559195][ T9] usb 6-1: Manufacturer: syz [ 58.560914][ T9] usb 6-1: SerialNumber: syz [ 58.566013][ T6693] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 58.582187][ T6722] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 58.776451][ T9] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 7 proto 1 vid 0x0525 pid 0xA4A8 [ 58.784352][ T9] usb 6-1: USB disconnect, device number 2 [ 58.788802][ T9] usblp0: removed [ 59.083560][ T5716] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 59.245110][ T5716] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 59.249751][ T5716] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 59.254653][ T5716] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 59.259227][ T5716] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 59.262002][ T5716] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.266245][ T5716] usb 5-1: config 0 descriptor?? [ 59.395053][ T6747] netlink: 'syz.2.215': attribute type 7 has an invalid length. [ 59.398075][ T6747] __nla_validate_parse: 3 callbacks suppressed [ 59.398083][ T6747] netlink: 204 bytes leftover after parsing attributes in process `syz.2.215'. [ 59.435684][ C2] IPv4: Oversized IP packet from 172.20.20.24 [ 59.438251][ C2] IPv4: Oversized IP packet from 172.20.20.24 [ 59.445498][ T6752] veth0_to_bridge: left allmulticast mode [ 59.447327][ T6752] veth0_to_bridge: left promiscuous mode [ 59.449697][ T6752] bridge0: port 3(veth0_to_bridge) entered disabled state [ 59.455750][ T6752] bridge_slave_0: left allmulticast mode [ 59.457581][ T6752] bridge_slave_0: left promiscuous mode [ 59.459436][ T6752] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.466395][ T6752] bridge_slave_1: left allmulticast mode [ 59.468185][ T6752] bridge_slave_1: left promiscuous mode [ 59.470029][ T6752] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.476209][ T6752] bond0: (slave bond_slave_0): Releasing backup interface [ 59.481004][ T6752] bond0: (slave bond_slave_1): Releasing backup interface [ 59.492445][ T6752] team0: Port device team_slave_0 removed [ 59.498110][ T6752] team0: Port device team_slave_1 removed [ 59.500424][ T6752] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 59.502792][ T6752] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 59.506504][ T6752] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 59.508827][ T6752] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 59.557320][ T6763] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6763 comm=syz.1.220 [ 59.563222][ T6763] tmpfs: Bad value for 'mpol' [ 59.673550][ T5716] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 59.681059][ T5716] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 60.033590][ T1346] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 60.193561][ T1346] usb 6-1: Using ep0 maxpacket: 8 [ 60.204221][ T1346] usb 6-1: config 179 has an invalid descriptor of length 52, skipping remainder of the config [ 60.207626][ T1346] usb 6-1: config 179 has 0 interfaces, different from the descriptor's value: 1 [ 60.210498][ T1346] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 60.213544][ T1346] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.351048][ T6804] warning: `syz.2.230' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 60.429998][ T6784] netlink: 14 bytes leftover after parsing attributes in process `syz.1.224'. [ 60.485898][ T6784] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 60.491018][ T6784] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 60.497270][ T6784] bond0 (unregistering): Released all slaves [ 60.624652][ T1346] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 60.629181][ T24] usb 6-1: USB disconnect, device number 3 [ 60.773317][ T1346] usb 7-1: Using ep0 maxpacket: 32 [ 60.776477][ T1346] usb 7-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 60.779359][ T1346] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.783686][ T1346] usb 7-1: config 0 descriptor?? [ 60.789439][ T1346] as10x_usb: device has been detected [ 60.791568][ T1346] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 60.803037][ T1346] usb 7-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 60.822840][ T40] kauditd_printk_skb: 46 callbacks suppressed [ 60.822853][ T40] audit: type=1400 audit(1748711676.679:372): avc: denied { firmware_load } for pid=1346 comm="kworker/2:2" path="/lib/firmware/as102_data1_st.hex" dev="sda1" ino=297 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 60.824764][ T1346] as10x_usb: error during firmware upload part1 [ 60.835200][ T1346] Registered device nBox DVB-T Dongle [ 61.045215][ T9] usb 7-1: USB disconnect, device number 3 [ 61.065109][ T9] Unregistered device nBox DVB-T Dongle [ 61.066399][ T9] as10x_usb: device has been disconnected [ 61.124630][ T5996] usb 5-1: reset high-speed USB device number 2 using dummy_hcd [ 61.160627][ T6809] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 61.160656][ T40] audit: type=1400 audit(1748711677.019:373): avc: denied { setopt } for pid=6808 comm="syz.1.231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 61.253425][ T5996] usb 5-1: device descriptor read/64, error -32 [ 61.278519][ T6815] xt_hashlimit: size too large, truncated to 1048576 [ 61.459417][ T6819] netlink: 20 bytes leftover after parsing attributes in process `syz.1.233'. [ 61.493532][ T5996] usb 5-1: reset high-speed USB device number 2 using dummy_hcd [ 61.504938][ T40] audit: type=1400 audit(1748711677.369:374): avc: denied { bind } for pid=6821 comm="syz.1.234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 61.553919][ C2] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 61.578872][ T40] audit: type=1400 audit(1748711677.439:375): avc: denied { shutdown } for pid=6821 comm="syz.1.234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 61.603711][ T6828] netlink: 28 bytes leftover after parsing attributes in process `syz.2.236'. [ 61.623524][ T5996] usb 5-1: device descriptor read/64, error -32 [ 61.719766][ T40] audit: type=1400 audit(1748711677.579:376): avc: denied { ioctl } for pid=6833 comm="syz.3.238" path="socket:[14667]" dev="sockfs" ino=14667 ioctlcmd=0x8940 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 61.768907][ T6838] overlayfs: missing 'workdir' [ 61.863360][ T5996] usb 5-1: reset high-speed USB device number 2 using dummy_hcd [ 61.883641][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.885561][ T5996] usb 5-1: device descriptor read/8, error -32 [ 61.950188][ T40] audit: type=1400 audit(1748711677.809:377): avc: denied { create } for pid=6848 comm="syz.2.244" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 61.956818][ T40] audit: type=1400 audit(1748711677.809:378): avc: denied { unlink } for pid=6848 comm="syz.2.244" name="file0" dev="tmpfs" ino=364 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 61.964711][ T40] audit: type=1400 audit(1748711677.809:379): avc: denied { ioctl } for pid=6848 comm="syz.2.244" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x9373 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 61.973714][ T40] audit: type=1400 audit(1748711677.819:380): avc: denied { create } for pid=6848 comm="syz.2.244" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 62.051057][ T40] audit: type=1400 audit(1748711677.909:381): avc: denied { create } for pid=6857 comm="syz.0.247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 62.069330][ T6861] sctp: [Deprecated]: syz.2.248 (pid 6861) Use of struct sctp_assoc_value in delayed_ack socket option. [ 62.069330][ T6861] Use struct sctp_sack_info instead [ 62.124269][ T6864] netlink: 12 bytes leftover after parsing attributes in process `syz.2.249'. [ 62.247359][ T6876] netlink: 248 bytes leftover after parsing attributes in process `syz.0.252'. [ 62.316592][ T6880] bridge0: entered allmulticast mode [ 62.322249][ T6880] pim6reg: entered allmulticast mode [ 62.327147][ T6880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.253'. [ 62.330047][ T6880] bridge_slave_1: left allmulticast mode [ 62.331921][ T6880] bridge_slave_1: left promiscuous mode [ 62.335260][ T6880] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.339079][ T6880] bridge_slave_0: left allmulticast mode [ 62.340849][ T6880] bridge_slave_0: left promiscuous mode [ 62.342852][ T6880] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.366236][ T6880] bridge0 (unregistering): left allmulticast mode [ 62.565223][ T6896] hfsplus: unable to find HFS+ superblock [ 62.653811][ T5716] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 62.694742][ T6912] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 62.767120][ T5995] usb 5-1: USB disconnect, device number 2 [ 62.813390][ T5716] usb 7-1: Using ep0 maxpacket: 8 [ 62.821627][ T5716] usb 7-1: config 179 has an invalid descriptor of length 52, skipping remainder of the config [ 62.825740][ T5716] usb 7-1: config 179 has 0 interfaces, different from the descriptor's value: 1 [ 62.828923][ T5716] usb 7-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 62.831867][ T5716] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.856707][ T6916] netlink: 16 bytes leftover after parsing attributes in process `syz.3.262'. [ 62.862045][ T6916] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.936330][ T6921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.265'. [ 63.040673][ T6887] netlink: 14 bytes leftover after parsing attributes in process `syz.2.254'. [ 63.128612][ T6887] bond0 (unregistering): Released all slaves [ 63.184120][ T5995] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 63.235163][ T6933] infiniband syz2: set active [ 63.237644][ T6933] infiniband syz2: added veth0_to_bond [ 63.254406][ T6933] RDS/IB: syz2: added [ 63.257474][ T5996] usb 7-1: USB disconnect, device number 4 [ 63.258887][ T6933] smc: adding ib device syz2 with port count 1 [ 63.264125][ T6933] smc: ib device syz2 port 1 has pnetid [ 63.333428][ T5995] usb 5-1: Using ep0 maxpacket: 32 [ 63.337635][ T5995] usb 5-1: config 0 interface 0 has no altsetting 0 [ 63.342530][ T5995] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 63.346673][ T5995] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.350256][ T5995] usb 5-1: Product: syz [ 63.351916][ T5995] usb 5-1: Manufacturer: syz [ 63.354142][ T5995] usb 5-1: SerialNumber: syz [ 63.359090][ T5995] usb 5-1: config 0 descriptor?? [ 63.363723][ T5995] gs_usb 5-1:0.0: Required endpoints not found [ 63.578312][ T5996] usb 5-1: USB disconnect, device number 3 [ 63.793430][ T5945] Bluetooth: hci3: command 0x0405 tx timeout [ 63.835830][ T6939] IPVS: Unknown mcast interface: pimreg1 [ 63.974502][ T6950] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 64.079466][ T6959] netlink: 'syz.2.276': attribute type 27 has an invalid length. [ 64.183480][ T6967] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 64.213126][ T6959] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.216054][ T6959] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.219151][ T6959] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.221989][ T6959] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.234921][ T6959] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 64.256329][ T6972] syz.0.281: attempt to access beyond end of device [ 64.256329][ T6972] loop0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 64.260557][ T6972] qnx6: unable to read the first superblock [ 64.262803][ T6972] syz.0.281: attempt to access beyond end of device [ 64.262803][ T6972] loop0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 64.267379][ T6972] qnx6: unable to read the first superblock [ 64.269062][ T6962] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.269339][ T6972] qnx6: unable to read the first superblock [ 64.279626][ T6962] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 64.343018][ T6982] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 64.599970][ T7007] __nla_validate_parse: 1 callbacks suppressed [ 64.599982][ T7007] netlink: 161716 bytes leftover after parsing attributes in process `syz.2.290'. [ 64.603684][ T5937] Bluetooth: hci2: command 0x0406 tx timeout [ 64.605433][ T7007] netlink: zone id is out of range [ 64.609841][ T7007] netlink: zone id is out of range [ 64.611524][ T7007] netlink: zone id is out of range [ 64.613161][ T7007] netlink: zone id is out of range [ 64.615023][ T7007] netlink: zone id is out of range [ 64.616684][ T7007] netlink: zone id is out of range [ 64.618322][ T7007] netlink: zone id is out of range [ 64.619947][ T7007] netlink: zone id is out of range [ 64.621578][ T7007] netlink: zone id is out of range [ 64.629340][ T7007] netlink: 8 bytes leftover after parsing attributes in process `syz.2.290'. [ 64.633450][ T7008] mkiss: ax0: crc mode is auto. [ 64.728450][ T7014] netlink: 284 bytes leftover after parsing attributes in process `syz.3.292'. [ 64.770274][ T7018] netlink: 165 bytes leftover after parsing attributes in process `syz.3.293'. [ 64.774978][ T7019] netlink: 165 bytes leftover after parsing attributes in process `syz.3.293'. [ 64.778993][ T7018] netlink: 100 bytes leftover after parsing attributes in process `syz.3.293'. [ 64.960275][ T7041] ip6gre1: entered promiscuous mode [ 65.055162][ T1083] Bluetooth: Error in BCSP hdr checksum [ 65.073527][ T838] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 65.243388][ T838] usb 8-1: Using ep0 maxpacket: 8 [ 65.247754][ T838] usb 8-1: config 233 has an invalid interface number: 241 but max is 3 [ 65.250438][ T838] usb 8-1: config 233 has an invalid interface number: 96 but max is 3 [ 65.253204][ T838] usb 8-1: config 233 has an invalid interface number: 193 but max is 3 [ 65.257339][ T838] usb 8-1: config 233 contains an unexpected descriptor of type 0x2, skipping [ 65.260138][ T838] usb 8-1: config 233 contains an unexpected descriptor of type 0x2, skipping [ 65.263042][ T838] usb 8-1: config 233 has an invalid descriptor of length 0, skipping remainder of the config [ 65.266531][ T838] usb 8-1: config 233 has 3 interfaces, different from the descriptor's value: 4 [ 65.269444][ T838] usb 8-1: config 233 has no interface number 0 [ 65.271452][ T838] usb 8-1: config 233 has no interface number 1 [ 65.273676][ T838] usb 8-1: config 233 has no interface number 2 [ 65.275747][ T838] usb 8-1: config 233 interface 241 altsetting 7 has a duplicate endpoint with address 0xC, skipping [ 65.279153][ T838] usb 8-1: config 233 interface 241 altsetting 7 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 65.282614][ T838] usb 8-1: config 233 interface 241 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 65.286466][ T838] usb 8-1: config 233 interface 241 altsetting 7 endpoint 0xB has an invalid bInterval 128, changing to 11 [ 65.290053][ T838] usb 8-1: config 233 interface 241 altsetting 7 endpoint 0x5 has invalid maxpacket 512, setting to 64 [ 65.294894][ T838] usb 8-1: config 233 interface 96 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 65.298380][ T838] usb 8-1: config 233 interface 96 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 65.301828][ T838] usb 8-1: config 233 interface 96 altsetting 2 has a duplicate endpoint with address 0x5, skipping [ 65.305404][ T838] usb 8-1: config 233 interface 96 altsetting 2 has a duplicate endpoint with address 0x8, skipping [ 65.308792][ T838] usb 8-1: config 233 interface 96 altsetting 2 bulk endpoint 0x3 has invalid maxpacket 1024 [ 65.312005][ T838] usb 8-1: config 233 interface 96 altsetting 2 has a duplicate endpoint with address 0x1, skipping [ 65.315180][ T1083] Bluetooth: Error in BCSP hdr checksum [ 65.315623][ T838] usb 8-1: config 233 interface 96 altsetting 2 bulk endpoint 0xE has invalid maxpacket 32 [ 65.320799][ T838] usb 8-1: config 233 interface 96 altsetting 2 has a duplicate endpoint with address 0x2, skipping [ 65.324245][ T838] usb 8-1: config 233 interface 96 altsetting 2 has a duplicate endpoint with address 0xD, skipping [ 65.327587][ T838] usb 8-1: config 233 interface 96 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 65.330870][ T838] usb 8-1: config 233 interface 193 altsetting 3 has an invalid endpoint descriptor of length 5, skipping [ 65.334372][ T838] usb 8-1: config 233 interface 193 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 65.338735][ T838] usb 8-1: config 233 interface 241 has no altsetting 0 [ 65.340896][ T838] usb 8-1: config 233 interface 96 has no altsetting 0 [ 65.342975][ T838] usb 8-1: config 233 interface 193 has no altsetting 0 [ 65.346756][ T838] usb 8-1: New USB device found, idVendor=0403, idProduct=dafe, bcdDevice=31.5c [ 65.349555][ T838] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.351959][ T838] usb 8-1: Product: 咜霿惩폌뤠㨵▞됎Ӹ⻄뷣꺱細䛮⬩㏲쇓봾䛦▎վ髖ң䲠쪿⯬ܳ쩡捝⋼糫䁚철⠙ု✎궥耏≗鵌ꜛ轔蚫蚁鶷ῄ髒櫰漝ᚳ笉⠽⦅䠯霌㑝쌟侣唐⩑⃏ [ 65.358276][ T838] usb 8-1: Manufacturer: 㵩㘥䀺똚誷ؔᗊ⨘恙칇퓥蓗徘醴嵯暿ᴽᰜ軆ⶈ諫ꬮ᫴ꕍ⍙ [ 65.362042][ T838] usb 8-1: SerialNumber: Ў [ 65.511971][ T7066] tipc: Can't bind to reserved service type 2 [ 65.571697][ T838] ftdi_sio 8-1:233.241: FTDI USB Serial Device converter detected [ 65.576137][ T838] ftdi_sio ttyUSB0: unknown device type: 0x315c [ 65.582850][ T838] ftdi_sio 8-1:233.96: FTDI USB Serial Device converter detected [ 65.586673][ T838] ftdi_sio ttyUSB1: unknown device type: 0x315c [ 65.595752][ T838] ftdi_sio 8-1:233.193: FTDI USB Serial Device converter detected [ 65.598955][ T838] ftdi_sio ttyUSB2: unknown device type: 0x315c [ 65.603882][ T838] usb 8-1: USB disconnect, device number 3 [ 65.616697][ T838] ftdi_sio 8-1:233.241: device disconnected [ 65.620535][ T838] ftdi_sio 8-1:233.96: device disconnected [ 65.624141][ T838] ftdi_sio 8-1:233.193: device disconnected [ 65.721082][ T7078] ptm ptm2: ldisc open failed (-12), clearing slot 2 [ 65.804349][ T5996] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 65.994868][ T5996] usb 5-1: config 0 has no interfaces? [ 65.996794][ T5996] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 65.999599][ T5996] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.003962][ T5996] usb 5-1: config 0 descriptor?? [ 66.111203][ T7091] binder: BINDER_SET_CONTEXT_MGR already set [ 66.114664][ T7091] binder: 7090:7091 ioctl 4018620d 2000000000c0 returned -16 [ 66.170621][ T7102] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=45 sclass=netlink_audit_socket pid=7102 comm=syz.1.304 [ 66.833407][ T63] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 66.833428][ T5937] Bluetooth: hci4: command 0x1003 tx timeout [ 67.386251][ T7115] IPVS: Error connecting to the multicast addr [ 67.392186][ T7115] loop6: detected capacity change from 0 to 63 [ 67.398522][ T7115] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 67.401864][ T7115] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 67.405373][ T7115] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 67.408636][ T7115] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 67.412186][ T7115] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 67.416145][ T7115] Buffer I/O error on dev loop6, logical block 5, lost async page write [ 67.420421][ T7115] Buffer I/O error on dev loop6, logical block 6, lost async page write [ 67.568918][ T40] kauditd_printk_skb: 24 callbacks suppressed [ 67.568929][ T40] audit: type=1400 audit(1748711683.429:406): avc: denied { setcurrent } for pid=7121 comm="syz.3.310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 67.581026][ T40] audit: type=1401 audit(1748711683.429:407): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 67.711485][ T7129] netlink: 4 bytes leftover after parsing attributes in process `syz.3.312'. [ 67.714909][ T7129] bridge_slave_1: left promiscuous mode [ 67.717292][ T7129] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.721077][ T7129] bridge_slave_0: left allmulticast mode [ 67.722993][ T7129] bridge_slave_0: left promiscuous mode [ 67.724998][ T7129] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.815741][ T40] audit: type=1400 audit(1748711683.679:408): avc: denied { read write } for pid=7135 comm="syz.1.314" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 67.823753][ T40] audit: type=1400 audit(1748711683.679:409): avc: denied { open } for pid=7135 comm="syz.1.314" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 67.892671][ T7146] netlink: 'syz.2.316': attribute type 1 has an invalid length. [ 67.896453][ T7146] netlink: 'syz.2.316': attribute type 2 has an invalid length. [ 67.899917][ T7146] netlink: 40 bytes leftover after parsing attributes in process `syz.2.316'. [ 67.909730][ T7146] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7146 comm=syz.2.316 [ 67.916307][ T7152] 9pnet_virtio: no channels available for device syz [ 67.955171][ T40] audit: type=1400 audit(1748711683.809:410): avc: denied { write } for pid=7160 comm="syz.2.318" name="cgroup.subtree_control" dev="cgroup2" ino=231 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 67.967328][ T40] audit: type=1400 audit(1748711683.819:411): avc: denied { open } for pid=7160 comm="syz.2.318" path="" dev="cgroup2" ino=231 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 68.301459][ T7209] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 68.306710][ T7209] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 68.309210][ T7211] netlink: 'syz.1.330': attribute type 1 has an invalid length. [ 68.311692][ T7211] netlink: 'syz.1.330': attribute type 2 has an invalid length. [ 68.316423][ T7211] netlink: 'syz.1.330': attribute type 1 has an invalid length. [ 68.318871][ T7211] netlink: 'syz.1.330': attribute type 2 has an invalid length. [ 68.349156][ T7215] netlink: 'syz.3.332': attribute type 10 has an invalid length. [ 68.357098][ T7215] bond0: (slave wlan1): Opening slave failed [ 68.402182][ T40] audit: type=1400 audit(1748711684.259:412): avc: denied { read } for pid=7221 comm="syz.1.334" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 68.412032][ T40] audit: type=1400 audit(1748711684.269:413): avc: denied { map } for pid=7221 comm="syz.1.334" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 68.426596][ T40] audit: type=1400 audit(1748711684.269:414): avc: denied { execute } for pid=7221 comm="syz.1.334" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 68.439272][ T40] audit: type=1400 audit(1748711684.289:415): avc: denied { connect } for pid=7226 comm="syz.2.336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 68.553793][ T140] usb 5-1: USB disconnect, device number 4 [ 68.638391][ T7254] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.341'. [ 68.774916][ T7270] ufs: You didn't specify the type of your ufs filesystem [ 68.774916][ T7270] [ 68.774916][ T7270] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 68.774916][ T7270] [ 68.774916][ T7270] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 68.785833][ T7270] ufs: failed to set blocksize [ 68.817208][ T7277] vlan2: entered promiscuous mode [ 68.819037][ T7277] bridge0: entered promiscuous mode [ 68.821112][ T7277] vlan2: entered allmulticast mode [ 68.822951][ T7277] bridge0: entered allmulticast mode [ 68.842929][ T7279] 9p: Unknown access argument 18446744073709551615: -34 [ 69.183372][ T24] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 69.345792][ T24] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 69.349224][ T24] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 69.352367][ T24] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 69.355271][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.359912][ T7286] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 69.365322][ T24] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 69.403537][ T1346] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 69.505134][ T7294] netlink: 4 bytes leftover after parsing attributes in process `syz.0.351'. [ 69.507028][ T7295] net_ratelimit: 44 callbacks suppressed [ 69.507037][ T7295] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 69.515957][ T7294] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 69.554702][ T1346] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 69.557768][ T1346] usb 6-1: config 0 interface 0 has no altsetting 0 [ 69.561403][ T1346] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 69.567784][ T7286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.570857][ T7286] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.573368][ T1346] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 69.574722][ T5978] usb 8-1: USB disconnect, device number 4 [ 69.576084][ T1346] usb 6-1: Product: syz [ 69.579713][ T1346] usb 6-1: Manufacturer: syz [ 69.581300][ T1346] usb 6-1: SerialNumber: syz [ 69.585510][ T1346] usb 6-1: config 0 descriptor?? [ 69.618275][ T1346] usb 6-1: selecting invalid altsetting 0 [ 69.777253][ T7286] __nla_validate_parse: 3 callbacks suppressed [ 69.777263][ T7286] netlink: 16 bytes leftover after parsing attributes in process `syz.3.348'. [ 69.791269][ T1346] usb 6-1: USB disconnect, device number 4 [ 69.812521][ T7310] input: syz1 as /devices/virtual/input/input10 [ 69.881359][ T7317] netlink: 36 bytes leftover after parsing attributes in process `syz.2.358'. [ 69.885016][ T7317] CIFS mount error: No usable UNC path provided in device string! [ 69.885016][ T7317] [ 69.888285][ T7317] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 69.998311][ T7289] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=45 sclass=netlink_audit_socket pid=7289 comm=syz.1.349 [ 70.169128][ T7338] netlink: 8 bytes leftover after parsing attributes in process `syz.0.364'. [ 70.176322][ T7338] overlayfs: failed to decode file handle (len=6, type=65535, flags=0, err=-22) [ 70.623468][ T5995] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 70.643361][ T140] usb 8-1: new full-speed USB device number 5 using dummy_hcd [ 70.773783][ T5995] usb 5-1: Using ep0 maxpacket: 8 [ 70.776713][ T5995] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 70.780656][ T5995] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 70.785598][ T5995] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 70.788456][ T5995] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.796731][ T140] usb 8-1: not running at top speed; connect to a high speed hub [ 70.796940][ T5995] usbtmc 5-1:16.0: bulk endpoints not found [ 70.800464][ T140] usb 8-1: config 1 interface 0 altsetting 238 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 70.813313][ T140] usb 8-1: config 1 interface 0 has no altsetting 0 [ 70.818340][ T140] usb 8-1: New USB device found, idVendor=047d, idProduct=2041, bcdDevice= 0.40 [ 70.822443][ T140] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.825852][ T140] usb 8-1: Product: syz [ 70.827215][ T140] usb 8-1: Manufacturer: syz [ 70.828632][ T140] usb 8-1: SerialNumber: syz [ 70.832333][ T7350] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 71.043621][ T140] usbhid 8-1:1.0: can't add hid device: -71 [ 71.045617][ T140] usbhid 8-1:1.0: probe with driver usbhid failed with error -71 [ 71.049781][ T140] usb 8-1: USB disconnect, device number 5 [ 71.156982][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.159063][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.179575][ T7369] xt_hashlimit: size too large, truncated to 1048576 [ 71.368751][ T7361] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 71.370886][ T7361] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 71.377205][ T7361] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 71.380712][ T7361] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 71.382650][ T7361] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 71.387125][ T7361] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 71.390190][ T7361] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 71.392122][ T7361] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 71.396706][ T7361] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 71.398606][ T7361] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 71.407409][ T7361] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 71.430680][ T7351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.438479][ T7351] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.462545][ T7351] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 71.465712][ T7351] team0: Device ipvlan2 is already an upper device of the team interface [ 71.569305][ T140] usb 5-1: USB disconnect, device number 5 [ 71.756364][ T7413] netlink: 'syz.2.378': attribute type 10 has an invalid length. [ 71.759431][ T7413] team0: Device hsr_slave_0 failed to register rx_handler [ 71.917021][ T7438] binder_alloc: 7437: pid 7437 spamming oneway? 1 buffers allocated for a total size of 5184 [ 72.518244][ T7407] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 72.521012][ T7407] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 72.523017][ T7407] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 72.525234][ T7407] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 72.568631][ T7473] TCP: out of memory -- consider tuning tcp_mem [ 72.602221][ T40] kauditd_printk_skb: 22 callbacks suppressed [ 72.602231][ T40] audit: type=1400 audit(1748711688.459:438): avc: denied { connect } for pid=7481 comm="syz.0.396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 72.607743][ T7482] netlink: 8 bytes leftover after parsing attributes in process `syz.0.396'. [ 72.613591][ T7482] netlink: 24 bytes leftover after parsing attributes in process `syz.0.396'. [ 72.640127][ T7495] syz.2.398 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 72.650310][ T63] Bluetooth: hci2: unexpected event for opcode 0x1001 [ 72.684908][ T7503] loop4: detected capacity change from 0 to 524255232 [ 72.742740][ T7506] fuse: Unknown parameter 'rootmod/I000000000000000040Yuses_id' [ 72.807388][ T40] audit: type=1400 audit(1748711688.669:439): avc: denied { getopt } for pid=7509 comm="syz.1.403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 72.808903][ T7510] tipc: Started in network mode [ 72.816146][ T7510] tipc: Node identity b24b941718e1, cluster identity 4711 [ 72.818867][ T7510] tipc: Enabled bearer , priority 0 [ 72.843562][ T7510] syzkaller0: entered promiscuous mode [ 72.845930][ T7510] syzkaller0: entered allmulticast mode [ 72.848844][ T7510] tipc: Resetting bearer [ 72.863444][ T40] audit: type=1400 audit(1748711688.719:440): avc: denied { create } for pid=7509 comm="syz.1.403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 72.872920][ T40] audit: type=1400 audit(1748711688.729:441): avc: denied { sys_admin } for pid=7509 comm="syz.1.403" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 72.883405][ T5978] usb 7-1: new low-speed USB device number 5 using dummy_hcd [ 73.033349][ T5978] usb 7-1: Invalid ep0 maxpacket: 64 [ 73.163449][ T5978] usb 7-1: new low-speed USB device number 6 using dummy_hcd [ 73.184447][ T7520] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 73.187446][ T7520] tipc: Enabled bearer , priority 10 [ 73.257111][ T7522] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 73.313331][ T5978] usb 7-1: Invalid ep0 maxpacket: 64 [ 73.315817][ T5978] usb usb7-port1: attempt power cycle [ 73.552902][ T60] cfg80211: failed to load regulatory.db [ 73.599043][ T7512] tipc: Resetting bearer [ 73.665516][ T5978] usb 7-1: new low-speed USB device number 7 using dummy_hcd [ 73.694134][ T5978] usb 7-1: Invalid ep0 maxpacket: 64 [ 73.793453][ T63] Bluetooth: hci0: command 0x0401 tx timeout [ 73.823454][ T5978] usb 7-1: new low-speed USB device number 8 using dummy_hcd [ 73.844104][ T5978] usb 7-1: Invalid ep0 maxpacket: 64 [ 73.846486][ T5978] usb usb7-port1: unable to enumerate USB device [ 74.296466][ T5995] tipc: Node number set to 2863305751 [ 74.465524][ T7512] tipc: Disabling bearer [ 74.593489][ T63] Bluetooth: hci3: command 0x0405 tx timeout [ 74.593529][ T5937] Bluetooth: hci1: command 0x0c1a tx timeout [ 75.873424][ T5937] Bluetooth: hci0: command 0x0401 tx timeout [ 76.673371][ T5937] Bluetooth: hci1: command 0x0c1a tx timeout [ 76.673495][ T63] Bluetooth: hci3: command 0x0405 tx timeout [ 77.953473][ T63] Bluetooth: hci0: command 0x0401 tx timeout [ 78.754646][ T63] Bluetooth: hci1: command 0x0c1a tx timeout [ 78.756512][ T63] Bluetooth: hci3: command 0x0405 tx timeout [ 80.833544][ T5937] Bluetooth: hci3: command 0x0405 tx timeout [ 84.793965][ T7531] netlink: 56 bytes leftover after parsing attributes in process `syz.1.409'. [ 84.846595][ T40] audit: type=1400 audit(1748711700.709:442): avc: denied { create } for pid=7542 comm="syz.1.413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 84.858629][ T40] audit: type=1400 audit(1748711700.719:443): avc: denied { write } for pid=7542 comm="syz.1.413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 84.872710][ T40] audit: type=1400 audit(1748711700.719:444): avc: denied { nlmsg_write } for pid=7542 comm="syz.1.413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 84.902407][ T5937] Bluetooth: hci0: unexpected event for opcode 0x0c05 [ 84.910061][ T7567] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard [ 84.914509][ T7567] exFAT-fs (nullb0): invalid boot record signature [ 84.916663][ T7567] exFAT-fs (nullb0): failed to read boot sector [ 84.918687][ T7567] exFAT-fs (nullb0): failed to recognize exfat type [ 84.982843][ T5937] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 85.022828][ T7596] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7596 comm=syz.3.419 [ 85.051820][ T40] audit: type=1400 audit(1748711700.909:445): avc: denied { write } for pid=7580 comm="syz.0.416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 85.059070][ T7582] /dev/sr0: Can't open blockdev [ 85.091296][ T40] audit: type=1400 audit(1748711700.949:446): avc: denied { read write } for pid=7592 comm="syz.2.420" name="file0" dev="fuse" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 )[ 85.101721][ T40] audit: type=1400 audit(1748711700.949:447): avc: denied { open } for pid=7592 comm="syz.2.420" path="/115/file0/file0" dev="fuse" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 85.164721][ T7591] /dev/sr0: Can't open blockdev [ 85.222853][ T40] audit: type=1400 audit(1748711701.079:448): avc: denied { mounton } for pid=7612 comm="syz.0.424" path="/bus" dev="ramfs" ino=17041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 85.223831][ T7613] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 85.234867][ T7613] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 85.238618][ T7613] overlayfs: failed to get uuid (/file1, err=-95); falling back to uuid=null. [ 85.298657][ T40] audit: type=1400 audit(1748711701.159:449): avc: denied { getopt } for pid=7617 comm="syz.3.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 85.924869][ T7630] netlink: 4 bytes leftover after parsing attributes in process `syz.1.429'. [ 85.928165][ T7630] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.967399][ T7630] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 86.058699][ T7639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.431'. [ 86.062813][ T7639] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7639 comm=syz.2.431 [ 86.115462][ T7641] block nbd1: NBD_DISCONNECT [ 86.236077][ T7649] overlayfs: failed to resolve './bus': -2 [ 86.242306][ T40] audit: type=1400 audit(1748711702.099:450): avc: denied { watch } for pid=7650 comm="syz.2.436" path="/119" dev="tmpfs" ino=645 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 86.255565][ T40] audit: type=1400 audit(1748711702.099:451): avc: denied { watch_sb } for pid=7650 comm="syz.2.436" path="/119" dev="tmpfs" ino=645 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 86.312871][ T7659] random: crng reseeded on system resumption [ 86.407112][ T7666] hfs: unable to load iocharset "io#harset" [ 86.453358][ T7659] netlink: 56 bytes leftover after parsing attributes in process `syz.2.439'. [ 86.457443][ T7659] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1015 sclass=netlink_route_socket pid=7659 comm=syz.2.439 [ 87.002943][ T7677] CIFS mount error: No usable UNC path provided in device string! [ 87.002943][ T7677] [ 87.007358][ T7677] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 87.123145][ T29] libceph: connect (1)[c::]:6789 error -101 [ 87.125984][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 87.209999][ T5937] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 87.291787][ T7696] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 87.361172][ T7704] use of bytesused == 0 is deprecated and will be removed in the future, [ 87.364947][ T7704] use the actual size instead. [ 87.397070][ T29] libceph: connect (1)[c::]:6789 error -101 [ 87.400018][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 87.441418][ T7711] netlink: 8 bytes leftover after parsing attributes in process `syz.1.455'. [ 87.445199][ T7711] netlink: 12 bytes leftover after parsing attributes in process `syz.1.455'. [ 87.449043][ T7711] netlink: 'syz.1.455': attribute type 5 has an invalid length. [ 87.913887][ T29] libceph: connect (1)[c::]:6789 error -101 [ 87.915880][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 87.946074][ T7685] ceph: No mds server is up or the cluster is laggy [ 88.106941][ T7724] block nbd2: shutting down sockets [ 88.154659][ T7734] block nbd2: Device being setup by another task [ 88.172101][ T7738] program syz.1.461 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 88.254058][ T7745] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 20001 - 0 [ 88.258368][ T7745] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 20001 - 0 [ 88.261931][ T7745] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 20001 - 0 [ 88.267050][ T7745] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 20001 - 0 [ 88.528606][ T7748] cgroup: fork rejected by pids controller in /syz1 [ 88.570389][ T7791] netlink: 'syz.3.470': attribute type 28 has an invalid length. [ 88.687185][ T7807] netlink: 'syz.2.473': attribute type 1 has an invalid length. [ 88.701346][ T7807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.771248][ T7812] affs: No valid root block on device nullb0 [ 88.936997][ T7826] netlink: 28 bytes leftover after parsing attributes in process `syz.0.479'. [ 88.939809][ T7826] netlink: 'syz.0.479': attribute type 7 has an invalid length. [ 88.942346][ T7826] netlink: 'syz.0.479': attribute type 8 has an invalid length. [ 88.944918][ T7826] netlink: 4 bytes leftover after parsing attributes in process `syz.0.479'. [ 88.950348][ T7826] erspan0: entered promiscuous mode [ 88.952680][ T7826] batadv_slave_1: entered promiscuous mode [ 88.956044][ T7826] erspan0: left promiscuous mode [ 88.958569][ T7826] batadv_slave_1: left promiscuous mode [ 89.250462][ T7845] syzkaller0: entered promiscuous mode [ 89.252778][ T7845] syzkaller0: entered allmulticast mode [ 89.398078][ T7846] netlink: 4 bytes leftover after parsing attributes in process `syz.0.483'. [ 89.808773][ T7856] netlink: 4 bytes leftover after parsing attributes in process `syz.2.487'. [ 90.387398][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 90.387410][ T40] audit: type=1400 audit(1748711706.249:460): avc: denied { read } for pid=7864 comm="syz.2.489" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 90.394520][ T7867] xt_l2tp: v2 doesn't support IP mode [ 90.408524][ T7870] 9pnet: p9_errstr2errno: server reported unknown error 00000000000000000004 [ 90.433796][ T7874] misc userio: No port type given on /dev/userio [ 90.444383][ T7878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'. [ 90.448080][ T7878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'. [ 90.450921][ T7878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'. [ 90.458770][ T7878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'. [ 90.461837][ T7878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'. [ 90.465701][ T7878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'. [ 90.468508][ T7878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'. [ 90.471386][ T7878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'. [ 90.474843][ T7878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'. [ 90.481192][ T40] audit: type=1400 audit(1748711706.339:461): avc: denied { setopt } for pid=7884 comm="syz.0.496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 90.489245][ T7885] usb usb8: usbfs: process 7885 (syz.0.496) did not claim interface 0 before use [ 90.499232][ T7885] batadv_slave_1: entered promiscuous mode [ 90.545713][ T40] audit: type=1400 audit(1748711706.409:462): avc: denied { mounton } for pid=7889 comm="syz.3.498" path="/proc/287/task" dev="proc" ino=17261 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 90.553854][ T40] audit: type=1400 audit(1748711706.409:463): avc: denied { connect } for pid=7889 comm="syz.3.498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 90.563446][ T40] audit: type=1400 audit(1748711706.419:464): avc: denied { bind } for pid=7889 comm="syz.3.498" lport=3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 90.570368][ T40] audit: type=1400 audit(1748711706.419:465): avc: denied { node_bind } for pid=7889 comm="syz.3.498" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 90.604541][ T7884] batadv_slave_1: left promiscuous mode [ 90.694885][ T7899] loop2: detected capacity change from 0 to 7 [ 90.700589][ T7899] Dev loop2: unable to read RDB block 7 [ 90.703898][ T7899] loop2: unable to read partition table [ 90.706103][ T7899] loop2: partition table beyond EOD, truncated [ 90.708014][ T7899] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 90.823643][ T7909] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 90.977722][ T7913] kernel read not supported for file /policy (pid: 7913 comm: syz.2.505) [ 90.981857][ T40] audit: type=1400 audit(1748711706.839:466): avc: denied { module_load } for pid=7912 comm="syz.2.505" path="/selinux/policy" dev="selinuxfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=system permissive=1 [ 91.066857][ T5937] Bluetooth: hci3: unexpected subevent 0x05 length: 9 < 12 [ 91.099928][ T7923] autofs4:pid:7923:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e) [ 91.399124][ T40] audit: type=1400 audit(1748711707.259:467): avc: denied { nlmsg_read } for pid=7938 comm="syz.3.513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 91.465973][ T40] audit: type=1400 audit(1748711707.329:468): avc: denied { ioctl } for pid=7944 comm="syz.2.516" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 91.471512][ T7947] rtc_cmos 00:05: Alarms can be up to one day in the future [ 91.529982][ T40] audit: type=1400 audit(1748711707.389:469): avc: denied { listen } for pid=7950 comm="syz.2.518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 91.704017][ T7970] fuse: Unknown parameter 'root6_K(țoe1>mode' [ 92.014883][ T7997] xt_CT: You must specify a L4 protocol and not use inversions on it [ 92.016107][ T8003] gretap0: entered promiscuous mode [ 92.027924][ T8003] 0XD: renamed from gretap0 [ 92.030745][ T8003] 0XD: left promiscuous mode [ 92.032326][ T8003] 0XD: entered allmulticast mode [ 92.036228][ T8003] A link change request failed with some changes committed already. Interface 30XD may have been left with an inconsistent configuration, please check. [ 92.304057][ T8024] netlink: 'syz.1.541': attribute type 1 has an invalid length. [ 92.320073][ T8024] 8021q: adding VLAN 0 to HW filter on device bond1 [ 92.350265][ T8024] bond1: (slave dummy0): making interface the new active one [ 92.354517][ T8024] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 92.605029][ T8035] ptm ptm1: ldisc open failed (-12), clearing slot 1 [ 92.650932][ T8043] netlink: 'syz.3.545': attribute type 10 has an invalid length. [ 92.675921][ T5937] Bluetooth: hci0: unexpected event for opcode 0x1408 [ 92.734981][ T8055] overlayfs: overlapping lowerdir path [ 93.143941][ T1346] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 93.266968][ T8088] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 93.293758][ T1346] usb 6-1: Using ep0 maxpacket: 8 [ 93.298116][ T1346] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 93.301347][ T1346] usb 6-1: config 0 has no interface number 0 [ 93.303711][ T1346] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 98, changing to 7 [ 93.307140][ T1346] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 26346, setting to 1024 [ 93.311739][ T1346] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 93.314736][ T1346] usb 6-1: New USB device strings: Mfr=71, Product=98, SerialNumber=0 [ 93.317295][ T1346] usb 6-1: Product: syz [ 93.318641][ T1346] usb 6-1: Manufacturer: syz [ 93.336142][ T1346] usb 6-1: config 0 descriptor?? [ 93.339330][ T1346] iowarrior 6-1:0.1: no interrupt-in endpoint found [ 93.551395][ T5978] usb 6-1: USB disconnect, device number 5 [ 93.951557][ T8094] xt_hashlimit: size too large, truncated to 1048576 [ 93.962416][ T8094] syz.0.562: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 93.973545][ T8094] CPU: 3 UID: 0 PID: 8094 Comm: syz.0.562 Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) [ 93.973560][ T8094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.973566][ T8094] Call Trace: [ 93.973570][ T8094] [ 93.973573][ T8094] dump_stack_lvl+0x16c/0x1f0 [ 93.973633][ T8094] warn_alloc+0x248/0x3a0 [ 93.973648][ T8094] ? __pfx_warn_alloc+0x10/0x10 [ 93.973663][ T8094] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 93.973680][ T8094] ? __vmalloc_node_noprof+0xad/0xf0 [ 93.973698][ T8094] __vmalloc_node_range_noprof+0x10f4/0x1520 [ 93.973717][ T8094] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 93.973734][ T8094] ? rcu_is_watching+0x12/0xc0 [ 93.973746][ T8094] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 93.973761][ T8094] ? __alloc_pages_noprof+0xb/0x1b0 [ 93.973771][ T8094] ? ___kmalloc_large_node+0x84/0x1e0 [ 93.973788][ T8094] __kvmalloc_node_noprof+0x308/0x620 [ 93.973804][ T8094] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 93.973833][ T8094] ? net_generic+0xea/0x2a0 [ 93.973847][ T8094] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 93.973872][ T8094] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 93.973888][ T8094] hashlimit_mt_check_common+0x8bb/0x1460 [ 93.973911][ T8094] hashlimit_mt_check+0x71/0x90 [ 93.973928][ T8094] ? __pfx_hashlimit_mt_check+0x10/0x10 [ 93.973961][ T8094] xt_check_match+0x286/0xa50 [ 93.973977][ T8094] ? mem_cgroup_css_alloc+0x16d2/0x1f90 [ 93.973994][ T8094] ? __pfx_xt_check_match+0x10/0x10 [ 93.974012][ T8094] ? xt_find_target+0x1f2/0x290 [ 93.974028][ T8094] ? xt_find_match+0x1f6/0x290 [ 93.974047][ T8094] find_check_entry.constprop.0+0x34e/0xa20 [ 93.974067][ T8094] ? __pfx_find_check_entry.constprop.0+0x10/0x10 [ 93.974087][ T8094] ? kasan_quarantine_put+0x10a/0x240 [ 93.974104][ T8094] ? lockdep_hardirqs_on+0x7c/0x110 [ 93.974116][ T8094] ? kfree+0x2b4/0x4d0 [ 93.974130][ T8094] ? translate_table+0xc0e/0x17b0 [ 93.974147][ T8094] translate_table+0xd0b/0x17b0 [ 93.974168][ T8094] ? __pfx_translate_table+0x10/0x10 [ 93.974183][ T8094] ? xt_alloc_table_info+0x3e/0xa0 [ 93.974202][ T8094] do_ip6t_set_ctl+0x570/0xb00 [ 93.974223][ T8094] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 93.974254][ T8094] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 93.974274][ T8094] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 93.974293][ T8094] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 93.974309][ T8094] nf_setsockopt+0x8d/0xf0 [ 93.974324][ T8094] ipv6_setsockopt+0x135/0x170 [ 93.974340][ T8094] rawv6_setsockopt+0xc2/0x510 [ 93.974354][ T8094] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 93.974368][ T8094] ? selinux_socket_setsockopt+0x6a/0x80 [ 93.974384][ T8094] ? sock_common_setsockopt+0x2e/0xf0 [ 93.974398][ T8094] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 93.974411][ T8094] do_sock_setsockopt+0x224/0x470 [ 93.974425][ T8094] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 93.974446][ T8094] __sys_setsockopt+0x1a0/0x230 [ 93.974459][ T8094] __x64_sys_setsockopt+0xbd/0x160 [ 93.974469][ T8094] ? do_syscall_64+0x91/0x4c0 [ 93.974480][ T8094] ? lockdep_hardirqs_on+0x7c/0x110 [ 93.974490][ T8094] do_syscall_64+0xcd/0x4c0 [ 93.974502][ T8094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.974513][ T8094] RIP: 0033:0x7f4bdb58e969 [ 93.974527][ T8094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.974537][ T8094] RSP: 002b:00007f4bdc468038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 93.974561][ T8094] RAX: ffffffffffffffda RBX: 00007f4bdb7b5fa0 RCX: 00007f4bdb58e969 [ 93.974569][ T8094] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000005 [ 93.974574][ T8094] RBP: 00007f4bdb610ab1 R08: 0000000000000588 R09: 0000000000000000 [ 93.974581][ T8094] R10: 00002000000014c0 R11: 0000000000000246 R12: 0000000000000000 [ 93.974587][ T8094] R13: 0000000000000000 R14: 00007f4bdb7b5fa0 R15: 00007ffd172c9598 [ 93.974601][ T8094] [ 93.974617][ T8094] Mem-Info: [ 94.124590][ T8094] active_anon:28718 inactive_anon:0 isolated_anon:0 [ 94.124590][ T8094] active_file:5266 inactive_file:49912 isolated_file:0 [ 94.124590][ T8094] unevictable:1768 dirty:35 writeback:0 [ 94.124590][ T8094] slab_reclaimable:11920 slab_unreclaimable:73006 [ 94.124590][ T8094] mapped:24327 shmem:21623 pagetables:955 [ 94.124590][ T8094] sec_pagetables:308 bounce:0 [ 94.124590][ T8094] kernel_misc_reclaimable:0 [ 94.124590][ T8094] free:443896 free_pcp:1901 free_cma:0 [ 94.141764][ T8094] Node 0 active_anon:116608kB inactive_anon:0kB active_file:21064kB inactive_file:199424kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:97284kB dirty:140kB writeback:0kB shmem:84072kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12112kB pagetables:3820kB sec_pagetables:1232kB all_unreclaimable? no Balloon:0kB [ 94.152548][ T8094] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:224kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:24kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:112kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 94.162868][ T8094] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 94.171470][ T8094] lowmem_reserve[]: 0 1235 1235 1235 1235 [ 94.173717][ T8094] Node 0 DMA32 free:133928kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB active_anon:117724kB inactive_anon:0kB active_file:21064kB inactive_file:199424kB unevictable:3536kB writepending:140kB present:2080628kB managed:1264976kB mlocked:0kB bounce:0kB free_pcp:4844kB local_pcp:64kB free_cma:0kB [ 94.182973][ T8094] lowmem_reserve[]: 0 0 0 0 0 [ 94.184483][ T8094] Node 1 Normal free:1624312kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:224kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781948kB mlocked:0kB bounce:0kB free_pcp:2748kB local_pcp:4kB free_cma:0kB [ 94.193546][ T8094] lowmem_reserve[]: 0 0 0 0 0 [ 94.195229][ T8094] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 94.199338][ T8094] Node 0 DMA32: 1*4kB (M) 1*8kB (E) 60*16kB (UE) 83*32kB (UE) 36*64kB (UME) 21*128kB (UME) 15*256kB (UME) 7*512kB (UM) 11*1024kB (UME) 10*2048kB (M) 21*4096kB (UM) = 133804kB [ 94.204857][ T8094] Node 1 Normal: 3*4kB (M) 5*8kB (UME) 22*16kB (UME) 119*32kB (UME) 62*64kB (UME) 18*128kB (UME) 4*256kB (UE) 6*512kB (UME) 2*1024kB (UE) 1*2048kB (U) 392*4096kB (M) = 1624308kB [ 94.210394][ T8094] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 94.213570][ T8094] Node 0 hugepages_total=6 hugepages_free=6 hugepages_surp=4 hugepages_size=2048kB [ 94.216630][ T8094] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 94.219682][ T8094] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 94.222567][ T8094] 77324 total pagecache pages [ 94.224088][ T8094] 0 pages in swap cache [ 94.225414][ T8094] Free swap = 121384kB [ 94.226681][ T8094] Total swap = 124996kB [ 94.228092][ T8094] 1048443 pages RAM [ 94.229302][ T8094] 0 pages HighMem/MovableOnly [ 94.230804][ T8094] 282872 pages reserved [ 94.232077][ T8094] 0 pages cma reserved [ 94.344160][ T8111] netlink: 'syz.2.566': attribute type 4 has an invalid length. [ 94.349907][ T8099] binder: Binderfs stats mode cannot be changed during a remount [ 94.355501][ T8111] netlink: 'syz.2.566': attribute type 4 has an invalid length. [ 94.503198][ T8123] input: syz0 as /devices/virtual/input/input12 [ 94.515483][ T8124] kvm: pic: non byte read [ 94.518040][ T8124] kvm: pic: level sensitive irq not supported [ 94.518316][ T8124] kvm: pic: non byte read [ 94.522923][ T8124] kvm: pic: level sensitive irq not supported [ 94.523159][ T8124] kvm: pic: non byte read [ 94.579330][ T8129] kvm: kvm [8128]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000003f) [ 94.641420][ T8133] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 94.653110][ T8133] : entered promiscuous mode [ 94.779452][ T8140] ptm ptm23: ldisc open failed (-12), clearing slot 23 [ 95.093611][ T8174] isofs_fill_super: bread failed, dev=sr0, iso_blknum=32, block=32 [ 95.147533][ T8177] tmpfs: Unknown parameter 'Į1O' [ 95.157286][ T8179] __nla_validate_parse: 65 callbacks suppressed [ 95.157296][ T8179] netlink: 4 bytes leftover after parsing attributes in process `syz.3.583'. [ 95.157323][ T8180] netlink: 12 bytes leftover after parsing attributes in process `syz.3.583'. [ 95.202463][ T8184] netlink: 52 bytes leftover after parsing attributes in process `syz.3.584'. [ 95.539190][ T8205] netlink: 232 bytes leftover after parsing attributes in process `syz.1.590'. [ 95.542993][ T8205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.590'. [ 95.807649][ T8224] openvswitch: netlink: Key type 179 is out of range max 32 [ 95.811513][ T8224] xt_hashlimit: size too large, truncated to 1048576 [ 95.949741][ T40] kauditd_printk_skb: 23 callbacks suppressed [ 95.949755][ T40] audit: type=1400 audit(1748711711.809:493): avc: denied { ioctl } for pid=8230 comm="syz.3.597" path="socket:[22582]" dev="sockfs" ino=22582 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 96.255247][ T8253] 9pnet: Could not find request transport: virti Oto [ 96.286923][ T40] audit: type=1400 audit(1748711712.149:494): avc: denied { connect } for pid=8255 comm="syz.0.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 96.433889][ T40] audit: type=1400 audit(1748711712.299:495): avc: denied { mounton } for pid=8257 comm="syz.0.604" path="/145/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 96.545270][ T8263] overlay: Unknown parameter 'fowner<00000000000000000000' [ 96.605268][ T8265] isofs_fill_super: bread failed, dev=sr0, iso_blknum=32, block=32 [ 96.943018][ T8273] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8273 comm=syz.3.608 [ 97.157987][ T8258] orangefs_mount: mount request failed with -4 [ 97.201919][ T8288] xt_CT: No such helper "pptp" [ 97.297982][ T8293] netlink: 8 bytes leftover after parsing attributes in process `syz.3.615'. [ 97.399753][ T8293] netlink: 'syz.3.615': attribute type 7 has an invalid length. [ 97.499781][ T8306] netlink: 12 bytes leftover after parsing attributes in process `syz.3.617'. [ 97.587727][ T8312] netlink: 128 bytes leftover after parsing attributes in process `syz.0.619'. [ 97.647030][ T8317] netlink: 8 bytes leftover after parsing attributes in process `syz.0.621'. [ 97.656066][ T8317] ipip0: entered promiscuous mode [ 97.721652][ T61] Bluetooth: hci4: Frame reassembly failed (-84) [ 97.731577][ T8319] netlink: 16 bytes leftover after parsing attributes in process `syz.0.622'. [ 97.738254][ T8321] fuse: Bad value for 'rootmode' [ 97.740671][ T40] audit: type=1400 audit(1748711713.599:496): avc: denied { write } for pid=8320 comm="syz.3.623" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 97.750513][ T40] audit: type=1400 audit(1748711713.599:497): avc: denied { open } for pid=8320 comm="syz.3.623" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 97.760694][ T40] audit: type=1400 audit(1748711713.599:498): avc: denied { getopt } for pid=8320 comm="syz.3.623" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 97.911653][ T8326] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pid=8326 comm=syz.3.625 [ 98.525717][ T8345] loop9: detected capacity change from 0 to 14 [ 98.532584][ T7794] Dev loop9: unable to read RDB block 14 [ 98.534545][ T7794] loop9: unable to read partition table [ 98.536418][ T7794] loop9: partition table beyond EOD, truncated [ 98.542784][ T8345] Dev loop9: unable to read RDB block 14 [ 98.544879][ T8345] loop9: unable to read partition table [ 98.546772][ T8345] loop9: partition table beyond EOD, truncated [ 98.551550][ T8345] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 98.563810][ T40] audit: type=1400 audit(1748711714.429:499): avc: denied { shutdown } for pid=8344 comm="syz.1.632" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 98.716403][ T40] audit: type=1400 audit(1748711714.579:500): avc: denied { append } for pid=8355 comm="syz.1.634" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 99.513103][ T63] Bluetooth: hci0: unknown advertising packet type: 0x20 [ 99.793503][ T5937] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 99.796923][ T63] Bluetooth: hci4: command 0x1003 tx timeout [ 99.969821][ T8367] binder: 8366:8367 ioctl c0306201 2000000001c0 returned -14 [ 100.118451][ T40] audit: type=1400 audit(1748711715.979:501): avc: denied { write } for pid=8371 comm="syz.0.640" lport=41151 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 100.121045][ T8372] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 100.130113][ T8372] UDF-fs: Scanning with blocksize 512 failed [ 100.132874][ T8372] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 100.135948][ T8372] UDF-fs: Scanning with blocksize 1024 failed [ 100.138010][ T8372] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 100.140319][ T8372] UDF-fs: Scanning with blocksize 2048 failed [ 100.142437][ T8372] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 100.145460][ T8372] UDF-fs: Scanning with blocksize 4096 failed [ 100.233417][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.313642][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.380445][ T8390] 9pnet_virtio: no channels available for device 127.0.0.1 [ 100.425046][ T8392] x_tables: duplicate underflow at hook 1 [ 100.427616][ T8392] hfsplus: unable to find HFS+ superblock [ 100.473264][ T8397] FAULT_INJECTION: forcing a failure. [ 100.473264][ T8397] name failslab, interval 1, probability 0, space 0, times 1 [ 100.485485][ T8397] CPU: 0 UID: 0 PID: 8397 Comm: syz.1.647 Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) [ 100.485503][ T8397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.485509][ T8397] Call Trace: [ 100.485513][ T8397] [ 100.485517][ T8397] dump_stack_lvl+0x16c/0x1f0 [ 100.485548][ T8397] should_fail_ex+0x512/0x640 [ 100.485568][ T8397] should_failslab+0xc2/0x120 [ 100.485581][ T8397] __kmalloc_cache_noprof+0x6a/0x3e0 [ 100.485597][ T8397] ? __pfx___might_resched+0x10/0x10 [ 100.485609][ T8397] ? bdi_split_work_to_wbs+0x2bd/0xf90 [ 100.485625][ T8397] bdi_split_work_to_wbs+0x2bd/0xf90 [ 100.485642][ T8397] ? __pfx_bdi_split_work_to_wbs+0x10/0x10 [ 100.485671][ T8397] ? __pfx_down_write+0x10/0x10 [ 100.485688][ T8397] sync_inodes_sb+0x1ae/0xa70 [ 100.485702][ T8397] ? __pfx___might_resched+0x10/0x10 [ 100.485712][ T8397] ? __pfx_sync_inodes_sb+0x10/0x10 [ 100.485727][ T8397] ? super_lock+0x1e1/0x3f0 [ 100.485743][ T8397] ? find_held_lock+0x2b/0x80 [ 100.485760][ T8397] ? __iterate_supers+0x1b6/0x330 [ 100.485777][ T8397] sync_inodes_one_sb+0x52/0x60 [ 100.485789][ T8397] __iterate_supers+0x210/0x330 [ 100.485803][ T8397] ? __pfx_sync_inodes_one_sb+0x10/0x10 [ 100.485815][ T8397] ksys_sync+0x89/0x150 [ 100.485825][ T8397] ? __pfx_ksys_sync+0x10/0x10 [ 100.485835][ T8397] ? __pfx_ksys_write+0x10/0x10 [ 100.485846][ T8397] ? rcu_is_watching+0x12/0xc0 [ 100.485855][ T8397] ? do_syscall_64+0x91/0x4c0 [ 100.485867][ T8397] __do_sys_sync+0xe/0x20 [ 100.485876][ T8397] do_syscall_64+0xcd/0x4c0 [ 100.485897][ T8397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.485912][ T8397] RIP: 0033:0x7f7a16d8e969 [ 100.485924][ T8397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.485941][ T8397] RSP: 002b:00007f7a17b71038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 [ 100.485957][ T8397] RAX: ffffffffffffffda RBX: 00007f7a16fb5fa0 RCX: 00007f7a16d8e969 [ 100.485965][ T8397] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 100.485971][ T8397] RBP: 00007f7a17b71090 R08: 0000000000000000 R09: 0000000000000000 [ 100.485977][ T8397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.485983][ T8397] R13: 0000000000000001 R14: 00007f7a16fb5fa0 R15: 00007ffe8dfc4778 [ 100.485997][ T8397] [ 100.667786][ T8402] __nla_validate_parse: 4 callbacks suppressed [ 100.667802][ T8402] netlink: 36 bytes leftover after parsing attributes in process `syz.1.649'. [ 100.994074][ T140] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 101.153363][ T140] usb 5-1: Using ep0 maxpacket: 8 [ 101.156271][ T140] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 101.158809][ T140] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 101.161478][ T140] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 101.164319][ T140] usb 5-1: config 250 has no interface number 0 [ 101.166324][ T140] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 101.169877][ T140] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 101.173083][ T140] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 101.176408][ T140] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 101.179639][ T140] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 101.183965][ T140] usb 5-1: config 250 interface 228 has no altsetting 0 [ 101.187452][ T140] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 101.190395][ T140] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 101.193049][ T140] usb 5-1: Product: syz [ 101.194528][ T140] usb 5-1: SerialNumber: syz [ 101.198982][ T140] hub 5-1:250.228: bad descriptor, ignoring hub [ 101.201079][ T140] hub 5-1:250.228: probe with driver hub failed with error -5 [ 101.402341][ T140] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 6 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 101.483161][ T40] audit: type=1400 audit(1748711717.339:502): avc: denied { getopt } for pid=8418 comm="syz.1.652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 101.491050][ T40] audit: type=1400 audit(1748711717.349:503): avc: denied { map } for pid=8418 comm="syz.1.652" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 101.499952][ T40] audit: type=1400 audit(1748711717.349:504): avc: denied { execute } for pid=8418 comm="syz.1.652" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 101.603379][ T40] audit: type=1400 audit(1748711717.459:505): avc: denied { read write } for pid=8403 comm="syz.0.650" name="lp0" dev="devtmpfs" ino=2991 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 101.610591][ T40] audit: type=1400 audit(1748711717.469:506): avc: denied { open } for pid=8403 comm="syz.0.650" path="/dev/usb/lp0" dev="devtmpfs" ino=2991 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 102.019294][ T8404] usb 5-1: reset high-speed USB device number 6 using dummy_hcd [ 102.043376][ T40] audit: type=1400 audit(1748711717.899:507): avc: denied { watch_sb watch_reads } for pid=8431 comm="syz.1.656" path="/191/file0" dev="tmpfs" ino=1066 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 102.126167][ T40] audit: type=1400 audit(1748711717.989:508): avc: denied { getopt } for pid=8439 comm="syz.1.660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 102.153672][ T8404] usb 5-1: device descriptor read/64, error -71 [ 102.215940][ T40] audit: type=1400 audit(1748711718.079:509): avc: denied { map } for pid=8447 comm="syz.1.662" path="socket:[21199]" dev="sockfs" ino=21199 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 102.224082][ T40] audit: type=1400 audit(1748711718.079:510): avc: denied { mount } for pid=8447 comm="syz.1.662" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 102.403834][ T40] audit: type=1400 audit(1748711718.259:511): avc: denied { ioctl } for pid=8464 comm="syz.3.666" path="socket:[22771]" dev="sockfs" ino=22771 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 102.404280][ T8404] usb 5-1: reset high-speed USB device number 6 using dummy_hcd [ 102.464021][ T1346] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 102.553383][ T8404] usb 5-1: device descriptor read/64, error -71 [ 102.613350][ T1346] usb 6-1: Using ep0 maxpacket: 32 [ 102.616609][ T1346] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 102.621202][ T1346] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 102.624615][ T1346] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 102.627208][ T1346] usb 6-1: Product: syz [ 102.628521][ T1346] usb 6-1: Manufacturer: syz [ 102.629987][ T1346] usb 6-1: SerialNumber: syz [ 102.632718][ T1346] usb 6-1: config 0 descriptor?? [ 102.635162][ T8448] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 102.701057][ T8469] could not allocate digest TFM handle cryptd(blake2b-160) [ 102.793633][ T8404] usb 5-1: reset high-speed USB device number 6 using dummy_hcd [ 102.813900][ T8404] usb 5-1: device descriptor read/8, error -71 [ 102.892814][ T8476] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.896195][ T8476] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.063408][ T8404] usb 5-1: reset high-speed USB device number 6 using dummy_hcd [ 103.084985][ T8404] usb 5-1: device descriptor read/8, error -71 [ 103.124603][ T8485] futex_wake_op: syz.3.670 tries to shift op by -1; fix this program [ 103.131143][ T8485] x_tables: ip6_tables: CT target: only valid in raw table, not ethtool [ 103.195031][ T5995] usb 5-1: USB disconnect, device number 6 [ 103.201272][ T5995] usblp0: removed [ 103.221160][ T1346] usb 6-1: USB disconnect, device number 6 [ 103.353438][ T5995] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 103.372384][ T8487] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.671'. [ 103.375374][ T8487] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 103.493398][ T5995] usb 5-1: device descriptor read/64, error -71 [ 103.753445][ T5995] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 103.835256][ T8487] netlink: 8 bytes leftover after parsing attributes in process `syz.3.671'. [ 103.838045][ T8487] netlink: 36 bytes leftover after parsing attributes in process `syz.3.671'. [ 104.023680][ T1346] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 104.043363][ T8504] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 104.176707][ T1346] usb 6-1: Using ep0 maxpacket: 8 [ 104.180586][ T1346] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 104.186139][ T1346] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 104.190261][ T1346] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 104.195189][ T1346] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 104.199185][ T1346] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 104.202052][ T1346] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.206026][ T8508] block nbd3: shutting down sockets [ 104.243423][ T8509] nbd3: detected capacity change from 0 to 67108884 [ 104.247744][ T7794] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 104.251182][ T7794] Buffer I/O error on dev nbd3, logical block 0, async page read [ 104.253990][ T7794] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 104.256821][ T7794] Buffer I/O error on dev nbd3, logical block 0, async page read [ 104.259313][ T7794] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 104.262187][ T7794] Buffer I/O error on dev nbd3, logical block 0, async page read [ 104.265668][ T7794] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 104.268487][ T7794] Buffer I/O error on dev nbd3, logical block 0, async page read [ 104.271685][ T7794] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 104.275003][ T7794] Buffer I/O error on dev nbd3, logical block 0, async page read [ 104.277520][ T7794] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 104.280303][ T7794] Buffer I/O error on dev nbd3, logical block 0, async page read [ 104.282866][ T7794] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 104.286290][ T7794] Buffer I/O error on dev nbd3, logical block 0, async page read [ 104.289755][ T7794] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 104.293602][ T7794] Buffer I/O error on dev nbd3, logical block 0, async page read [ 104.296836][ T7794] ldm_validate_partition_table(): Disk read failed. [ 104.299497][ T7794] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 104.303037][ T7794] Buffer I/O error on dev nbd3, logical block 0, async page read [ 104.306401][ T7794] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 104.310090][ T7794] Buffer I/O error on dev nbd3, logical block 0, async page read [ 104.313741][ T7794] Dev nbd3: unable to read RDB block 0 [ 104.316517][ T7794] nbd3: unable to read partition table [ 104.326331][ T7794] ldm_validate_partition_table(): Disk read failed. [ 104.329541][ T7794] Dev nbd3: unable to read RDB block 0 [ 104.332261][ T7794] nbd3: unable to read partition table [ 104.415924][ T1346] usb 6-1: GET_CAPABILITIES returned 0 [ 104.417735][ T1346] usbtmc 6-1:16.0: can't read capabilities [ 104.526708][ T8520] netlink: 12 bytes leftover after parsing attributes in process `syz.3.679'. [ 104.543649][ T8520] 8021q: adding VLAN 0 to HW filter on device bond2 [ 104.565903][ T8520] netlink: 32 bytes leftover after parsing attributes in process `syz.3.679'. [ 104.617893][ T1346] usb 6-1: USB disconnect, device number 7 [ 104.712184][ T8526] netlink: 8 bytes leftover after parsing attributes in process `syz.0.680'. [ 104.750040][ T8528] netlink: 'syz.3.681': attribute type 6 has an invalid length. [ 104.752519][ T8528] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.681'. [ 104.835846][ T8532] netlink: 108 bytes leftover after parsing attributes in process `syz.3.681'. [ 104.911078][ T8528] cdrom: dropping to single frame dma [ 105.322992][ T8564] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 105.485569][ T8583] netlink: 24 bytes leftover after parsing attributes in process `syz.1.688'. [ 105.606876][ T8598] SELinux: policydb string does not match my string SE Linux [ 105.609622][ T8598] SELinux: failed to load policy [ 105.612867][ T8598] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 105.837108][ T8619] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.115411][ T8626] relay: one or more items not logged [item size (56) > sub-buffer size (9)] [ 106.370071][ T8634] netlink: 12 bytes leftover after parsing attributes in process `syz.1.705'. [ 106.397577][ T8636] netlink: 'syz.0.706': attribute type 62 has an invalid length. [ 106.400047][ T8636] netlink: 5 bytes leftover after parsing attributes in process `syz.0.706'. [ 106.448317][ T8644] Bluetooth: MGMT ver 1.23 [ 106.452785][ T8642] netlink: 'syz.0.708': attribute type 23 has an invalid length. [ 106.457979][ T8642] tmpfs: Bad value for 'mpol' [ 106.525156][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 106.525166][ T40] audit: type=1400 audit(1748711722.389:526): avc: denied { read } for pid=8645 comm="syz.3.711" name="file0" dev="9p" ino=35913849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 106.544210][ T40] audit: type=1400 audit(1748711722.389:527): avc: denied { open } for pid=8645 comm="syz.3.711" path="/161/file0/file0" dev="9p" ino=35913849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 106.553138][ T40] audit: type=1400 audit(1748711722.409:528): avc: denied { create } for pid=8658 comm="syz.1.714" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 106.559761][ T40] audit: type=1400 audit(1748711722.409:529): avc: denied { setopt } for pid=8658 comm="syz.1.714" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 106.566361][ T40] audit: type=1400 audit(1748711722.409:530): avc: denied { setopt } for pid=8658 comm="syz.1.714" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 106.745382][ T8666] netlink: 'syz.1.716': attribute type 1 has an invalid length. [ 106.747916][ T8666] netlink: 'syz.1.716': attribute type 2 has an invalid length. [ 106.815919][ T8678] xt_hashlimit: size too large, truncated to 1048576 [ 106.909995][ T8683] netlink: 28 bytes leftover after parsing attributes in process `syz.3.721'. [ 106.916145][ T8683] netlink: 28 bytes leftover after parsing attributes in process `syz.3.721'. [ 107.046994][ T40] audit: type=1400 audit(1748711722.909:531): avc: denied { setopt } for pid=8687 comm="syz.3.723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 107.118682][ T8692] netlink: 32 bytes leftover after parsing attributes in process `syz.0.725'. [ 107.121464][ T8692] gretap0: entered promiscuous mode [ 107.124519][ T8692] netlink: 3668 bytes leftover after parsing attributes in process `syz.0.725'. [ 107.127483][ T8692] netlink: 3668 bytes leftover after parsing attributes in process `syz.0.725'. [ 107.218780][ T40] audit: type=1400 audit(1748711723.079:532): avc: denied { listen } for pid=8697 comm="syz.0.727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 107.226623][ T40] audit: type=1400 audit(1748711723.079:533): avc: denied { write } for pid=8687 comm="syz.3.723" name="btrfs-control" dev="devtmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 107.319958][ T8695] delete_channel: no stack [ 107.446439][ T40] audit: type=1400 audit(1748711723.309:534): avc: denied { ioctl } for pid=8718 comm="syz.3.732" path="socket:[24288]" dev="sockfs" ino=24288 ioctlcmd=0x89ec scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 108.228065][ T8740] mkiss: ax0: crc mode is auto. [ 108.231224][ T8740] netlink: 'syz.0.735': attribute type 10 has an invalid length. [ 108.237709][ T8740] hsr_slave_0: left promiscuous mode [ 109.003796][ T8740] hsr_slave_1: left promiscuous mode [ 109.602419][ T40] audit: type=1400 audit(1748711725.459:535): avc: denied { getopt } for pid=8741 comm="syz.1.736" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 109.640103][ T8744] netlink: 8 bytes leftover after parsing attributes in process `syz.3.737'. [ 109.754480][ T8749] tun0: tun_chr_ioctl cmd 1074025675 [ 109.756767][ T8749] tun0: persist disabled [ 109.922479][ T8756] netlink: 'syz.1.740': attribute type 1 has an invalid length. [ 109.926630][ T8756] netlink: 'syz.1.740': attribute type 1 has an invalid length. [ 109.930132][ T8756] netlink: 'syz.1.740': attribute type 1 has an invalid length. [ 109.934002][ T8756] netlink: 'syz.1.740': attribute type 1 has an invalid length. [ 109.937405][ T8756] netlink: 'syz.1.740': attribute type 1 has an invalid length. [ 109.940908][ T8756] netlink: 'syz.1.740': attribute type 1 has an invalid length. [ 109.945507][ T8756] netlink: 'syz.1.740': attribute type 1 has an invalid length. [ 109.948927][ T8756] netlink: 'syz.1.740': attribute type 1 has an invalid length. [ 109.952433][ T8756] netlink: 'syz.1.740': attribute type 1 has an invalid length. [ 109.956044][ T8756] netlink: 'syz.1.740': attribute type 1 has an invalid length. [ 110.040898][ T8762] netlink: 24 bytes leftover after parsing attributes in process `syz.1.743'. [ 110.045181][ T5978] usb 5-1: new low-speed USB device number 9 using dummy_hcd [ 110.050512][ T63] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 110.055438][ T63] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 110.059192][ T63] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 110.062994][ T63] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 110.067404][ T63] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 110.173482][ T5978] usb 5-1: device descriptor read/64, error -71 [ 110.310539][ T8763] chnl_net:caif_netlink_parms(): no params data found [ 110.396563][ T8763] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.399476][ T8763] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.402963][ T8763] bridge_slave_0: entered allmulticast mode [ 110.406710][ T8763] bridge_slave_0: entered promiscuous mode [ 110.419979][ T8763] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.423048][ T8763] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.423436][ T5978] usb 5-1: new low-speed USB device number 10 using dummy_hcd [ 110.427298][ T8763] bridge_slave_1: entered allmulticast mode [ 110.433109][ T8763] bridge_slave_1: entered promiscuous mode [ 110.494952][ T8763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.504750][ T8763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.563432][ T5978] usb 5-1: device descriptor read/64, error -71 [ 110.573073][ T8763] team0: Port device team_slave_0 added [ 110.607619][ T8763] team0: Port device team_slave_1 added [ 110.673558][ T5978] usb usb5-port1: attempt power cycle [ 110.677799][ T8763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.680013][ T8763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.688324][ T8763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.693713][ T8763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 110.696628][ T8763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.707773][ T8763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.725583][ T8787] netlink: 8 bytes leftover after parsing attributes in process `syz.3.748'. [ 110.839315][ T8792] tmpfs: Unknown parameter 'usrquota_block_harNlimit' [ 110.866033][ T8763] hsr_slave_0: entered promiscuous mode [ 110.868347][ T8763] hsr_slave_1: entered promiscuous mode [ 110.885107][ T63] Bluetooth: hci1: unexpected event for opcode 0x1002 [ 111.033339][ T5978] usb 5-1: new low-speed USB device number 11 using dummy_hcd [ 111.053784][ T5978] usb 5-1: device descriptor read/8, error -71 [ 111.079750][ T8763] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 111.086172][ T8763] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 111.091130][ T8763] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 111.095699][ T8763] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 111.131827][ T8763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.141529][ T8763] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.147626][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.149911][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.167907][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.170170][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.303713][ T5978] usb 5-1: new low-speed USB device number 12 using dummy_hcd [ 111.325830][ T5978] usb 5-1: device descriptor read/8, error -71 [ 111.343551][ T8805] kvm: requested 6704 ns i8254 timer period limited to 200000 ns [ 111.367321][ T8763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.433649][ T5978] usb usb5-port1: unable to enumerate USB device [ 111.554913][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 111.554925][ T40] audit: type=1400 audit(1748711727.419:539): avc: denied { setopt } for pid=8816 comm="syz.1.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 111.558915][ T8763] veth0_vlan: entered promiscuous mode [ 111.570240][ T8763] veth1_vlan: entered promiscuous mode [ 111.584983][ T8763] veth0_macvtap: entered promiscuous mode [ 111.588995][ T8763] veth1_macvtap: entered promiscuous mode [ 111.600058][ T8763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.607568][ T8763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.612112][ T8763] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.616033][ T8763] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.618816][ T8763] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.621509][ T8763] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.657335][ T40] audit: type=1400 audit(1748711727.519:540): avc: denied { setattr } for pid=8823 comm="syz.3.756" name="video1" dev="devtmpfs" ino=956 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 111.696699][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.699123][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.721882][ T40] audit: type=1400 audit(1748711727.579:541): avc: denied { bind } for pid=8829 comm="syz.3.759" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 111.734120][ T1083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.737155][ T1083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.737599][ T40] audit: type=1800 audit(1748711727.599:542): pid=8830 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.759" name="bus" dev="overlay" ino=972 res=0 errno=0 [ 111.752258][ T8830] ip6erspan0: entered promiscuous mode [ 111.759451][ T40] audit: type=1400 audit(1748711727.619:543): avc: denied { mounton } for pid=8763 comm="syz-executor" path="/syzkaller.rxsY02/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 111.870257][ T8842] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 111.957512][ T8853] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.962284][ T8853] __nla_validate_parse: 1 callbacks suppressed [ 111.962295][ T8853] netlink: 4 bytes leftover after parsing attributes in process `syz.4.764'. [ 112.121907][ T40] audit: type=1400 audit(1748711727.979:544): avc: denied { map } for pid=8862 comm="syz.1.768" path="socket:[25755]" dev="sockfs" ino=25755 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 112.129540][ T63] Bluetooth: hci4: command tx timeout [ 112.132306][ T40] audit: type=1400 audit(1748711727.979:545): avc: denied { read } for pid=8862 comm="syz.1.768" path="socket:[25755]" dev="sockfs" ino=25755 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 112.605587][ T40] audit: type=1400 audit(1748711728.469:546): avc: denied { mounton } for pid=8868 comm="syz.1.778" path="/227/file1/file0" dev="autofs" ino=27677 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 112.868795][ T8884] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000021: 0000 [#1] SMP KASAN NOPTI [ 112.870874][ T40] audit: type=1400 audit(1748711728.729:547): avc: denied { read } for pid=8882 comm="syz.3.773" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 112.872443][ T8884] KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] [ 112.875730][ T8885] virtio-pci 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 112.875835][ T8885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.773'. [ 112.884788][ T40] audit: type=1400 audit(1748711728.749:548): avc: denied { read } for pid=5329 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 112.887065][ T8884] CPU: 1 UID: 0 PID: 8884 Comm: syz.3.773 Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) [ 112.900268][ T8884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 112.903557][ T8884] RIP: 0010:bcsp_recv+0x10a/0x17f0 [ 112.905458][ T8884] Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 da ba 51 f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8 [ 112.911350][ T8884] RSP: 0018:ffffc90003eafbf0 EFLAGS: 00010293 [ 112.913211][ T8884] RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff886a307a [ 112.915617][ T8884] RDX: ffff888028102440 RSI: ffffffff886a30c6 RDI: 0000000000000005 [ 112.918039][ T8884] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 112.920446][ T8884] R10: 0000000000000001 R11: 0000000000000001 R12: ffffc90003eafd88 [ 112.923066][ T8884] R13: ffffc90003eafd88 R14: 0000000000000001 R15: ffff8880251eac00 [ 112.925584][ T8884] FS: 00007f24a27796c0(0000) GS:ffff8880d686e000(0000) knlGS:0000000000000000 [ 112.928300][ T8884] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.930328][ T8884] CR2: 00005609ff40cce8 CR3: 0000000064519000 CR4: 0000000000352ef0 [ 112.932759][ T8884] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 112.935162][ T8884] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 112.937566][ T8884] Call Trace: [ 112.938590][ T8884] [ 112.939518][ T8884] ? __pfx_bcsp_recv+0x10/0x10 [ 112.941022][ T8884] hci_uart_tty_receive+0x251/0x7e0 [ 112.942628][ T8884] ? __pfx_hci_uart_tty_receive+0x10/0x10 [ 112.944378][ T8884] tty_ioctl+0x57d/0x1610 [ 112.945773][ T8884] ? __pfx_tty_ioctl+0x10/0x10 [ 112.947278][ T8884] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 112.949341][ T8884] ? hook_file_ioctl_common+0x145/0x410 [ 112.951038][ T8884] ? selinux_file_ioctl+0x180/0x270 [ 112.952654][ T8884] ? selinux_file_ioctl+0xb4/0x270 [ 112.954239][ T8884] ? __pfx_tty_ioctl+0x10/0x10 [ 112.955741][ T8884] __x64_sys_ioctl+0x18e/0x210 [ 112.957233][ T8884] do_syscall_64+0xcd/0x4c0 [ 112.958640][ T8884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.960420][ T8884] RIP: 0033:0x7f24a198e969 [ 112.961804][ T8884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.967627][ T8884] RSP: 002b:00007f24a2779038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 112.970321][ T8884] RAX: ffffffffffffffda RBX: 00007f24a1bb6080 RCX: 00007f24a198e969 [ 112.972808][ T8884] RDX: 0000200000000140 RSI: 0000000000005412 RDI: 000000000000002a [ 112.975234][ T8884] RBP: 00007f24a1a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 112.977620][ T8884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.980056][ T8884] R13: 0000000000000000 R14: 00007f24a1bb6080 R15: 00007ffda8a54228 [ 112.982514][ T8884] [ 112.983497][ T8884] Modules linked in: [ 112.985270][ T8884] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 112.988652][ T8884] RIP: 0010:bcsp_recv+0x10a/0x17f0 [ 112.990530][ T8884] Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 da ba 51 f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8 [ 112.996990][ T8884] RSP: 0018:ffffc90003eafbf0 EFLAGS: 00010293 [ 113.013392][ T8884] RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff886a307a [ 113.015879][ T8884] RDX: ffff888028102440 RSI: ffffffff886a30c6 RDI: 0000000000000005 [ 113.018343][ T8884] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 113.020798][ T8884] R10: 0000000000000001 R11: 0000000000000001 R12: ffffc90003eafd88 [ 113.033506][ T8884] R13: ffffc90003eafd88 R14: 0000000000000001 R15: ffff8880251eac00 [ 113.035939][ T8884] FS: 00007f24a27796c0(0000) GS:ffff8880d686e000(0000) knlGS:0000000000000000 [ 113.038706][ T8884] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.043476][ T8884] CR2: 0000559bbf650b00 CR3: 0000000064519000 CR4: 0000000000352ef0 [ 113.045982][ T8884] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 113.048405][ T8884] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 113.050904][ T8884] Kernel panic - not syncing: Fatal exception [ 113.053436][ T8884] Kernel Offset: disabled [ 113.054774][ T8884] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:15:27 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85592885 RDI=ffffffff9b06d6a0 RBP=ffffffff9b06d660 RSP=ffffc9000078f880 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=74203a7469647561 R12=0000000000000000 R13=0000000000000064 R14=ffffffff9b06d660 R15=ffffffff85592820 RIP=ffffffff855928af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d676e000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f24a2757f98 CR3=0000000064519000 CR4=00352ef0 DR0=0000000000000004 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11a8a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11a97 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11a91 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11aa5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11b2b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11c09 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1b83488 00007f24a1b83480 00007f24a1b83478 00007f24a1b83450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a26ed100 00007f24a1b83440 00007f24a1b83458 00007f24a1b834a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1b83498 00007f24a1b83490 00007f24a1b83488 00007f24a1b83480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000046 RCX=ffffffff819b68e2 RDX=ffff888028102440 RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000001 RSP=ffffc90003eaf900 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=6567203a73706f4f R12=1ffff920007d5f23 R13=0000000000000000 R14=ffff88801cf10000 R15=ffffc90003eaf9d0 RIP=ffffffff81bbe688 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f24a27796c0 ffffffff 00c00000 GS =0000 ffff8880d686e000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005609ff40cce8 CR3=0000000064519000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11a8a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11a97 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11a91 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11aa5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11b2b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11c09 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1b83488 00007f24a1b83480 00007f24a1b83478 00007f24a1b83450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a26ed100 00007f24a1b83440 00007f24a1b83458 00007f24a1b834a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1b83498 00007f24a1b83490 00007f24a1b83488 00007f24a1b83480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000ae57c4ac RBX=000000000000000e RCX=ffff888033446b90 RDX=00000000116e56a7 RSI=0000000000000001 RDI=00000000a51eb395 RBP=0000000000000000 RSP=ffffc90003e8f480 R8 =0000000000000005 R9 =ffff88816d1c4ac0 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=00000000ae57c4ac R14=ffffc90003e8f4e8 R15=000000000000000e RIP=ffffffff850b9f1e RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d696e000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f1374681ff8 CR3=000000002aa58000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000ac800000 Opmask01=0000000020003fff Opmask02=00000000bfffbfff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 70002f74656e2f73 73616c632f737973 2f002f74656e2f73 79732f636f72702f ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0061616161616161 6161616161786e65 004300303d73656d 616e66692e74656e ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 005c5c5c5c5c5c5c 5c5c5c5c5c455358 0043000d004e5850 5c535b5413495853 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 feb26eb1cdfa7bca 0000000563afbe61 0000000000000111 00003070656e622f ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff00060014 0000008000080008 00006f6c00030007 0100007f00020008 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff00060014 0000008000080008 00006f6c00030007 0100007f00020008 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0080100296ea9c2e 683b392d00020014 0000005800000a27 00000a27ffffffff ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0003000bfffffea9 0004000811c7fea9 0002000811c7fea9 0001000800000003 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000008000080008 00000ba700000ba7 ffffffffffffffff 0006001435f4bb7f ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbff52532232d20 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000865fc RBX=0000000000000003 RCX=ffffffff8b7c6449 RDX=ffffed100d4e663e RSI=ffffffff8c153140 RDI=ffffffff8191fa01 RBP=ffffed1003c5b000 RSP=ffffc90000197df8 R8 =0000000000000000 R9 =ffffed100d4e663d R10=ffff88806a7331eb R11=0000000000000000 R12=0000000000000003 R13=ffff88801e2d8000 R14=ffffffff90a78750 R15=0000000000000000 RIP=ffffffff8b7c4faf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a6e000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b2e85ffff CR3=0000000064519000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11a8a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11a97 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11a91 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11aa5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11b2b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1a11c09 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1b83488 00007f24a1b83480 00007f24a1b83478 00007f24a1b83450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a26ed100 00007f24a1b83440 00007f24a1b83458 00007f24a1b834a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a1b83498 00007f24a1b83490 00007f24a1b83488 00007f24a1b83480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000