last executing test programs: 38.462186152s ago: executing program 0 (id=171): r0 = socket$netlink(0x10, 0x3, 0x8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async) recvmmsg(r0, &(0x7f00000025c0)=[{{&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000380)=[{&(0x7f0000000080)=""/206, 0xce}, {&(0x7f0000000280)=""/156, 0x9c}, {&(0x7f00000001c0)=""/47, 0x2f}, {&(0x7f0000000200)=""/39, 0x27}, {&(0x7f0000000340)=""/13, 0xd}], 0x5, &(0x7f0000000400)=""/59, 0x3b}, 0x101}, {{&(0x7f0000000440)=@phonet, 0x80, &(0x7f0000001500)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/52, 0x63}], 0x2, &(0x7f0000001540)=""/131, 0x83}}, {{&(0x7f0000001600)=@xdp, 0x80, &(0x7f0000001980)=[{&(0x7f0000001680)=""/86, 0x56}, {&(0x7f0000001700)=""/107, 0x6b}, {&(0x7f0000001780)=""/224, 0xe0}, {&(0x7f0000001880)=""/33, 0x21}, {&(0x7f00000018c0)}, {&(0x7f0000001900)=""/113, 0x71}], 0x6, &(0x7f0000001a00)=""/66, 0x42}, 0x2}, {{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001a80)=""/240, 0xf0}, {&(0x7f0000001b80)=""/222, 0xde}, {&(0x7f0000001c80)=""/18, 0x12}, {&(0x7f0000001cc0)=""/181, 0xb5}, {&(0x7f0000002180)=""/255, 0xff}, {&(0x7f0000001e80)=""/58, 0x3a}, {&(0x7f0000001ec0)=""/195, 0xc3}], 0x27}, 0x4}, {{&(0x7f0000001d80)=@phonet, 0x80, &(0x7f0000002540)=[{&(0x7f00000018c0)=""/22, 0x16}, {0xffffffffffffffff}, {&(0x7f0000002280)=""/248, 0xf8}, {&(0x7f0000002380)=""/133, 0x85}, {&(0x7f0000001e00)}, {&(0x7f0000002440)=""/219, 0xdb}], 0x6, &(0x7f0000001e40)=""/11, 0xb}, 0x5}], 0x5, 0x42, &(0x7f0000002140)={0x77359400}) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$snapshot(0xffffffffffffff9c, 0x0, 0xc2d41, 0x0) (async) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) 37.473851838s ago: executing program 1 (id=471): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_TEST_OP_SET_TEMP_MEMORY_LIMIT(r0, 0x3ba0, &(0x7f00000000c0)={0x48, 0x9, 0x0, 0x0, 0x6}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x6, r1, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000}) ioctl$IOMMU_DESTROY$ioas(r0, 0x3b80, &(0x7f0000000540)={0x8, r1}) 37.404139555s ago: executing program 1 (id=472): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f000000d7c0)=[{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000001ac0)="65893d3d25794b636402784e88122c8b", 0x10}], 0x1, &(0x7f0000003780), 0x0, 0x4040850}], 0x1, 0x20088090) read$alg(r1, &(0x7f0000002300)=""/4128, 0x1020) 36.592302434s ago: executing program 1 (id=475): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7b1300000000a798fccdad00005a7212800b00010067656e657665000010000280060005004e20000004000600848d0d9c86ba72b09f5ca56bfcebb78f8ffe429b862e926a47ff2536d3b62bedfd2f7ab7e4ea2b45ee88c424d665668b93c0707ad41132b52f1a501ca90d19964c38d253034b9636deda2befca"], 0x40}}, 0x40800) 35.791560556s ago: executing program 1 (id=478): r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) fcntl$setsig(r0, 0xa, 0x21) fcntl$setlease(r0, 0x400, 0x1) close_range(r0, 0xffffffffffffffff, 0x0) r1 = fsmount(r0, 0x1, 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000100)={'macvlan1\x00', &(0x7f0000000440)=@ethtool_per_queue_op={0x4b, 0xe, [0x1, 0x800, 0x10, 0x5, 0xc0, 0x8, 0x5, 0x6, 0x2c3, 0x3, 0x7, 0x24, 0x8, 0x67, 0x9, 0x80, 0xe8, 0x80000001, 0x4, 0x8, 0xa360, 0x400080, 0x7, 0xb3, 0x1, 0xc1, 0x4, 0x80000000, 0xfff, 0x1, 0x800, 0x200, 0xd8, 0x7, 0x8, 0x7, 0x120000, 0x2, 0x8, 0x7, 0x7, 0x0, 0x100, 0xa, 0x9, 0x8, 0xf6, 0x8, 0x8, 0x0, 0x800, 0xfffffff8, 0xd3, 0x1, 0x5, 0x437fc84, 0xe2fc, 0x2, 0x7ff, 0x40000000, 0x9, 0x3, 0x1, 0x7, 0x0, 0x101, 0xffff8813, 0x7, 0x1, 0x1, 0x591, 0xfffffff9, 0x17, 0x40000009, 0x0, 0x7, 0xb, 0xbc05, 0x5, 0x6, 0x81, 0xba2d, 0x1, 0xe, 0xc, 0x5, 0x2, 0x1, 0xfffffffa, 0x7b6e, 0x0, 0x2, 0x1, 0xa66, 0xf04c, 0x3, 0x3, 0x1, 0xc, 0x5, 0x7, 0x5, 0x5, 0x7, 0x9, 0x2c3, 0x8c0, 0x5, 0x400, 0x2, 0x0, 0x800, 0xbda, 0xfffffffa, 0x26, 0x0, 0x3f3, 0x4, 0xffff, 0x80000000, 0x7, 0x4, 0x1, 0x3, 0xadf4, 0x5, 0x5, 0xa], "006811f94592f2550b18532449e8ada2cbd92eee92e79ef10905a604252ec0c8ed15fa487c09b6990102baff0446f75389294e6d57d1119472cef0d1063540409b0aa1851441d38bd18d"}}) setpgid(r2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) r6 = openat$cgroup(r0, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r6, &(0x7f0000000200)='cpuset.effective_mems\x00', 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) setpgid(0x0, r2) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r7, 0x80049363, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0) socket$key(0xf, 0x3, 0x2) r8 = socket$key(0xf, 0x3, 0x2) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f00000000c0)={r8, r7}) sendmmsg(r8, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) socketpair(0x2, 0x5, 0xbb, &(0x7f0000000000)) 35.58301868s ago: executing program 1 (id=482): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES16, @ANYBLOB="0100000000000000000014000000080016"], 0x4c}}, 0x4000085) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000005e0010002bbd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="04000000"], 0x1c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x7, &(0x7f00000001c0)=0x44, 0x4) setsockopt$CAN_RAW_FD_FRAMES(r4, 0x65, 0x5, &(0x7f00000002c0)=0x3, 0x4) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) keyctl$join(0x1, &(0x7f0000000100)={'syz', 0x2}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 35.223851062s ago: executing program 1 (id=485): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c00000010001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYBLOB="b5"], 0x6c}}, 0x0) (async, rerun: 32) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x18c0}}, 0x0) (rerun: 32) r1 = syz_open_dev$mouse(&(0x7f0000000140), 0x0, 0x10000) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000280)={0x8, [0x1, 0xb, 0x1, 0x6, 0x6, 0x7, 0x1, 0xbe]}, 0x14) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000031401002abb7000fddbdf250900020073797a30000000000800410073697600140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x40008c0}, 0x4400) (async) r3 = socket(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) (async) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x4e21, 0x0, @mcast2}}, 0x5c) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) (async) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r7, 0xc0106407, &(0x7f00000000c0)={0x1, 0x3, 0x23, 0x6}) (async, rerun: 32) ioctl$DRM_IOCTL_SET_VERSION(r7, 0xc0106407, &(0x7f0000000140)={0x1, 0x1}) (async, rerun: 32) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv6_newroute={0x44, 0x18, 0x1, 0xfffffffc, 0x25dfdbfb, {0xa, 0x0, 0x0, 0x0, 0xfe, 0x4, 0xfe}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x1, {0x0, 0x0, 0x10, 0x0, 0xfc}}}}}, @RTA_OIF={0x8, 0x4, r6}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}]}, 0x44}}, 0x0) (async) pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$SNDRV_PCM_IOCTL_REWIND(r8, 0x40084146, &(0x7f0000000100)=0x800) 35.173085994s ago: executing program 32 (id=485): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c00000010001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYBLOB="b5"], 0x6c}}, 0x0) (async, rerun: 32) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x18c0}}, 0x0) (rerun: 32) r1 = syz_open_dev$mouse(&(0x7f0000000140), 0x0, 0x10000) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000280)={0x8, [0x1, 0xb, 0x1, 0x6, 0x6, 0x7, 0x1, 0xbe]}, 0x14) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000031401002abb7000fddbdf250900020073797a30000000000800410073697600140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x40008c0}, 0x4400) (async) r3 = socket(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) (async) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x4e21, 0x0, @mcast2}}, 0x5c) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) (async) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r7, 0xc0106407, &(0x7f00000000c0)={0x1, 0x3, 0x23, 0x6}) (async, rerun: 32) ioctl$DRM_IOCTL_SET_VERSION(r7, 0xc0106407, &(0x7f0000000140)={0x1, 0x1}) (async, rerun: 32) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv6_newroute={0x44, 0x18, 0x1, 0xfffffffc, 0x25dfdbfb, {0xa, 0x0, 0x0, 0x0, 0xfe, 0x4, 0xfe}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x1, {0x0, 0x0, 0x10, 0x0, 0xfc}}}}}, @RTA_OIF={0x8, 0x4, r6}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}]}, 0x44}}, 0x0) (async) pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$SNDRV_PCM_IOCTL_REWIND(r8, 0x40084146, &(0x7f0000000100)=0x800) 30.290602591s ago: executing program 0 (id=171): r0 = socket$netlink(0x10, 0x3, 0x8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async) recvmmsg(r0, &(0x7f00000025c0)=[{{&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000380)=[{&(0x7f0000000080)=""/206, 0xce}, {&(0x7f0000000280)=""/156, 0x9c}, {&(0x7f00000001c0)=""/47, 0x2f}, {&(0x7f0000000200)=""/39, 0x27}, {&(0x7f0000000340)=""/13, 0xd}], 0x5, &(0x7f0000000400)=""/59, 0x3b}, 0x101}, {{&(0x7f0000000440)=@phonet, 0x80, &(0x7f0000001500)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/52, 0x63}], 0x2, &(0x7f0000001540)=""/131, 0x83}}, {{&(0x7f0000001600)=@xdp, 0x80, &(0x7f0000001980)=[{&(0x7f0000001680)=""/86, 0x56}, {&(0x7f0000001700)=""/107, 0x6b}, {&(0x7f0000001780)=""/224, 0xe0}, {&(0x7f0000001880)=""/33, 0x21}, {&(0x7f00000018c0)}, {&(0x7f0000001900)=""/113, 0x71}], 0x6, &(0x7f0000001a00)=""/66, 0x42}, 0x2}, {{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001a80)=""/240, 0xf0}, {&(0x7f0000001b80)=""/222, 0xde}, {&(0x7f0000001c80)=""/18, 0x12}, {&(0x7f0000001cc0)=""/181, 0xb5}, {&(0x7f0000002180)=""/255, 0xff}, {&(0x7f0000001e80)=""/58, 0x3a}, {&(0x7f0000001ec0)=""/195, 0xc3}], 0x27}, 0x4}, {{&(0x7f0000001d80)=@phonet, 0x80, &(0x7f0000002540)=[{&(0x7f00000018c0)=""/22, 0x16}, {0xffffffffffffffff}, {&(0x7f0000002280)=""/248, 0xf8}, {&(0x7f0000002380)=""/133, 0x85}, {&(0x7f0000001e00)}, {&(0x7f0000002440)=""/219, 0xdb}], 0x6, &(0x7f0000001e40)=""/11, 0xb}, 0x5}], 0x5, 0x42, &(0x7f0000002140)={0x77359400}) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$snapshot(0xffffffffffffff9c, 0x0, 0xc2d41, 0x0) (async) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) 23.682133539s ago: executing program 0 (id=171): r0 = socket$netlink(0x10, 0x3, 0x8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async) recvmmsg(r0, &(0x7f00000025c0)=[{{&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000380)=[{&(0x7f0000000080)=""/206, 0xce}, {&(0x7f0000000280)=""/156, 0x9c}, {&(0x7f00000001c0)=""/47, 0x2f}, {&(0x7f0000000200)=""/39, 0x27}, {&(0x7f0000000340)=""/13, 0xd}], 0x5, &(0x7f0000000400)=""/59, 0x3b}, 0x101}, {{&(0x7f0000000440)=@phonet, 0x80, &(0x7f0000001500)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/52, 0x63}], 0x2, &(0x7f0000001540)=""/131, 0x83}}, {{&(0x7f0000001600)=@xdp, 0x80, &(0x7f0000001980)=[{&(0x7f0000001680)=""/86, 0x56}, {&(0x7f0000001700)=""/107, 0x6b}, {&(0x7f0000001780)=""/224, 0xe0}, {&(0x7f0000001880)=""/33, 0x21}, {&(0x7f00000018c0)}, {&(0x7f0000001900)=""/113, 0x71}], 0x6, &(0x7f0000001a00)=""/66, 0x42}, 0x2}, {{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001a80)=""/240, 0xf0}, {&(0x7f0000001b80)=""/222, 0xde}, {&(0x7f0000001c80)=""/18, 0x12}, {&(0x7f0000001cc0)=""/181, 0xb5}, {&(0x7f0000002180)=""/255, 0xff}, {&(0x7f0000001e80)=""/58, 0x3a}, {&(0x7f0000001ec0)=""/195, 0xc3}], 0x27}, 0x4}, {{&(0x7f0000001d80)=@phonet, 0x80, &(0x7f0000002540)=[{&(0x7f00000018c0)=""/22, 0x16}, {0xffffffffffffffff}, {&(0x7f0000002280)=""/248, 0xf8}, {&(0x7f0000002380)=""/133, 0x85}, {&(0x7f0000001e00)}, {&(0x7f0000002440)=""/219, 0xdb}], 0x6, &(0x7f0000001e40)=""/11, 0xb}, 0x5}], 0x5, 0x42, &(0x7f0000002140)={0x77359400}) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$snapshot(0xffffffffffffff9c, 0x0, 0xc2d41, 0x0) (async) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) 16.812372648s ago: executing program 0 (id=171): r0 = socket$netlink(0x10, 0x3, 0x8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async) recvmmsg(r0, &(0x7f00000025c0)=[{{&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000380)=[{&(0x7f0000000080)=""/206, 0xce}, {&(0x7f0000000280)=""/156, 0x9c}, {&(0x7f00000001c0)=""/47, 0x2f}, {&(0x7f0000000200)=""/39, 0x27}, {&(0x7f0000000340)=""/13, 0xd}], 0x5, &(0x7f0000000400)=""/59, 0x3b}, 0x101}, {{&(0x7f0000000440)=@phonet, 0x80, &(0x7f0000001500)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/52, 0x63}], 0x2, &(0x7f0000001540)=""/131, 0x83}}, {{&(0x7f0000001600)=@xdp, 0x80, &(0x7f0000001980)=[{&(0x7f0000001680)=""/86, 0x56}, {&(0x7f0000001700)=""/107, 0x6b}, {&(0x7f0000001780)=""/224, 0xe0}, {&(0x7f0000001880)=""/33, 0x21}, {&(0x7f00000018c0)}, {&(0x7f0000001900)=""/113, 0x71}], 0x6, &(0x7f0000001a00)=""/66, 0x42}, 0x2}, {{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001a80)=""/240, 0xf0}, {&(0x7f0000001b80)=""/222, 0xde}, {&(0x7f0000001c80)=""/18, 0x12}, {&(0x7f0000001cc0)=""/181, 0xb5}, {&(0x7f0000002180)=""/255, 0xff}, {&(0x7f0000001e80)=""/58, 0x3a}, {&(0x7f0000001ec0)=""/195, 0xc3}], 0x27}, 0x4}, {{&(0x7f0000001d80)=@phonet, 0x80, &(0x7f0000002540)=[{&(0x7f00000018c0)=""/22, 0x16}, {0xffffffffffffffff}, {&(0x7f0000002280)=""/248, 0xf8}, {&(0x7f0000002380)=""/133, 0x85}, {&(0x7f0000001e00)}, {&(0x7f0000002440)=""/219, 0xdb}], 0x6, &(0x7f0000001e40)=""/11, 0xb}, 0x5}], 0x5, 0x42, &(0x7f0000002140)={0x77359400}) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$snapshot(0xffffffffffffff9c, 0x0, 0xc2d41, 0x0) (async) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) 10.673317086s ago: executing program 0 (id=171): r0 = socket$netlink(0x10, 0x3, 0x8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async) recvmmsg(r0, &(0x7f00000025c0)=[{{&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000380)=[{&(0x7f0000000080)=""/206, 0xce}, {&(0x7f0000000280)=""/156, 0x9c}, {&(0x7f00000001c0)=""/47, 0x2f}, {&(0x7f0000000200)=""/39, 0x27}, {&(0x7f0000000340)=""/13, 0xd}], 0x5, &(0x7f0000000400)=""/59, 0x3b}, 0x101}, {{&(0x7f0000000440)=@phonet, 0x80, &(0x7f0000001500)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/52, 0x63}], 0x2, &(0x7f0000001540)=""/131, 0x83}}, {{&(0x7f0000001600)=@xdp, 0x80, &(0x7f0000001980)=[{&(0x7f0000001680)=""/86, 0x56}, {&(0x7f0000001700)=""/107, 0x6b}, {&(0x7f0000001780)=""/224, 0xe0}, {&(0x7f0000001880)=""/33, 0x21}, {&(0x7f00000018c0)}, {&(0x7f0000001900)=""/113, 0x71}], 0x6, &(0x7f0000001a00)=""/66, 0x42}, 0x2}, {{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001a80)=""/240, 0xf0}, {&(0x7f0000001b80)=""/222, 0xde}, {&(0x7f0000001c80)=""/18, 0x12}, {&(0x7f0000001cc0)=""/181, 0xb5}, {&(0x7f0000002180)=""/255, 0xff}, {&(0x7f0000001e80)=""/58, 0x3a}, {&(0x7f0000001ec0)=""/195, 0xc3}], 0x27}, 0x4}, {{&(0x7f0000001d80)=@phonet, 0x80, &(0x7f0000002540)=[{&(0x7f00000018c0)=""/22, 0x16}, {0xffffffffffffffff}, {&(0x7f0000002280)=""/248, 0xf8}, {&(0x7f0000002380)=""/133, 0x85}, {&(0x7f0000001e00)}, {&(0x7f0000002440)=""/219, 0xdb}], 0x6, &(0x7f0000001e40)=""/11, 0xb}, 0x5}], 0x5, 0x42, &(0x7f0000002140)={0x77359400}) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$snapshot(0xffffffffffffff9c, 0x0, 0xc2d41, 0x0) (async) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) 4.293846426s ago: executing program 3 (id=741): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='pagemap\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x4, &(0x7f0000000000)=[{0x6, 0x7, 0x81, 0x81}, {0x8000, 0x0, 0x6, 0x26}, {0xb, 0x40, 0x1, 0x5b047ab3}, {0xffff, 0x81, 0x64, 0x5}]}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='fd/3\x00') 3.60201357s ago: executing program 0 (id=171): r0 = socket$netlink(0x10, 0x3, 0x8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async) recvmmsg(r0, &(0x7f00000025c0)=[{{&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000380)=[{&(0x7f0000000080)=""/206, 0xce}, {&(0x7f0000000280)=""/156, 0x9c}, {&(0x7f00000001c0)=""/47, 0x2f}, {&(0x7f0000000200)=""/39, 0x27}, {&(0x7f0000000340)=""/13, 0xd}], 0x5, &(0x7f0000000400)=""/59, 0x3b}, 0x101}, {{&(0x7f0000000440)=@phonet, 0x80, &(0x7f0000001500)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/52, 0x63}], 0x2, &(0x7f0000001540)=""/131, 0x83}}, {{&(0x7f0000001600)=@xdp, 0x80, &(0x7f0000001980)=[{&(0x7f0000001680)=""/86, 0x56}, {&(0x7f0000001700)=""/107, 0x6b}, {&(0x7f0000001780)=""/224, 0xe0}, {&(0x7f0000001880)=""/33, 0x21}, {&(0x7f00000018c0)}, {&(0x7f0000001900)=""/113, 0x71}], 0x6, &(0x7f0000001a00)=""/66, 0x42}, 0x2}, {{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001a80)=""/240, 0xf0}, {&(0x7f0000001b80)=""/222, 0xde}, {&(0x7f0000001c80)=""/18, 0x12}, {&(0x7f0000001cc0)=""/181, 0xb5}, {&(0x7f0000002180)=""/255, 0xff}, {&(0x7f0000001e80)=""/58, 0x3a}, {&(0x7f0000001ec0)=""/195, 0xc3}], 0x27}, 0x4}, {{&(0x7f0000001d80)=@phonet, 0x80, &(0x7f0000002540)=[{&(0x7f00000018c0)=""/22, 0x16}, {0xffffffffffffffff}, {&(0x7f0000002280)=""/248, 0xf8}, {&(0x7f0000002380)=""/133, 0x85}, {&(0x7f0000001e00)}, {&(0x7f0000002440)=""/219, 0xdb}], 0x6, &(0x7f0000001e40)=""/11, 0xb}, 0x5}], 0x5, 0x42, &(0x7f0000002140)={0x77359400}) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$snapshot(0xffffffffffffff9c, 0x0, 0xc2d41, 0x0) (async) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) 2.408283606s ago: executing program 3 (id=750): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='cmdline\x00') flock(r2, 0x2) flock(r2, 0x5) write$cgroup_int(r2, &(0x7f0000000180)=0xc, 0x12) sendmmsg$unix(r1, &(0x7f0000001d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}}, {{&(0x7f0000000280)=@abs={0x0, 0x0, 0x4e24}, 0x6e, 0x0, 0x0, &(0x7f00000018c0)=[@rights={{0x14, 0x1, 0x1, [r0]}}], 0x18, 0x20008880}}], 0x2, 0x4c054) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000001d80)=ANY=[@ANYBLOB="b70000001a000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f030000000000002e100200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4", @ANYRES32=r1, @ANYRES64=r2], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) recvfrom$unix(r1, &(0x7f0000000040)=""/75, 0x4b, 0x100, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) 2.040685438s ago: executing program 4 (id=760): syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x0, 0xf, 0xad, {0xad, 0xf, "adfdfb4850959bd523f19a1b2fb8dee64a753dace7d6590b72c6835545990612f9fd5db4897d574e866a81af703c535f8d74279bfda322639d88977e15a5d5bb696e5ff02c64d2049c7a625ec0d18b1b5ec7e368de3b3a2288f2a7a2bdcb1b9661ca9701ec964f099f6fa59540886ded8e04ad565bae03c9d0ea8c6ea3f9736d1c3f24a0fcae7e3120444f1a3fd612fbbf98fcdee40bd4fd6a1546b4a103e7b79a1fa972271a7124e9849a"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x424}}}, &(0x7f00000004c0)={0x44, &(0x7f0000000340)={0x0, 0xa, 0x96, "1064734e1f60650ff9e8ff3ab11f2a6cfc9a55140b603cb3a1c77a482f488d4c2a73104ad1c906c6de68811f68b958972972b8d05deff10b0767183974bdd6bd1bf7d636d4a62f40ede340c6f8c07e794fe985ae396dd4ce15d8c80ae85a31c5928eb122632ef78c960f15aab3d4a270dba6e6cb621acc3e926fb9e21f0d57437cf729447e85747d1e471fe20dbbe5c89317fbac7825"}, &(0x7f0000000140)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000180)={0x0, 0x8, 0x1, 0xf7}, &(0x7f0000000200)={0x20, 0x81, 0x1, '$'}, &(0x7f0000000280)={0x20, 0x82, 0x3, "812a5d"}, &(0x7f00000002c0)={0x20, 0x83, 0x1, "1f"}, &(0x7f00000001c0)=ANY=[@ANYBLOB="205e1fdc61d456b1548585bab2d995a6ee9e6a15df9e6be5ef7106cfba5e3dd0ff2b01099b1d4bdbbc8d1a712ce22c76cae4ac7e20f51201a314857870"], &(0x7f0000000480)={0x20, 0x85, 0x3, "9003d6"}}) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x48802, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000002740)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x29, 0x81, &(0x7f00000002c0)=""/129}, &(0x7f0000000140)="8536b60bfad6", 0x0, 0x9, 0x10000, 0x1, 0x0}) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r1) (async, rerun: 32) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000580), r1) (rerun: 32) sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x3c, r3, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0202}}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x2c, r2, 0x201, 0x70bd2c, 0x25dfdbff, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40850) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000002900), 0x2, 0x0) write$FUSE_NOTIFY_POLL(r4, &(0x7f0000002940)={0x18}, 0x18) (async) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r7, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}]}, 0x1c}}, 0x0) (async) socket$inet6_sctp(0xa, 0x1, 0x84) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) (async) syz_io_uring_setup(0x5419, &(0x7f0000000300)={0x0, 0x98be, 0x1, 0x8, 0x3be}, 0x0, 0x0) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000540)=ANY=[@ANYBLOB="050000000000000071113f00000000008510000002000000850000000500000095000000000000009500a505000000009ee69818"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x5, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async, rerun: 64) socket$packet(0x11, 0x2, 0x300) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) (async) socket$packet(0x11, 0x3, 0x300) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000800000000005e002200850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r10}, 0x10) (async) creat(&(0x7f0000000100)='./bus\x00', 0x0) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, &(0x7f00000006c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (rerun: 32) 1.983694788s ago: executing program 2 (id=761): r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22) writev(r1, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2000}], 0x1) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000340)={'erspan0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x40, 0x40, 0x177, 0xe9, {{0x6, 0x4, 0x1, 0x2, 0x18, 0x64, 0x0, 0x7, 0x2f, 0x0, @remote, @multicast1, {[@ra={0x94, 0x4}]}}}}}) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x1}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000100)='syzkaller\x00', 0x1, 0xed, &(0x7f0000000200)=""/237, 0x40f00, 0x40, '\x00', r2, 0x0, r3, 0x8, &(0x7f00000003c0)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x0, 0x0, 0x3}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20) r4 = accept4$alg(r0, 0x0, 0x0, 0x0) r5 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f000000d7c0)=[{0x0, 0x0, &(0x7f0000001d00), 0x1000000000000043, &(0x7f0000003780)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4040850}], 0x1, 0x20088090) setxattr$incfs_metadata(&(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000840), 0x0, 0x0, 0x1) setxattr$incfs_size(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000140), 0x0, 0x0, 0x1) setxattr$incfs_metadata(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), 0x0, 0x0, 0x2) read$alg(r4, &(0x7f0000002300)=""/4128, 0x1020) 1.682907047s ago: executing program 4 (id=762): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000940), 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) r1 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) r4 = getpid() kcmp(r4, r4, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r5, 0x40045010, &(0x7f0000000000)) sendmsg$key(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x2, 0xb, 0x0, 0x0, 0x2}, 0x10}}, 0x20004040) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) syz_usb_connect(0x3, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201500242864220"], 0x0) sendmsg$802154_dgram(r6, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, @none={0x0, 0x2}}, 0x14, &(0x7f0000000180)={&(0x7f0000000500)="d275a4b343cf15077f8e86db59b67987ca1bdec7ca85abd7bcc5ae02c9d1367b180b8e5fd6846149c3435c2cadcacc4e869ee9cf925bd4776f3276398d2824e698ca82463faa65594ac79e3df20b8a45e66eb17d5fce497bf9796db306b592d524b4a3d74aa808cee620a95651f41ee931a91072b427fe08ac64cc17cfc1e0babf3c6143e831b9a5a4ab", 0x8a}, 0x1, 0x0, 0x0, 0x805}, 0x4000000) write$binfmt_misc(r6, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x600, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0145401, &(0x7f0000000000)={{0x3, 0x0, 0x1, 0x2}, 0x800006, 0x0, 'id0\x00', 'timer0\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe}) 1.50267628s ago: executing program 3 (id=763): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x6, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x10, 0x4}, [@ldst={0x3, 0x0, 0x3, 0xa, 0x0, 0xff70}], {0x95, 0x0, 0xb}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff4d, 0x10, &(0x7f0000000000), 0xfffffe51, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839", 0x5}], 0x1}, 0x0) socket$kcm(0x29, 0x7, 0x0) recvmsg(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x53}], 0x1}, 0x40fd) socket$kcm(0x29, 0x5, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @loopback, @local}, {{0x4e22, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1}}}}}}, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$x86(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$x86(r8, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0x1, 0x25, {"4831ff48c7c6fdfe04004881c60001000048893e"}}], 0x25}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r10, 0x400448e3, &(0x7f0000000500)) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) 1.292626405s ago: executing program 3 (id=764): clock_adjtime(0x0, &(0x7f0000000140)={0x97, 0xfff0bdc1, 0x2000, 0x0, 0x0, 0xfffffffffffffdfd, 0x4, 0x4, 0xffffffffffffffff, 0x3, 0x3, 0x0, 0x0, 0xfffffffffffffffe, 0x4, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x774, 0x0, 0x0, 0x0, 0x20000}) (async, rerun: 64) r0 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x9801, 0x1303}, [@IFLA_OPERSTATE={0x5, 0x10, 0x2}]}, 0x28}}, 0x0) (async) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0) (async) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') move_mount(r4, 0x0, r4, &(0x7f0000000100)='./mnt\x00', 0x137) (async, rerun: 64) timerfd_settime(r4, 0x1, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, &(0x7f0000000040)) (rerun: 64) 1.121519394s ago: executing program 2 (id=765): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0xd85fd000) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000240)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) r1 = socket$unix(0x1, 0x1, 0x0) mmap(&(0x7f0000646000/0x2000)=nil, 0x2000, 0xb635773f07ebbeee, 0x12, r1, 0x0) 1.121119426s ago: executing program 2 (id=766): r0 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f00000000c0)={0x2b0, 0x1ffe000, 0x0, 'queue0\x00', 0x9}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, &(0x7f0000000040)={0x1, 'vlan0\x00'}) (async) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x9) (async, rerun: 32) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async, rerun: 32) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x3ec0) (async) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) (rerun: 32) connect$netrom(r4, 0x0, 0x0) (async) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000643000/0x3000)=nil, 0x3000, &(0x7f0000000000)='%\x00') syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) 705.853365ms ago: executing program 4 (id=767): r0 = open(&(0x7f0000000000)='./file0\x00', 0x200000, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) (async) symlinkat(&(0x7f0000000040)='./file0\x00', r0, &(0x7f0000000080)='./file0\x00') (async) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, &(0x7f0000000140)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f00000000c0)=0x7f, 0x0, 0x4) 705.503949ms ago: executing program 4 (id=768): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_pidfd_open(r1, 0x0) ioctl$EXT4_IOC_MIGRATE(r2, 0xff09) r3 = dup(r0) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r3, 0x46c1c000) 626.394352ms ago: executing program 4 (id=769): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'veth1_vlan\x00', &(0x7f0000000540)=@ethtool_gstrings={0x1b, 0x9}}) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x205c1, 0x0) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x5}, 0x4) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="1400000013000104000000000000000005"], 0x14}], 0x1}, 0x0) 150.087421ms ago: executing program 2 (id=770): r0 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80d01, 0x0) socket$packet(0x11, 0xc2340cf684d20d18, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x3, 0x7, 0x201, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4c800}, 0x800) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYRESDEC=r3, @ANYRESDEC=r2, @ANYRES64=r1], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r2}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4) r6 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00', 0x0}) r9 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', r8, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB="340000001000010027bd70000000000000000000", @ANYRES32=r6, @ANYBLOB="004100010000000014002b8008000100", @ANYRES32=r9], 0x34}}, 0x404c000) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1a, 0x2, &(0x7f00000001c0)=@raw=[@call={0x85, 0x0, 0x0, 0x7e}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], &(0x7f0000000100)='syzkaller\x00', 0x9, 0xb7, &(0x7f00000002c0)=""/183, 0x41000, 0x10, '\x00', 0x0, @tracing=0x17, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x4, 0x10, 0x3, 0x9}, 0x10, 0x0, 0xffffffffffffffff, 0x6, 0x0, &(0x7f00000003c0)=[{0x5, 0x2, 0xd, 0x4}, {0x5, 0x3, 0x3, 0x5}, {0x2, 0x3, 0xd, 0x5}, {0x3, 0x2, 0xc, 0x8}, {0x2, 0x1, 0x9, 0x1}, {0x5, 0x5, 0xa, 0xb}], 0x10, 0x7f, @void, @value}, 0x94) writev(r0, &(0x7f0000000180)=[{0x0}, {&(0x7f0000000040)="b845d9", 0x3}], 0x2) 149.792764ms ago: executing program 3 (id=771): syz_io_uring_setup(0xde2, &(0x7f0000000200)={0x0, 0x5b3c, 0x0, 0x40000000, 0x54}, 0x0, 0x0) r0 = socket(0x10, 0x803, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), r1) sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000ffdbdf252500000005002b00000000000a000101800000000000000006000400a3aa00000600060003000000"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r3, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0) 62.470661ms ago: executing program 4 (id=772): prctl$PR_SET_IO_FLUSHER(0x43, 0x1) (async) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) (async) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) preadv2(r5, &(0x7f0000000400)=[{&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) (async) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x44, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x9, 0xfff1}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x681e}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {}, {0x7, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0xee01, 0xee01}}, './file0\x00'}) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r8, 0x10, &(0x7f00000002c0)={0x3, 0x0, &(0x7f0000000200)=[{&(0x7f0000000340)=""/213, 0xd5}, {&(0x7f0000000180)=""/100, 0x64}], &(0x7f0000000280)=[0x0, 0x3, 0xffffffffffffffff, 0x9532, 0x1], 0x2}, 0x20) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r1, 0xf50f, 0x0) r10 = syz_open_dev$vim2m(&(0x7f0000000000), 0x100, 0x2) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r8) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000004c0)={'wlan1\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000004c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000600)={0x1a0, r11, 0x800, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0x9, 0x1a}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x80}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @NL80211_ATTR_MESH_SETUP={0xc, 0x70, [@NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC={0x5}]}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x32}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x15b8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}], @NL80211_ATTR_TX_RATES={0x124, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x94, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x3b, 0x2, [{0x1, 0x8}, {0x0, 0xa}, {0x3, 0x9}, {0x1, 0x2}, {0x2, 0x8}, {0x4, 0x6}, {0x2, 0x8}, {0x0, 0x9}, {0x6, 0x4}, {0x1, 0x6}, {0x1, 0x4}, {0x2, 0x8}, {0x0, 0x6}, {0x7, 0x1}, {0x0, 0x4}, {0x3, 0x7}, {0x1, 0x1}, {0x5, 0x6}, {0x3, 0x1}, {0x6, 0x8}, {0x7}, {0x4, 0x9}, {0x4}, {0x7, 0x1}, {0x5, 0x7}, {0x7, 0x2}, {0x0, 0xa}, {0x5, 0x4}, {0x7, 0xa}, {0x1, 0x7}, {0x4}, {0x1, 0x2}, {0x0, 0x7}, {0x3, 0x3}, {0x6, 0x3}, {0x0, 0x8}, {0x0, 0x9}, {0x4, 0x1}, {0x3}, {0x6, 0x7}, {0x0, 0x2}, {0x5, 0x8}, {0x7, 0x3}, {0x7, 0x5}, {0x7, 0x4}, {0x0, 0x7}, {0x0, 0x8}, {0x4, 0x3}, {0x7}, {0x6, 0x9}, {0x3, 0x2}, {0x0, 0x5}, {}, {0x2, 0x6}, {0x5, 0x6}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff8, 0x7f, 0x1, 0xfff7, 0x0, 0xfffc, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x9ebd, 0x3, 0x2, 0x4d8d, 0x1000, 0x3, 0x3]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x2d, 0x8, 0x0, 0x315a, 0x80, 0x2, 0xef]}}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x12, 0x4b, 0xc, 0x1b, 0x3, 0x24, 0x1, 0x9, 0x2b, 0xc]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_2GHZ={0x8c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x14, 0x1, [0x3, 0x48, 0x9, 0x48, 0xb, 0x3, 0x2, 0x60, 0xc, 0x4, 0x5, 0x36, 0x9, 0x12, 0x6c, 0x36]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x340, 0xe, 0x9, 0x17e7, 0x40, 0x7, 0xffff]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfffd, 0x7, 0x1, 0x8b07, 0x0, 0x2, 0x34, 0x3f]}}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x2, 0x1c}, {0x0, 0x6}, {0x6, 0x6}, {0x6, 0x8}, {0x2, 0x4}, {0x6, 0x5}, {0x1, 0x6}, {0x6, 0x2}, {0x5}, {0x5, 0xa}, {0x1, 0x5}, {0x1, 0x9}, {0x1, 0x1}, {0x6, 0x1}, {0x1, 0x5}, {0x4, 0xa}, {0x7}, {0x6, 0x4}, {0x7, 0x3}, {0x3, 0x3}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x6c]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x3, 0x8, 0xa, 0x3ff, 0x42, 0x101, 0xa]}}]}]}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0x7}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x800}, 0x44) (async) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000600)={0x1a0, r11, 0x800, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0x9, 0x1a}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x80}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @NL80211_ATTR_MESH_SETUP={0xc, 0x70, [@NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC={0x5}]}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x32}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x15b8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}], @NL80211_ATTR_TX_RATES={0x124, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x94, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x3b, 0x2, [{0x1, 0x8}, {0x0, 0xa}, {0x3, 0x9}, {0x1, 0x2}, {0x2, 0x8}, {0x4, 0x6}, {0x2, 0x8}, {0x0, 0x9}, {0x6, 0x4}, {0x1, 0x6}, {0x1, 0x4}, {0x2, 0x8}, {0x0, 0x6}, {0x7, 0x1}, {0x0, 0x4}, {0x3, 0x7}, {0x1, 0x1}, {0x5, 0x6}, {0x3, 0x1}, {0x6, 0x8}, {0x7}, {0x4, 0x9}, {0x4}, {0x7, 0x1}, {0x5, 0x7}, {0x7, 0x2}, {0x0, 0xa}, {0x5, 0x4}, {0x7, 0xa}, {0x1, 0x7}, {0x4}, {0x1, 0x2}, {0x0, 0x7}, {0x3, 0x3}, {0x6, 0x3}, {0x0, 0x8}, {0x0, 0x9}, {0x4, 0x1}, {0x3}, {0x6, 0x7}, {0x0, 0x2}, {0x5, 0x8}, {0x7, 0x3}, {0x7, 0x5}, {0x7, 0x4}, {0x0, 0x7}, {0x0, 0x8}, {0x4, 0x3}, {0x7}, {0x6, 0x9}, {0x3, 0x2}, {0x0, 0x5}, {}, {0x2, 0x6}, {0x5, 0x6}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff8, 0x7f, 0x1, 0xfff7, 0x0, 0xfffc, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x9ebd, 0x3, 0x2, 0x4d8d, 0x1000, 0x3, 0x3]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x2d, 0x8, 0x0, 0x315a, 0x80, 0x2, 0xef]}}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x12, 0x4b, 0xc, 0x1b, 0x3, 0x24, 0x1, 0x9, 0x2b, 0xc]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_2GHZ={0x8c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x14, 0x1, [0x3, 0x48, 0x9, 0x48, 0xb, 0x3, 0x2, 0x60, 0xc, 0x4, 0x5, 0x36, 0x9, 0x12, 0x6c, 0x36]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x340, 0xe, 0x9, 0x17e7, 0x40, 0x7, 0xffff]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfffd, 0x7, 0x1, 0x8b07, 0x0, 0x2, 0x34, 0x3f]}}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x2, 0x1c}, {0x0, 0x6}, {0x6, 0x6}, {0x6, 0x8}, {0x2, 0x4}, {0x6, 0x5}, {0x1, 0x6}, {0x6, 0x2}, {0x5}, {0x5, 0xa}, {0x1, 0x5}, {0x1, 0x9}, {0x1, 0x1}, {0x6, 0x1}, {0x1, 0x5}, {0x4, 0xa}, {0x7}, {0x6, 0x4}, {0x7, 0x3}, {0x3, 0x3}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x6c]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x3, 0x8, 0xa, 0x3ff, 0x42, 0x101, 0xa]}}]}]}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0x7}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x800}, 0x44) ioctl$vim2m_VIDIOC_ENUM_FMT(r10, 0xc0405602, &(0x7f00000000c0)={0xc, 0x1, 0x0, "6040a7190200002000000000000000ff1057e31e94000000000000000006ff00", 0x42303159}) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) r13 = mq_open(&(0x7f0000000100)='&\x00', 0x40, 0x100, 0x0) mq_notify(r13, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) close_range(r13, 0xffffffffffffffff, 0x0) (async) close_range(r13, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0) ioctl$I2C_RETRIES(r9, 0x701, 0x0) (async) ioctl$I2C_RETRIES(r9, 0x701, 0x0) 58.748131ms ago: executing program 3 (id=773): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000019580)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(camellia)\x00'}, 0x58) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201}) r4 = socket$kcm(0x2, 0xa, 0x2) r5 = socket$inet6(0xa, 0x3, 0x1) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'pim6reg\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) write$tun(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff0200000000000000000000000000012f"], 0xffe) r6 = accept4$alg(r0, 0x0, 0x0, 0x0) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000001c0)={0x1b, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x1, 0x0, @void, @value, @void, @value}, 0x50) r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x5, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000140)}, 0x20) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000540)={'syztnl2\x00', &(0x7f0000000500)={'syztnl2\x00', 0x0, 0x20, 0x1, 0x9, 0x4, {{0x6, 0x4, 0x0, 0x2a, 0x18, 0x68, 0x0, 0x0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, {[@end]}}}}}) r11 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r12 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r12, 0x4b44, 0x10000000000004) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r11, 0x80049367, 0x0) r13 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r14 = fcntl$dupfd(r13, 0x0, r13) write$sndseq(r14, &(0x7f0000000180)=[{0x0, 0x43, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {0x0, 0x8}, {0x80}, @time=@time={0x9, 0x1}}], 0x38) read$snapshot(r14, 0x0, 0x0) r15 = openat$vsock(0xffffffffffffff9c, &(0x7f00000005c0), 0x20000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x17, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1a47, 0x0, 0x0, 0x0, 0x100}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@map_fd={0x18, 0x7, 0x1, 0x0, r8}, @exit, @tail_call={{0x18, 0x2, 0x1, 0x0, r9}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x6db6f036dfc8470}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000340)='GPL\x00', 0x5, 0x5d, &(0x7f0000000480)=""/93, 0x41000, 0x11, '\x00', r10, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x2, 0xa, 0x80000001, 0x401}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000600)=[r11, r14, r5, r15], &(0x7f0000000640)=[{0x2, 0x4, 0x9, 0x1}, {0x3, 0x4, 0x5, 0x6}, {0x2, 0x4, 0x8}, {0x5, 0x5, 0x5, 0x8}, {0x0, 0x1, 0x8, 0x7}], 0x10, 0x7, @void, @value}, 0x94) sendmmsg$alg(r6, &(0x7f000000d7c0)=[{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000001ac0)="65893d3d25794b636402784e88122c8b", 0x10}], 0x1, &(0x7f0000003780)=[@op={0x18}], 0x18, 0x4040850}], 0x1, 0x20088090) 58.013363ms ago: executing program 2 (id=774): syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x1, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000040)={0x0, 0x0, {0x125a8, 0x10, 0x0, 0x5, 0x2, 0x6, 0x2, 0xdd2fcb245114ab72}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYRESHEX=r1, @ANYRES8=r0, @ANYBLOB="05f300ec00000000000020"], 0x18}}, 0x0) 0s ago: executing program 2 (id=775): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x3c1, 0x3, 0x2e8, 0x0, 0x12, 0x60d, 0x148, 0x202, 0x218, 0x2e8, 0x2e8, 0x218, 0x2c0, 0x4, 0x0, {[{{@ipv6={@local, @mcast1, [], [0xff], 'veth0_to_team\x00', 'macsec0\x00', {}, {}, 0x0, 0x0, 0x0, 0x11}, 0x0, 0x100, 0x148, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x445, 0x400, 0x9}}, @common=@srh={{0x30}, {0x21, 0xfd, 0xfa, 0x7, 0x0, 0x43, 0x182}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@ipv6={@private1, @loopback, [0x0, 0x0, 0xff, 0xffffff00], [0xff000000, 0xff000000, 0xff], 'nicvf0\x00', 'geneve0\x00', {0xff}, {}, 0x2c, 0x3, 0x6, 0x75}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x348) r1 = socket(0x11, 0x800000003, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r4 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r4) syz_usb_connect(0x4, 0x24, &(0x7f00000000c0)=ANY=[], 0x0) ioctl$EVIOCRMFF(r4, 0x40095505, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x60, 0x2, {{0x2, [], 0x0, [0x4, 0x2], [0x0, 0x4]}, [@TCA_MQPRIO_SHAPER={0x6, 0x2, 0x1}]}}}]}, 0x90}}, 0x0) kernel console output (not intermixed with test programs): tered promiscuous mode [ 85.335299][ T7331] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.346847][ T7331] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.351250][ T7331] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.354870][ T7331] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.357635][ T7331] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.360378][ T7331] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.364675][ T7491] all: renamed from ip_vti0 (while UP) [ 85.417198][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.422530][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.437688][ T1244] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.440235][ T1244] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.905117][ T7512] 9pnet_fd: Insufficient options for proto=fd [ 86.043673][ T7518] block nbd2: shutting down sockets [ 86.358807][ T7539] pim6reg527: entered allmulticast mode [ 86.583879][ T7543] program syz.2.406 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 86.587991][ T7543] program syz.2.406 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 86.593153][ T7544] program syz.2.406 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 86.593419][ T7543] program syz.2.406 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 86.721219][ T7550] netlink: 'syz.2.408': attribute type 1 has an invalid length. [ 86.760048][ T7558] netlink: 36 bytes leftover after parsing attributes in process `syz.2.409'. [ 86.931203][ T7562] kvm: kvm [7561]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xd2e2 [ 86.945774][ T7562] kvm_intel: kvm [7561]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xe5bd [ 87.103273][ T5940] Bluetooth: hci0: command 0x0c1a tx timeout [ 87.262157][ T5940] Bluetooth: hci3: command 0x0c1a tx timeout [ 87.262181][ T5288] Bluetooth: hci1: command 0x0406 tx timeout [ 87.491142][ T1155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.148418][ T7582] program syz.2.414 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 88.193381][ T5940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.196945][ T5940] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.200296][ T5940] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.203827][ T5940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.206404][ T5940] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.301406][ T7587] chnl_net:caif_netlink_parms(): no params data found [ 88.377038][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 88.377052][ T40] audit: type=1400 audit(1748038800.896:486): avc: denied { unlink } for pid=5933 comm="syz-executor" name="file0" dev="tmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 88.412959][ T7587] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.415342][ T7587] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.417701][ T7587] bridge_slave_0: entered allmulticast mode [ 88.421379][ T7587] bridge_slave_0: entered promiscuous mode [ 88.428220][ T7587] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.432239][ T7587] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.435273][ T7587] bridge_slave_1: entered allmulticast mode [ 88.437911][ T7587] bridge_slave_1: entered promiscuous mode [ 88.477233][ T7587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.483747][ T7587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.535375][ T7587] team0: Port device team_slave_0 added [ 88.539388][ T7587] team0: Port device team_slave_1 added [ 88.570852][ T7587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.574054][ T7587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.582756][ T7587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.587291][ T7587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.589605][ T7587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.600391][ T7587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.646350][ T7587] hsr_slave_0: entered promiscuous mode [ 88.649030][ T7587] hsr_slave_1: entered promiscuous mode [ 88.651536][ T7587] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.655547][ T7587] Cannot create hsr debugfs directory [ 89.042971][ T40] audit: type=1400 audit(1748038801.566:487): avc: denied { read } for pid=7619 comm="syz.2.418" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 89.053626][ T40] audit: type=1400 audit(1748038801.566:488): avc: denied { open } for pid=7619 comm="syz.2.418" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 89.067476][ T7620] create_pit_timer: 14 callbacks suppressed [ 89.067485][ T7620] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 89.083235][ T7620] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 89.090348][ T7620] kvm: requested 127390 ns i8254 timer period limited to 200000 ns [ 89.097179][ T7620] kvm: requested 36876 ns i8254 timer period limited to 200000 ns [ 89.138630][ T40] audit: type=1400 audit(1748038801.656:489): avc: denied { attach_queue } for pid=7622 comm="syz.3.419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 89.182704][ T5288] Bluetooth: hci0: command 0x0c1a tx timeout [ 89.290668][ T7632] tmpfs: Bad value for 'mpol' [ 89.342266][ T5288] Bluetooth: hci1: command 0x0406 tx timeout [ 89.352144][ T5288] Bluetooth: hci3: command 0x0c1a tx timeout [ 89.384389][ T1155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.455679][ T1155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.486186][ T7655] netlink: 4 bytes leftover after parsing attributes in process `syz.3.426'. [ 89.535138][ T1155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.666843][ T1155] bridge_slave_1: left allmulticast mode [ 89.669173][ T1155] bridge_slave_1: left promiscuous mode [ 89.671616][ T1155] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.676909][ T1155] bridge_slave_0: left allmulticast mode [ 89.679288][ T1155] bridge_slave_0: left promiscuous mode [ 89.681753][ T1155] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.917355][ T1155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 89.923259][ T1155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 89.927335][ T1155] bond0 (unregistering): Released all slaves [ 90.216368][ T40] audit: type=1400 audit(1748038802.736:490): avc: denied { unmount } for pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 90.232186][ T5288] Bluetooth: hci2: command tx timeout [ 90.247153][ T40] audit: type=1400 audit(1748038802.766:491): avc: denied { write } for pid=7668 comm="syz.3.429" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 90.251005][ T7664] netlink: 40 bytes leftover after parsing attributes in process `syz.1.427'. [ 90.261859][ T1155] hsr_slave_0: left promiscuous mode [ 90.267026][ T1155] hsr_slave_1: left promiscuous mode [ 90.272398][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.274768][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 90.279157][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.281640][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 90.306440][ T1155] veth1_macvtap: left promiscuous mode [ 90.308597][ T1155] veth0_macvtap: left promiscuous mode [ 90.310571][ T1155] veth1_vlan: left promiscuous mode [ 90.312595][ T1155] veth0_vlan: left promiscuous mode [ 90.895195][ T1155] team0 (unregistering): Port device team_slave_1 removed [ 90.959314][ T1155] team0 (unregistering): Port device team_slave_0 removed [ 91.262125][ T5288] Bluetooth: hci0: command 0x0c1a tx timeout [ 91.422122][ T5288] Bluetooth: hci3: command 0x0c1a tx timeout [ 91.449787][ T40] audit: type=1400 audit(1748038803.966:492): avc: denied { read } for pid=7688 comm="syz.1.432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 91.451108][ T7691] netlink: 'syz.3.433': attribute type 23 has an invalid length. [ 91.470559][ T40] audit: type=1400 audit(1748038803.986:493): avc: denied { connect } for pid=7690 comm="syz.3.433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 91.481323][ T40] audit: type=1400 audit(1748038803.986:494): avc: denied { shutdown } for pid=7690 comm="syz.3.433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 91.537827][ T7587] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.543113][ T7587] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.547176][ T7587] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.551694][ T7587] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.628243][ T7587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.635003][ T40] audit: type=1400 audit(1748038804.156:495): avc: denied { write } for pid=7706 comm="syz.2.437" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 91.638642][ T7701] netlink: 'syz.1.434': attribute type 11 has an invalid length. [ 91.639797][ T7587] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.642455][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.645884][ T7701] netlink: 224 bytes leftover after parsing attributes in process `syz.1.434'. [ 91.647780][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.659714][ T168] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.662023][ T168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.738933][ T7713] netfs: Couldn't get user pages (rc=-14) [ 91.771270][ T7713] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.808770][ T7587] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.835978][ T7587] veth0_vlan: entered promiscuous mode [ 91.841441][ T7587] veth1_vlan: entered promiscuous mode [ 91.856478][ T7587] veth0_macvtap: entered promiscuous mode [ 91.862785][ T7587] veth1_macvtap: entered promiscuous mode [ 91.871819][ T7587] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.879290][ T7587] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.884233][ T7587] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.886862][ T7587] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.889477][ T7587] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.892138][ T7587] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.921163][ T168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.928820][ T168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.944840][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.948196][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.365006][ T7735] netlink: 48 bytes leftover after parsing attributes in process `syz.2.443'. [ 92.485753][ T5288] Bluetooth: hci1: unexpected event for opcode 0x1405 [ 92.607711][ T7762] Driver unsupported XDP return value 0 on prog (id 72) dev N/A, expect packet loss! [ 92.608153][ T7761] netlink: 24 bytes leftover after parsing attributes in process `syz.1.451'. [ 92.782482][ T7219] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 92.922171][ T7219] usb 7-1: device descriptor read/64, error -71 [ 93.060297][ T7792] netlink: 8 bytes leftover after parsing attributes in process `syz.3.459'. [ 93.182140][ T7219] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 93.296939][ T7799] Invalid option length (1037940) for dns_resolver key [ 93.322053][ T7219] usb 7-1: device descriptor read/64, error -71 [ 93.442268][ T7219] usb usb7-port1: attempt power cycle [ 93.789204][ T7832] netlink: 20 bytes leftover after parsing attributes in process `syz.3.468'. [ 93.789215][ T7830] netlink: 20 bytes leftover after parsing attributes in process `syz.3.468'. [ 93.802213][ T7219] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 93.823481][ T7219] usb 7-1: device descriptor read/8, error -71 [ 93.830868][ T7833] loop2: detected capacity change from 0 to 7 [ 93.834773][ T7833] loop2: [ 93.835819][ T7833] loop2: partition table partially beyond EOD, truncated [ 93.844216][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/77.tmp-b7:2' failed: Read-only file system [ 93.856243][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/77.tmp-b7:2' failed: Read-only file system [ 93.865241][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/77.tmp-b7:2' failed: Read-only file system [ 93.874490][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/77.tmp-b7:2' failed: Read-only file system [ 94.064042][ T7219] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 94.082478][ T7219] usb 7-1: device descriptor read/8, error -71 [ 94.192284][ T7219] usb usb7-port1: unable to enumerate USB device [ 94.765207][ T5940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 94.768083][ T5940] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 94.771031][ T5940] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 94.775615][ T5940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 94.778352][ T5940] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.569610][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 95.791095][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 95.793486][ T7856] netlink: 'syz.2.474': attribute type 8 has an invalid length. [ 95.797534][ T7856] netlink: 8 bytes leftover after parsing attributes in process `syz.2.474'. [ 95.847418][ T7859] netlink: 32 bytes leftover after parsing attributes in process `syz.1.475'. [ 96.595047][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.598299][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 96.606923][ T7862] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 96.613415][ T40] kauditd_printk_skb: 6 callbacks suppressed [ 96.613425][ T40] audit: type=1400 audit(1748038809.136:502): avc: denied { mount } for pid=7860 comm="syz.1.478" name="/" dev="autofs" ino=27558 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 96.661553][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 96.668476][ T7871] x_tables: ip_tables: CT target: only valid in raw table, not ./cgroup.net/syz0 [ 96.683858][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.705741][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 96.770255][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.771125][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.783269][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.785753][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.792087][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.794515][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.796806][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.797268][ T7843] chnl_net:caif_netlink_parms(): no params data found [ 96.798987][ T40] audit: type=1400 audit(1748038809.316:503): avc: denied { unmount } for pid=5933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 96.799473][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.811577][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.814231][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.816531][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.818845][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.821086][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.823911][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.826708][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.829051][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.832563][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.835043][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.837484][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.839949][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.843148][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.846030][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.848632][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 96.852820][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.855565][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.857992][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.863855][ T5288] Bluetooth: hci2: command tx timeout [ 96.866155][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.868539][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.870937][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.873404][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.875733][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.878048][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.882977][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.885377][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.887647][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.889935][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.892549][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.892875][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.894852][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.894867][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.902744][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.905113][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.907486][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.909893][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.912704][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.919071][ T57] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 96.924126][ T57] hid-generic 0000:007F:FFFFFFFE.0004: hidraw1: HID v0.00 Device [syz1] on syz0 [ 96.952371][ T7893] fido_id[7893]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 96.981301][ T7843] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.983615][ T7843] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.985786][ T7843] bridge_slave_0: entered allmulticast mode [ 96.988376][ T7843] bridge_slave_0: entered promiscuous mode [ 96.991351][ T7843] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.993618][ T7843] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.995841][ T7843] bridge_slave_1: entered allmulticast mode [ 96.998602][ T7843] bridge_slave_1: entered promiscuous mode [ 97.038746][ T7843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.048795][ T7843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.107549][ T7843] team0: Port device team_slave_0 added [ 97.110161][ T12] bridge_slave_1: left allmulticast mode [ 97.112889][ T12] bridge_slave_1: left promiscuous mode [ 97.114685][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.118794][ T12] bridge_slave_0: left allmulticast mode [ 97.120853][ T12] bridge_slave_0: left promiscuous mode [ 97.123894][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.328514][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 97.332572][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 97.335904][ T12] bond0 (unregistering): Released all slaves [ 97.343330][ T7843] team0: Port device team_slave_1 added [ 97.384045][ T5940] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.388339][ T5940] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.396470][ T5940] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.404125][ T5940] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.406779][ T5940] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.407906][ T7843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.410911][ T7843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.420135][ T7843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.424691][ T7843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.426890][ T7843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.435440][ T7843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.499037][ T7843] hsr_slave_0: entered promiscuous mode [ 97.501214][ T7843] hsr_slave_1: entered promiscuous mode [ 97.503506][ T7843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.505788][ T7843] Cannot create hsr debugfs directory [ 97.687458][ T12] hsr_slave_0: left promiscuous mode [ 97.691634][ T12] hsr_slave_1: left promiscuous mode [ 97.694109][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.696406][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.701529][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.703972][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 97.727969][ T12] veth1_macvtap: left promiscuous mode [ 97.729676][ T12] veth0_macvtap: left promiscuous mode [ 97.731375][ T12] veth1_vlan: left promiscuous mode [ 97.733153][ T12] veth0_vlan: left promiscuous mode [ 98.008638][ T7920] netlink: 8 bytes leftover after parsing attributes in process `syz.3.490'. [ 98.012587][ T7920] netlink: 12 bytes leftover after parsing attributes in process `syz.3.490'. [ 98.268326][ T12] team0 (unregistering): Port device team_slave_1 removed [ 98.323240][ T12] team0 (unregistering): Port device team_slave_0 removed [ 98.798916][ T7927] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 98.843500][ T40] audit: type=1400 audit(1748038811.356:504): avc: denied { connect } for pid=7928 comm="syz.2.492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 98.843542][ T7929] netlink: 8 bytes leftover after parsing attributes in process `syz.2.492'. [ 98.857213][ T7929] netlink: 92 bytes leftover after parsing attributes in process `syz.2.492'. [ 98.868056][ T7898] chnl_net:caif_netlink_parms(): no params data found [ 98.887798][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 98.911450][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 98.925476][ T7938] netlink: 24 bytes leftover after parsing attributes in process `syz.3.495'. [ 98.938922][ T7935] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=528 sclass=netlink_route_socket pid=7935 comm=syz.2.494 [ 98.955232][ T5940] Bluetooth: hci2: command tx timeout [ 98.993166][ T7938] netlink: 4 bytes leftover after parsing attributes in process `syz.3.495'. [ 99.018767][ T7898] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.021531][ T7898] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.028579][ T7898] bridge_slave_0: entered allmulticast mode [ 99.032094][ T7898] bridge_slave_0: entered promiscuous mode [ 99.076463][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 99.098412][ T6043] udevd[6043]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 99.098824][ T7898] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.105162][ T7898] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.113160][ T7898] bridge_slave_1: entered allmulticast mode [ 99.116768][ T7898] bridge_slave_1: entered promiscuous mode [ 99.159358][ T7898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.163817][ T7898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.216496][ T7959] tmpfs: User quota inode hardlimit too large. [ 99.217711][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 99.244392][ T7898] team0: Port device team_slave_0 added [ 99.251369][ T7898] team0: Port device team_slave_1 added [ 99.274406][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 99.277803][ T7963] x_tables: duplicate underflow at hook 2 [ 99.309488][ T7898] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.311907][ T40] audit: type=1326 audit(1748038811.826:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7964 comm="syz.3.502" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a818e969 code=0x7ffc0000 [ 99.311938][ T7898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.320606][ T40] audit: type=1326 audit(1748038811.826:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7964 comm="syz.3.502" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a818e969 code=0x7ffc0000 [ 99.326893][ T7898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.335438][ T40] audit: type=1326 audit(1748038811.836:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7964 comm="syz.3.502" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff0a818e969 code=0x7ffc0000 [ 99.338584][ T7898] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.346087][ T40] audit: type=1326 audit(1748038811.836:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7964 comm="syz.3.502" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a818e969 code=0x7ffc0000 [ 99.349567][ T7898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.356879][ T40] audit: type=1326 audit(1748038811.836:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7964 comm="syz.3.502" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a818e969 code=0x7ffc0000 [ 99.365006][ T7898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.374007][ T40] audit: type=1326 audit(1748038811.836:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7964 comm="syz.3.502" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff0a818e969 code=0x7ffc0000 [ 99.387175][ T40] audit: type=1326 audit(1748038811.836:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7964 comm="syz.3.502" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a818e969 code=0x7ffc0000 [ 99.421861][ T7898] hsr_slave_0: entered promiscuous mode [ 99.423825][ T5940] Bluetooth: hci0: command tx timeout [ 99.426349][ T7898] hsr_slave_1: entered promiscuous mode [ 99.428337][ T7898] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.430668][ T7898] Cannot create hsr debugfs directory [ 99.505227][ T12] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.562506][ T7843] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.567678][ T7843] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.572810][ T12] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.579953][ T7843] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.585666][ T7843] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.627173][ T7898] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 99.631032][ T7898] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 99.644688][ T7898] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 99.654304][ T7898] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 99.671490][ T7843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.681823][ T12] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.692425][ T7898] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.694641][ T7898] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.696955][ T7898] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.699236][ T7898] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.713487][ T168] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.717147][ T168] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.741020][ T7843] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.747737][ T12] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.760926][ T168] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.763164][ T168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.770706][ T168] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.773036][ T168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.817962][ T7898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.838531][ T7898] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.861670][ T1244] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.863892][ T1244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.871189][ T1244] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.873554][ T1244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.880769][ T12] bridge_slave_1: left allmulticast mode [ 99.883002][ T12] bridge_slave_1: left promiscuous mode [ 99.884809][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.888647][ T12] bridge_slave_0: left allmulticast mode [ 99.890357][ T12] bridge_slave_0: left promiscuous mode [ 99.896690][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.120252][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 100.127998][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 100.132766][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 100.136348][ T12] bond0 (unregistering): Released all slaves [ 100.143387][ T12] bond1 (unregistering): Released all slaves [ 100.157145][ T5940] Bluetooth: hci1: unexpected event for opcode 0x100c [ 100.195158][ T7843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.199055][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 100.202259][ T7898] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 100.276498][ T7843] veth0_vlan: entered promiscuous mode [ 100.283679][ T7843] veth1_vlan: entered promiscuous mode [ 100.299203][ T7843] veth0_macvtap: entered promiscuous mode [ 100.303574][ T7843] veth1_macvtap: entered promiscuous mode [ 100.313515][ T7843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.320592][ T7843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.326620][ T7843] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.329185][ T7843] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.331746][ T7843] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.335596][ T7843] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.345003][ T7898] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.410453][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.415687][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.430681][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.436533][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.453803][ T12] hsr_slave_0: left promiscuous mode [ 100.463324][ T12] hsr_slave_1: left promiscuous mode [ 100.466059][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 100.469640][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 100.476311][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 100.478546][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 100.506266][ T12] veth1_macvtap: left promiscuous mode [ 100.507942][ T12] veth0_macvtap: left promiscuous mode [ 100.509705][ T12] veth1_vlan: left promiscuous mode [ 100.511258][ T12] veth0_vlan: left promiscuous mode [ 100.774513][ T8027] netlink: 28 bytes leftover after parsing attributes in process `syz.3.509'. [ 100.851202][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 101.490817][ T8026] sch_tbf: burst 0 is lower than device geneve0 mtu (1464) ! [ 101.506139][ T8032] netlink: 8 bytes leftover after parsing attributes in process `syz.2.510'. [ 101.512156][ T5940] Bluetooth: hci0: command tx timeout [ 101.536955][ T7898] veth0_vlan: entered promiscuous mode [ 101.542963][ T7898] veth1_vlan: entered promiscuous mode [ 101.568515][ T7898] veth0_macvtap: entered promiscuous mode [ 101.570599][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 101.573723][ T7898] veth1_macvtap: entered promiscuous mode [ 101.587092][ T7898] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.593189][ T7898] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.605223][ T7898] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.607957][ T7898] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.610726][ T7898] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.613914][ T7898] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.626104][ T40] kauditd_printk_skb: 24 callbacks suppressed [ 101.626116][ T40] audit: type=1400 audit(1748038814.146:536): avc: denied { unmount } for pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 101.693138][ T168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.695511][ T168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.717181][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.719600][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.763752][ T8055] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 101.825990][ T40] audit: type=1400 audit(1748038814.346:537): avc: denied { setopt } for pid=8059 comm="syz.4.486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 101.920155][ T8070] netlink: 'syz.3.515': attribute type 1 has an invalid length. [ 101.947539][ T40] audit: type=1400 audit(1748038814.466:538): avc: denied { bind } for pid=8069 comm="syz.3.515" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 102.159341][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.886631][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.967763][ T8093] netlink: 'syz.3.520': attribute type 1 has an invalid length. [ 102.967815][ T8091] netlink: 4 bytes leftover after parsing attributes in process `syz.4.518'. [ 102.987910][ T8096] netlink: 8 bytes leftover after parsing attributes in process `syz.2.519'. [ 102.991518][ T8096] netlink: 4 bytes leftover after parsing attributes in process `syz.2.519'. [ 103.010538][ T8096] gre0: Master is either lo or non-ether device [ 103.031086][ T8100] netlink: 16 bytes leftover after parsing attributes in process `syz.3.520'. [ 103.057642][ T8103] netlink: 4 bytes leftover after parsing attributes in process `syz.2.521'. [ 103.131070][ T5288] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 103.135926][ T5288] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 103.138482][ T5288] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 103.141117][ T5288] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 103.143984][ T5288] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 103.166240][ T8117] 9pnet_virtio: no channels available for device syz [ 103.170503][ T40] audit: type=1400 audit(1748038815.686:539): avc: denied { connect } for pid=8114 comm="syz.2.523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 103.248969][ T8127] FAULT_INJECTION: forcing a failure. [ 103.248969][ T8127] name failslab, interval 1, probability 0, space 0, times 1 [ 103.255822][ T8127] CPU: 3 UID: 0 PID: 8127 Comm: syz.2.524 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 103.255852][ T8127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 103.255863][ T8127] Call Trace: [ 103.255869][ T8127] [ 103.255876][ T8127] dump_stack_lvl+0x16c/0x1f0 [ 103.255925][ T8127] should_fail_ex+0x512/0x640 [ 103.255956][ T8127] ? __kmalloc_noprof+0xbf/0x510 [ 103.255976][ T8127] ? sock_kmalloc+0x111/0x170 [ 103.256000][ T8127] should_failslab+0xc2/0x120 [ 103.256019][ T8127] __kmalloc_noprof+0xd2/0x510 [ 103.256037][ T8127] ? do_raw_spin_lock+0x12c/0x2b0 [ 103.256059][ T8127] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 103.256081][ T8127] sock_kmalloc+0x111/0x170 [ 103.256107][ T8127] af_alg_alloc_areq+0xbc/0x2e0 [ 103.256136][ T8127] skcipher_recvmsg+0x32b/0x1030 [ 103.256163][ T8127] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 103.256199][ T8127] sock_recvmsg+0x1f9/0x250 [ 103.256225][ T8127] sock_read_iter+0x2b9/0x3b0 [ 103.256251][ T8127] ? __pfx_sock_read_iter+0x10/0x10 [ 103.256285][ T8127] ? bpf_lsm_file_permission+0x9/0x10 [ 103.256310][ T8127] ? security_file_permission+0x71/0x210 [ 103.256339][ T8127] ? rw_verify_area+0xcf/0x680 [ 103.256367][ T8127] vfs_read+0xaa3/0xc70 [ 103.256399][ T8127] ? __pfx_vfs_read+0x10/0x10 [ 103.256422][ T8127] ? find_held_lock+0x2b/0x80 [ 103.256462][ T8127] ksys_read+0x205/0x240 [ 103.256488][ T8127] ? __pfx_ksys_read+0x10/0x10 [ 103.256513][ T8127] ? rcu_is_watching+0x12/0xc0 [ 103.256542][ T8127] do_syscall_64+0xcd/0x260 [ 103.256571][ T8127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.256589][ T8127] RIP: 0033:0x7f626378e969 [ 103.256603][ T8127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.256620][ T8127] RSP: 002b:00007f62646bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 103.256638][ T8127] RAX: ffffffffffffffda RBX: 00007f62639b5fa0 RCX: 00007f626378e969 [ 103.256650][ T8127] RDX: 0000000000001020 RSI: 0000200000002300 RDI: 0000000000000004 [ 103.256660][ T8127] RBP: 00007f62646bf090 R08: 0000000000000000 R09: 0000000000000000 [ 103.256670][ T8127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.256681][ T8127] R13: 0000000000000000 R14: 00007f62639b5fa0 R15: 00007ffde8bee7f8 [ 103.256705][ T8127] [ 103.279166][ T8110] chnl_net:caif_netlink_parms(): no params data found [ 103.314235][ T8130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.525'. [ 103.532920][ T8110] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.535466][ T8110] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.538256][ T8110] bridge_slave_0: entered allmulticast mode [ 103.541272][ T8110] bridge_slave_0: entered promiscuous mode [ 103.545133][ T8110] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.547419][ T8110] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.549632][ T8110] bridge_slave_1: entered allmulticast mode [ 103.552364][ T8110] bridge_slave_1: entered promiscuous mode [ 103.585677][ T8110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.590147][ T8110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.598692][ T5288] Bluetooth: hci0: command tx timeout [ 103.639125][ T8110] team0: Port device team_slave_0 added [ 103.645129][ T8110] team0: Port device team_slave_1 added [ 103.680363][ T8110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.683389][ T8110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.692899][ T8110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.697171][ T8110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.699480][ T8110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.708958][ T8110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.750980][ T8110] hsr_slave_0: entered promiscuous mode [ 103.753371][ T8110] hsr_slave_1: entered promiscuous mode [ 103.955737][ T8158] netlink: 14212 bytes leftover after parsing attributes in process `syz.3.528'. [ 103.956392][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.982878][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 104.017903][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 104.046781][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.077070][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 104.125046][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 104.161726][ T13] bridge_slave_1: left allmulticast mode [ 104.164075][ T13] bridge_slave_1: left promiscuous mode [ 104.165897][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.169486][ T13] bridge_slave_0: left allmulticast mode [ 104.171205][ T13] bridge_slave_0: left promiscuous mode [ 104.173608][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.384329][ T8173] FAULT_INJECTION: forcing a failure. [ 104.384329][ T8173] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 104.389348][ T8173] CPU: 2 UID: 0 PID: 8173 Comm: syz.2.533 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 104.389364][ T8173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 104.389371][ T8173] Call Trace: [ 104.389375][ T8173] [ 104.389380][ T8173] dump_stack_lvl+0x16c/0x1f0 [ 104.389400][ T8173] should_fail_ex+0x512/0x640 [ 104.389418][ T8173] should_fail_alloc_page+0xe7/0x130 [ 104.389432][ T8173] prepare_alloc_pages+0x3c2/0x610 [ 104.389449][ T8173] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 104.389453][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 104.389468][ T8173] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 104.389488][ T8173] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 104.389507][ T8173] ? policy_nodemask+0xea/0x4e0 [ 104.389520][ T8173] alloc_pages_mpol+0x1fb/0x550 [ 104.389533][ T8173] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 104.389544][ T8173] ? __lock_acquire+0x5ca/0x1ba0 [ 104.389564][ T8173] folio_alloc_mpol_noprof+0x36/0x2f0 [ 104.389579][ T8173] vma_alloc_folio_noprof+0xed/0x1e0 [ 104.389593][ T8173] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 104.389611][ T8173] do_pte_missing+0x223d/0x3fb0 [ 104.389633][ T8173] __handle_mm_fault+0x103d/0x2a40 [ 104.389654][ T8173] ? __pfx___handle_mm_fault+0x10/0x10 [ 104.389670][ T8173] ? __pte_offset_map_lock+0x155/0x2f0 [ 104.389684][ T8173] ? find_held_lock+0x2b/0x80 [ 104.389697][ T8173] ? find_held_lock+0x2b/0x80 [ 104.389718][ T8173] handle_mm_fault+0x3fe/0xad0 [ 104.389738][ T8173] __get_user_pages+0x771/0x36f0 [ 104.389758][ T8173] ? __pfx___get_user_pages+0x10/0x10 [ 104.389774][ T8173] ? __pfx_down_read_killable+0x10/0x10 [ 104.389786][ T8173] ? __lock_acquire+0x5ca/0x1ba0 [ 104.389804][ T8173] __gup_longterm_locked+0x20d/0x1850 [ 104.389824][ T8173] ? __pfx___gup_longterm_locked+0x10/0x10 [ 104.389842][ T8173] ? find_held_lock+0x2b/0x80 [ 104.389855][ T8173] ? sanity_check_pinned_pages+0x23/0x11e0 [ 104.389872][ T8173] gup_fast_fallback+0x183d/0x2650 [ 104.389897][ T8173] ? __pfx_gup_fast_fallback+0x10/0x10 [ 104.389915][ T8173] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 104.389930][ T8173] ? is_bpf_text_address+0x94/0x1a0 [ 104.389945][ T8173] pin_user_pages_fast+0xa7/0xf0 [ 104.389960][ T8173] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 104.389980][ T8173] iov_iter_extract_pages+0x3a2/0x2000 [ 104.389998][ T8173] ? stack_trace_snprint+0x30/0xd0 [ 104.390011][ T8173] ? stack_depot_save_flags+0x28/0xa50 [ 104.390029][ T8173] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 104.390045][ T8173] ? sock_kmalloc+0x111/0x170 [ 104.390059][ T8173] ? kasan_save_stack+0x42/0x60 [ 104.390068][ T8173] ? kasan_save_stack+0x33/0x60 [ 104.390076][ T8173] ? kasan_save_track+0x14/0x30 [ 104.390085][ T8173] ? __kasan_kmalloc+0xaa/0xb0 [ 104.390100][ T8173] ? __kmalloc_noprof+0x223/0x510 [ 104.390109][ T8173] ? sock_kmalloc+0x111/0x170 [ 104.390122][ T8173] ? af_alg_alloc_areq+0xbc/0x2e0 [ 104.390136][ T8173] ? skcipher_recvmsg+0x32b/0x1030 [ 104.390145][ T8173] ? sock_recvmsg+0x1f9/0x250 [ 104.390159][ T8173] ? sock_read_iter+0x2b9/0x3b0 [ 104.390172][ T8173] ? vfs_read+0xaa3/0xc70 [ 104.390187][ T8173] ? ksys_read+0x205/0x240 [ 104.390202][ T8173] ? do_syscall_64+0xcd/0x260 [ 104.390216][ T8173] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.390232][ T8173] extract_iter_to_sg+0xf6e/0x2090 [ 104.390252][ T8173] ? __pfx_extract_iter_to_sg+0x10/0x10 [ 104.390275][ T8173] af_alg_get_rsgl+0x2b8/0x7f0 [ 104.390296][ T8173] skcipher_recvmsg+0x38c/0x1030 [ 104.390311][ T8173] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 104.390333][ T8173] sock_recvmsg+0x1f9/0x250 [ 104.390348][ T8173] sock_read_iter+0x2b9/0x3b0 [ 104.390363][ T8173] ? __pfx_sock_read_iter+0x10/0x10 [ 104.390384][ T8173] ? bpf_lsm_file_permission+0x9/0x10 [ 104.390400][ T8173] ? security_file_permission+0x71/0x210 [ 104.390418][ T8173] ? rw_verify_area+0xcf/0x680 [ 104.390434][ T8173] vfs_read+0xaa3/0xc70 [ 104.390453][ T8173] ? __pfx_vfs_read+0x10/0x10 [ 104.390467][ T8173] ? find_held_lock+0x2b/0x80 [ 104.390489][ T8173] ksys_read+0x205/0x240 [ 104.390509][ T8173] ? __pfx_ksys_read+0x10/0x10 [ 104.390524][ T8173] ? rcu_is_watching+0x12/0xc0 [ 104.390541][ T8173] do_syscall_64+0xcd/0x260 [ 104.390558][ T8173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.390568][ T8173] RIP: 0033:0x7f626378e969 [ 104.390578][ T8173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.390588][ T8173] RSP: 002b:00007f62646bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 104.390598][ T8173] RAX: ffffffffffffffda RBX: 00007f62639b5fa0 RCX: 00007f626378e969 [ 104.390605][ T8173] RDX: 0000000000001020 RSI: 0000200000002300 RDI: 0000000000000004 [ 104.390612][ T8173] RBP: 00007f62646bf090 R08: 0000000000000000 R09: 0000000000000000 [ 104.390618][ T8173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.390624][ T8173] R13: 0000000000000000 R14: 00007f62639b5fa0 R15: 00007ffde8bee7f8 [ 104.390637][ T8173] [ 104.614224][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.619143][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.625191][ T13] bond0 (unregistering): Released all slaves [ 104.774406][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 104.815962][ T7820] udevd[7820]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 104.952660][ T13] hsr_slave_0: left promiscuous mode [ 104.955694][ T13] hsr_slave_1: left promiscuous mode [ 104.958473][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 104.961572][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 104.965544][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.967841][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 104.988179][ T13] veth1_macvtap: left promiscuous mode [ 104.989937][ T13] veth0_macvtap: left promiscuous mode [ 104.991678][ T13] veth1_vlan: left promiscuous mode [ 104.993713][ T13] veth0_vlan: left promiscuous mode [ 105.193747][ T5288] Bluetooth: hci2: command tx timeout [ 105.286189][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 105.302668][ T40] audit: type=1400 audit(1748038817.826:540): avc: denied { ioctl } for pid=8197 comm="syz.2.537" path="socket:[32225]" dev="sockfs" ino=32225 ioctlcmd=0x8b2c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 105.590735][ T13] team0 (unregistering): Port device team_slave_1 removed [ 105.660047][ T13] team0 (unregistering): Port device team_slave_0 removed [ 105.664430][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 105.670091][ T40] audit: type=1400 audit(1748038818.186:541): avc: denied { create } for pid=8205 comm="syz.4.538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 105.672725][ T5288] Bluetooth: hci0: command tx timeout [ 105.681023][ T40] audit: type=1400 audit(1748038818.196:542): avc: denied { write } for pid=8205 comm="syz.4.538" path="socket:[31293]" dev="sockfs" ino=31293 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 105.688901][ T40] audit: type=1400 audit(1748038818.206:543): avc: denied { accept } for pid=8205 comm="syz.4.538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 105.695841][ T40] audit: type=1400 audit(1748038818.226:544): avc: denied { read } for pid=8205 comm="syz.4.538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 105.727472][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 105.728837][ T40] audit: type=1400 audit(1748038818.246:545): avc: denied { mounton } for pid=8207 comm="syz.4.539" path="/10/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 105.974949][ T8213] Cannot find set identified by id 0 to match [ 106.304513][ T8219] FAULT_INJECTION: forcing a failure. [ 106.304513][ T8219] name failslab, interval 1, probability 0, space 0, times 0 [ 106.309812][ T8219] CPU: 3 UID: 0 PID: 8219 Comm: syz.2.542 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 106.309837][ T8219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 106.309848][ T8219] Call Trace: [ 106.309855][ T8219] [ 106.309862][ T8219] dump_stack_lvl+0x16c/0x1f0 [ 106.309892][ T8219] should_fail_ex+0x512/0x640 [ 106.309916][ T8219] ? __kmalloc_noprof+0xbf/0x510 [ 106.309936][ T8219] ? sock_kmalloc+0x111/0x170 [ 106.309958][ T8219] should_failslab+0xc2/0x120 [ 106.309978][ T8219] __kmalloc_noprof+0xd2/0x510 [ 106.310001][ T8219] sock_kmalloc+0x111/0x170 [ 106.310026][ T8219] skcipher_recvmsg+0x4a6/0x1030 [ 106.310054][ T8219] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 106.310090][ T8219] sock_recvmsg+0x1f9/0x250 [ 106.310116][ T8219] sock_read_iter+0x2b9/0x3b0 [ 106.310141][ T8219] ? __pfx_sock_read_iter+0x10/0x10 [ 106.310175][ T8219] ? bpf_lsm_file_permission+0x9/0x10 [ 106.310200][ T8219] ? security_file_permission+0x71/0x210 [ 106.310227][ T8219] ? rw_verify_area+0xcf/0x680 [ 106.310255][ T8219] vfs_read+0xaa3/0xc70 [ 106.310286][ T8219] ? __pfx_vfs_read+0x10/0x10 [ 106.310309][ T8219] ? find_held_lock+0x2b/0x80 [ 106.310350][ T8219] ksys_read+0x205/0x240 [ 106.310376][ T8219] ? __pfx_ksys_read+0x10/0x10 [ 106.310400][ T8219] ? rcu_is_watching+0x12/0xc0 [ 106.310429][ T8219] do_syscall_64+0xcd/0x260 [ 106.310457][ T8219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.310475][ T8219] RIP: 0033:0x7f626378e969 [ 106.310489][ T8219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.310507][ T8219] RSP: 002b:00007f62646bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 106.310524][ T8219] RAX: ffffffffffffffda RBX: 00007f62639b5fa0 RCX: 00007f626378e969 [ 106.310536][ T8219] RDX: 0000000000001020 RSI: 0000200000002300 RDI: 0000000000000004 [ 106.310546][ T8219] RBP: 00007f62646bf090 R08: 0000000000000000 R09: 0000000000000000 [ 106.310556][ T8219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.310567][ T8219] R13: 0000000000000000 R14: 00007f62639b5fa0 R15: 00007ffde8bee7f8 [ 106.310592][ T8219] [ 106.425241][ T8110] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.429389][ T8110] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.434483][ T8110] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.439033][ T8110] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.493221][ T8110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.510401][ T8110] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.520319][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.523355][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.531639][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.534050][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.567168][ T8228] netlink: 48 bytes leftover after parsing attributes in process `syz.4.545'. [ 106.669459][ T8110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.694741][ T8110] veth0_vlan: entered promiscuous mode [ 106.699856][ T8110] veth1_vlan: entered promiscuous mode [ 106.714102][ T8110] veth0_macvtap: entered promiscuous mode [ 106.717741][ T8110] veth1_macvtap: entered promiscuous mode [ 106.733832][ T8110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.739570][ T8110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.744013][ T8110] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.746750][ T8110] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.749514][ T8110] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.755385][ T8110] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.805449][ T1244] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.808375][ T1244] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.830834][ T1244] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.834547][ T1244] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.856970][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 106.856981][ T40] audit: type=1400 audit(1748038819.376:547): avc: denied { getopt } for pid=8244 comm="syz.4.549" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 106.857009][ T8245] GUP no longer grows the stack in syz.4.549 (8245): 200000004000-20000000a000 (200000001000) [ 106.868404][ T8245] CPU: 3 UID: 0 PID: 8245 Comm: syz.4.549 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 106.868434][ T8245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 106.868446][ T8245] Call Trace: [ 106.868454][ T8245] [ 106.868462][ T8245] dump_stack_lvl+0x16c/0x1f0 [ 106.868494][ T8245] gup_vma_lookup+0x1d2/0x220 [ 106.868521][ T8245] __get_user_pages+0x234/0x36f0 [ 106.868556][ T8245] ? __pfx___might_resched+0x10/0x10 [ 106.868590][ T8245] ? __pfx___get_user_pages+0x10/0x10 [ 106.868616][ T8245] ? __pfx_down_read_killable+0x10/0x10 [ 106.868637][ T8245] ? __lock_acquire+0x5ca/0x1ba0 [ 106.868667][ T8245] __gup_longterm_locked+0x20d/0x1850 [ 106.868698][ T8245] ? try_get_folio+0x1d2/0x730 [ 106.868720][ T8245] ? __pfx___gup_longterm_locked+0x10/0x10 [ 106.868748][ T8245] ? try_get_folio+0x255/0x730 [ 106.868770][ T8245] ? find_held_lock+0x2b/0x80 [ 106.868791][ T8245] ? sanity_check_pinned_pages+0x3ac/0x11e0 [ 106.868822][ T8245] gup_fast_fallback+0x183d/0x2650 [ 106.868866][ T8245] ? __pfx_gup_fast_fallback+0x10/0x10 [ 106.868906][ T8245] pin_user_pages_fast+0xa7/0xf0 [ 106.868932][ T8245] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 106.868957][ T8245] ? __kmalloc_noprof+0x242/0x510 [ 106.868982][ T8245] rds_info_getsockopt+0x39f/0x4f0 [ 106.869015][ T8245] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 106.869046][ T8245] ? find_held_lock+0x2b/0x80 [ 106.869068][ T8245] ? __might_fault+0x13b/0x190 [ 106.869094][ T8245] rds_getsockopt+0x173/0x2d0 [ 106.869115][ T8245] ? __pfx_rds_getsockopt+0x10/0x10 [ 106.869139][ T8245] do_sock_getsockopt+0x3fc/0x800 [ 106.869168][ T8245] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 106.869192][ T8245] ? __fget_files+0x204/0x3c0 [ 106.869224][ T8245] __sys_getsockopt+0x12f/0x260 [ 106.869249][ T8245] __x64_sys_getsockopt+0xbd/0x160 [ 106.869296][ T8245] ? do_syscall_64+0x91/0x260 [ 106.869323][ T8245] ? lockdep_hardirqs_on+0x7c/0x110 [ 106.869349][ T8245] do_syscall_64+0xcd/0x260 [ 106.869380][ T8245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.869399][ T8245] RIP: 0033:0x7fa33158e969 [ 106.869414][ T8245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.869432][ T8245] RSP: 002b:00007fa3323e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 106.869450][ T8245] RAX: ffffffffffffffda RBX: 00007fa3317b5fa0 RCX: 00007fa33158e969 [ 106.869462][ T8245] RDX: 000000000000271e RSI: 0000200000000114 RDI: 000000000000000e [ 106.869473][ T8245] RBP: 00007fa331610ab1 R08: 0000200000000040 R09: 0000000000000000 [ 106.869484][ T8245] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000000 [ 106.869495][ T8245] R13: 0000000000000000 R14: 00007fa3317b5fa0 R15: 00007ffd63accee8 [ 106.869521][ T8245] [ 107.064840][ T8252] input: syz0 as /devices/virtual/input/input11 [ 107.564729][ T8263] netlink: 'syz.2.556': attribute type 25 has an invalid length. [ 108.001208][ T8283] block nbd2: NBD_DISCONNECT [ 108.084719][ T8292] netlink: 48 bytes leftover after parsing attributes in process `syz.2.565'. [ 108.145337][ T8296] netlink: 20 bytes leftover after parsing attributes in process `syz.2.566'. [ 108.149676][ T8296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.566'. [ 108.213585][ T8300] netlink: 'syz.2.567': attribute type 1 has an invalid length. [ 108.273467][ T8300] 8021q: adding VLAN 0 to HW filter on device bond2 [ 108.277377][ T8300] bond1: (slave bond2): making interface the new active one [ 108.280442][ T8300] bond1: (slave bond2): Enslaving as an active interface with an up link [ 108.608193][ T8310] block device autoloading is deprecated and will be removed. [ 108.612327][ T8310] syz.4.570: attempt to access beyond end of device [ 108.612327][ T8310] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 108.763979][ T1155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.069887][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 109.389589][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 109.706882][ T8322] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'. [ 109.710212][ T8322] netlink: 12 bytes leftover after parsing attributes in process `syz.2.574'. [ 109.712434][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 109.729169][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 109.765765][ T5940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 109.769970][ T5940] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 109.772584][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 109.774678][ T5940] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 109.784597][ T5940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 109.788874][ T5940] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 109.836369][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 109.856167][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 109.877724][ T5950] udevd[5950]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 109.908628][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 109.940550][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 109.944261][ T8325] chnl_net:caif_netlink_parms(): no params data found [ 109.944597][ T40] audit: type=1400 audit(1748038822.466:548): avc: denied { getopt } for pid=8347 comm="syz.4.580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 110.026394][ T8325] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.028620][ T8325] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.030839][ T8325] bridge_slave_0: entered allmulticast mode [ 110.034131][ T8325] bridge_slave_0: entered promiscuous mode [ 110.039206][ T8325] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.041909][ T8325] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.044618][ T8325] bridge_slave_1: entered allmulticast mode [ 110.047163][ T8325] bridge_slave_1: entered promiscuous mode [ 110.082164][ T8325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.086797][ T8325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.102343][ T5996] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 110.124590][ T8325] team0: Port device team_slave_0 added [ 110.129044][ T8325] team0: Port device team_slave_1 added [ 110.162786][ T8325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.164963][ T8325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.173057][ T8325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.176623][ T8350] netlink: 'syz.4.581': attribute type 1 has an invalid length. [ 110.180039][ T8325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 110.182405][ T8325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.190124][ T8325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.228272][ T8325] hsr_slave_0: entered promiscuous mode [ 110.230482][ T8325] hsr_slave_1: entered promiscuous mode [ 110.232638][ T8325] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 110.234979][ T8325] Cannot create hsr debugfs directory [ 110.252054][ T5996] usb 7-1: Using ep0 maxpacket: 16 [ 110.255562][ T5996] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 110.259336][ T5996] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 110.264578][ T5996] usb 7-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 110.268508][ T5996] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.270877][ T5996] usb 7-1: Product: syz [ 110.272782][ T5996] usb 7-1: Manufacturer: syz [ 110.274230][ T5996] usb 7-1: SerialNumber: syz [ 110.277126][ T5996] usb 7-1: config 0 descriptor?? [ 110.482189][ T40] audit: type=1400 audit(1748038822.996:549): avc: denied { ioctl } for pid=8335 comm="syz.2.577" path="/dev/fb0" dev="devtmpfs" ino=637 ioctlcmd=0x4611 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 110.537819][ T8358] team_slave_0: entered promiscuous mode [ 110.539992][ T5940] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 110.540184][ T8358] netlink: 4 bytes leftover after parsing attributes in process `syz.2.577'. [ 110.540248][ T8358] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 110.542456][ T5996] appledisplay 7-1:0.0: Error while getting initial brightness: -110 [ 110.544744][ T5996] appledisplay 7-1:0.0: probe with driver appledisplay failed with error -110 [ 110.597114][ T8358] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 110.646310][ T1155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.705892][ T8335] team_slave_0: left promiscuous mode [ 110.712211][ T29] usb 7-1: USB disconnect, device number 9 [ 110.757139][ T1155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.854748][ T1155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.020129][ T1155] bridge_slave_1: left allmulticast mode [ 111.022048][ T1155] bridge_slave_1: left promiscuous mode [ 111.023893][ T1155] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.028135][ T1155] bridge_slave_0: left allmulticast mode [ 111.029850][ T1155] bridge_slave_0: left promiscuous mode [ 111.031638][ T1155] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.134613][ C2] vcan0: j1939_tp_rxtimer: 0xffff888041628800: rx timeout, send abort [ 111.142605][ T40] audit: type=1400 audit(1748038823.666:550): avc: denied { read } for pid=5329 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 111.150198][ T40] audit: type=1400 audit(1748038823.666:551): avc: denied { search } for pid=5329 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 111.159088][ T40] audit: type=1400 audit(1748038823.666:552): avc: denied { write } for pid=5329 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 111.166001][ T40] audit: type=1400 audit(1748038823.666:553): avc: denied { add_name } for pid=5329 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 111.168719][ T8386] JFS: discard option not supported on device [ 111.172842][ T40] audit: type=1400 audit(1748038823.666:554): avc: denied { create } for pid=5329 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 111.180274][ T8386] syz.4.588: attempt to access beyond end of device [ 111.180274][ T8386] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 111.180640][ T40] audit: type=1400 audit(1748038823.666:555): avc: denied { append open } for pid=5329 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 111.186166][ T8386] syz.4.588: attempt to access beyond end of device [ 111.186166][ T8386] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 111.191554][ T40] audit: type=1400 audit(1748038823.666:556): avc: denied { getattr } for pid=5329 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 111.196573][ T8386] Mount JFS Failure: -5 [ 111.331544][ T1155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 111.336371][ T1155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 111.340550][ T1155] bond0 (unregistering): Released all slaves [ 111.359956][ T8391] sp0: Synchronizing with TNC [ 111.396408][ T8401] netlink: 'syz.4.591': attribute type 4 has an invalid length. [ 111.398739][ T8401] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.591'. [ 111.616037][ T8421] netlink: 28 bytes leftover after parsing attributes in process `syz.2.594'. [ 111.618839][ T8421] openvswitch: netlink: Flow key attr not present in new flow. [ 111.620751][ T8423] SELinux: policydb magic number 0x9225fa81 does not match expected magic number 0xf97cff8c [ 111.625941][ T8423] SELinux: failed to load policy [ 111.633514][ C2] vcan0: j1939_tp_rxtimer: 0xffff88804162bc00: rx timeout, send abort [ 111.637784][ C2] vcan0: j1939_tp_rxtimer: 0xffff888041628800: abort rx timeout. Force session deactivation [ 111.668756][ T8428] binder: 8427:8428 ioctl c018620c 2000000000c0 returned -22 [ 111.681090][ T1155] hsr_slave_0: left promiscuous mode [ 111.694247][ T1155] hsr_slave_1: left promiscuous mode [ 111.700814][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 111.704464][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 111.708215][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.710682][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.746514][ T1155] veth1_macvtap: left promiscuous mode [ 111.748292][ T1155] veth0_macvtap: left promiscuous mode [ 111.750056][ T1155] veth1_vlan: left promiscuous mode [ 111.751707][ T1155] veth0_vlan: left promiscuous mode [ 111.801774][ T8439] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.598'. [ 111.806037][ T8439] SELinux: policydb version 492913883 does not match my version range 15-34 [ 111.809066][ T8439] SELinux: failed to load policy [ 111.823303][ T5940] Bluetooth: hci2: command tx timeout [ 112.136075][ C2] vcan0: j1939_tp_rxtimer: 0xffff88804162bc00: abort rx timeout. Force session deactivation [ 112.149294][ T29] kernel read not supported for file bpf-map (pid: 29 comm: kworker/1:0) [ 112.383864][ T1155] team0 (unregistering): Port device team_slave_1 removed [ 112.441615][ T1155] team0 (unregistering): Port device team_slave_0 removed [ 112.995504][ T8462] netlink: 20 bytes leftover after parsing attributes in process `syz.3.605'. [ 113.009002][ T8325] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 113.015661][ T8462] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 113.023964][ T8325] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 113.026672][ T8462] netlink: 12 bytes leftover after parsing attributes in process `syz.3.605'. [ 113.038792][ T8325] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 113.044777][ T8462] netlink: 'syz.3.605': attribute type 1 has an invalid length. [ 113.045754][ T8325] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 113.099234][ T8325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.113308][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 113.113320][ T40] audit: type=1400 audit(1748038825.636:560): avc: denied { getopt } for pid=8473 comm="syz.3.609" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 113.113860][ T8325] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.130887][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.133138][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.147830][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.150839][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.325033][ T40] audit: type=1400 audit(1748038825.846:561): avc: denied { setattr } for pid=8495 comm="syz.3.612" name="/" dev="9p" ino=35913840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 113.328411][ T8502] syzkaller0: entered promiscuous mode [ 113.335873][ T8502] syzkaller0: entered allmulticast mode [ 113.380785][ T40] audit: type=1400 audit(1748038825.896:562): avc: denied { unmount } for pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 113.893743][ T40] audit: type=1400 audit(1748038826.416:563): avc: denied { sqpoll } for pid=8508 comm="syz.3.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 113.904174][ T5940] Bluetooth: hci2: command tx timeout [ 114.327735][ T8325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.407261][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 114.436239][ T8325] veth0_vlan: entered promiscuous mode [ 114.441683][ T8325] veth1_vlan: entered promiscuous mode [ 114.455745][ T8325] veth0_macvtap: entered promiscuous mode [ 114.462670][ T8325] veth1_macvtap: entered promiscuous mode [ 114.471951][ T8325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.479707][ T8325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.484253][ T8325] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.486918][ T8325] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.489643][ T8325] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.493621][ T8325] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.511159][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 114.541508][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.544667][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.562618][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.565721][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.567819][ T6043] udevd[6043]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 114.574260][ T8532] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 114.581457][ T40] audit: type=1400 audit(1748038827.096:564): avc: denied { mounton } for pid=8325 comm="syz-executor" path="/syzkaller.WLeRch/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=35383 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 114.592799][ T40] audit: type=1400 audit(1748038827.116:565): avc: denied { mount } for pid=8325 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 114.623328][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 114.651702][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 114.708042][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 114.830184][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 114.860765][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 114.953102][ T29] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 114.972758][ T40] audit: type=1400 audit(1748038827.496:566): avc: denied { ioctl } for pid=8559 comm="syz.4.628" path="socket:[35973]" dev="sockfs" ino=35973 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 115.125222][ T29] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 115.128390][ T29] usb 7-1: config 0 interface 0 has no altsetting 0 [ 115.132294][ T29] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 115.135221][ T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.137817][ T29] usb 7-1: Product: syz [ 115.139212][ T29] usb 7-1: Manufacturer: syz [ 115.140801][ T29] usb 7-1: SerialNumber: syz [ 115.143992][ T29] usb 7-1: config 0 descriptor?? [ 115.150968][ T29] usb 7-1: selecting invalid altsetting 0 [ 115.350762][ T34] usb 7-1: USB disconnect, device number 10 [ 115.635001][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.740012][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 115.882955][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 116.604237][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.734866][ T5288] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 116.738643][ T5288] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 116.743242][ T5288] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 116.750799][ T5288] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 116.755046][ T5288] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 116.773445][ T40] audit: type=1326 audit(1748038829.296:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8615 comm="syz.4.632" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33158e969 code=0x7fc00000 [ 116.807120][ T5288] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 116.915985][ T8628] chnl_net:caif_netlink_parms(): no params data found [ 116.981854][ T8628] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.986429][ T8628] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.988709][ T8628] bridge_slave_0: entered allmulticast mode [ 116.991333][ T8628] bridge_slave_0: entered promiscuous mode [ 116.994581][ T8628] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.996752][ T8628] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.998953][ T8628] bridge_slave_1: entered allmulticast mode [ 117.001568][ T8628] bridge_slave_1: entered promiscuous mode [ 117.043522][ T8628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.047981][ T8628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.079606][ T40] audit: type=1400 audit(1748038829.596:568): avc: denied { call } for pid=8659 comm="syz.3.638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 117.084377][ T8628] team0: Port device team_slave_0 added [ 117.088062][ T8660] binder_alloc: 8659: binder_alloc_buf, no vma [ 117.091423][ T8628] team0: Port device team_slave_1 added [ 117.093633][ T34] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 117.121927][ T8628] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.124244][ T8628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.132322][ T8628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.138250][ T8628] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.141187][ T8628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.151595][ T8628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.191594][ T8628] hsr_slave_0: entered promiscuous mode [ 117.194135][ T8628] hsr_slave_1: entered promiscuous mode [ 117.195870][ T5288] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 117.242088][ T34] usb 9-1: Using ep0 maxpacket: 8 [ 117.245501][ T34] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 117.248861][ T34] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 117.251625][ T34] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.255517][ T34] usb 9-1: config 0 descriptor?? [ 117.325022][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.400128][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.464860][ T34] iowarrior 9-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 117.527695][ T13] bridge_slave_1: left allmulticast mode [ 117.529519][ T13] bridge_slave_1: left promiscuous mode [ 117.531380][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.535850][ T13] bridge_slave_0: left allmulticast mode [ 117.537641][ T13] bridge_slave_0: left promiscuous mode [ 117.539466][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.711313][ T8670] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 117.778574][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 117.783476][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 117.788683][ T13] bond0 (unregistering): Released all slaves [ 117.873485][ T34] usb 9-1: USB disconnect, device number 2 [ 118.121271][ T8683] netlink: 4 bytes leftover after parsing attributes in process `syz.3.641'. [ 118.129486][ T8683] netlink: 'syz.3.641': attribute type 10 has an invalid length. [ 118.136655][ T8683] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.141398][ T8683] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 118.165823][ T13] hsr_slave_0: left promiscuous mode [ 118.168246][ T13] hsr_slave_1: left promiscuous mode [ 118.170316][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.173197][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.176041][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.178394][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.197966][ T13] veth1_macvtap: left promiscuous mode [ 118.199775][ T13] veth0_macvtap: left promiscuous mode [ 118.201579][ T13] veth1_vlan: left promiscuous mode [ 118.204729][ T13] veth0_vlan: left promiscuous mode [ 118.305930][ T8696] SELinux: ebitmap: truncated map [ 118.312459][ T8696] SELinux: failed to load policy [ 118.367102][ T8700] netlink: 16 bytes leftover after parsing attributes in process `syz.2.645'. [ 118.785364][ T5288] Bluetooth: hci2: command tx timeout [ 118.842150][ T13] team0 (unregistering): Port device team_slave_1 removed [ 118.906839][ T13] team0 (unregistering): Port device team_slave_0 removed [ 119.419080][ T6043] udevd[6043]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 119.428939][ T8715] netlink: 1284 bytes leftover after parsing attributes in process `syz.4.650'. [ 119.455651][ T40] audit: type=1400 audit(1748038831.976:569): avc: denied { execute } for pid=8716 comm="syz.3.651" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 119.469010][ T8720] netlink: 'syz.4.652': attribute type 7 has an invalid length. [ 119.477878][ T6043] udevd[6043]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 119.478184][ T8628] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 119.500503][ T8628] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 119.511207][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 119.523080][ T8628] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 119.532474][ T8628] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 119.535747][ T8724] xt_l2tp: wrong L2TP version: 0 [ 119.546746][ T8724] dummy0: entered promiscuous mode [ 119.551822][ T8724] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8724 comm=syz.4.653 [ 119.565782][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 119.585544][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 119.587118][ T8628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.608049][ T8628] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.613931][ T1244] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.616186][ T1244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.623652][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.626184][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.632802][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 119.645209][ T8736] netlink: 132 bytes leftover after parsing attributes in process `syz.2.657'. [ 119.651453][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 119.682825][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 119.697404][ T40] audit: type=1400 audit(1748038832.216:570): avc: denied { mounton } for pid=8743 comm="syz.4.659" path="/61/file0" dev="tmpfs" ino=340 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 119.707411][ T8736] netlink: 'syz.2.657': attribute type 10 has an invalid length. [ 119.716959][ T8736] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.721103][ T8736] team0: Port device bond0 added [ 119.729897][ T8736] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(13) [ 119.732040][ T8736] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 119.736619][ T8736] vhci_hcd vhci_hcd.0: Device attached [ 119.740975][ T8736] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(15) [ 119.743038][ T8736] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 119.745436][ T8736] vhci_hcd vhci_hcd.0: Device attached [ 119.747805][ T8749] vhci_hcd: connection closed [ 119.747973][ T8747] vhci_hcd: connection closed [ 119.749398][ T1244] vhci_hcd: stop threads [ 119.754945][ T1244] vhci_hcd: release socket [ 119.756409][ T1244] vhci_hcd: disconnect device [ 119.758662][ T1244] vhci_hcd: stop threads [ 119.760023][ T1244] vhci_hcd: release socket [ 119.762133][ T1244] vhci_hcd: disconnect device [ 119.770199][ T8628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.789604][ T8628] veth0_vlan: entered promiscuous mode [ 119.794579][ T8628] veth1_vlan: entered promiscuous mode [ 119.809064][ T8628] veth0_macvtap: entered promiscuous mode [ 119.812776][ T8628] veth1_macvtap: entered promiscuous mode [ 119.821290][ T8628] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.829944][ T8628] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.835166][ T8628] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.837919][ T8628] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.840699][ T8628] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.843957][ T8628] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.887633][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.890183][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.896471][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.899593][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.272856][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 120.423606][ T8760] program syz.3.662 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 120.566113][ T6044] udevd[6044]: symlink '../../loop4' '/dev/disk/by-diskseq/75.tmp-b7:4' failed: Read-only file system [ 120.583077][ T8773] netlink: 8 bytes leftover after parsing attributes in process `syz.3.666'. [ 120.589717][ T40] audit: type=1400 audit(1748038833.106:571): avc: denied { getopt } for pid=8772 comm="syz.3.666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 121.206304][ T8785] netlink: 20 bytes leftover after parsing attributes in process `syz.2.669'. [ 121.209708][ T8785] fuse: Unknown parameter 'ÃÇ' [ 121.213697][ T8785] fuse: Bad value for 'fd' [ 121.549471][ T40] audit: type=1400 audit(1748038834.066:572): avc: denied { connect } for pid=8802 comm="syz.3.675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 121.601791][ T40] audit: type=1400 audit(1748038834.116:573): avc: denied { write } for pid=8802 comm="syz.3.675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 121.612212][ T836] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 121.731695][ T1244] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.740743][ T8818] netlink: 'syz.4.680': attribute type 29 has an invalid length. [ 121.744920][ T8818] netlink: 'syz.4.680': attribute type 29 has an invalid length. [ 121.762087][ T836] usb 7-1: Using ep0 maxpacket: 32 [ 121.764947][ T836] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 121.767531][ T836] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 121.770174][ T836] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 121.773599][ T836] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 121.776860][ T836] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 121.779986][ T836] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 121.784254][ T836] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 121.787034][ T836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.802114][ T836] usb 7-1: config 0 descriptor?? [ 122.006076][ T836] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 122.207145][ T836] usb 7-1: USB disconnect, device number 11 [ 122.210594][ T836] usblp0: removed [ 122.929165][ T8835] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 122.953073][ T5940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 122.956486][ T5940] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 122.959232][ T5940] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 122.962178][ T5940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 122.965028][ T5940] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 122.988684][ T8841] IPVS: set_ctl: invalid protocol: 103 172.20.20.187:28197 [ 123.041838][ T40] audit: type=1400 audit(1748038835.556:574): avc: denied { checkpoint_restore } for pid=8845 comm="syz.2.688" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 123.106184][ T8838] chnl_net:caif_netlink_parms(): no params data found [ 123.115701][ T8853] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 123.181273][ T8838] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.184810][ T8838] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.187153][ T8838] bridge_slave_0: entered allmulticast mode [ 123.189814][ T8838] bridge_slave_0: entered promiscuous mode [ 123.198832][ T8838] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.201827][ T8838] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.204350][ T8838] bridge_slave_1: entered allmulticast mode [ 123.207671][ T8838] bridge_slave_1: entered promiscuous mode [ 123.242926][ T8838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 123.247736][ T8838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 123.283788][ T8838] team0: Port device team_slave_0 added [ 123.294534][ T1244] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.301547][ T8838] team0: Port device team_slave_1 added [ 123.330094][ T8838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 123.332430][ T8838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 123.340292][ T8838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 123.345310][ T8838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 123.347473][ T8838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 123.355406][ T8838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 123.394578][ T8838] hsr_slave_0: entered promiscuous mode [ 123.396776][ T8838] hsr_slave_1: entered promiscuous mode [ 123.398829][ T8838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 123.401164][ T8838] Cannot create hsr debugfs directory [ 123.422126][ T5996] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 123.476899][ T1244] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.554615][ T1244] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.594086][ T5996] usb 7-1: Using ep0 maxpacket: 32 [ 123.599669][ T5996] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 123.602332][ T5996] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 123.604995][ T5996] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 123.607765][ T5996] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 123.610770][ T5996] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 123.613958][ T5996] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 123.617936][ T5996] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 123.620707][ T5996] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.624419][ T5996] usb 7-1: config 0 descriptor?? [ 123.688102][ T1244] bridge_slave_1: left allmulticast mode [ 123.689952][ T1244] bridge_slave_1: left promiscuous mode [ 123.692127][ T1244] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.697009][ T1244] bridge_slave_0: left allmulticast mode [ 123.698814][ T1244] bridge_slave_0: left promiscuous mode [ 123.700626][ T1244] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.830172][ T5996] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 123.957664][ T1244] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 123.963060][ T1244] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 123.966524][ T1244] bond0 (unregistering): Released all slaves [ 124.091444][ T5938] usb 7-1: USB disconnect, device number 12 [ 124.107313][ T5938] usblp0: removed [ 124.115687][ T8881] tls_set_device_offload_rx: netdev not found [ 124.301646][ T1244] hsr_slave_0: left promiscuous mode [ 124.307295][ T1244] hsr_slave_1: left promiscuous mode [ 124.309684][ T1244] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.314744][ T1244] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 124.320041][ T1244] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.323888][ T1244] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 124.343938][ T1244] veth1_macvtap: left promiscuous mode [ 124.345719][ T1244] veth0_macvtap: left promiscuous mode [ 124.347486][ T1244] veth1_vlan: left promiscuous mode [ 124.349220][ T1244] veth0_vlan: left promiscuous mode [ 124.564794][ T836] usb 9-1: new full-speed USB device number 3 using dummy_hcd [ 124.631696][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 124.635246][ T8912] netlink: 12 bytes leftover after parsing attributes in process `syz.2.702'. [ 124.728822][ T836] usb 9-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 124.732910][ T836] usb 9-1: config 1 interface 0 has no altsetting 0 [ 124.737893][ T836] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 124.741646][ T836] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.746082][ T836] usb 9-1: Product: syz [ 124.747426][ T836] usb 9-1: Manufacturer: syz [ 124.748929][ T836] usb 9-1: SerialNumber: syz [ 124.753343][ T8906] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 124.946832][ T1244] team0 (unregistering): Port device team_slave_1 removed [ 125.012487][ T1244] team0 (unregistering): Port device team_slave_0 removed [ 125.025593][ T5940] Bluetooth: hci2: command tx timeout [ 125.378685][ T40] audit: type=1400 audit(1748038837.896:575): avc: denied { setopt } for pid=8920 comm="syz.3.705" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 125.581885][ T6043] udevd[6043]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 125.583170][ T836] usb 9-1: USB disconnect, device number 3 [ 125.638042][ T8838] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 125.639729][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 125.645513][ T8838] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 125.650793][ T8838] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 125.650897][ T8931] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 125.650916][ T40] audit: type=1400 audit(1748038838.166:576): avc: denied { getattr } for pid=8930 comm="syz.2.708" name="/" dev="9p" ino=35913840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 125.664382][ T5940] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 125.667142][ T5940] Bluetooth: hci0: Injecting HCI hardware error event [ 125.671141][ T5940] Bluetooth: hci0: hardware error 0x00 [ 125.671687][ T40] audit: type=1400 audit(1748038838.186:577): avc: denied { read } for pid=8930 comm="syz.2.708" name="file0" dev="overlay" ino=35913861 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 125.673332][ T8838] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 125.686508][ T40] audit: type=1400 audit(1748038838.186:578): avc: denied { open } for pid=8930 comm="syz.2.708" path="/253/bus/file0" dev="overlay" ino=35913861 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 125.760993][ T8838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 125.773330][ T8838] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.778433][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.780664][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.786803][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.789033][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.796794][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 125.853628][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 125.893589][ T8949] netlink: 28 bytes leftover after parsing attributes in process `syz.2.710'. [ 125.905843][ T8838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 125.922237][ T836] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 125.933657][ T8838] veth0_vlan: entered promiscuous mode [ 125.938546][ T8838] veth1_vlan: entered promiscuous mode [ 125.954499][ T8838] veth0_macvtap: entered promiscuous mode [ 125.958505][ T8838] veth1_macvtap: entered promiscuous mode [ 125.968271][ T8838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 125.975422][ T8838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 125.981163][ T8838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.985068][ T8838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.988606][ T8838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.991621][ T8838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.026344][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.029497][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.044784][ T168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.047671][ T168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.053222][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 126.061502][ T8957] Bluetooth: MGMT ver 1.23 [ 126.082694][ T836] usb 9-1: too many configurations: 16, using maximum allowed: 8 [ 126.087383][ T836] usb 9-1: unable to read config index 0 descriptor/start: -61 [ 126.089837][ T836] usb 9-1: can't read configurations, error -61 [ 126.104686][ T40] audit: type=1400 audit(1748038838.626:579): avc: denied { wake_alarm } for pid=8956 comm="syz.2.711" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 126.144356][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 126.171667][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 126.176707][ T8963] binder: 8962:8963 ioctl 89f1 200000000100 returned -22 [ 126.179229][ T8963] binder: 8962:8963 ioctl 40086200 200000000180 returned -22 [ 126.204498][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 126.223015][ T836] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 126.224021][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 126.257904][ T40] audit: type=1400 audit(1748038838.776:580): avc: denied { ioctl } for pid=8973 comm="syz.2.718" path="socket:[37558]" dev="sockfs" ino=37558 ioctlcmd=0x4943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 126.392904][ T8985] Bluetooth: MGMT ver 1.23 [ 126.402230][ T836] usb 9-1: too many configurations: 16, using maximum allowed: 8 [ 126.405933][ T836] usb 9-1: unable to read config index 0 descriptor/start: -61 [ 126.408332][ T836] usb 9-1: can't read configurations, error -61 [ 126.410469][ T836] usb usb9-port1: attempt power cycle [ 126.442504][ T8974] delete_channel: no stack [ 126.471422][ T8993] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39805 sclass=netlink_route_socket pid=8993 comm=syz.2.724 [ 126.506386][ T8997] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 126.508460][ T8997] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 126.512708][ T8997] vhci_hcd vhci_hcd.0: Device attached [ 126.544425][ T9001] syz.3.726 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 126.752035][ T5979] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 126.757028][ T5996] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 126.772773][ T836] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 126.792998][ T836] usb 9-1: too many configurations: 16, using maximum allowed: 8 [ 126.796618][ T836] usb 9-1: unable to read config index 0 descriptor/start: -61 [ 126.799010][ T836] usb 9-1: can't read configurations, error -61 [ 126.874229][ T9012] netlink: 12 bytes leftover after parsing attributes in process `syz.3.729'. [ 126.882337][ T5979] usb 7-1: device descriptor read/64, error -71 [ 126.922068][ T836] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 126.944622][ T836] usb 9-1: too many configurations: 16, using maximum allowed: 8 [ 126.949161][ T836] usb 9-1: unable to read config index 0 descriptor/start: -61 [ 126.951579][ T836] usb 9-1: can't read configurations, error -61 [ 126.954303][ T836] usb usb9-port1: unable to enumerate USB device [ 126.972125][ T9017] xt_hashlimit: size too large, truncated to 1048576 [ 126.977706][ T9017] syz.3.730: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 126.983149][ T9017] CPU: 3 UID: 0 PID: 9017 Comm: syz.3.730 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 126.983164][ T9017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 126.983171][ T9017] Call Trace: [ 126.983175][ T9017] [ 126.983179][ T9017] dump_stack_lvl+0x16c/0x1f0 [ 126.983199][ T9017] warn_alloc+0x248/0x3a0 [ 126.983211][ T9017] ? __pfx_warn_alloc+0x10/0x10 [ 126.983226][ T9017] ? __get_vm_area_node+0x1dc/0x330 [ 126.983240][ T9017] ? __get_vm_area_node+0x208/0x330 [ 126.983258][ T9017] __vmalloc_node_range_noprof+0x1110/0x1540 [ 126.983279][ T9017] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 126.983299][ T9017] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 126.983327][ T9017] __kvmalloc_node_noprof+0x2ff/0x600 [ 126.983344][ T9017] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 126.983361][ T9017] ? net_generic+0xea/0x2a0 [ 126.983374][ T9017] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 126.983392][ T9017] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 126.983408][ T9017] hashlimit_mt_check_common+0x8bb/0x1460 [ 126.983428][ T9017] hashlimit_mt_check+0x71/0x90 [ 126.983442][ T9017] ? __pfx_hashlimit_mt_check+0x10/0x10 [ 126.983457][ T9017] xt_check_match+0x286/0xa50 [ 126.983472][ T9017] ? __schedule+0x942/0x5de0 [ 126.983487][ T9017] ? __pfx_xt_check_match+0x10/0x10 [ 126.983503][ T9017] ? xt_find_target+0x1f2/0x290 [ 126.983519][ T9017] ? xt_find_match+0x1f6/0x290 [ 126.983536][ T9017] find_check_entry.constprop.0+0x34e/0xa20 [ 126.983555][ T9017] ? __pfx_find_check_entry.constprop.0+0x10/0x10 [ 126.983575][ T9017] ? kasan_quarantine_put+0x10a/0x240 [ 126.983592][ T9017] ? lockdep_hardirqs_on+0x7c/0x110 [ 126.983609][ T9017] ? kfree+0x2b6/0x4d0 [ 126.983623][ T9017] ? translate_table+0xc0e/0x17b0 [ 126.983640][ T9017] translate_table+0xd0b/0x17b0 [ 126.983660][ T9017] ? __pfx_translate_table+0x10/0x10 [ 126.983673][ T9017] ? xt_alloc_table_info+0x3e/0xa0 [ 126.983691][ T9017] do_ip6t_set_ctl+0x570/0xb00 [ 126.983706][ T9017] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 126.983722][ T9017] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 126.983739][ T9017] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 126.983762][ T9017] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 126.983778][ T9017] nf_setsockopt+0x8d/0xf0 [ 126.983792][ T9017] ipv6_setsockopt+0x135/0x170 [ 126.983807][ T9017] rawv6_setsockopt+0xc2/0x510 [ 126.983820][ T9017] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 126.983834][ T9017] ? selinux_socket_setsockopt+0x6a/0x80 [ 126.983848][ T9017] ? sock_common_setsockopt+0x2e/0xf0 [ 126.983869][ T9017] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 126.983890][ T9017] do_sock_setsockopt+0x221/0x470 [ 126.983910][ T9017] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 126.983946][ T9017] __sys_setsockopt+0x1a0/0x230 [ 126.983968][ T9017] __x64_sys_setsockopt+0xbd/0x160 [ 126.983983][ T9017] ? do_syscall_64+0x91/0x260 [ 126.984005][ T9017] ? lockdep_hardirqs_on+0x7c/0x110 [ 126.984025][ T9017] do_syscall_64+0xcd/0x260 [ 126.984049][ T9017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.984068][ T9017] RIP: 0033:0x7ff0a818e969 [ 126.984081][ T9017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.984092][ T9017] RSP: 002b:00007ff0a90a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 126.984102][ T9017] RAX: ffffffffffffffda RBX: 00007ff0a83b5fa0 RCX: 00007ff0a818e969 [ 126.984109][ T9017] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000006 [ 126.984116][ T9017] RBP: 00007ff0a8210ab1 R08: 0000000000000588 R09: 0000000000000000 [ 126.984122][ T9017] R10: 00002000000014c0 R11: 0000000000000246 R12: 0000000000000000 [ 126.984128][ T9017] R13: 0000000000000000 R14: 00007ff0a83b5fa0 R15: 00007ffe6237c108 [ 126.984142][ T9017] [ 126.984146][ T9017] Mem-Info: [ 127.101570][ T9017] active_anon:19027 inactive_anon:0 isolated_anon:0 [ 127.101570][ T9017] active_file:15858 inactive_file:40659 isolated_file:0 [ 127.101570][ T9017] unevictable:1768 dirty:33 writeback:0 [ 127.101570][ T9017] slab_reclaimable:12156 slab_unreclaimable:93832 [ 127.101570][ T9017] mapped:24949 shmem:11626 pagetables:990 [ 127.101570][ T9017] sec_pagetables:303 bounce:0 [ 127.101570][ T9017] kernel_misc_reclaimable:0 [ 127.101570][ T9017] free:429913 free_pcp:1141 free_cma:0 [ 127.114963][ T67] Bluetooth: hci2: command 0x041b tx timeout [ 127.119055][ T9017] Node 0 active_anon:76108kB inactive_anon:0kB active_file:63432kB inactive_file:162432kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:99796kB dirty:128kB writeback:0kB shmem:42968kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12432kB pagetables:3960kB sec_pagetables:1212kB all_unreclaimable? no Balloon:0kB [ 127.119102][ T9017] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:112kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 127.119129][ T9017] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 127.119158][ T9017] lowmem_reserve[]: 0 1238 1238 1238 1238 [ 127.148811][ T9017] Node 0 DMA32 free:118596kB boost:0kB min:27576kB low:34468kB high:41360kB reserved_highatomic:0KB active_anon:76108kB inactive_anon:0kB active_file:63432kB inactive_file:162432kB unevictable:3536kB writepending:128kB present:2080628kB managed:1268532kB mlocked:0kB bounce:0kB free_pcp:4596kB local_pcp:3136kB free_cma:0kB [ 127.159202][ T9017] lowmem_reserve[]: 0 0 0 0 0 [ 127.160680][ T9017] Node 1 Normal free:1585696kB boost:0kB min:39660kB low:49572kB high:59484kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB writepending:4kB present:2097152kB managed:1781964kB mlocked:0kB bounce:0kB free_pcp:80kB local_pcp:80kB free_cma:0kB [ 127.169245][ T9017] lowmem_reserve[]: 0 0 0 0 0 [ 127.170746][ T9017] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 127.174720][ T9017] Node 0 DMA32: 35*4kB (UME) 37*8kB (UME) 134*16kB (UME) 95*32kB (UME) 212*64kB (UME) 84*128kB (UME) 56*256kB (UME) 35*512kB (UM) 11*1024kB (UME) 6*2048kB (M) 8*4096kB (UM) = 118516kB [ 127.180207][ T9017] Node 1 Normal: 20*4kB (UME) 8*8kB (UME) 19*16kB (UME) 171*32kB (UME) 60*64kB (UME) 24*128kB (UME) 6*256kB (UE) 9*512kB (UME) 2*1024kB (UE) 4*2048kB (UME) 380*4096kB (M) = 1585696kB [ 127.185979][ T9017] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 127.188876][ T9017] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 127.191727][ T9017] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 127.194986][ T9017] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 127.197898][ T9017] 68170 total pagecache pages [ 127.199372][ T9017] 0 pages in swap cache [ 127.200690][ T9017] Free swap = 124996kB [ 127.202120][ T9017] Total swap = 124996kB [ 127.203562][ T9017] 1048443 pages RAM [ 127.204766][ T9017] 0 pages HighMem/MovableOnly [ 127.206359][ T9017] 281979 pages reserved [ 127.207678][ T9017] 0 pages cma reserved [ 127.252050][ T5979] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 127.382736][ T5979] usb 7-1: device descriptor read/64, error -71 [ 127.417869][ T40] audit: type=1400 audit(1748038839.936:581): avc: denied { listen } for pid=9028 comm="syz.3.733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 127.492343][ T5979] usb usb7-port1: attempt power cycle [ 127.742200][ T5940] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 127.816696][ T9040] netlink: 8 bytes leftover after parsing attributes in process `syz.3.736'. [ 127.832260][ T5979] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 127.853340][ T5940] Bluetooth: hci3: unexpected event for opcode 0x0c0d [ 127.862749][ T5979] usb 7-1: device descriptor read/8, error -71 [ 127.997303][ T9044] netlink: 24 bytes leftover after parsing attributes in process `syz.3.738'. [ 128.035629][ T9046] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 128.108024][ T40] audit: type=1326 audit(1748038840.626:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9050 comm="syz.3.741" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff0a818e969 code=0x0 [ 128.123152][ T5979] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 128.143688][ T5979] usb 7-1: device descriptor read/8, error -71 [ 128.253319][ T5979] usb usb7-port1: unable to enumerate USB device [ 128.677277][ T40] audit: type=1400 audit(1748038841.196:583): avc: denied { view } for pid=9057 comm="syz.4.744" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 128.774707][ T40] audit: type=1400 audit(1748038841.296:584): avc: denied { write } for pid=9064 comm="syz.4.747" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 128.845616][ T168] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.514994][ T8998] vhci_hcd: connection reset by peer [ 129.520531][ T46] vhci_hcd: stop threads [ 129.522614][ T46] vhci_hcd: release socket [ 129.525638][ T46] vhci_hcd: disconnect device [ 130.039426][ T168] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.063361][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 130.096206][ T168] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.106861][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 130.126713][ T5288] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 130.130710][ T5288] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 130.133748][ T5288] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 130.137145][ T5288] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 130.140291][ T5288] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 130.152796][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 130.185323][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 130.192806][ T168] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.233136][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 130.320106][ T9089] chnl_net:caif_netlink_parms(): no params data found [ 130.347902][ T6043] udevd[6043]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 130.389121][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 130.415545][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/78.tmp-b7:2' failed: Read-only file system [ 130.425292][ T168] bridge_slave_1: left allmulticast mode [ 130.427104][ T168] bridge_slave_1: left promiscuous mode [ 130.428952][ T168] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.438368][ T168] bridge_slave_0: left allmulticast mode [ 130.440177][ T168] bridge_slave_0: left promiscuous mode [ 130.443202][ T168] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.673125][ T168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 130.677346][ T168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 130.680873][ T168] bond0 (unregistering): Released all slaves [ 130.740293][ T9089] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.743763][ T9089] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.746795][ T9089] bridge_slave_0: entered allmulticast mode [ 130.749431][ T9089] bridge_slave_0: entered promiscuous mode [ 130.755714][ T9089] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.758106][ T9089] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.760373][ T9089] bridge_slave_1: entered allmulticast mode [ 130.764533][ T9089] bridge_slave_1: entered promiscuous mode [ 130.813191][ T9089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.833582][ T9089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.881131][ T9089] team0: Port device team_slave_0 added [ 130.885212][ T9089] team0: Port device team_slave_1 added [ 130.960208][ T9089] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 130.962784][ T7219] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 130.963580][ T9089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.973996][ T9089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 130.985359][ T9089] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 130.987547][ T9089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.997170][ T9089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 131.038841][ T168] hsr_slave_0: left promiscuous mode [ 131.040877][ T168] hsr_slave_1: left promiscuous mode [ 131.044141][ T168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 131.046429][ T168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 131.049447][ T168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 131.052478][ T168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 131.084254][ T168] veth1_macvtap: left promiscuous mode [ 131.086487][ T168] veth0_macvtap: left promiscuous mode [ 131.088821][ T168] veth1_vlan: left promiscuous mode [ 131.091160][ T168] veth0_vlan: left promiscuous mode [ 131.133961][ T7219] usb 9-1: Using ep0 maxpacket: 32 [ 131.137965][ T9130] loop2: detected capacity change from 0 to 3 [ 131.141157][ T9130] Dev loop2: unable to read RDB block 3 [ 131.143015][ T9130] loop2: unable to read partition table [ 131.144908][ T9130] loop2: partition table beyond EOD, truncated [ 131.152150][ T9130] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 131.153558][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/80.tmp-b7:2' failed: Read-only file system [ 131.160484][ T7219] usb 9-1: unable to get BOS descriptor or descriptor too short [ 131.163038][ T7219] usb 9-1: too many configurations: 105, using maximum allowed: 8 [ 131.169708][ T7219] usb 9-1: unable to read config index 0 descriptor/start: -71 [ 131.172308][ T7219] usb 9-1: can't read configurations, error -71 [ 131.174946][ T6044] udevd[6044]: symlink '../../loop2' '/dev/disk/by-diskseq/80.tmp-b7:2' failed: Read-only file system [ 131.275619][ T40] audit: type=1400 audit(1748038843.796:585): avc: denied { map } for pid=9146 comm="syz.2.765" path="socket:[40036]" dev="sockfs" ino=40036 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 131.680766][ T168] team0 (unregistering): Port device team_slave_1 removed [ 131.757878][ T168] team0 (unregistering): Port device team_slave_0 removed [ 131.890121][ T5996] vhci_hcd: vhci_device speed not set [ 132.216395][ T5940] Bluetooth: hci2: command tx timeout [ 132.217118][ T9089] hsr_slave_0: entered promiscuous mode [ 132.221546][ T9089] hsr_slave_1: entered promiscuous mode [ 132.280480][ T9166] netlink: 'syz.3.771': attribute type 2 has an invalid length. [ 132.283184][ T9166] netlink: 32 bytes leftover after parsing attributes in process `syz.3.771'. [ 132.319745][ T9164] ip6_vti0: entered promiscuous mode [ 132.322723][ T9164] netlink: 8 bytes leftover after parsing attributes in process `syz.2.770'. [ 132.330718][ T5347] pmem0: [POWERTEC] [ 132.357231][ T9169] netlink: 'syz.4.772': attribute type 4 has an invalid length. [ 132.407524][ T9179] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 132.453070][ T9184] xt_hashlimit: size too large, truncated to 1048576 [ 132.536328][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.538447][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.556141][ T9197] program syz.4.777 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 134.290656][ T5940] Bluetooth: hci2: command tx timeout [ 136.345344][ T5940] Bluetooth: hci2: command tx timeout [ 138.410577][ T5940] Bluetooth: hci2: command tx timeout [ 147.574194][ T1421] ================================================================== [ 147.576718][ T1421] BUG: KASAN: slab-use-after-free in handle_tx+0x5dc/0x630 [ 147.578981][ T1421] Read of size 1 at addr ffff88802b681490 by task aoe_tx0/1421 [ 147.582270][ T1421] [ 147.583538][ T1421] CPU: 3 UID: 0 PID: 1421 Comm: aoe_tx0 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 147.583553][ T1421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 147.583560][ T1421] Call Trace: [ 147.583565][ T1421] [ 147.583569][ T1421] dump_stack_lvl+0x116/0x1f0 [ 147.583588][ T1421] print_report+0xc3/0x670 [ 147.583600][ T1421] ? __virt_addr_valid+0x5e/0x590 [ 147.583615][ T1421] ? __phys_addr+0xc6/0x150 [ 147.583631][ T1421] ? handle_tx+0x5dc/0x630 [ 147.583641][ T1421] kasan_report+0xe0/0x110 [ 147.583652][ T1421] ? handle_tx+0x5dc/0x630 [ 147.583664][ T1421] handle_tx+0x5dc/0x630 [ 147.583676][ T1421] dev_hard_start_xmit+0x93/0x740 [ 147.583695][ T1421] __dev_queue_xmit+0x7eb/0x43e0 [ 147.583713][ T1421] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.583729][ T1421] ? rcu_is_watching+0x12/0xc0 [ 147.583742][ T1421] ? __pfx___dev_queue_xmit+0x10/0x10 [ 147.583759][ T1421] ? __pv_queued_spin_lock_slowpath+0x28d/0xcf0 [ 147.583776][ T1421] ? __lock_acquire+0xaa4/0x1ba0 [ 147.583793][ T1421] ? __lock_acquire+0xaa4/0x1ba0 [ 147.583811][ T1421] ? do_raw_spin_lock+0x12c/0x2b0 [ 147.583825][ T1421] ? rcu_is_watching+0x12/0xc0 [ 147.583838][ T1421] tx+0xcc/0x190 [ 147.583850][ T1421] ? __pfx_tx+0x10/0x10 [ 147.583860][ T1421] kthread+0x1e4/0x3e0 [ 147.583876][ T1421] ? find_held_lock+0x2b/0x80 [ 147.583889][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.583906][ T1421] ? __pfx_default_wake_function+0x10/0x10 [ 147.583920][ T1421] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.583935][ T1421] ? __kthread_parkme+0x19e/0x250 [ 147.583951][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.583967][ T1421] kthread+0x3c2/0x780 [ 147.583977][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.583987][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.583996][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.584006][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.584015][ T1421] ? rcu_is_watching+0x12/0xc0 [ 147.584027][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.584037][ T1421] ret_from_fork+0x45/0x80 [ 147.584048][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.584058][ T1421] ret_from_fork_asm+0x1a/0x30 [ 147.584077][ T1421] [ 147.584081][ T1421] [ 147.649965][ T1421] Allocated by task 7550: [ 147.651339][ T1421] kasan_save_stack+0x33/0x60 [ 147.652824][ T1421] kasan_save_track+0x14/0x30 [ 147.654325][ T1421] __kasan_kmalloc+0xaa/0xb0 [ 147.655756][ T1421] alloc_tty_struct+0x96/0x8c0 [ 147.657270][ T1421] tty_init_dev.part.0+0x1e/0x500 [ 147.658871][ T1421] tty_open+0xa50/0xf90 [ 147.660190][ T1421] chrdev_open+0x231/0x6a0 [ 147.661604][ T1421] do_dentry_open+0x744/0x1c10 [ 147.663114][ T1421] vfs_open+0x82/0x3f0 [ 147.664417][ T1421] path_openat+0x1e5e/0x2d40 [ 147.665882][ T1421] do_filp_open+0x20b/0x470 [ 147.667305][ T1421] do_sys_openat2+0x11b/0x1d0 [ 147.668755][ T1421] __x64_sys_openat+0x174/0x210 [ 147.670546][ T1421] do_syscall_64+0xcd/0x260 [ 147.671999][ T1421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.673886][ T1421] [ 147.674651][ T1421] Freed by task 835: [ 147.675860][ T1421] kasan_save_stack+0x33/0x60 [ 147.677354][ T1421] kasan_save_track+0x14/0x30 [ 147.678847][ T1421] kasan_save_free_info+0x3b/0x60 [ 147.680435][ T1421] __kasan_slab_free+0x51/0x70 [ 147.681943][ T1421] kfree+0x2b6/0x4d0 [ 147.683200][ T1421] process_one_work+0x9cf/0x1b70 [ 147.684929][ T1421] worker_thread+0x6c8/0xf10 [ 147.686390][ T1421] kthread+0x3c2/0x780 [ 147.687684][ T1421] ret_from_fork+0x45/0x80 [ 147.689099][ T1421] ret_from_fork_asm+0x1a/0x30 [ 147.690616][ T1421] [ 147.691388][ T1421] Last potentially related work creation: [ 147.693180][ T1421] kasan_save_stack+0x33/0x60 [ 147.694656][ T1421] kasan_record_aux_stack+0xb8/0xd0 [ 147.696293][ T1421] insert_work+0x36/0x230 [ 147.697659][ T1421] __queue_work+0x97e/0x10f0 [ 147.699117][ T1421] queue_work_on+0x1a4/0x1f0 [ 147.700603][ T1421] release_tty+0x4de/0x5d0 [ 147.702029][ T1421] tty_release_struct+0xb7/0xe0 [ 147.703577][ T1421] tty_release+0xe2d/0x1430 [ 147.705019][ T1421] __fput+0x3ff/0xb70 [ 147.706275][ T1421] task_work_run+0x150/0x240 [ 147.707715][ T1421] do_exit+0xafb/0x2c30 [ 147.709039][ T1421] do_group_exit+0xd3/0x2a0 [ 147.710482][ T1421] get_signal+0x2673/0x26d0 [ 147.711921][ T1421] arch_do_signal_or_restart+0x8f/0x7d0 [ 147.713692][ T1421] syscall_exit_to_user_mode+0x150/0x2a0 [ 147.715479][ T1421] do_syscall_64+0xda/0x260 [ 147.716919][ T1421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.718783][ T1421] [ 147.719574][ T1421] The buggy address belongs to the object at ffff88802b681000 [ 147.719574][ T1421] which belongs to the cache kmalloc-cg-2k of size 2048 [ 147.723927][ T1421] The buggy address is located 1168 bytes inside of [ 147.723927][ T1421] freed 2048-byte region [ffff88802b681000, ffff88802b681800) [ 147.728181][ T1421] [ 147.728955][ T1421] The buggy address belongs to the physical page: [ 147.730942][ T1421] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b680 [ 147.733663][ T1421] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 147.736218][ T1421] memcg:ffff888037fc5301 [ 147.737522][ T1421] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 147.739817][ T1421] page_type: f5(slab) [ 147.741078][ T1421] raw: 00fff00000000040 ffff88801b44c140 ffffea00012e4c00 dead000000000002 [ 147.743698][ T1421] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff888037fc5301 [ 147.746305][ T1421] head: 00fff00000000040 ffff88801b44c140 ffffea00012e4c00 dead000000000002 [ 147.748985][ T1421] head: 0000000000000000 0000000000080008 00000000f5000000 ffff888037fc5301 [ 147.751668][ T1421] head: 00fff00000000003 ffffea0000ada001 00000000ffffffff 00000000ffffffff [ 147.754351][ T1421] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 147.756992][ T1421] page dumped because: kasan: bad access detected [ 147.758943][ T1421] page_owner tracks the page as allocated [ 147.760660][ T1421] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6581, tgid 6581 (syz-executor), ts 64042659616, free_ts 64036080148 [ 147.767094][ T1421] post_alloc_hook+0x181/0x1b0 [ 147.768618][ T1421] get_page_from_freelist+0x135c/0x3920 [ 147.770343][ T1421] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 147.772187][ T1421] alloc_pages_mpol+0x1fb/0x550 [ 147.773746][ T1421] new_slab+0x244/0x340 [ 147.775069][ T1421] ___slab_alloc+0xd9c/0x1940 [ 147.776557][ T1421] __slab_alloc.constprop.0+0x56/0xb0 [ 147.778267][ T1421] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 147.780269][ T1421] kmemdup_noprof+0x29/0x60 [ 147.781713][ T1421] neigh_sysctl_register+0xb2/0x670 [ 147.783371][ T1421] devinet_sysctl_register+0xb6/0x200 [ 147.785062][ T1421] inetdev_init+0x2b8/0x5a0 [ 147.786515][ T1421] inetdev_event+0xc5f/0x18a0 [ 147.788005][ T1421] notifier_call_chain+0xbc/0x410 [ 147.789598][ T1421] call_netdevice_notifiers_info+0xbe/0x140 [ 147.791452][ T1421] register_netdevice+0x182e/0x2270 [ 147.793091][ T1421] page last free pid 6581 tgid 6581 stack trace: [ 147.795058][ T1421] __free_frozen_pages+0x69d/0xff0 [ 147.796670][ T1421] __put_partials+0x16d/0x1c0 [ 147.798177][ T1421] qlist_free_all+0x4e/0x120 [ 147.799647][ T1421] kasan_quarantine_reduce+0x195/0x1e0 [ 147.801373][ T1421] __kasan_slab_alloc+0x69/0x90 [ 147.802904][ T1421] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 147.804608][ T1421] ref_tracker_alloc+0x18e/0x5b0 [ 147.806187][ T1421] register_netdevice+0x1689/0x2270 [ 147.807821][ T1421] geneve_configure+0x785/0xaf0 [ 147.809361][ T1421] geneve_newlink+0x1af/0x3a0 [ 147.810838][ T1421] rtnl_newlink+0xc45/0x2000 [ 147.812304][ T1421] rtnetlink_rcv_msg+0x95b/0xe90 [ 147.813883][ T1421] netlink_rcv_skb+0x16a/0x440 [ 147.815399][ T1421] netlink_unicast+0x53d/0x7f0 [ 147.816926][ T1421] netlink_sendmsg+0x8d1/0xdd0 [ 147.818451][ T1421] __sys_sendto+0x498/0x510 [ 147.819890][ T1421] [ 147.820663][ T1421] Memory state around the buggy address: [ 147.822420][ T1421] ffff88802b681380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.824914][ T1421] ffff88802b681400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.827402][ T1421] >ffff88802b681480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.829884][ T1421] ^ [ 147.831344][ T1421] ffff88802b681500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.833841][ T1421] ffff88802b681580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.836320][ T1421] ================================================================== [ 147.838905][ T1421] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 147.841195][ T1421] CPU: 3 UID: 0 PID: 1421 Comm: aoe_tx0 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 147.844795][ T1421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 147.848106][ T1421] Call Trace: [ 147.849195][ T1421] [ 147.850143][ T1421] dump_stack_lvl+0x3d/0x1f0 [ 147.851614][ T1421] panic+0x71c/0x800 [ 147.852869][ T1421] ? __pfx_panic+0x10/0x10 [ 147.854314][ T1421] ? mark_held_locks+0x49/0x80 [ 147.855796][ T1421] ? handle_tx+0x5dc/0x630 [ 147.857186][ T1421] ? check_panic_on_warn+0x1f/0xb0 [ 147.858762][ T1421] ? handle_tx+0x5dc/0x630 [ 147.860174][ T1421] check_panic_on_warn+0xab/0xb0 [ 147.861741][ T1421] end_report+0x107/0x170 [ 147.863113][ T1421] kasan_report+0xee/0x110 [ 147.864528][ T1421] ? handle_tx+0x5dc/0x630 [ 147.865909][ T1421] handle_tx+0x5dc/0x630 [ 147.867245][ T1421] dev_hard_start_xmit+0x93/0x740 [ 147.868839][ T1421] __dev_queue_xmit+0x7eb/0x43e0 [ 147.870415][ T1421] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.872044][ T1421] ? rcu_is_watching+0x12/0xc0 [ 147.873585][ T1421] ? __pfx___dev_queue_xmit+0x10/0x10 [ 147.875278][ T1421] ? __pv_queued_spin_lock_slowpath+0x28d/0xcf0 [ 147.877286][ T1421] ? __lock_acquire+0xaa4/0x1ba0 [ 147.878864][ T1421] ? __lock_acquire+0xaa4/0x1ba0 [ 147.880435][ T1421] ? do_raw_spin_lock+0x12c/0x2b0 [ 147.882033][ T1421] ? rcu_is_watching+0x12/0xc0 [ 147.883579][ T1421] tx+0xcc/0x190 [ 147.884722][ T1421] ? __pfx_tx+0x10/0x10 [ 147.886081][ T1421] kthread+0x1e4/0x3e0 [ 147.887381][ T1421] ? find_held_lock+0x2b/0x80 [ 147.888865][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.890344][ T1421] ? __pfx_default_wake_function+0x10/0x10 [ 147.892177][ T1421] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.893840][ T1421] ? __kthread_parkme+0x19e/0x250 [ 147.895429][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.896904][ T1421] kthread+0x3c2/0x780 [ 147.898211][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.899694][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.901163][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.902626][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.904113][ T1421] ? rcu_is_watching+0x12/0xc0 [ 147.905639][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.907124][ T1421] ret_from_fork+0x45/0x80 [ 147.908539][ T1421] ? __pfx_kthread+0x10/0x10 [ 147.910004][ T1421] ret_from_fork_asm+0x1a/0x30 [ 147.911528][ T1421] [ 147.913151][ T1421] Kernel Offset: disabled [ 147.914522][ T1421] Rebooting in 86400 seconds.. VM DIAGNOSIS: 22:16:44 Registers: info registers vcpu 0 CPU#0 RAX=0000000080000001 RBX=ffff888052117538 RCX=0000000000000001 RDX=ffff88803057a440 RSI=ffffffff822c537e RDI=ffffffff8e562ac0 RBP=ffffffff8e562ac0 RSP=ffffc9000471f960 R8 =0000000000000001 R9 =fffff520008e3f34 R10=0000000000000003 R11=0000000000000000 R12=dffffc0000000000 R13=0000000000000001 R14=8000000000000163 R15=1ffff920008e3f2f RIP=ffffffff81bb462b RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055556c3bf500 ffffffff 00c00000 GS =0000 ffff8880d69da000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055da2d1cb620 CR3=0000000029cde000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000002727 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffc0000 Opmask01=000000000000000f Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20303d766765735f 656c646e61683d53 4e4f4954504f5f4e 4153410063657865 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe1438ed100 00007fe142d83440 00007fe142d83458 00007fe142d834a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d534e4f4954504f 5f4e415341006365 786500726f747563 6578652d7a79732f ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=ffffffff9ad7e440 RCX=ffffc9000405f1fc RDX=0000000000000001 RSI=ffffffff8dbbee13 RDI=ffffffff8bf4a2a0 RBP=0000000000000286 RSP=ffffc9000405f1e8 R8 =0000000000000001 R9 =fffff5200080be38 R10=0000000000000003 R11=0000000000000000 R12=ffffffff84d6c2bf R13=0000000000000006 R14=ffff88802b730000 R15=0000000000000002 RIP=ffffffff8198212a RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6ada000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fd0534e7d60 CR3=0000000023797000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000097 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd0529836a3 00007fd0529836a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffebce46720 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000300000014 0000000200000021 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000500000007 0000000400000017 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000016 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555584565812 0000555584564bf0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 74656d2e7366636e 692e7265737501ff ffffffff0000003c 0801800300000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000100 0000000000000000 0000000000000000 00007fd00000003f ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555500000000 0000000000000031 0000000000000000 0140c0100000003e ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0401000000000000 0150960410000010 000fffffffffffff 040180040000003d ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6ebe006100000000 74656d2e7366636e 692e7265737501ff ffffffff0000003c ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000046 RBX=ffffffff9ad86c90 RCX=ffffffff819873c3 RDX=dffffc0000000000 RSI=0000000000000004 RDI=ffffffff9ad86c90 RBP=0000000000000006 RSP=ffffc90004d6fb68 R8 =0000000000000000 R9 =fffffbfff35b0d92 R10=ffffffff9ad86c93 R11=0000000000000000 R12=0000000000000002 R13=dffffc0000000000 R14=ffffffff8e5818b0 R15=1ffff920009adf72 RIP=ffffffff8b6fcc21 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6bda000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f193e1b6038 CR3=0000000051dff000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffc0000 Opmask01=000000000000000f Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20303d766765735f 656c646e61683d53 4e4f4954504f5f4e 4153410063657865 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f193eced100 00007f193e183440 00007f193e183458 00007f193e1834a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d534e4f4954504f 5f4e415341006365 786500726f747563 6578652d7a79732f ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854f9df5 RDI=ffffffff9adfe5a0 RBP=ffffffff9adfe560 RSP=ffffc90006d2f460 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000032343154 R12=0000000000000000 R13=0000000000000031 R14=ffffffff9adfe560 R15=ffffffff854f9d90 RIP=ffffffff854f9e1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6cda000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000200000003780 CR3=000000000e180000 CR4=00352ef0 DR0=0000040000000000 DR1=000000000000064f DR2=0000000000000006 DR3=0000000000000006 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 dfb0a3e52d6023d6 c34e990e1b56f67b ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cc208fb62d273689 d875932629e74cea ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6eb1915192f8757f 2b2bfe2583249ac5 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 599c643e0b7e3c31 8941c2fee82ce5e2 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001b200 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 516eb4b20000034a 94000000bc000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 516ee61c516f571c be008001516f84fd ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 516f20db2d000000 b800000012000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cc00000000000000 000116f2e0000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b152134fe43de3d8 200d0bf0fb1ce6c2 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f5e12d0a16bc101 e66adc94b225a4e0 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f01000000000000 0000000000000002 ffaa000000000000 0000000000000080 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000