last executing test programs: 1.277796809s ago: executing program 1 (id=197): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@printk={@x}, @call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000025c0), 0x2, 0x0) write$UHID_DESTROY(r0, &(0x7f0000002600), 0x4) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000001c0)=@o_path={&(0x7f0000000180)='./file0\x00', 0x0, 0x8, r0}, 0x18) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000200)=@generic={&(0x7f0000000000)='./file0\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket(0x2000000015, 0x80005, 0x0) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) recvfrom$packet(r2, 0x0, 0x0, 0x40010000, &(0x7f0000000340)={0x11, 0x6, 0x0, 0x1, 0x6, 0x6, @multicast}, 0x14) setns(0xffffffffffffffff, 0x20000000) 1.210648037s ago: executing program 1 (id=198): r0 = socket$netlink(0x10, 0x3, 0x0) (async) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000640)={0x3, 0x4, 0x4, 0xffffffe0, 0x0, 0x1}, 0x48) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x20, 0x40, 0x9, 0xffffffff, 0x25dfdbfd, {0x2}, [@typed={0x4, 0x11f}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x33}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0x4020565b, &(0x7f0000000100)) (async, rerun: 32) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) sendmmsg$unix(r4, &(0x7f0000004cc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000380)="a1", 0x1}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r3, @ANYBLOB="0000000014"], 0x30, 0x40400d1}}], 0x1, 0x10) (async) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r5, 0x0, 0x400000, 0x3) (async) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10000}, 0x50) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1e, 0x1c, &(0x7f0000001840)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b9af8ff00000000b7080000080000007b00020000000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7050000080000006200000076000000bf91000000000000b5020000000000008500000085000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001e000100000000000000e80007000000", @ANYRES32, @ANYBLOB="000000000a0005"], 0x28}}, 0x0) 1.125995931s ago: executing program 1 (id=201): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x500}) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x2000006, 0x4200031, r1, 0xffffd000) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, 0x0, 0x9) r3 = socket$inet(0x2, 0xa, 0xd) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f0000000100)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) close(0x3) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa07, &(0x7f0000000440)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(r6, 0x4068aea3, &(0x7f0000000140)) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/cgroup', 0x301001, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f00000007c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa8}]}, &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getdents(r7, &(0x7f00000001c0)=""/240, 0xf0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f0000000300)=0x0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r8, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0x6}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x80) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x400000b0, 0x0, 0x5}, {0x400000b1, 0x0, 0x512}]}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 999.779002ms ago: executing program 1 (id=205): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x10100, 0x3, 0x16a}, &(0x7f0000002000)=0x0, &(0x7f0000000440)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x22}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000840)=@newtaction={0x6c, 0x30, 0x83d79f1e8021ba05, 0x70bd28, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x0, 0x20000000}, @rand_addr=0xffffffff, @rand_addr=0x64010100, 0xff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) io_uring_enter(r2, 0x48e9, 0xf2bb, 0x2, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c00018006000600843b0000971b02805402178006"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r1) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000002}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)={0xdc, r8, 0x2, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1000}, @IPVS_CMD_ATTR_DAEMON={0x60, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'rose0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x400}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x3}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfffffffa}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x40}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7fff}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x9}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x10}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x5}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x5}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x4000000}, 0x50) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x1c, r6, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x24044080) 930.273812ms ago: executing program 0 (id=207): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000380)=ANY=[@ANYBLOB="54010000100033060000000000000000ffffffff000000000000000000000000e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="040000000000000000000000000000000000000032000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a002300000000000000000048000200656362286369706865725f6e756c6c2900000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00040007"], 0x154}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, 0x3, 0x8, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000380)=ANY=[@ANYBLOB="54010000100033060000000000000000ffffffff000000000000000000000000e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="040000000000000000000000000000000000000032000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a002300000000000000000048000200656362286369706865725f6e756c6c2900000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00040007"], 0x154}}, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, 0x3, 0x8, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000) (async) 928.431841ms ago: executing program 1 (id=209): bpf$MAP_CREATE(0x0, &(0x7f0000001600)=ANY=[@ANYBLOB="1f00000000000000000000000010"], 0x50) (async) bpf$MAP_CREATE(0x0, &(0x7f0000001600)=ANY=[@ANYBLOB="1f00000000000000000000000010"], 0x50) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) ioctl(r0, 0x8b1a, &(0x7f0000000040)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) ppoll(&(0x7f0000000040), 0x0, &(0x7f00000001c0)={r3, r4+60000000}, 0x0, 0x0) (async) ppoll(&(0x7f0000000040), 0x0, &(0x7f00000001c0)={r3, r4+60000000}, 0x0, 0x0) 849.192234ms ago: executing program 0 (id=210): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0x2}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x105e01, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000080)={0x1, r0}) fanotify_mark(r3, 0x200, 0x1000, r4, &(0x7f00000000c0)='./file0\x00') mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 848.295564ms ago: executing program 2 (id=211): r0 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x80, 0x4, 0x306}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000002040)='net/tcp\x00') read$FUSE(r4, &(0x7f0000002100)={0x2020}, 0x2020) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @xdp}, 0x94) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='>'], 0x38}}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, 0xffffffffffffffff, 0x0}) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f00000002c0)=[0xffffffffffffffff], 0x57) io_uring_enter(r0, 0x3516, 0xc2de, 0x8, 0x0, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001ec0)=ANY=[@ANYBLOB="340000003e0007012bbd700000000000010100080400fc800c00018008000600", @ANYRES32=0x0, @ANYBLOB="080002800400338008000900", @ANYRES32=r7], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040) ioctl$VT_RESIZE(r6, 0x5609, &(0x7f0000000000)={0x0, 0xe}) 749.092795ms ago: executing program 2 (id=213): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000340), 0x129202, 0x0) write$binfmt_elf32(r0, 0x0, 0x4cd) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x210400, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) ioctl$SNDCTL_DSP_GETFMTS(r2, 0x8004500b, &(0x7f00000000c0)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)={0x70, r4, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="d7"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x80, 0x1, 0x3, 0x0, {0x9, 0x6, 0x0, 0x8, 0x0, 0x0, 0x1, 0x3, 0x1}, 0x6, 0x5, 0x3}}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x80, 0x3, 0x5, 0x0, {0x8, 0x6, 0x0, 0x7, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x6, 0x5, 0x2}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)={0x41000, 0x2000}) 748.231442ms ago: executing program 0 (id=214): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x22, &(0x7f0000001680)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7f}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr', 0x3) sendmmsg$inet6(r0, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1}, 0x240}], 0x1, 0x20080058) 688.152763ms ago: executing program 2 (id=216): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0xf0ffffff, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400a0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1, 0x0, 0x0, 0x40010000}, 0x0) 687.670137ms ago: executing program 0 (id=217): r0 = socket(0x21, 0x4, 0x0) getsockopt(r0, 0x200000000114, 0x2710, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9) 687.465547ms ago: executing program 2 (id=218): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c00000045000900000000000000000003000000080002"], 0x1c}}, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0xae8, &(0x7f0000000740)={0x0, 0x1c2a, 0x8000, 0x0, 0x1}, &(0x7f0000000100), &(0x7f00000000c0)) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, 0x0, &(0x7f0000000200)="105c520d730b6337b13e5c735507de711803f51199ae573e168b91f7b327d4802c7cb8273f04ff121663a906be4705b2d921e9dc9ad031da5dd409d981a81887adac0746fa792ef4ad457438d453f01e741f35311613f1010400000000000000003ff9c0d9064f7e5c1f86fb37aa40a14a70064dd95cde94ddece029b7733c7b4bc528899eee2aa9e178764f6fdb64d53d3bd6538105f269bda3adc9412f86473c3ceb8c59e923be68f9", 0xb47, r1}, 0x38) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$USBDEVFS_RESET(r1, 0x5514) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x2f, 0x6, 0x8, 0xff, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, 0x8, 0x7, 0x2, 0xe}}) sendmsg$nl_route(r1, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@ipv4_newaddr={0x20, 0x14, 0x10, 0x70bd2a, 0x25dfdbfc, {0x2, 0x8, 0x0, 0xfe, r4}, [@IFA_ADDRESS={0x8, 0x1, @local}]}, 0x20}, 0x1, 0x0, 0x0, 0x48851}, 0x800) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="100100002e00090027bd70000000000004000000fa0017"], 0x110}, 0x1, 0x0, 0x0, 0x42845}, 0x84) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x0, 0x400, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x8004) 619.964201ms ago: executing program 0 (id=219): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast1, 0x8001, 0x1, 0x2, 0xc, 0x6b, 0x8}, 0x20) getpid() (async) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) open(&(0x7f00000001c0)='./file0/file0\x00', 0x2, 0x0) (async) r3 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x2, 0x0) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@typedef={0x2}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x28}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x11, &(0x7f0000000300)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x16}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4}, @tail_call, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ringbuf_query, @jmp={0x5, 0x1, 0xd, 0x6, 0xce5d665531ee187b, 0xc, 0x4}, @cb_func={0x18, 0x2, 0x4, 0x0, 0xfffffffffffffffb}], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0xb, r4, 0x8, 0x0, 0xfffffffffffffe21, 0x14}, 0x94) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x11, &(0x7f0000000300)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x16}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4}, @tail_call, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ringbuf_query, @jmp={0x5, 0x1, 0xd, 0x6, 0xce5d665531ee187b, 0xc, 0x4}, @cb_func={0x18, 0x2, 0x4, 0x0, 0xfffffffffffffffb}], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0xb, r4, 0x8, 0x0, 0xfffffffffffffe21, 0x14}, 0x94) read$FUSE(r3, 0x0, 0x5e) (async) read$FUSE(r3, 0x0, 0x5e) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r3, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="400000000614010025bd7000ffdbdf25080001000200000008000100c3c7e86508000100000000000800010001000000080001000200000008000100fbffffff4b077569093115320ef7b78f04c054c0dd0e7820d86721dc70fe19ba44e3ccecdbe157bb7296b1b51e78f3004332480b4135de256ec9b08b425b7d32a31c42938415f5e7a57c00b9665e69787ce7bffdc2e524729c84df1b81b6bd67b9f8b64be98ed7d940f8626093351e6658007a4a7ce27161a2aab6c3c90d5b72d1fa73aabe357e51aec0c32b9b0d6b3155e931c030cf1d7ee7a9"], 0x40}, 0x1, 0x0, 0x0, 0x4000800}, 0x40) setns(r2, 0x24020000) r5 = syz_clone(0x1b200000, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x2, 0x600aa}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0x2}]}}}]}, 0x40}}, 0x24008040) r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r7, 0x0, 0x0) syz_usb_control_io$hid(r7, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00220f000000543ac1b193"], 0x0}, 0x0) (async) syz_usb_control_io$hid(r7, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00220f000000543ac1b193"], 0x0}, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r8}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6) (async) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6) r9 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r10) sendmsg$ETHTOOL_MSG_FEATURES_SET(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)={0x70, r11, 0x1, 0x70bd27, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x50, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x3e, 0x5, "72cf8d21dac54aee74afc5e0e04a7ba873c91683ca750b600de789012385b4fdc02bf9f0b3a2379730cbe33d417fab50523b680980e62984ce1d"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xe8}]}, @ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x70}}, 0x804) (async) sendmsg$ETHTOOL_MSG_FEATURES_SET(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)={0x70, r11, 0x1, 0x70bd27, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x50, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x3e, 0x5, "72cf8d21dac54aee74afc5e0e04a7ba873c91683ca750b600de789012385b4fdc02bf9f0b3a2379730cbe33d417fab50523b680980e62984ce1d"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xe8}]}, @ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x70}}, 0x804) ioctl$HIDIOCSREPORT(r9, 0x400c4808, &(0x7f0000000080)={0x2, 0x100, 0x20a6}) sendmsg$NL802154_CMD_DEL_SEC_DEV(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000600)={0x98, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0202}}}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc}}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0102}}}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0102}}}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc}}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0302}}}]}, 0x98}, 0x1, 0x0, 0x0, 0x800}, 0x20008080) r12 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8b30, &(0x7f0000000200)={'wlan1\x00'}) get_robust_list(r5, &(0x7f0000000500)=&(0x7f00000004c0)={&(0x7f0000000440)={&(0x7f0000000400)}}, &(0x7f0000000540)=0x18) (async) get_robust_list(r5, &(0x7f0000000500)=&(0x7f00000004c0)={&(0x7f0000000440)={&(0x7f0000000400)}}, &(0x7f0000000540)=0x18) 498.515553ms ago: executing program 2 (id=220): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000080)={'wg2\x00', {0x2, 0x4e22, @multicast2}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) syz_emit_ethernet(0x32, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e43f6642531e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x2, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x1, 0x1, 0x2, 0x0, @val=0x80}}}}}}}, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x50, r0, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY={0x2c, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}, @NL80211_KEY_SEQ={0x4}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x800) 439.724441ms ago: executing program 2 (id=223): r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000005c0)="1c681411f7a496c0dacc6a3c24465b016f64b4c00b5f7c691cb24cb8000000001a0000200000000000201500", 0x0, 0x48) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000400000/0xc00000)=nil, 0xc00000}) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) (async) userfaultfd(0x1) (async) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) (async) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000005c0)="1c681411f7a496c0dacc6a3c24465b016f64b4c00b5f7c691cb24cb8000000001a0000200000000000201500", 0x0, 0x48) (async) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000400000/0xc00000)=nil, 0xc00000}) (async) 370.501512ms ago: executing program 3 (id=224): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000b00)={0xb, {{0xa, 0x0, 0x0, @mcast2, 0x5}}, 0x0, 0x1, [{{0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x34}}}]}, 0x110) r1 = socket(0x1, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f670600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1b172191d359645fae2d074ea5724ab77ea04fe507938b1213cdd4a92860e59808689382734d24b3123dd40c6d612c8a19948cd257748b1e7324adddbe61d51013f7d6b313c6df7b7b29678d70fc94dcc3e99e2472e78968ed94e7a54988656e8fff6b1d9b9993c71edd5cc10a2bea8d94d751b77fa7c48c712af35a9ffe670e8fa451942f48741119496bc30137e1202aed6bb5cd5c2d0256d049e4a335e2ea5545e5624be2391c37c0a2ae3bbb5b58778b85424bcdb84358359b2cb2782fc0e82f17b12d641ce6a72ab0ac794f878140897703bebe4420115d26675f27598841965fa91088252"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYRES32=r2, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r1}, 0x20) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000500)=""/65, 0x41}], 0x1}}], 0x2, 0x0, 0x0) r4 = socket(0x1, 0x3, 0x0) sendmmsg$unix(r4, &(0x7f0000000c80)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r5, 0x107, 0x18, 0x0, &(0x7f0000000080)) syz_emit_ethernet(0x12be, &(0x7f0000000c40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "011c4e", 0x1288, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x1, {0x1, 0x6, "0ad258", 0x9, 0x20, 0xff, @loopback, @dev={0xfe, 0x80, '\x00', 0x1a}, [@dstopts={0x84, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x1}, @pad1]}, @dstopts={0xc, 0x3b, '\x00', [@pad1, @ra={0x5, 0x2, 0x5}, @calipso={0x7, 0x28, {0x1, 0x8, 0xfe, 0x4, [0x196c, 0xa, 0x5, 0x101]}}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @generic={0x8, 0x95, "758e6b8506f2125507cecd7eb1bf71e83965b7692bc564d625f0187087bf942cb29ad20bc80a508a2034a53cc162140daf22c1c10eec715d2529ff302e4033108d16a9531721345249d404a5894848e1f7f427b8d05d4fcb50dfb46391c23bd1bf6257ef4e6eae72f85be8b56e61d2acd4458ddf9ff57ed4ef2e8a4480e6d4cd9127690c171a52ae8a65ba7e6d372ebe2bfb4275c5"}, @jumbo, @generic={0x2, 0xee, "03a351e134ce4e803c482fed684094a63f4267de17648e3c709b918d87e572e2fd6e216250032acd00fda73905124f2b88c6e6aa3c5bc544dcc22d8e63d895bc07e0cbcc4a6b3a08798d06ece7d1748ad8bbe9b9edd799e250f18f8e119f33712d20ca65c44e2e9b909cad56bbfd0ee7dabfea5280b3ea1257619f99e61478ee3ea6f3d7734aaba50d9688a46eb79691f9da653191c2f1cddf4a8dfc3d5244946e7672b033f0efcf43c4cba55e3c0f8ae913eeb4d92f3f5677e20b39060d253b701078d12f62e41b0f3a6f401e2e6a6ef8830d6910b412b3579f49ae1a4a89ddde682bb20464797d0f02e58bc233"}, @jumbo={0xc2, 0x4, 0xffffffc0}, @ra={0x5, 0x2, 0x2}]}, @fragment={0x2f, 0x0, 0x1, 0x0, 0x0, 0x3, 0x64}, @routing={0x0, 0xa, 0x1, 0xf, 0x0, [@empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private1, @remote, @private1={0xfc, 0x1, '\x00', 0x1}]}], "fd9715fe30d77b6c37f8673e86b38f4ad68648d71cc483a2382f3896ce669543ac49908fdd367e27145c79d721efd6768e59caba7644e1fc75db9bb735a99fae51cdc0a5a6879436192509287cb0819a638ddbde0c4648a4d993d5d32a13e4e57f4e39e97c8b0f527d14e79161279fbf96d3d89f676f8fa33fc6e779f4b29ef56e1ae0c72f370e24f594cbabee468af3da3b3d350587d43480c22ed54be10540034c18ba9bd546599461acc228f9ab9e9f771824628aa37c3f3126bfd2c162c6325ba0cdd4d44f33f49c2d0828582946916eb6aea83b0fc4eb9a052a6afc06a2934491c98d26af7363f31a0a4ba31b39de3b4face0fa146d452cd96862b601f0c643c7fc0451db15cae377f258845c759fc3ec855c8c81ac3253e7b84875b6339bb8bb16259c00ccd22597782b74a5d7ab8a61f51d19a719b8a2e35f4904ec4597f0aacde44344dfa4aee1ae0660316695fc0a1c6beb635763a888e1be38b761662fd7461814bfd6aac67ba648b5ec9fce393c11825fdb00e20c2586c4d354bf8afc9826cd03002b509681e587dc8c5ddfc19b94b1428e70c38e7bdf23dc8431e6b1af88e0ab956abc2431e66bdddbdfa635dedaac68b591e6919eff06bc6822114faa081331cd6747e49062ce5caa76b4e635d00d2b4b323e2da23a2d63c939bf629d1992c34b49332cb93395d8f589affd5446db417d4fbc110d6594288184659040b4265d091753d0ef0db47f9546705fc5527733a0eefa8a2ad827785dfacefea0d7b56c148aee20eb255c921aab57b6d2e96ab04a84850ac3674ed8734131da966bdb001a540c4b370938d0be18f2414670444090bb1f68483a0f398a2ffeaafa3af3e6579b4fcae60f954e838ee7af06f30a9cb6f705e35d490dddf999e95fc819470186f05d5ce347769b49e31954b70e6baf007507ec4db78f278bde2ba066421b4678a895cdb7f78fa477e7bec190bbce294f6ffd91f75bfa4fc25b2edf1e5a65bbbb32a5ce220026a67cfff5e9ee1278a3d50d2e2f5d84156d52199195ad65071c4f41c60ad99180b857a375fd98a2a167f8cb0c620105149b19f9d5c8b7f01c229a12b169d3355f40c621fc7db4a23ecada4949798fc2ce1746c7a2112d9a27c766948b2892533050beee6885ad4813c4310024f34b56226235adefe98060101a24ad77a0150f0a6a12517c81877666ef6e5f80e6b39abf3ac0845cb93d4ac11f555b9f975aa1bf6cae29f2ea3056c7759289ef37832e854b821e46a2c52b8f0b68881c9d5c88bdb3b4a5244a54e632ef1a3e9241bb2c4c62e1e1d3c3229b52b08ea424e89a5417c08d20db35bdd12d7f9edb501eae762f4705de169508a9cf8efffa3578384010e7ef91946af0a1b941bc9e3ecb55e7d37b6606fc8e10bc1678cf26a4b015e561a2ca32da2d295fa7968c13d041e9fc6e05e93d542485784e37d1b4f03d496de2ef7bbf2eb3a26358d1b381a34f68d9f2c762d770a786c8d40c31212dd9dc5d1f798efaaed7e13ac572f9a5c22d62c0b7f9897e51069f400c5f0e652cde27e12e17ebe5ab442f5ba18e6ae1be8506a9378cef77e1bc35aed46f06c23070f3681a558031e3220cb47e620e50e5c96f82191c677d2893c2e5c3dcff81aada5cdfc19ff7d9d5198c30dcda90ed93e004aa6030f4e67fbab52fe74d43278aca4af4fd0a7bd3221a3466dbe26bae0c6c23aa8da2f08ccad56fb1b8841aeda5372e43c5b3d5ed8d1d881345868604dd92c1451d0980d8f05d8338a2403119fa2112cb831d5e7f5bb39c7c6b17eed712f167a40dec80f5d3416f45a61f3e22e0873979a1e5eca8fee5df53a29da6cf46e79944bda54ba99f4d0e081f1404584fc64f8e806ec758c15fb9fe6ba91a60518b5ef1ca729220905c3de85615b4c0b09bbee3780e9dff7be9a840a7042b1ac82ee33c7c4810c1ad62344c7d3ca01b4a91bb65e9feadebf5965f7378aeb84f3bbf32c27f601c224210bc337be5f69978781ca0d2d80bd003d5dcd6a9f4dc2475f5317e41f64de6c255799c4a0087088ea8ef0f157282716707311b1f55adc40e3d65092fbe8ed78d6065f686313d0a45670de2163ccce376fb2c37264a0e09242865b38f47d21b8f5349181ead0fa3a1391b7ff8d2aea4224544b627bd7ec45ab64e5e2d65ff32437d4fee2cf9bb12c0ad467f659b0c5b2b90139dc444fa8f408ffe69c0a7c4033d068eafe2a197dc477e27a92bac36e01390eec84adbb24223a4ae2309e674c3e7d21bd0763bd0be106671bf9395a46d4dbabbe47fe32884029a982de8624bf2230162f67778b91b58119bc62cf7083e7550c68d1e30bd436ab26bad2c4cd61e927b5f337faad0e629181d513b0e5bcafa234b82a6758bb9c7da38d49a5c565cd6a215e835b85909029cd75f962ddbf82bf2b11b2bb4e2458d9452279b04ea642d9db6058b2617dd3402a57f5eafef72fa9914e458948123d4b5e927fe7eb9f47639e0ef1325ccb8e4810826538620a7341c8326f2ae9ba383a6e47cb0edb82e5fd7752b046ae5088fa5ab4b69a938224c77e42ad198a8c87fe357d3225627d7319a42cb22df32a0c66fd2c31c96945121c619d43668a6756f09c445b3ac84273d97c891087cf5ad64367031406866cf76834f87e76512e3af780b7eac148a78aebdff6203be05090c3b133a12d50a4ad7035504941e470002f155596b77a1a78b8459e5a122890d09ba41eb1bf3a5987e4c79cbdd990a2171870ae8c3ce2eeb26370ca2985a353b5486beb1e2375bd2457fe2bded60d22137e6d854a7a6ef895b5f3e2f57cbcf2cd749f93c2648f0dffb8d102eb44476539d66c425e07bd23183b7cd90c94f2df99bf155bcff094ebcca530f8ae4ef4a41ae1500491da06de2fdaeb9cd267ab6294b73b5faee325e203691f39580b22ff446f5aeda0af781c682b26e6a5c0fa3ee308dc56e10ee399ed25dd2681630e957c92b23620aeeb224a46adf3881450b48af8a89bc176251a66d814eef4e87415064b2959d973f9aa94dc5727c81a377d290f5f77019b870b509c15ac3a7fe4d46980aa4d4e1d6d9485166b337a52cfa8f7e2a9b8105a257b5377a4ca3c05464acb2b8dd4bd290b78c6b9a1df006ad581b88e2479e7d683b7ba5e21c8c86c1de38d5edb3a7132d297fd3a8765a35a77b2b33d3ac044cb0e565d921ec5c60150f3adf42f62689fc67835b5ac090d9842b9f6cbab800333c46cc55cf3a73055408f4d4d3c5f0185666255fe03c44423ef84cdd85759677f99998d4afc9e48208c044be9e9b50fed9978bbdec967fbb988f63f6ec750d8af96a7b609796c6ffdd3277a31ab4c3edcae3b0d7b34de58ee2e9ced8d15276e92b96e6402890d2e61de88fee940639aad091b07ee2ac525a3490d0f510fefe47d062e62131f04414296cf7b5e8c91ac64090a2504b8c7da3d99e13b66bcec16a7528fa0f6b3ae99f4ca2699943704f2d8ac9944cff0b551fb602c9e222ea1eb338602d10ba210455189007939461f3b308e0e938a545204a8bcaeb74e927c57c1e77018229ac0a787da77e1d892c177bed5770e932068e7fe92319f4212e121a2f94e5cfd4259e2ae3a69c2776a27cce61286c046272d2cd3b905d7a9285a7277429aca4419d29a515603033b5d91d3c6682f4f813df20b05235978db8dac199efb89219ce1b4bc332ec2ccaba1255895c2bed322d2760162cd6cd69f9d6b4cd3c87ae03e63d32d5d82397e4d81a6f17560d9495f9f6b74c9d473403a38ef56c08f1c74272782d048928d6c6a4ea08f6c896e4998f9c4c53b8189c847a57da0800de630022b3a2ae8c30673fd9cdd9af1c99cc65eea3bc2fab9451f4220087b17e3036169aef5adc6006667b77c0815e4ee2adf38336a2a8cdeb21fd8b057aac23bee9aa9368ec1e97d262f519bd089c5666c96736605237720d26a9b80a31b9d2a28feb36d6c7e2e396d5d1d26d01a2d1bbff7fedc52b4b82ff2f7f6e141fe509ddcd4f21eef893ac73654a2d3998d551f3fd541b9bd3d121409303dfb925cd21cc5b15e56f3f35bf8c15da84de63be017313ecd95ff4cfeed158e783bb4591cf2981bd6da02db41e21aaa12eeaef0a3361e68e3f2b8070cd25001d596f9268b0efe2435ede78c00ce105d29ef48dce0393aeb3d8f133c694ed1ec33bb274026043f67b30569b2a852fbcb6383e45a4ecb0b5164d084285975a09389150b6044603d9f5f6c18ad9183a82e6fb5baa58432faf19c3ec4a8f6c31fb767a760851c03403dfe4c74bcc14c4a00ac7a5cbbb3cc50f3437110cc6bdab88cdc3da287ec4507634a21fff9ed9dca669190837bb8367ee8ff78bf57de4ac79f8bbf0213a02ffccbaa1f11a44dc8a92c3e162c728c5f31673944138845d97e84f72f3b6b64d52762601261350799f5d1c2ff735132592b68e1c73ee2959d981360896f99253e643e8127789d8768bf9cf89ff89a7b93c2ee32f3f6e68457b9c3d26d6126334e006272b69d095d0fe58b6f777abf9eaa5e7f5237e8ecbf6a46fbdad608e7c8796ac7dcf24b565b3c1b7d9d5903bd12e4e7624a3906cc8015398b58dec0c812b9ab49c547fdd1ba82f3ee25301670d12da98d3ebad0d27204c3d2674f0c7b2490a712191f1f1d4b743f7a061836cd0e7a5ce937b311a03e4b0481b62a1adcc99a0c631e8dabf98f625ea619a9d89451791b565d75e4eab322bd0c869a1bab6ecba7e897f516856844b28f1b93c4e6f1cb0f34ff04399e82ffe871dc85b0eebe6af9ea9dc815fd056c08d010c7b900c1d16baac86545d865e9f49162761b008b5b57dec64e356d2c02eaa53a30a38ca4e536630ad3dc30bd7a50b68e4a9e49384878b4fd127d31adcabc5ca77bfab6357313422c3ff3af1d6640238701d45cdc546bacd6562b44e570b7ef39c101e8fef9b8286dcc3f3a4370ca83b941b220bfbaf0ce3c5d1458ae9abf5c7a07df73fe31128f3c7d4f0ab40a94c9851e56a18fdf41ef7b2636e1a09261fdb1b01bfcb46f7be4a12c5b885c1d6063252d686cd14de20feea175ba033a0678159a7469a7d4fb7133a2b5f56f3005e7cb151a1cf49f186ab26613766e5b511cc2313f9fde59cd44276c9e1d48880c1a367c18d0fa4208fd8163c10aeadd0084fc394164bb1f5e4d5bae8471d7bde8d51db35f9545d944a5ccc86f236630409621f5e1d336fa44475785a613b7f39276644c5443bca1b0d0821c882a0966968eccaabd1aa879afb20900aab31b2c5fa38be2e76f8b6ce583648d750b4913481312fa6306a5f7bd5d640548c0d28d941878995a37176328394fe669c6a3031db323a1ec2dc4729923b2333398a0686e91c9db2e12c20e939545d986ac0a99960430ffcde55bde5ea4175412e64be78e4cc3ba97e4661f3758d6ec82b6b4779afdcc38da7b41c8b02c48e56df5cf3cc56f56e6528713431ec0b931746078631e2b27e195fb4aae1c57159348858b322db85bcebc6420757bd6633679e98187f202327d49275b472b30b093140f45ef6eb6bf17160b0eb7727cdb079803d43654028ee657a10e613f921ba1a31256234cc7203d9140aeeee2dc3c7e0b0e686a82be1a2933460ebbd6bfe4bbbb1b19e1e873148d997b75a2544d7a1f0da02f13fc607b34e3a940f707adf8aa55eae53da4aa893e0aee51fdd6839ba96274c3cd22ce591c260f2c4dd6231d2c271740f3b99bfdb1fb24764d2786463f74e1635cc5060db4815395e550bfd5498894025abd2d06054caa49c78b24fa42a8f866f3c6b80dd5a396ee1e479"}}}}}}}, 0x0) 337.673083ms ago: executing program 3 (id=225): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x64000600) sendmsg$NFT_BATCH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCXONC(r2, 0x4b45, 0x3) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={{0x14, 0x10, 0x9000, 0x6, 0x0, {0xa}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x605, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x14}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x6c}}, 0x0) 138.869188ms ago: executing program 3 (id=226): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x22, &(0x7f0000001680)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7f}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr', 0x3) sendmmsg$inet6(r0, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1}, 0x1802}], 0x1, 0x20080058) 138.486688ms ago: executing program 3 (id=227): r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002cbd7010fddbdf2505000000080009000200000008000c00a80a0000060001000500000008000b0092aa3925"], 0x34}}, 0x20000034) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'sit0\x00', 0x1}, 0x18) 56.115225ms ago: executing program 3 (id=228): r0 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000040)={0x80000000, 0x0, &(0x7f0000000140)=[{}, {{}, {0x80000000}}]}) sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4080022}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x84, 0x1, 0x7, 0x3, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x8}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x2878}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x31}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x3}, @NFACCT_FILTER={0x14, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x5}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x7}]}, 0x84}, 0x1, 0x0, 0x0, 0x50}, 0x20004011) (async, rerun: 64) ioctl$MEDIA_IOC_ENUM_ENTITIES(r0, 0xc1007c01, &(0x7f0000001380)={r1}) (async, rerun: 64) r2 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8982, &(0x7f0000000080)={0x6, 'veth0_to_batadv\x00', {0x9}, 0x8}) 55.103888ms ago: executing program 3 (id=229): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000d11000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0xc, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4048aecb, &(0x7f0000001440)={{0x0, 0x0, 0xfffffffffffffce4, {0x25000}}, '\x00', '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'}) 1.083926ms ago: executing program 0 (id=230): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x403, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}, @IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5, 0x18, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x840}, 0x0) 0s ago: executing program 1 (id=231): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="38000000100001002bbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000080008ffffffff001280090001"], 0x38}}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r1) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x200a4800) recvmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4135, 0x1027}], 0x1}, 0x42) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098"], 0xfc}}, 0x0) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffffffffffffba, &(0x7f0000000080)=[{&(0x7f0000000500)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00b17d10cc40a88848b96648e582006e9644fb02faf23884372d474d8235b094550aff7f", 0x33fe0}], 0x1}, 0x8000) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000680)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fbdbdf251a00000004002e8008000300", @ANYRES32=r5, @ANYBLOB='4\x00.'], 0x6c}, 0x1, 0x0, 0x0, 0x20040040}, 0x20040) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x1e3002, 0x0) r7 = dup(r6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r7, 0x0) ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x4000, 0x80600}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setrlimit(0x2, &(0x7f0000000040)={0x4, 0x23ffffd}) r8 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x4052, r8, 0x0) r9 = syz_open_dev$cec(&(0x7f0000001080), 0x0, 0x0) ioctl$CEC_RECEIVE(r9, 0xc0386106, &(0x7f0000000580)={0xd52, 0x8000, 0x1000006, 0x8000004, 0x1fc, 0x7, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00', 0x5c, 0x3, 0x1, 0x4, 0x9c, 0xff, 0x6}) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:33868' (ED25519) to the list of known hosts. [ 55.207813][ T40] audit: type=1400 audit(1767482418.341:62): avc: denied { name_bind } for pid=5915 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 55.245211][ T40] audit: type=1400 audit(1767482418.381:63): avc: denied { execute } for pid=5916 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 55.253394][ T40] audit: type=1400 audit(1767482418.381:64): avc: denied { execute_no_trans } for pid=5916 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 57.401997][ T40] audit: type=1400 audit(1767482420.531:65): avc: denied { mounton } for pid=5916 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 57.412948][ T40] audit: type=1400 audit(1767482420.541:66): avc: denied { mount } for pid=5916 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 57.415637][ T5916] cgroup: Unknown subsys name 'net' [ 57.609834][ T5916] cgroup: Unknown subsys name 'cpuset' [ 57.616235][ T5916] cgroup: Unknown subsys name 'rlimit' [ 57.840129][ T5927] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 58.552050][ T5916] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 61.919726][ T40] kauditd_printk_skb: 15 callbacks suppressed [ 61.919737][ T40] audit: type=1400 audit(1767482425.051:82): avc: denied { execmem } for pid=5933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 62.146584][ T40] audit: type=1400 audit(1767482425.281:83): avc: denied { create } for pid=5937 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.160597][ T40] audit: type=1400 audit(1767482425.281:84): avc: denied { read write } for pid=5937 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 62.168261][ T40] audit: type=1400 audit(1767482425.281:85): avc: denied { open } for pid=5937 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 62.175391][ T40] audit: type=1400 audit(1767482425.291:86): avc: denied { ioctl } for pid=5937 comm="syz-executor" path="socket:[5906]" dev="sockfs" ino=5906 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.185311][ T5943] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.189537][ T5943] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.192084][ T5943] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.195526][ T5948] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.199198][ T5948] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.201598][ T5948] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.202508][ T5950] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.204259][ T5948] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.208193][ T5950] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.210863][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.212902][ T5948] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.213358][ T5950] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.214845][ T5950] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.216013][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.216345][ T5947] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.216984][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.217672][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.225635][ T5947] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.232529][ T5291] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.237952][ T40] audit: type=1400 audit(1767482425.371:87): avc: denied { read } for pid=5937 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 62.239817][ T5291] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.241422][ T40] audit: type=1400 audit(1767482425.371:88): avc: denied { read } for pid=5949 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 62.267590][ T40] audit: type=1400 audit(1767482425.371:89): avc: denied { open } for pid=5949 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 62.275087][ T40] audit: type=1400 audit(1767482425.371:90): avc: denied { mounton } for pid=5949 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 62.491643][ T40] audit: type=1400 audit(1767482425.621:91): avc: denied { module_request } for pid=5949 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 62.549562][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 62.591006][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 62.715837][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.720285][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.723466][ T5944] bridge_slave_0: entered allmulticast mode [ 62.727654][ T5944] bridge_slave_0: entered promiscuous mode [ 62.735579][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.738353][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.741687][ T5944] bridge_slave_1: entered allmulticast mode [ 62.746140][ T5944] bridge_slave_1: entered promiscuous mode [ 62.751039][ T5937] chnl_net:caif_netlink_parms(): no params data found [ 62.764341][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.767400][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.770532][ T5949] bridge_slave_0: entered allmulticast mode [ 62.773866][ T5949] bridge_slave_0: entered promiscuous mode [ 62.778011][ T5938] chnl_net:caif_netlink_parms(): no params data found [ 62.811427][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.813905][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.817175][ T5949] bridge_slave_1: entered allmulticast mode [ 62.821523][ T5949] bridge_slave_1: entered promiscuous mode [ 62.875799][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.891379][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.901026][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.906605][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.981799][ T5949] team0: Port device team_slave_0 added [ 63.001000][ T5944] team0: Port device team_slave_0 added [ 63.005308][ T5949] team0: Port device team_slave_1 added [ 63.022033][ T5944] team0: Port device team_slave_1 added [ 63.024604][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.027045][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.029406][ T5938] bridge_slave_0: entered allmulticast mode [ 63.032919][ T5938] bridge_slave_0: entered promiscuous mode [ 63.046655][ T5937] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.048844][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.050895][ T5937] bridge_slave_0: entered allmulticast mode [ 63.053367][ T5937] bridge_slave_0: entered promiscuous mode [ 63.063773][ T5937] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.067657][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.070285][ T5937] bridge_slave_1: entered allmulticast mode [ 63.072799][ T5937] bridge_slave_1: entered promiscuous mode [ 63.075782][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.078308][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.080406][ T5938] bridge_slave_1: entered allmulticast mode [ 63.083467][ T5938] bridge_slave_1: entered promiscuous mode [ 63.113349][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.116054][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.125488][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.137483][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.140874][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.150144][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.154463][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.157189][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.166757][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.179972][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.182886][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.192483][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.214514][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.221358][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.230538][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.258877][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.276896][ T5937] team0: Port device team_slave_0 added [ 63.304893][ T5938] team0: Port device team_slave_0 added [ 63.309676][ T5937] team0: Port device team_slave_1 added [ 63.331281][ T5938] team0: Port device team_slave_1 added [ 63.365819][ T5949] hsr_slave_0: entered promiscuous mode [ 63.369413][ T5949] hsr_slave_1: entered promiscuous mode [ 63.377382][ T5944] hsr_slave_0: entered promiscuous mode [ 63.380402][ T5944] hsr_slave_1: entered promiscuous mode [ 63.383271][ T5944] debugfs: 'hsr0' already exists in 'hsr' [ 63.385956][ T5944] Cannot create hsr debugfs directory [ 63.395571][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.398193][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.407581][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.412501][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.415114][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.423199][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.428427][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.430590][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.439009][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.443323][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.446013][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.454815][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.578670][ T5938] hsr_slave_0: entered promiscuous mode [ 63.581133][ T5938] hsr_slave_1: entered promiscuous mode [ 63.583787][ T5938] debugfs: 'hsr0' already exists in 'hsr' [ 63.586345][ T5938] Cannot create hsr debugfs directory [ 63.619684][ T5937] hsr_slave_0: entered promiscuous mode [ 63.622724][ T5937] hsr_slave_1: entered promiscuous mode [ 63.626075][ T5937] debugfs: 'hsr0' already exists in 'hsr' [ 63.628032][ T5937] Cannot create hsr debugfs directory [ 63.838404][ T5949] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.861428][ T5949] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.871575][ T5949] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.879958][ T5949] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.934110][ T5944] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.941065][ T5944] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.956186][ T5944] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.963495][ T5944] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 64.017337][ T5938] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 64.026025][ T5938] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 64.032471][ T5938] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 64.038709][ T5938] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 64.100687][ T5937] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.108338][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.114128][ T5937] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.121933][ T5937] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.128165][ T5937] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.178554][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.197709][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.207650][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.210151][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.229223][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.232109][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.246609][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.261476][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.263954][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.272511][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.275093][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.278670][ T65] Bluetooth: hci3: command tx timeout [ 64.278674][ T5291] Bluetooth: hci1: command tx timeout [ 64.285738][ T5291] Bluetooth: hci0: command tx timeout [ 64.286055][ T65] Bluetooth: hci2: command tx timeout [ 64.329633][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.378939][ T5938] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.397909][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.400217][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.405374][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.408092][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.415715][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.440862][ T5937] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.451653][ T1156] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.454564][ T1156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.473643][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.476854][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.514140][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.543641][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.582533][ T5944] veth0_vlan: entered promiscuous mode [ 64.607571][ T5944] veth1_vlan: entered promiscuous mode [ 64.617572][ T5949] veth0_vlan: entered promiscuous mode [ 64.630021][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.636886][ T5949] veth1_vlan: entered promiscuous mode [ 64.681468][ T5949] veth0_macvtap: entered promiscuous mode [ 64.684510][ T5944] veth0_macvtap: entered promiscuous mode [ 64.703948][ T5949] veth1_macvtap: entered promiscuous mode [ 64.718827][ T5944] veth1_macvtap: entered promiscuous mode [ 64.722571][ T5938] veth0_vlan: entered promiscuous mode [ 64.738892][ T5938] veth1_vlan: entered promiscuous mode [ 64.751644][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.764619][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.772214][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.779979][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.789982][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.800625][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.808227][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.817255][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.826945][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.830817][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.839088][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.843170][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.856797][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.871000][ T5938] veth0_macvtap: entered promiscuous mode [ 64.890462][ T5938] veth1_macvtap: entered promiscuous mode [ 64.916621][ T5937] veth0_vlan: entered promiscuous mode [ 64.941709][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.943556][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.946691][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.965939][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.972042][ T5937] veth1_vlan: entered promiscuous mode [ 64.990714][ T1263] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.006011][ T1263] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.010172][ T1263] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.030518][ T1263] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.034110][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.037409][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.058603][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.061987][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.077770][ T1263] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.080895][ T1263] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.098471][ T5937] veth0_macvtap: entered promiscuous mode [ 65.112787][ T5937] veth1_macvtap: entered promiscuous mode [ 65.142319][ T5944] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.146928][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.157936][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.201373][ T6027] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4'. [ 65.209135][ T6027] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4'. [ 65.214368][ T1221] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.219197][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.219422][ T6030] 9p: Unknown uid 00000000004294967295 [ 65.221325][ T1221] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.240678][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.245385][ T6030] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 65.257262][ T1263] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.265979][ T1263] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.269301][ T1263] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.273631][ T1263] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.332817][ T6034] warning: `syz.1.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 65.339407][ T6034] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2'. [ 65.341790][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.351872][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.391515][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.394331][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.477864][ T6038] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 65.490931][ T6038] erspan1: entered promiscuous mode [ 65.540357][ T6040] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5'. [ 65.550429][ T6040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5'. [ 65.553423][ T6040] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5'. [ 65.559734][ T6040] netlink: 'syz.1.5': attribute type 13 has an invalid length. [ 65.744841][ T6023] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 65.796537][ T6042] /dev/sr0: Can't open blockdev [ 65.898667][ T6023] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 65.901487][ T6023] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 65.904604][ T6023] usb 5-1: config 0 interface 0 has no altsetting 0 [ 65.909089][ T6023] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 65.911919][ T6023] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 65.914479][ T6023] usb 5-1: Product: syz [ 65.916670][ T6023] usb 5-1: Manufacturer: syz [ 65.918628][ T6023] usb 5-1: SerialNumber: syz [ 65.922776][ T6023] usb 5-1: config 0 descriptor?? [ 65.927171][ T6023] hub 5-1:0.0: bad descriptor, ignoring hub [ 65.929483][ T6023] hub 5-1:0.0: probe with driver hub failed with error -5 [ 65.934451][ T6023] usb 5-1: selecting invalid altsetting 0 [ 66.130415][ T75] libceph: connect (1)[c::]:6789 error -101 [ 66.132702][ T75] libceph: mon0 (1)[c::]:6789 connect error [ 66.170887][ T6051] ceph: No mds server is up or the cluster is laggy [ 66.247021][ T5992] usb 5-1: USB disconnect, device number 2 [ 66.249502][ T6057] netlink: 'syz.2.8': attribute type 10 has an invalid length. [ 66.259828][ T6057] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 66.355428][ T65] Bluetooth: hci0: command tx timeout [ 66.355506][ T5291] Bluetooth: hci1: command tx timeout [ 66.364813][ T65] Bluetooth: hci3: command tx timeout [ 66.366822][ T5291] Bluetooth: hci2: command tx timeout [ 66.549409][ T6071] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12'. [ 66.552306][ T6071] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12'. [ 66.555300][ T6071] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12'. [ 66.564610][ T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 66.569711][ T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 66.575390][ T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 66.576834][ T6074] FAULT_INJECTION: forcing a failure. [ 66.576834][ T6074] name failslab, interval 1, probability 0, space 0, times 1 [ 66.578275][ T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 66.583160][ T6074] CPU: 2 UID: 0 PID: 6074 Comm: syz.2.11 Not tainted syzkaller #0 PREEMPT(full) [ 66.583177][ T6074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.583188][ T6074] Call Trace: [ 66.583194][ T6074] [ 66.583199][ T6074] dump_stack_lvl+0x16c/0x1f0 [ 66.583229][ T6074] should_fail_ex+0x512/0x640 [ 66.583249][ T6074] ? kmem_cache_alloc_noprof+0x62/0x770 [ 66.583263][ T6074] should_failslab+0xc2/0x120 [ 66.583278][ T6074] kmem_cache_alloc_noprof+0x83/0x770 [ 66.583289][ T6074] ? __anon_vma_prepare+0x344/0x5e0 [ 66.583309][ T6074] ? __anon_vma_prepare+0x344/0x5e0 [ 66.583325][ T6074] __anon_vma_prepare+0x344/0x5e0 [ 66.583341][ T6074] ? __pfx___pte_alloc+0x10/0x10 [ 66.583356][ T6074] __vmf_anon_prepare+0x11c/0x240 [ 66.583371][ T6074] do_anonymous_page+0x59b/0x2190 [ 66.583388][ T6074] ? do_raw_spin_unlock+0x172/0x230 [ 66.583405][ T6074] ? __pmd_alloc+0x6aa/0x9c0 [ 66.583420][ T6074] __handle_mm_fault+0x1ecf/0x2bb0 [ 66.583441][ T6074] ? __pfx___handle_mm_fault+0x10/0x10 [ 66.583468][ T6074] handle_mm_fault+0x3fe/0xad0 [ 66.583487][ T6074] __get_user_pages+0x54e/0x3590 [ 66.583507][ T6074] ? __pfx___get_user_pages+0x10/0x10 [ 66.583525][ T6074] get_user_pages_remote+0x243/0xab0 [ 66.583542][ T6074] ? __pfx_get_user_pages_remote+0x10/0x10 [ 66.583555][ T6074] ? selinux_vm_enough_memory+0x129/0x190 [ 66.583577][ T6074] get_arg_page+0xf4/0x310 [ 66.583591][ T6074] ? __pfx_get_arg_page+0x10/0x10 [ 66.583607][ T6074] copy_string_kernel+0x182/0x520 [ 66.583623][ T6074] do_execveat_common.isra.0+0x2ed/0x610 [ 66.583640][ T6074] __x64_sys_execveat+0xda/0x120 [ 66.583655][ T6074] do_syscall_64+0xcd/0xf80 [ 66.583670][ T6074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.583682][ T6074] RIP: 0033:0x7f3db118f7c9 [ 66.583692][ T6074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.583702][ T6074] RSP: 002b:00007f3db2067038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 66.583714][ T6074] RAX: ffffffffffffffda RBX: 00007f3db13e6180 RCX: 00007f3db118f7c9 [ 66.583720][ T6074] RDX: 0000000000000000 RSI: 0000200000001400 RDI: ffffffffffffff9c [ 66.583727][ T6074] RBP: 00007f3db2067090 R08: 0000000000000000 R09: 0000000000000000 [ 66.583733][ T6074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 66.583739][ T6074] R13: 00007f3db13e6218 R14: 00007f3db13e6180 R15: 00007ffecc783f98 [ 66.583752][ T6074] [ 66.595204][ T6071] Zero length message leads to an empty skb [ 66.679092][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.705009][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.709960][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.714367][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.718652][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.722118][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.730625][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.761894][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.766021][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.770830][ T6083] netlink: 'syz.3.18': attribute type 11 has an invalid length. [ 66.785636][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.790253][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.793937][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.797476][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.801183][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.806146][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.811267][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.815635][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.818784][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.821781][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.825886][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.829554][ T6092] SELinux: policydb magic number 0x73666a does not match expected magic number 0xf97cff8c [ 66.829607][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.833238][ T6092] SELinux: failed to load policy [ 66.836880][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.841126][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.844503][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.850592][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.854579][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.858722][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.861881][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.867810][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.871092][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.874174][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.878607][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.882975][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.887575][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.890846][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.894022][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.897784][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.901476][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.904528][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.908859][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.913192][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.919120][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.923346][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.928462][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.933166][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.936358][ T40] kauditd_printk_skb: 79 callbacks suppressed [ 66.936373][ T40] audit: type=1400 audit(1767482430.071:171): avc: denied { create } for pid=6098 comm="syz.3.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 66.938019][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.941605][ T40] audit: type=1400 audit(1767482430.071:172): avc: denied { setopt } for pid=6098 comm="syz.3.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 66.949460][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.962943][ T40] audit: type=1400 audit(1767482430.091:173): avc: denied { write } for pid=6100 comm="syz.2.22" name="001" dev="devtmpfs" ino=767 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 66.994366][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.997791][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.000902][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.004813][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.008302][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.010017][ T6105] capability: warning: `syz.3.24' uses 32-bit capabilities (legacy support in use) [ 67.011371][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.018973][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.022070][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.026495][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.031898][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.037150][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.040124][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.043054][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.046152][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.049306][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.052606][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.056047][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.059009][ T6078] program syz.0.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.111693][ T40] audit: type=1400 audit(1767482430.241:174): avc: denied { map_create } for pid=6111 comm="syz.0.26" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 67.123528][ T6113] trusted_key: encrypted_key: insufficient parameters specified [ 67.135161][ T40] audit: type=1400 audit(1767482430.241:175): avc: denied { map_read map_write } for pid=6111 comm="syz.0.26" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 67.140361][ T6116] process 'syz.1.23' launched './file0' with NULL argv: empty string added [ 67.142314][ T40] audit: type=1400 audit(1767482430.251:176): avc: denied { create } for pid=6114 comm="syz.2.27" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 67.153098][ T40] audit: type=1400 audit(1767482430.271:177): avc: denied { ioctl } for pid=6114 comm="syz.2.27" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=9215 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 67.165493][ T40] audit: type=1400 audit(1767482430.271:178): avc: denied { execute } for pid=6114 comm="syz.2.27" dev="tmpfs" ino=2050 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 67.173581][ T40] audit: type=1400 audit(1767482430.271:179): avc: denied { execute_no_trans } for pid=6114 comm="syz.2.27" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=2050 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 67.189866][ T40] audit: type=1400 audit(1767482430.321:180): avc: denied { create } for pid=6119 comm="syz.2.28" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 67.287001][ T6129] netlink: 'syz.3.31': attribute type 1 has an invalid length. [ 67.292723][ T6128] faux_driver vkms: [drm] Unknown color mode 256; guessing buffer size. [ 67.299276][ T6128] ======================================================= [ 67.299276][ T6128] WARNING: The mand mount option has been deprecated and [ 67.299276][ T6128] and is ignored by this kernel. Remove the mand [ 67.299276][ T6128] option from the mount to silence this warning. [ 67.299276][ T6128] ======================================================= [ 67.346372][ T6131] netlink: 'syz.3.31': attribute type 7 has an invalid length. [ 67.349086][ T6131] netlink: 'syz.3.31': attribute type 8 has an invalid length. [ 67.355571][ T6131] team0: entered promiscuous mode [ 67.357397][ T6131] team_slave_0: entered promiscuous mode [ 67.359599][ T6131] team_slave_1: entered promiscuous mode [ 67.363454][ T6131] team0: left promiscuous mode [ 67.365326][ T6131] team_slave_0: left promiscuous mode [ 67.367359][ T6131] team_slave_1: left promiscuous mode [ 67.537679][ T6136] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 67.682164][ T6145] Bluetooth: MGMT ver 1.23 [ 67.834962][ T6151] netlink: 'syz.2.39': attribute type 4 has an invalid length. [ 67.841374][ T6151] netlink: 'syz.2.39': attribute type 4 has an invalid length. [ 68.158075][ T6165] PKCS8: Unsupported PKCS#8 version [ 68.164211][ T6165] PKCS8: Unsupported PKCS#8 version [ 68.298449][ T6176] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6176 comm=syz.1.49 [ 68.362371][ T6190] sit0: entered promiscuous mode [ 68.369906][ T6190] netlink: 'syz.1.51': attribute type 1 has an invalid length. [ 68.434935][ T5291] Bluetooth: hci2: command tx timeout [ 68.436196][ T65] Bluetooth: hci3: command tx timeout [ 68.436884][ T5950] Bluetooth: hci1: command tx timeout [ 68.437010][ T5942] Bluetooth: hci0: command tx timeout [ 68.477030][ T6204] netlink: 'syz.1.54': attribute type 1 has an invalid length. [ 68.753832][ T6216] FAULT_INJECTION: forcing a failure. [ 68.753832][ T6216] name failslab, interval 1, probability 0, space 0, times 0 [ 68.761904][ T6216] CPU: 0 UID: 0 PID: 6216 Comm: syz.3.59 Not tainted syzkaller #0 PREEMPT(full) [ 68.761933][ T6216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.761945][ T6216] Call Trace: [ 68.761953][ T6216] [ 68.761961][ T6216] dump_stack_lvl+0x16c/0x1f0 [ 68.761992][ T6216] should_fail_ex+0x512/0x640 [ 68.762032][ T6216] ? fs_reclaim_acquire+0xae/0x150 [ 68.762060][ T6216] should_failslab+0xc2/0x120 [ 68.762083][ T6216] __kmalloc_cache_noprof+0x80/0x800 [ 68.762110][ T6216] ? fuse_simple_background+0x41a/0x5f0 [ 68.762133][ T6216] ? fuse_io_alloc+0x47/0x150 [ 68.762157][ T6216] ? fuse_io_alloc+0x47/0x150 [ 68.762176][ T6216] fuse_io_alloc+0x47/0x150 [ 68.762196][ T6216] fuse_iomap_read_folio_range_async+0x707/0x950 [ 68.762224][ T6216] iomap_read_folio_iter+0x7a4/0xbb0 [ 68.762256][ T6216] ? __pfx_iomap_read_folio_iter+0x10/0x10 [ 68.762278][ T6216] ? __pfx_xa_load+0x10/0x10 [ 68.762308][ T6216] ? iomap_read_end+0x1e0/0x400 [ 68.762333][ T6216] iomap_readahead+0x34c/0xaf0 [ 68.762360][ T6216] ? __pfx_iomap_readahead+0x10/0x10 [ 68.762402][ T6216] ? rcu_is_watching+0x12/0xc0 [ 68.762419][ T6216] ? mod_memcg_lruvec_state+0x381/0x5f0 [ 68.762446][ T6216] fuse_readahead+0x1d1/0x280 [ 68.762466][ T6216] ? __pfx_fuse_readahead+0x10/0x10 [ 68.762492][ T6216] ? find_held_lock+0x2b/0x80 [ 68.762519][ T6216] ? __pfx_fuse_readahead+0x10/0x10 [ 68.762536][ T6216] read_pages+0x1c4/0xc70 [ 68.762564][ T6216] ? __folio_batch_add_and_move+0x5d0/0xc30 [ 68.762581][ T6216] ? __pfx_lru_add+0x10/0x10 [ 68.762598][ T6216] ? __pfx_read_pages+0x10/0x10 [ 68.762634][ T6216] page_cache_ra_unbounded+0x4bb/0x9e0 [ 68.762670][ T6216] page_cache_ra_order+0xbf4/0xed0 [ 68.762704][ T6216] page_cache_sync_ra+0x66b/0xbc0 [ 68.762733][ T6216] filemap_get_pages+0x6f1/0x1d10 [ 68.762805][ T6216] ? __pfx_filemap_get_pages+0x10/0x10 [ 68.762856][ T6216] ? __pfx___might_resched+0x10/0x10 [ 68.762879][ T6216] filemap_read+0x3d2/0xe40 [ 68.762894][ T6216] ? find_held_lock+0x2b/0x80 [ 68.762924][ T6216] ? __pfx_filemap_read+0x10/0x10 [ 68.762952][ T6216] ? avc_has_perm_noaudit+0x117/0x3b0 [ 68.762980][ T6216] ? fuse_get_cache_mask+0xfd/0x150 [ 68.763001][ T6216] generic_file_read_iter+0x344/0x450 [ 68.763025][ T6216] fuse_file_read_iter+0x35f/0x470 [ 68.763111][ T6216] __kernel_read+0x3f3/0xbf0 [ 68.763135][ T6216] ? __pfx___kernel_read+0x10/0x10 [ 68.763155][ T6216] ? __lock_acquire+0x436/0x2890 [ 68.763179][ T6216] ? avc_policy_seqno+0x9/0x20 [ 68.763197][ T6216] ? rw_verify_area+0xcf/0x6c0 [ 68.763215][ T6216] kernel_read+0x55/0x70 [ 68.763234][ T6216] bprm_execve+0x7fc/0x1620 [ 68.763257][ T6216] ? __pfx_bprm_execve+0x10/0x10 [ 68.763277][ T6216] ? copy_string_kernel+0x460/0x520 [ 68.763304][ T6216] do_execveat_common.isra.0+0x4a5/0x610 [ 68.763330][ T6216] __x64_sys_execveat+0xda/0x120 [ 68.763354][ T6216] do_syscall_64+0xcd/0xf80 [ 68.763378][ T6216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.763397][ T6216] RIP: 0033:0x7ff4ce58f7c9 [ 68.763413][ T6216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.763428][ T6216] RSP: 002b:00007ff4cf344038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 68.763445][ T6216] RAX: ffffffffffffffda RBX: 00007ff4ce7e6180 RCX: 00007ff4ce58f7c9 [ 68.763455][ T6216] RDX: 0000000000000000 RSI: 0000200000001400 RDI: ffffffffffffff9c [ 68.763464][ T6216] RBP: 00007ff4cf344090 R08: 0000000000000000 R09: 0000000000000000 [ 68.763474][ T6216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 68.763485][ T6216] R13: 00007ff4ce7e6218 R14: 00007ff4ce7e6180 R15: 00007ffdaad10e28 [ 68.763509][ T6216] [ 68.971871][ T62] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 68.978316][ T62] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz0] on syz0 [ 69.019277][ T6225] mmap: syz.0.64 (6225) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 69.115134][ T6231] fido_id[6231]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 69.254826][ T892] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 69.404886][ T892] usb 8-1: Using ep0 maxpacket: 32 [ 69.417895][ T892] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 69.422411][ T892] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 69.426194][ T892] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 69.430165][ T892] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 69.433096][ T892] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 69.437045][ T892] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.439554][ T6236] infiniband syz0: set active [ 69.442924][ T892] usb 8-1: config 0 descriptor?? [ 69.442978][ T6236] infiniband syz0: added bond_slave_0 [ 69.483490][ T6236] RDS/IB: syz0: added [ 69.488739][ T6236] smc: adding ib device syz0 with port count 1 [ 69.491946][ T6236] smc: ib device syz0 port 1 has no pnetid [ 69.582011][ T6240] input: syz0 as /devices/virtual/input/input5 [ 69.649072][ T892] usb 8-1: USB disconnect, device number 2 [ 70.262424][ T6258] FAULT_INJECTION: forcing a failure. [ 70.262424][ T6258] name failslab, interval 1, probability 0, space 0, times 0 [ 70.269155][ T6258] CPU: 0 UID: 0 PID: 6258 Comm: syz.0.71 Not tainted syzkaller #0 PREEMPT(full) [ 70.269186][ T6258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.269197][ T6258] Call Trace: [ 70.269205][ T6258] [ 70.269212][ T6258] dump_stack_lvl+0x16c/0x1f0 [ 70.269245][ T6258] should_fail_ex+0x512/0x640 [ 70.269273][ T6258] ? fs_reclaim_acquire+0xae/0x150 [ 70.269302][ T6258] should_failslab+0xc2/0x120 [ 70.269327][ T6258] __kmalloc_cache_noprof+0x80/0x800 [ 70.269355][ T6258] ? fuse_simple_background+0x41a/0x5f0 [ 70.269379][ T6258] ? fuse_io_alloc+0x47/0x150 [ 70.269404][ T6258] ? fuse_io_alloc+0x47/0x150 [ 70.269422][ T6258] fuse_io_alloc+0x47/0x150 [ 70.269444][ T6258] fuse_iomap_read_folio_range_async+0x707/0x950 [ 70.269473][ T6258] iomap_read_folio_iter+0x7a4/0xbb0 [ 70.269510][ T6258] ? __pfx_iomap_read_folio_iter+0x10/0x10 [ 70.269535][ T6258] ? __pfx_xa_load+0x10/0x10 [ 70.269566][ T6258] ? iomap_read_end+0x1e0/0x400 [ 70.269593][ T6258] iomap_readahead+0x34c/0xaf0 [ 70.269621][ T6258] ? __pfx_iomap_readahead+0x10/0x10 [ 70.269667][ T6258] ? rcu_is_watching+0x12/0xc0 [ 70.269684][ T6258] ? mod_memcg_lruvec_state+0x381/0x5f0 [ 70.269710][ T6258] fuse_readahead+0x1d1/0x280 [ 70.269730][ T6258] ? __pfx_fuse_readahead+0x10/0x10 [ 70.269759][ T6258] ? find_held_lock+0x2b/0x80 [ 70.269842][ T6258] ? __pfx_fuse_readahead+0x10/0x10 [ 70.269861][ T6258] read_pages+0x1c4/0xc70 [ 70.269893][ T6258] ? __folio_batch_add_and_move+0x5d0/0xc30 [ 70.269912][ T6258] ? __pfx_lru_add+0x10/0x10 [ 70.269979][ T6258] ? __pfx_read_pages+0x10/0x10 [ 70.270024][ T6258] page_cache_ra_unbounded+0x4bb/0x9e0 [ 70.270063][ T6258] page_cache_ra_order+0xbf4/0xed0 [ 70.270103][ T6258] page_cache_sync_ra+0x66b/0xbc0 [ 70.270136][ T6258] filemap_get_pages+0x6f1/0x1d10 [ 70.270165][ T6258] ? __pfx_filemap_get_pages+0x10/0x10 [ 70.270189][ T6258] ? __pfx___might_resched+0x10/0x10 [ 70.270213][ T6258] filemap_read+0x3d2/0xe40 [ 70.270230][ T6258] ? find_held_lock+0x2b/0x80 [ 70.270268][ T6258] ? __pfx_filemap_read+0x10/0x10 [ 70.270307][ T6258] ? avc_has_perm_noaudit+0x117/0x3b0 [ 70.270340][ T6258] ? fuse_get_cache_mask+0xfd/0x150 [ 70.270361][ T6258] generic_file_read_iter+0x344/0x450 [ 70.270384][ T6258] fuse_file_read_iter+0x35f/0x470 [ 70.270410][ T6258] __kernel_read+0x3f3/0xbf0 [ 70.270435][ T6258] ? __pfx___kernel_read+0x10/0x10 [ 70.270455][ T6258] ? __lock_acquire+0x436/0x2890 [ 70.270482][ T6258] ? avc_policy_seqno+0x9/0x20 [ 70.270507][ T6258] ? rw_verify_area+0xcf/0x6c0 [ 70.270529][ T6258] kernel_read+0x55/0x70 [ 70.270553][ T6258] bprm_execve+0x7fc/0x1620 [ 70.270580][ T6258] ? __pfx_bprm_execve+0x10/0x10 [ 70.270601][ T6258] ? copy_string_kernel+0x460/0x520 [ 70.270629][ T6258] do_execveat_common.isra.0+0x4a5/0x610 [ 70.270706][ T6258] __x64_sys_execveat+0xda/0x120 [ 70.270746][ T6258] do_syscall_64+0xcd/0xf80 [ 70.270772][ T6258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.270790][ T6258] RIP: 0033:0x7f357e98f7c9 [ 70.270805][ T6258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.270821][ T6258] RSP: 002b:00007f357f8a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 70.270839][ T6258] RAX: ffffffffffffffda RBX: 00007f357ebe6180 RCX: 00007f357e98f7c9 [ 70.270851][ T6258] RDX: 0000000000000000 RSI: 0000200000001400 RDI: ffffffffffffff9c [ 70.270862][ T6258] RBP: 00007f357f8a2090 R08: 0000000000000000 R09: 0000000000000000 [ 70.270917][ T6258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 70.270932][ T6258] R13: 00007f357ebe6218 R14: 00007f357ebe6180 R15: 00007ffd6b5cbe38 [ 70.270959][ T6258] [ 70.477217][ T6263] autofs: Bad value for 'fd' [ 70.508335][ T6269] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1016 sclass=netlink_route_socket pid=6269 comm=syz.3.72 [ 70.515714][ T5950] Bluetooth: hci3: command tx timeout [ 70.515835][ T65] Bluetooth: hci2: command tx timeout [ 70.517383][ T5942] Bluetooth: hci1: command tx timeout [ 70.517429][ T5291] Bluetooth: hci0: command tx timeout [ 70.570624][ T6276] netlink: 'syz.3.76': attribute type 1 has an invalid length. [ 70.951313][ T6299] __nla_validate_parse: 13 callbacks suppressed [ 70.951335][ T6299] netlink: 36 bytes leftover after parsing attributes in process `syz.0.85'. [ 71.032535][ T6304] netlink: 'syz.3.87': attribute type 8 has an invalid length. [ 71.047942][ T6301] netlink: 16 bytes leftover after parsing attributes in process `syz.0.86'. [ 71.053671][ T6301] syzkaller0: entered promiscuous mode [ 71.056420][ T6301] syzkaller0: entered allmulticast mode [ 71.344860][ T892] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 71.494749][ T892] usb 8-1: Using ep0 maxpacket: 8 [ 71.498807][ T892] usb 8-1: config 179 has an invalid interface number: 65 but max is 0 [ 71.502703][ T892] usb 8-1: config 179 has no interface number 0 [ 71.507119][ T892] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 71.511426][ T6321] syzkaller0: entered promiscuous mode [ 71.511709][ T892] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 71.513842][ T6321] syzkaller0: entered allmulticast mode [ 71.519001][ T892] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 71.529957][ T892] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 71.535517][ T892] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 71.542448][ T892] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 71.546456][ T892] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.558527][ T6308] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 71.774308][ T6309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.775137][ T892] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:179.65/input/input6 [ 71.778847][ T6309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.877542][ T62] usb 8-1: USB disconnect, device number 3 [ 71.877544][ C0] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 71.884425][ C0] dummy_hcd dummy_hcd.3: timer fired with no URBs pending? [ 71.928059][ T6336] 9p: Bad value for 'cachetag' [ 71.974046][ C2] sr 2:0:0:0: [sr0] tag#7 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 71.978477][ C2] sr 2:0:0:0: [sr0] tag#7 CDB: opcode=0xde (vendor) de 89 0b b6 4d c9 [ 71.994768][ T6230] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 71.998211][ T40] kauditd_printk_skb: 821 callbacks suppressed [ 71.998228][ T40] audit: type=1400 audit(1767482435.131:1002): avc: denied { create } for pid=6337 comm="syz.3.99" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 72.002368][ T6338] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 72.019149][ T40] audit: type=1400 audit(1767482435.151:1003): avc: denied { create } for pid=6337 comm="syz.3.99" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 72.026327][ T40] audit: type=1400 audit(1767482435.151:1004): avc: denied { setopt } for pid=6337 comm="syz.3.99" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 72.131301][ T40] audit: type=1400 audit(1767482435.261:1005): avc: denied { create } for pid=6347 comm="syz.1.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 72.138568][ T40] audit: type=1400 audit(1767482435.271:1006): avc: denied { ioctl } for pid=6347 comm="syz.1.102" path="socket:[11826]" dev="sockfs" ino=11826 ioctlcmd=0x89e6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 72.174816][ T6230] usb 5-1: Using ep0 maxpacket: 16 [ 72.179142][ T6230] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 72.187607][ T6230] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 72.191439][ T6230] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.200071][ T6230] usb 5-1: Product: syz [ 72.201879][ T6230] usb 5-1: Manufacturer: syz [ 72.204374][ T6230] usb 5-1: SerialNumber: syz [ 72.210197][ T6230] usb 5-1: config 0 descriptor?? [ 72.213715][ T6230] hub 5-1:0.0: bad descriptor, ignoring hub [ 72.216206][ T6230] hub 5-1:0.0: probe with driver hub failed with error -5 [ 72.222569][ T6230] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input8 [ 72.257883][ T40] audit: type=1400 audit(1767482435.391:1007): avc: denied { ioctl } for pid=6353 comm="syz.1.104" path="socket:[11834]" dev="sockfs" ino=11834 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 72.266962][ T40] audit: type=1400 audit(1767482435.391:1008): avc: denied { bind } for pid=6353 comm="syz.1.104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 72.363770][ T6357] trusted_key: syz.3.105 sent an empty control message without MSG_MORE. [ 72.395892][ T6363] netlink: 'syz.3.107': attribute type 1 has an invalid length. [ 72.414723][ T40] audit: type=1400 audit(1767482435.541:1009): avc: denied { read } for pid=6326 comm="syz.0.95" name="mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 72.418287][ T6365] netlink: 156 bytes leftover after parsing attributes in process `syz.1.108'. [ 72.422257][ T40] audit: type=1400 audit(1767482435.551:1010): avc: denied { open } for pid=6326 comm="syz.0.95" path="/dev/input/mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 72.462100][ T40] audit: type=1400 audit(1767482435.591:1011): avc: denied { create } for pid=6367 comm="syz.3.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 72.474721][ T6368] netlink: 120 bytes leftover after parsing attributes in process `syz.3.109'. [ 72.476151][ T6365] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=6365 comm=syz.1.108 [ 72.478615][ T6368] netlink: 'syz.3.109': attribute type 1 has an invalid length. [ 72.483437][ T6365] netlink: 4 bytes leftover after parsing attributes in process `syz.1.108'. [ 72.486790][ T6368] netlink: 64 bytes leftover after parsing attributes in process `syz.3.109'. [ 72.492071][ T6365] bond0: entered promiscuous mode [ 72.494626][ T6365] bond_slave_0: entered promiscuous mode [ 72.497905][ T6365] bond_slave_1: entered promiscuous mode [ 72.499663][ T6368] xt_hashlimit: overflow, rate too high: 0 [ 72.500743][ T6365] gretap0: entered promiscuous mode [ 72.506695][ T6365] hsr1: entered promiscuous mode [ 72.656696][ T144] usb 5-1: USB disconnect, device number 3 [ 72.658863][ T6384] netlink: 'syz.3.112': attribute type 178 has an invalid length. [ 72.890350][ T6392] netlink: 100 bytes leftover after parsing attributes in process `syz.1.115'. [ 72.962437][ T6393] FAULT_INJECTION: forcing a failure. [ 72.962437][ T6393] name failslab, interval 1, probability 0, space 0, times 0 [ 72.974466][ T6393] CPU: 0 UID: 0 PID: 6393 Comm: syz.3.113 Not tainted syzkaller #0 PREEMPT(full) [ 72.974492][ T6393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.974503][ T6393] Call Trace: [ 72.974509][ T6393] [ 72.974516][ T6393] dump_stack_lvl+0x16c/0x1f0 [ 72.974545][ T6393] should_fail_ex+0x512/0x640 [ 72.974572][ T6393] ? fs_reclaim_acquire+0xae/0x150 [ 72.974599][ T6393] should_failslab+0xc2/0x120 [ 72.974623][ T6393] __kmalloc_cache_noprof+0x80/0x800 [ 72.974672][ T6393] ? fuse_io_alloc+0x47/0x150 [ 72.974698][ T6393] ? fuse_io_alloc+0x47/0x150 [ 72.974716][ T6393] fuse_io_alloc+0x47/0x150 [ 72.974737][ T6393] fuse_iomap_read_folio_range_async+0x707/0x950 [ 72.974766][ T6393] iomap_read_folio_iter+0x7a4/0xbb0 [ 72.974805][ T6393] ? __pfx_iomap_read_folio_iter+0x10/0x10 [ 72.974828][ T6393] ? __pfx_xa_load+0x10/0x10 [ 72.974856][ T6393] ? iomap_read_end+0x1e0/0x400 [ 72.974880][ T6393] iomap_readahead+0x34c/0xaf0 [ 72.974899][ T6393] ? __pfx_iomap_readahead+0x10/0x10 [ 72.974925][ T6393] ? rcu_is_watching+0x12/0xc0 [ 72.974936][ T6393] ? mod_memcg_lruvec_state+0x381/0x5f0 [ 72.974952][ T6393] fuse_readahead+0x1d1/0x280 [ 72.974964][ T6393] ? __pfx_fuse_readahead+0x10/0x10 [ 72.974981][ T6393] ? find_held_lock+0x2b/0x80 [ 72.974999][ T6393] ? __pfx_fuse_readahead+0x10/0x10 [ 72.975010][ T6393] read_pages+0x1c4/0xc70 [ 72.975037][ T6393] ? __folio_batch_add_and_move+0x5d0/0xc30 [ 72.975054][ T6393] ? __pfx_lru_add+0x10/0x10 [ 72.975071][ T6393] ? __pfx_read_pages+0x10/0x10 [ 72.975109][ T6393] page_cache_ra_unbounded+0x4bb/0x9e0 [ 72.975146][ T6393] page_cache_ra_order+0xbf4/0xed0 [ 72.975180][ T6393] page_cache_sync_ra+0x66b/0xbc0 [ 72.975207][ T6393] filemap_get_pages+0x6f1/0x1d10 [ 72.975234][ T6393] ? __pfx_filemap_get_pages+0x10/0x10 [ 72.975256][ T6393] ? __pfx___might_resched+0x10/0x10 [ 72.975277][ T6393] filemap_read+0x3d2/0xe40 [ 72.975293][ T6393] ? find_held_lock+0x2b/0x80 [ 72.975328][ T6393] ? __pfx_filemap_read+0x10/0x10 [ 72.975364][ T6393] ? avc_has_perm_noaudit+0x117/0x3b0 [ 72.975394][ T6393] ? fuse_get_cache_mask+0xfd/0x150 [ 72.975413][ T6393] generic_file_read_iter+0x344/0x450 [ 72.975433][ T6393] fuse_file_read_iter+0x35f/0x470 [ 72.975458][ T6393] __kernel_read+0x3f3/0xbf0 [ 72.975482][ T6393] ? __pfx___kernel_read+0x10/0x10 [ 72.975501][ T6393] ? __lock_acquire+0x436/0x2890 [ 72.975525][ T6393] ? avc_policy_seqno+0x9/0x20 [ 72.975546][ T6393] ? rw_verify_area+0xcf/0x6c0 [ 72.975567][ T6393] kernel_read+0x55/0x70 [ 72.975589][ T6393] bprm_execve+0x7fc/0x1620 [ 72.975614][ T6393] ? __pfx_bprm_execve+0x10/0x10 [ 72.975633][ T6393] ? copy_string_kernel+0x460/0x520 [ 72.975660][ T6393] do_execveat_common.isra.0+0x4a5/0x610 [ 72.975688][ T6393] __x64_sys_execveat+0xda/0x120 [ 72.975711][ T6393] do_syscall_64+0xcd/0xf80 [ 72.975735][ T6393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.975752][ T6393] RIP: 0033:0x7ff4ce58f7c9 [ 72.975768][ T6393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.975782][ T6393] RSP: 002b:00007ff4cf344038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 72.975807][ T6393] RAX: ffffffffffffffda RBX: 00007ff4ce7e6180 RCX: 00007ff4ce58f7c9 [ 72.975818][ T6393] RDX: 0000000000000000 RSI: 0000200000001400 RDI: ffffffffffffff9c [ 72.975830][ T6393] RBP: 00007ff4cf344090 R08: 0000000000000000 R09: 0000000000000000 [ 72.975839][ T6393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 72.975850][ T6393] R13: 00007ff4ce7e6218 R14: 00007ff4ce7e6180 R15: 00007ffdaad10e28 [ 72.975872][ T6393] [ 73.171860][ T6408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.120'. [ 73.213944][ T6414] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 73.239158][ T6414] netlink: 32 bytes leftover after parsing attributes in process `syz.1.119'. [ 73.322822][ T6427] netlink: 12 bytes leftover after parsing attributes in process `syz.1.126'. [ 73.645346][ T6468] syzkaller0: entered promiscuous mode [ 73.647165][ T6468] syzkaller0: entered allmulticast mode [ 73.692013][ T6474] binder: 6473:6474 ioctl c00c620f 200000000280 returned -22 [ 73.804210][ T6483] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 73.929924][ T6491] xt_hashlimit: overflow, rate too high: 0 [ 73.936660][ T6491] xt_hashlimit: overflow, rate too high: 0 [ 73.987730][ T6496] netlink: 'syz.1.148': attribute type 9 has an invalid length. [ 74.276933][ T6509] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 74.352595][ T6512] syzkaller0: entered promiscuous mode [ 74.355981][ T6512] syzkaller0: entered allmulticast mode [ 74.594875][ T62] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 74.754714][ T62] usb 7-1: Using ep0 maxpacket: 8 [ 74.758814][ T62] usb 7-1: config 0 interface 0 has no altsetting 0 [ 74.761559][ T62] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 74.765809][ T62] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.771399][ T62] usb 7-1: config 0 descriptor?? [ 74.870665][ T6527] sch_tbf: burst 512 is lower than device syzkaller0 mtu (1500) ! [ 74.879732][ T6526] sch_tbf: burst 512 is lower than device syzkaller0 mtu (1500) ! [ 75.181928][ T62] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 75.186221][ T62] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 75.189348][ T62] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 75.192485][ T62] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 75.196807][ T62] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 75.200724][ T62] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 75.372673][ T6550] netlink: 'syz.0.163': attribute type 10 has an invalid length. [ 75.380436][ T5992] usb 7-1: USB disconnect, device number 2 [ 75.383032][ T6550] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 75.490579][ T6562] sd 0:0:0:0: PR command failed: 1026 [ 75.490753][ T6565] sd 0:0:0:0: PR command failed: 1026 [ 75.492684][ T6562] sd 0:0:0:0: Sense Key : Illegal Request [current] [ 75.494744][ T6565] sd 0:0:0:0: Sense Key : Illegal Request [current] [ 75.494780][ T6565] sd 0:0:0:0: Add. Sense: Invalid command operation code [ 75.503373][ T6562] sd 0:0:0:0: Add. Sense: Invalid command operation code [ 76.196667][ T6578] nft_compat: unsupported protocol 0 [ 76.213790][ T6578] __nla_validate_parse: 5 callbacks suppressed [ 76.213807][ T6578] netlink: 80 bytes leftover after parsing attributes in process `syz.3.171'. [ 76.228922][ T6578] ref_ctr increment failed for inode: 0xe6 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff888029953d40 [ 76.438449][ T6597] gtp0: entered promiscuous mode [ 76.493831][ T6605] xt_l2tp: v2 doesn't support IP mode [ 76.538347][ T6610] netlink: 'syz.1.180': attribute type 64 has an invalid length. [ 76.541818][ T6610] netlink: 'syz.1.180': attribute type 4 has an invalid length. [ 76.545250][ T6610] netlink: 152 bytes leftover after parsing attributes in process `syz.1.180'. [ 76.605679][ T6614] syzkaller0: entered promiscuous mode [ 76.608370][ T6614] syzkaller0: entered allmulticast mode [ 76.995400][ T144] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 77.145904][ T6639] syzkaller1: entered promiscuous mode [ 77.148414][ T6639] syzkaller1: entered allmulticast mode [ 77.155895][ T144] usb 6-1: Using ep0 maxpacket: 8 [ 77.161305][ T144] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 77.164792][ T144] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.173532][ T144] pvrusb2: Hardware description: Terratec Grabster AV400 [ 77.176233][ T144] pvrusb2: ********** [ 77.177889][ T144] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 77.181979][ T144] pvrusb2: Important functionality might not be entirely working. [ 77.184864][ T144] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 77.188844][ T144] pvrusb2: ********** [ 77.372596][ T6230] hid-generic 0005:00B6:0009.0004: unknown main item tag 0x0 [ 77.375552][ T6230] hid-generic 0005:00B6:0009.0004: unknown main item tag 0x0 [ 77.378502][ T6230] hid-generic 0005:00B6:0009.0004: unknown main item tag 0x0 [ 77.379455][ T2489] pvrusb2: Invalid write control endpoint [ 77.381012][ T6230] hid-generic 0005:00B6:0009.0004: unknown main item tag 0x0 [ 77.387577][ T6230] hid-generic 0005:00B6:0009.0004: unknown main item tag 0x0 [ 77.408935][ T40] kauditd_printk_skb: 54 callbacks suppressed [ 77.408950][ T40] audit: type=1400 audit(1767482440.541:1066): avc: denied { append } for pid=6645 comm="syz.3.189" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 77.423332][ T6230] hid-generic 0005:00B6:0009.0004: hidraw1: BLUETOOTH HID v1ade12.f3 Device [syz0] on syz1 [ 77.427037][ T2489] pvrusb2: Invalid write control endpoint [ 77.427071][ T2489] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 77.427102][ T2489] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 77.427110][ T2489] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 77.427118][ T2489] pvrusb2: Device being rendered inoperable [ 77.428512][ T2489] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 77.447340][ T40] audit: type=1400 audit(1767482440.551:1067): avc: denied { map } for pid=6645 comm="syz.3.189" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 77.455112][ T2489] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 77.469288][ T2489] pvrusb2: Attached sub-driver cx25840 [ 77.471465][ T2489] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 77.474865][ T2489] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 77.478088][ T40] audit: type=1400 audit(1767482440.551:1068): avc: denied { execute } for pid=6645 comm="syz.3.189" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 77.478138][ T40] audit: type=1400 audit(1767482440.591:1069): avc: denied { getopt } for pid=6645 comm="syz.3.189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 77.495018][ T40] audit: type=1400 audit(1767482440.611:1070): avc: denied { map_create } for pid=6655 comm="syz.2.191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 77.502201][ T40] audit: type=1400 audit(1767482440.631:1071): avc: denied { connect } for pid=6645 comm="syz.3.189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 77.510220][ T6652] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input9 [ 77.557021][ T40] audit: type=1400 audit(1767482440.691:1072): avc: denied { unmount } for pid=5937 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 77.577592][ T6624] fuse: Bad value for 'user_id' [ 77.579452][ T6624] fuse: Bad value for 'user_id' [ 77.583397][ T144] usb 6-1: USB disconnect, device number 2 [ 77.615277][ T6658] netlink: 116 bytes leftover after parsing attributes in process `syz.3.189'. [ 77.631187][ T6660] syzkaller0: entered promiscuous mode [ 77.633458][ T6660] syzkaller0: entered allmulticast mode [ 77.672528][ T6656] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 77.818707][ T6664] netlink: 'syz.0.193': attribute type 7 has an invalid length. [ 77.900278][ T6668] tmpfs: Bad value for 'mpol' [ 77.910620][ T40] audit: type=1400 audit(1767482441.041:1073): avc: denied { setattr } for pid=6667 comm="syz.0.195" name="[kvm-gmem]" dev="guest_memfd" ino=13557 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 78.042122][ T40] audit: type=1400 audit(1767482441.171:1074): avc: denied { prog_load } for pid=6669 comm="syz.0.196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 78.050834][ T40] audit: type=1400 audit(1767482441.171:1075): avc: denied { prog_run } for pid=6669 comm="syz.0.196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 78.232938][ T6676] openvswitch: netlink: Key type 51 is out of range max 32 [ 78.236396][ T6674] netlink: 8 bytes leftover after parsing attributes in process `syz.3.199'. [ 78.258624][ T6676] netlink: 'syz.1.198': attribute type 5 has an invalid length. [ 78.353007][ T6684] syz.1.201 uses obsolete (PF_INET,SOCK_PACKET) [ 78.365475][ T6684] netlink: 'syz.1.201': attribute type 4 has an invalid length. [ 78.377329][ T6684] netlink: 'syz.1.201': attribute type 4 has an invalid length. [ 78.470177][ T6692] openvswitch: netlink: Duplicate or invalid key (type 0). [ 78.473442][ T6692] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 78.495204][ T6694] netlink: 28 bytes leftover after parsing attributes in process `syz.0.207'. [ 78.502603][ T6695] netlink: 28 bytes leftover after parsing attributes in process `syz.0.207'. [ 78.607258][ T6710] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay' [ 78.623014][ T6710] xt_l2tp: wrong L2TP version: 0 [ 78.832673][ T6734] netlink: 'syz.2.218': attribute type 23 has an invalid length. [ 78.995938][ T6744] netlink: 8 bytes leftover after parsing attributes in process `syz.3.222'. [ 79.324174][ T6761] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 1, id = 0 [ 79.468559][ T6770] netlink: 'syz.1.231': attribute type 9 has an invalid length. [ 79.471778][ T6770] netlink: 'syz.1.231': attribute type 11 has an invalid length. [ 79.475811][ T6770] netlink: 'syz.1.231': attribute type 12 has an invalid length. [ 79.479422][ T6770] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.231'. [ 79.483540][ T6770] netlink: 4 bytes leftover after parsing attributes in process `syz.1.231'. [ 79.491313][ T6770] netlink: 24 bytes leftover after parsing attributes in process `syz.1.231'. [ 79.553515][ T6773] xt_TPROXY: Can be used only with -p tcp or -p udp [ 79.557556][ T65] Bluetooth: hci2: command 0x2016 tx timeout [ 79.560701][ T5950] ================================================================== [ 79.563822][ T5950] BUG: KASAN: slab-use-after-free in le_read_features_complete+0x5b/0x390 [ 79.567147][ T5950] Write of size 4 at addr ffff888054684010 by task kworker/u33:6/5950 [ 79.572767][ T5950] [ 79.573935][ T5950] CPU: 3 UID: 0 PID: 5950 Comm: kworker/u33:6 Not tainted syzkaller #0 PREEMPT(full) [ 79.573957][ T5950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.573971][ T5950] Workqueue: hci2 hci_cmd_sync_work [ 79.573998][ T5950] Call Trace: [ 79.574005][ T5950] [ 79.574013][ T5950] dump_stack_lvl+0x116/0x1f0 [ 79.574036][ T5950] print_report+0xcd/0x630 [ 79.574061][ T5950] ? __virt_addr_valid+0x81/0x610 [ 79.574078][ T5950] ? __phys_addr+0xe8/0x180 [ 79.574096][ T5950] ? le_read_features_complete+0x5b/0x390 [ 79.574119][ T5950] kasan_report+0xe0/0x110 [ 79.574143][ T5950] ? le_read_features_complete+0x5b/0x390 [ 79.574169][ T5950] kasan_check_range+0x100/0x1b0 [ 79.574196][ T5950] le_read_features_complete+0x5b/0x390 [ 79.574220][ T5950] hci_cmd_sync_work+0x1ff/0x470 [ 79.574243][ T5950] ? __pfx_le_read_features_complete+0x10/0x10 [ 79.574269][ T5950] process_one_work+0x9ba/0x1b20 [ 79.574298][ T5950] ? __pfx_process_one_work+0x10/0x10 [ 79.574323][ T5950] ? assign_work+0x1a0/0x250 [ 79.574345][ T5950] worker_thread+0x6c8/0xf10 [ 79.574370][ T5950] ? __kthread_parkme+0x19e/0x250 [ 79.574387][ T5950] ? __pfx_worker_thread+0x10/0x10 [ 79.574410][ T5950] kthread+0x3c5/0x780 [ 79.574429][ T5950] ? __pfx_kthread+0x10/0x10 [ 79.574451][ T5950] ? rcu_is_watching+0x12/0xc0 [ 79.574467][ T5950] ? __pfx_kthread+0x10/0x10 [ 79.574488][ T5950] ret_from_fork+0x983/0xb10 [ 79.574507][ T5950] ? __pfx_ret_from_fork+0x10/0x10 [ 79.574528][ T5950] ? __switch_to+0x7af/0x10d0 [ 79.574550][ T5950] ? __pfx_kthread+0x10/0x10 [ 79.574571][ T5950] ret_from_fork_asm+0x1a/0x30 [ 79.574602][ T5950] [ 79.574608][ T5950] [ 79.647996][ T5950] Allocated by task 65: [ 79.649757][ T5950] kasan_save_stack+0x33/0x60 [ 79.651726][ T5950] kasan_save_track+0x14/0x30 [ 79.654014][ T5950] __kasan_kmalloc+0xaa/0xb0 [ 79.656020][ T5950] __hci_conn_add+0xf8/0x1cc0 [ 79.658160][ T5950] hci_conn_add_unset+0x76/0x130 [ 79.660190][ T5950] le_conn_complete_evt+0x639/0x1fa0 [ 79.662407][ T5950] hci_le_enh_conn_complete_evt+0x23d/0x3b0 [ 79.664743][ T5950] hci_le_meta_evt+0x357/0x610 [ 79.667093][ T5950] hci_event_packet+0x685/0x1210 [ 79.669207][ T5950] hci_rx_work+0x2c9/0x1020 [ 79.671128][ T5950] process_one_work+0x9ba/0x1b20 [ 79.673181][ T5950] worker_thread+0x6c8/0xf10 [ 79.675109][ T5950] kthread+0x3c5/0x780 [ 79.677018][ T5950] ret_from_fork+0x983/0xb10 [ 79.679447][ T5950] ret_from_fork_asm+0x1a/0x30 [ 79.682027][ T5950] [ 79.683117][ T5950] Freed by task 65: [ 79.684709][ T5950] kasan_save_stack+0x33/0x60 [ 79.686835][ T5950] kasan_save_track+0x14/0x30 [ 79.688798][ T5950] kasan_save_free_info+0x3b/0x60 [ 79.690836][ T5950] __kasan_slab_free+0x5f/0x80 [ 79.692594][ T5950] kfree+0x2f8/0x6e0 [ 79.694128][ T5950] device_release+0xa4/0x240 [ 79.696203][ T5950] kobject_put+0x1ef/0x6f0 [ 79.698414][ T5950] device_unregister+0x2f/0xe0 [ 79.700859][ T5950] hci_conn_del_sysfs+0xdd/0x1a0 [ 79.703379][ T5950] hci_conn_del+0x680/0x11d0 [ 79.705719][ T5950] hci_disconn_complete_evt+0x410/0xa30 [ 79.708203][ T5950] hci_event_packet+0xa39/0x1210 [ 79.710318][ T5950] hci_rx_work+0x2c9/0x1020 [ 79.712230][ T5950] process_one_work+0x9ba/0x1b20 [ 79.714369][ T5950] worker_thread+0x6c8/0xf10 [ 79.716447][ T5950] kthread+0x3c5/0x780 [ 79.718337][ T5950] ret_from_fork+0x983/0xb10 [ 79.720261][ T5950] ret_from_fork_asm+0x1a/0x30 [ 79.722273][ T5950] [ 79.723307][ T5950] The buggy address belongs to the object at ffff888054684000 [ 79.723307][ T5950] which belongs to the cache kmalloc-8k of size 8192 [ 79.729312][ T5950] The buggy address is located 16 bytes inside of [ 79.729312][ T5950] freed 8192-byte region [ffff888054684000, ffff888054686000) [ 79.735441][ T5950] [ 79.736598][ T5950] The buggy address belongs to the physical page: [ 79.739432][ T5950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888054680000 pfn:0x54680 [ 79.743516][ T5950] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 79.746961][ T5950] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 79.750063][ T5950] page_type: f5(slab) [ 79.751699][ T5950] raw: 00fff00000000040 ffff88801b443180 ffffea0000928400 0000000000000002 [ 79.755190][ T5950] raw: ffff888054680000 0000000000020000 00000000f5000000 0000000000000000 [ 79.758768][ T5950] head: 00fff00000000040 ffff88801b443180 ffffea0000928400 0000000000000002 [ 79.762261][ T5950] head: ffff888054680000 0000000000020000 00000000f5000000 0000000000000000 [ 79.765861][ T5950] head: 00fff00000000003 ffffea000151a001 00000000ffffffff 00000000ffffffff [ 79.769488][ T5950] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 79.773041][ T5950] page dumped because: kasan: bad access detected [ 79.775664][ T5950] page_owner tracks the page as allocated [ 79.778213][ T5950] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 6128, tgid 6126 (syz.2.30), ts 67338765076, free_ts 67103938918 [ 79.786655][ T5950] post_alloc_hook+0x1af/0x220 [ 79.788819][ T5950] get_page_from_freelist+0xd0b/0x31a0 [ 79.791130][ T5950] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 79.793600][ T5950] alloc_pages_mpol+0x1fb/0x550 [ 79.795615][ T5950] new_slab+0x2c3/0x430 [ 79.797463][ T5950] ___slab_alloc+0xe18/0x1c90 [ 79.799746][ T5950] __slab_alloc.constprop.0+0x63/0x110 [ 79.802356][ T5950] __kvmalloc_node_noprof+0x592/0xa40 [ 79.804965][ T5950] snd_pcm_plugin_alloc+0x5fd/0x7f0 [ 79.807150][ T5950] snd_pcm_plug_alloc+0x146/0x330 [ 79.809346][ T5950] snd_pcm_oss_change_params_locked+0x1b31/0x3ab0 [ 79.812029][ T5950] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 79.814249][ T5950] snd_pcm_oss_sync+0x1de/0x840 [ 79.816497][ T5950] snd_pcm_oss_release+0x28b/0x310 [ 79.819196][ T5950] __fput+0x402/0xb70 [ 79.820968][ T5950] task_work_run+0x150/0x240 [ 79.822963][ T5950] page last free pid 5341 tgid 5341 stack trace: [ 79.825515][ T5950] __free_frozen_pages+0x7df/0x1170 [ 79.828061][ T5950] __put_partials+0x130/0x170 [ 79.830033][ T5950] qlist_free_all+0x4c/0xf0 [ 79.831876][ T5950] kasan_quarantine_reduce+0x195/0x1e0 [ 79.834160][ T5950] __kasan_slab_alloc+0x69/0x90 [ 79.836307][ T5950] kmem_cache_alloc_noprof+0x25e/0x770 [ 79.838719][ T5950] getname_flags.part.0+0x4c/0x550 [ 79.841278][ T5950] getname_flags+0x93/0xf0 [ 79.843431][ T5950] do_sys_openat2+0xb9/0x290 [ 79.845494][ T5950] __x64_sys_openat+0x174/0x210 [ 79.847636][ T5950] do_syscall_64+0xcd/0xf80 [ 79.849491][ T5950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.851973][ T5950] [ 79.852967][ T5950] Memory state around the buggy address: [ 79.855267][ T5950] ffff888054683f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 79.858639][ T5950] ffff888054683f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 79.861872][ T5950] >ffff888054684000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.865161][ T5950] ^ [ 79.867217][ T5950] ffff888054684080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.870524][ T5950] ffff888054684100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.873855][ T5950] ================================================================== [ 79.880874][ T5950] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 79.883927][ T5950] CPU: 3 UID: 0 PID: 5950 Comm: kworker/u33:6 Not tainted syzkaller #0 PREEMPT(full) [ 79.888132][ T5950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.892653][ T5950] Workqueue: hci2 hci_cmd_sync_work [ 79.894968][ T5950] Call Trace: [ 79.896600][ T5950] [ 79.898017][ T5950] dump_stack_lvl+0x3d/0x1f0 [ 79.900096][ T5950] vpanic+0x640/0x6f0 [ 79.901801][ T5950] panic+0xca/0xd0 [ 79.903377][ T5950] ? __pfx_panic+0x10/0x10 [ 79.905229][ T5950] ? le_read_features_complete+0x5b/0x390 [ 79.907759][ T5950] ? preempt_schedule_common+0x44/0xc0 [ 79.910028][ T5950] ? preempt_schedule_thunk+0x16/0x30 [ 79.912180][ T5950] ? check_panic_on_warn+0x1f/0xb0 [ 79.914289][ T5950] check_panic_on_warn+0xab/0xb0 [ 79.916432][ T5950] end_report+0x107/0x160 [ 79.918314][ T5950] kasan_report+0xee/0x110 [ 79.920177][ T5950] ? le_read_features_complete+0x5b/0x390 [ 79.922570][ T5950] kasan_check_range+0x100/0x1b0 [ 79.924662][ T5950] le_read_features_complete+0x5b/0x390 [ 79.927290][ T5950] hci_cmd_sync_work+0x1ff/0x470 [ 79.929423][ T5950] ? __pfx_le_read_features_complete+0x10/0x10 [ 79.932165][ T5950] process_one_work+0x9ba/0x1b20 [ 79.934299][ T5950] ? __pfx_process_one_work+0x10/0x10 [ 79.936629][ T5950] ? assign_work+0x1a0/0x250 [ 79.938690][ T5950] worker_thread+0x6c8/0xf10 [ 79.940633][ T5950] ? __kthread_parkme+0x19e/0x250 [ 79.942538][ T5950] ? __pfx_worker_thread+0x10/0x10 [ 79.944647][ T5950] kthread+0x3c5/0x780 [ 79.946313][ T5950] ? __pfx_kthread+0x10/0x10 [ 79.948262][ T5950] ? rcu_is_watching+0x12/0xc0 [ 79.950330][ T5950] ? __pfx_kthread+0x10/0x10 [ 79.952276][ T5950] ret_from_fork+0x983/0xb10 [ 79.954206][ T5950] ? __pfx_ret_from_fork+0x10/0x10 [ 79.956513][ T5950] ? __switch_to+0x7af/0x10d0 [ 79.958987][ T5950] ? __pfx_kthread+0x10/0x10 [ 79.961282][ T5950] ret_from_fork_asm+0x1a/0x30 [ 79.963798][ T5950] [ 79.966151][ T5950] Kernel Offset: disabled [ 79.967987][ T5950] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:20:42 Registers: info registers vcpu 0 CPU#0 RAX=ffffffff8e596f80 RBX=0000000000000000 RCX=0000000000000000 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff8e596f80 RBP=0000000000000000 RSP=ffffc9000390fb80 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffff888030fdc980 R13=ffffffff8e596f80 R14=0000000000000000 R15=0000000000000001 RIP=ffffffff8199cac7 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055557da36500 ffffffff 00c00000 GS =0000 ffff8880d68f5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055557da515c8 CR3=0000000034cfb000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000080040001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdaad111b0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff4ce615050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff4ce61505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff4ce615057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff4ce61506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff4ce6150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff4ce6151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff912fcbbc RDX=0000000000000000 RSI=ffffffff912fcbc0 RDI=ffffffff90a77564 RBP=ffffc900006a08f8 RSP=ffffc900006a0840 R8 =ffffffff912fcbc0 R9 =000000000ac0d5af R10=0000000000000002 R11=00000000000128bb R12=ffffc900006a0900 R13=ffffc900006a08b0 R14=ffffc900006a08e5 R15=ffffffff912fcbc1 RIP=ffffffff816cbb0a RFL=00000a06 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d69f5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f97f1609000 CR3=0000000029aaa000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=34dd2178b9acb78d 5563d46bc511a813 34dd2178b9acb78d 5563d46bc511a813 34dd2178b9acb78d 5563d46bc511a813 34dd2178b9acb78d 5563d46bc511a813 ZMM18=43fa920eff27990c 5231492c8caf4290 43fa920eff27990c 5231492c8caf4290 43fa920eff27990c 5231492c8caf4290 43fa920eff27990c 5231492c8caf4290 ZMM19=4904000000000000 0000000000000007 4904000000000000 0000000000000006 4904000000000000 0000000000000005 4904000000000000 0000000000000004 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0300000000000008 ffffffee00000000 0300000000000008 ffffffde000003e6 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000800040000 0008000800000014 0000002800000048 0000000300000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000038 0000000007b06240 000000140000001c 0000000e0014000c ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1000020a74960100 0006080602017698 0fffffffffffff04 02ec820800010000 ZMM25=ba31aa64ba31aa64 ba31aa64ba31aa64 ba31aa64ba31aa64 ba31aa64ba31aa64 ba31aa64ba31aa64 ba31aa64ba31aa64 ba31aa64ba31aa64 ba31aa64ba31aa64 ZMM26=4b71b0ed4b71b0ed 4b71b0ed4b71b0ed 4b71b0ed4b71b0ed 4b71b0ed4b71b0ed 4b71b0ed4b71b0ed 4b71b0ed4b71b0ed 4b71b0ed4b71b0ed 4b71b0ed4b71b0ed ZMM27=5fd1b1cc5fd1b1cc 5fd1b1cc5fd1b1cc 5fd1b1cc5fd1b1cc 5fd1b1cc5fd1b1cc 5fd1b1cc5fd1b1cc 5fd1b1cc5fd1b1cc 5fd1b1cc5fd1b1cc 5fd1b1cc5fd1b1cc ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=2b0200002b020000 2b0200002b020000 2b0200002b020000 2b0200002b020000 2b0200002b020000 2b0200002b020000 2b0200002b020000 2b0200002b020000 info registers vcpu 2 CPU#2 RAX=1ffffd4000276c08 RBX=ffffea00013b6040 RCX=ffffffff820ce2e7 RDX=fffff94000276c09 RSI=0000000000000008 RDI=ffffea00013b6040 RBP=0000000000000086 RSP=ffffc9000414f820 R8 =0000000000000000 R9 =fffff94000276c08 R10=ffffea00013b6047 R11=ffff888030a92ff0 R12=00007f885637a000 R13=ffff888037a91bd0 R14=dffffc0000000000 R15=ffffea00013b6048 RIP=ffffffff820ce2f3 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6af5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00002000000005b6 CR3=0000000025252000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffecc784320 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3db1215050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3db121505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3db1215057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3db121506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3db12150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3db12151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff853265b5 RDI=ffffffff9aeedc40 RBP=ffffffff9aeedc00 RSP=ffffc9000375f588 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3634353038387257 R12=0000000000000000 R13=0000000000000062 R14=ffffffff9aeedc00 R15=ffffffff85326550 RIP=ffffffff853265df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6bf5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f357f8e3f98 CR3=000000005cf22000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f357ea15050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f357ea1505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f357ea15057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f357ea1506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f357ea150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f357ea151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f357ebba4a8 00007f357ebba4a0 00007f357ebba498 00007f357ebba470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f357f71d100 00007f357ebba460 00007f357ebba478 00007f357ebba4c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f357ebba4b8 00007f357ebba4b0 00007f357ebba4a8 00007f357ebba4a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000