last executing test programs: 36.230552255s ago: executing program 0 (id=530): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) syz_emit_ethernet(0xac, &(0x7f0000002440)=ANY=[@ANYBLOB="000000000000aaaaaaaaaa2c0004aa0125948f71430564e04c21de2b012ed35f4082a6363c671afe2cc454bdf430328a5cab3678ab0e7aa5c56ea256808e1aeb0f4bb0532672d8d593dcbcda04dc080e93b2a65da35df54f005559f861761e63036f464cc6edad98b6d1430b3d80a475d80637a3cecf8491eed824e97a69df2a36173b5e805712907833427f8b3ef2fc7a06a0e65f0a66ea425ea77dda0582ef7fa1007f9e84934e716e749db02777"], 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x4d0}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='[', 0x1, 0x0, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd) 36.140437457s ago: executing program 0 (id=531): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) 35.160991646s ago: executing program 2 (id=543): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'geneve0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb10000a88800080048", 0x19, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 35.100735689s ago: executing program 2 (id=544): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000019c0)=[{&(0x7f0000001a00)}], 0x1, 0x1) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r3) splice(r0, 0x0, r3, 0x0, 0x6, 0x8) 33.990371355s ago: executing program 2 (id=547): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={[{@quota}]}) r0 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x351142, 0x1cd) quotactl_fd$Q_GETQUOTA(r0, 0xffffffff80000700, 0x0, &(0x7f00000001c0)) 33.990114971s ago: executing program 2 (id=548): connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x805, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @loopback}, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(0x0) syz_pidfd_open(0x0, 0x0) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl726\x00', [0x4f29, 0x0, 0xc139, 0x4, 0x5, 0xafa0, 0x0, 0x4, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x9, 0x6, 0x101, 0xfffffffe, 0xffff, 0x3, 0x40000003, 0x89, 0xcaa3, 0x1000, 0x20001e5b, 0x8000003, 0xe69, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]}) prlimit64(0x0, 0xc, &(0x7f0000000140)={0x40000000000000, 0x88}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = signalfd(0xffffffffffffffff, 0x0, 0x0) r3 = io_uring_setup(0x1fce, &(0x7f0000000240)={0x0, 0x2326, 0x2, 0x2, 0x14e, 0x0, r2}) io_uring_enter(r3, 0x139c, 0x6481, 0x0, &(0x7f0000000180)={[0x4]}, 0x8) setpgid(r1, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r4 = socket(0x3e5d78e09dacfce8, 0x2, 0x5) recvmmsg$unix(r4, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2000000072009fb3000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="084c0100010000005db116e02a9f9e647ae55d56bf71548c26a206"], 0x20}}, 0x0) mount$afs(0x0, &(0x7f0000000200)='./file1\x00', 0x0, 0x88, 0x0) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r5, 0x9360, 0x800000000000001) 33.880511214s ago: executing program 2 (id=549): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) setresuid(0x0, 0xee00, 0xffffffffffffffff) setrlimit(0x40000000000008, &(0x7f0000000000)) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) 33.590574265s ago: executing program 1 (id=551): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x8004, 0x0, 0xb51b, 0x10}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20000000120001"], 0x26}}, 0x0) 33.590388262s ago: executing program 1 (id=552): r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r1 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff) write$binfmt_elf64(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4602010103fcffffffffffffff03003e005666d37500010000000000004000000000000000df012000040000000000000003003800010007000200010003000000000000000300000000010100ff"], 0x509) close(r2) r3 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) write$binfmt_elf64(r3, &(0x7f00000000c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x1, 0x69, 0xb, 0xfffffffe, 0x2, 0x3, 0x0, 0x2cb, 0x40, 0x2d6, 0x6a4bcb10, 0x61, 0x38, 0x0, 0xfc, 0x8, 0xc}}, 0x40) close(r3) mount$9p_fd(0x0, 0x0, 0x0, 0x401, 0x0) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) 33.499608023s ago: executing program 1 (id=553): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) fdatasync(r0) 33.390795013s ago: executing program 2 (id=554): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0x1, 0x58, &(0x7f0000000580)}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e22, @private=0xa010102}}}, &(0x7f0000000040)=0x84) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r3, 0x400448e6, &(0x7f0000000240)) ioctl$sock_bt_hci(r3, 0x400448e6, &(0x7f0000000500)="d7") ioctl$sock_bt_hci(r3, 0x400448e7, &(0x7f0000000080)) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000300)='./file0\x00') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001640)=@newtaction={0xf0, 0x30, 0x1, 0x2, 0x25dfdbfd, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x2, 0x0, 0x446, {}, {0x0, 0x0, 0x0, 0x0, 0x4, 0x1}, 0xfffffffd, 0x0, 0x2}}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x0, 0x401, 0x1, 0x0, {0x0, 0x0, 0x0, 0x401}, {0x0, 0x0, 0x1}}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000) 33.323923107s ago: executing program 32 (id=554): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0x1, 0x58, &(0x7f0000000580)}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e22, @private=0xa010102}}}, &(0x7f0000000040)=0x84) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r3, 0x400448e6, &(0x7f0000000240)) ioctl$sock_bt_hci(r3, 0x400448e6, &(0x7f0000000500)="d7") ioctl$sock_bt_hci(r3, 0x400448e7, &(0x7f0000000080)) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000300)='./file0\x00') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001640)=@newtaction={0xf0, 0x30, 0x1, 0x2, 0x25dfdbfd, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x2, 0x0, 0x446, {}, {0x0, 0x0, 0x0, 0x0, 0x4, 0x1}, 0xfffffffd, 0x0, 0x2}}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x0, 0x401, 0x1, 0x0, {0x0, 0x0, 0x0, 0x401}, {0x0, 0x0, 0x1}}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000) 33.157914525s ago: executing program 0 (id=556): r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_INSN(r0, 0x8028640c, 0x0) 33.080664027s ago: executing program 0 (id=557): connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x805, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @loopback}, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(0x0) syz_pidfd_open(0x0, 0x0) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl726\x00', [0x4f29, 0x0, 0xc139, 0x4, 0x5, 0xafa0, 0x0, 0x4, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x9, 0x6, 0x101, 0xfffffffe, 0xffff, 0x3, 0x40000003, 0x89, 0xcaa3, 0x1000, 0x20001e5b, 0x8000003, 0xe69, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]}) prlimit64(0x0, 0xc, &(0x7f0000000140)={0x40000000000000, 0x88}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = signalfd(0xffffffffffffffff, 0x0, 0x0) r3 = io_uring_setup(0x1fce, &(0x7f0000000240)={0x0, 0x2326, 0x2, 0x2, 0x14e, 0x0, r2}) io_uring_enter(r3, 0x139c, 0x6481, 0x0, &(0x7f0000000180)={[0x4]}, 0x8) setpgid(r1, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r4 = socket(0x3e5d78e09dacfce8, 0x2, 0x5) recvmmsg$unix(r4, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2000000072009fb3000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="084c0100010000005db116e02a9f9e647ae55d56bf71548c26a206"], 0x20}}, 0x0) mount$afs(0x0, &(0x7f0000000200)='./file1\x00', 0x0, 0x88, 0x0) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r5, 0x9360, 0x800000000000001) 33.008189492s ago: executing program 0 (id=558): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={[{@quota}]}) quotactl_fd$Q_GETQUOTA(0xffffffffffffffff, 0xffffffff80000700, 0x0, &(0x7f00000001c0)) 32.630997212s ago: executing program 1 (id=560): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000080)='./file0\x00') mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[]) 32.530710523s ago: executing program 1 (id=561): syz_open_dev$media(&(0x7f0000000080), 0x4, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs$userns(0x0, &(0x7f0000000040)) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16, @ANYBLOB="010829bd7000000000000b0000000800", @ANYRES32, @ANYBLOB="60005080110001004abee339084eeef16f162471f40000000800030009ac0f00050002"], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x4000) ioctl(0xffffffffffffffff, 0xb8, &(0x7f0000000000)="15e0185428227964d1") r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x40300, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x10500) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000340)={0x1fe, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = landlock_create_ruleset(&(0x7f0000000040)={0x310, 0x1, 0x2}, 0x18, 0x2) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r5, 0x1, &(0x7f0000000100)={0x800, r1}, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x85, 0x2, 0x0, 0x4002004c8, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0x4, 0x0, 0x80000004000000, 0x200000000c], 0x100000, 0x2010d3}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 31.961031353s ago: executing program 1 (id=563): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) 31.960859081s ago: executing program 0 (id=564): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r1 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) 31.649414538s ago: executing program 33 (id=564): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r1 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) 31.596778128s ago: executing program 34 (id=563): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) 24.319790812s ago: executing program 5 (id=565): connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x805, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @loopback}, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(0x0) syz_pidfd_open(0x0, 0x0) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl726\x00', [0x4f29, 0x0, 0xc139, 0x4, 0x5, 0xafa0, 0x0, 0x4, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x9, 0x6, 0x101, 0xfffffffe, 0xffff, 0x3, 0x40000003, 0x89, 0xcaa3, 0x1000, 0x20001e5b, 0x8000003, 0xe69, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]}) prlimit64(0x0, 0xc, &(0x7f0000000140)={0x40000000000000, 0x88}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = signalfd(0xffffffffffffffff, 0x0, 0x0) r3 = io_uring_setup(0x1fce, &(0x7f0000000240)={0x0, 0x2326, 0x2, 0x2, 0x14e, 0x0, r2}) io_uring_enter(r3, 0x139c, 0x6481, 0x0, &(0x7f0000000180)={[0x4]}, 0x8) setpgid(r1, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r4 = socket(0x3e5d78e09dacfce8, 0x2, 0x5) recvmmsg$unix(r4, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2000000072009fb3000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="084c0100010000005db116e02a9f9e647ae55d56bf71548c26a206"], 0x20}}, 0x0) mount$afs(0x0, &(0x7f0000000200)='./file1\x00', 0x0, 0x88, 0x0) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r5, 0x9360, 0x800000000000001) 24.226219672s ago: executing program 5 (id=590): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000080)=ANY=[@ANYBLOB="34000000000701042000000000000000000000000c0006400000000000000808090001fd88e5789863c7dd0073797a3100000000"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x10000000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge0\x00'}) socket(0x10, 0x80002, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$can_bcm(r1, 0x0, 0x4008001) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r2, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) sendmmsg(r2, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 24.010790353s ago: executing program 4 (id=592): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x1c, &(0x7f0000000140)=[@in6={0xa, 0x4e21, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2}]}, &(0x7f00000003c0)=0x10) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) 23.089650395s ago: executing program 5 (id=595): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) syz_emit_ethernet(0xac, &(0x7f0000002440)=ANY=[@ANYBLOB="000000000000aaaaaaaaaa2c0004aa0125948f71430564e04c21de2b012ed35f4082a6363c671afe2cc454bdf430328a5cab3678ab0e7aa5c56ea256808e1aeb0f4bb0532672d8d593dcbcda04dc080e93b2a65da35df54f005559f861761e63036f464cc6edad98b6d1430b3d80a475d80637a3cecf8491eed824e97a69df2a36173b5e805712907833427f8b3ef2fc7a06a0e65f0a66ea425ea77dda0582ef7fa1007f9e84934e716e749db02777"], 0x0) userfaultfd(0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='[', 0x1, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 23.088277444s ago: executing program 35 (id=595): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) syz_emit_ethernet(0xac, &(0x7f0000002440)=ANY=[@ANYBLOB="000000000000aaaaaaaaaa2c0004aa0125948f71430564e04c21de2b012ed35f4082a6363c671afe2cc454bdf430328a5cab3678ab0e7aa5c56ea256808e1aeb0f4bb0532672d8d593dcbcda04dc080e93b2a65da35df54f005559f861761e63036f464cc6edad98b6d1430b3d80a475d80637a3cecf8491eed824e97a69df2a36173b5e805712907833427f8b3ef2fc7a06a0e65f0a66ea425ea77dda0582ef7fa1007f9e84934e716e749db02777"], 0x0) userfaultfd(0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='[', 0x1, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 23.031047641s ago: executing program 4 (id=596): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x1c, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x107a655, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x3}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 23.030902173s ago: executing program 4 (id=597): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0xc0}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x20}, 0x94) 22.949883765s ago: executing program 4 (id=598): connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x805, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @loopback}, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(0x0) syz_pidfd_open(0x0, 0x0) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl726\x00', [0x4f29, 0x0, 0xc139, 0x4, 0x5, 0xafa0, 0x0, 0x4, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x9, 0x6, 0x101, 0xfffffffe, 0xffff, 0x3, 0x40000003, 0x89, 0xcaa3, 0x1000, 0x20001e5b, 0x8000003, 0xe69, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]}) prlimit64(0x0, 0xc, &(0x7f0000000140)={0x40000000000000, 0x88}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = signalfd(0xffffffffffffffff, 0x0, 0x0) r3 = io_uring_setup(0x1fce, &(0x7f0000000240)={0x0, 0x2326, 0x2, 0x2, 0x14e, 0x0, r2}) io_uring_enter(r3, 0x139c, 0x6481, 0x0, &(0x7f0000000180)={[0x4]}, 0x8) setpgid(0x0, r1) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r4 = socket(0x3e5d78e09dacfce8, 0x2, 0x5) recvmmsg$unix(r4, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2000000072009fb3000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="084c0100010000005db116e02a9f9e647ae55d56bf71548c26a206"], 0x20}}, 0x0) mount$afs(0x0, &(0x7f0000000200)='./file1\x00', 0x0, 0x88, 0x0) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r5, 0x9360, 0x800000000000001) 22.949618628s ago: executing program 4 (id=599): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) sendto$inet6(r0, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000005440)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1}}], 0x1, 0x400c404) sendmmsg$inet6(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000440)='T', 0x1}], 0x1}}], 0x1, 0x4040005) 22.410430018s ago: executing program 4 (id=601): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendmmsg(r0, &(0x7f00000018c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6}}], 0x1, 0x8094) 22.366130182s ago: executing program 36 (id=601): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendmmsg(r0, &(0x7f00000018c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6}}], 0x1, 0x8094) 5.125023286s ago: executing program 8 (id=721): creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x0, 0x0) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x8000001, 0x40000180, &(0x7f0000000180), 0x1, 0x4000007}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) 5.122358934s ago: executing program 8 (id=723): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000540)={0x24, @short={0x2, 0x3, 0xfffe}}, 0x14) 5.059836657s ago: executing program 8 (id=725): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r5, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}}, 0x18) sendmsg$can_j1939(r5, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) 4.590658173s ago: executing program 3 (id=727): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x204402, 0x0) readlinkat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=""/134, 0x86) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, r0, 0x9a974000) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/slabinfo\x00', 0x0, 0x0) preadv2(r3, &(0x7f0000000200)=[{&(0x7f00000006c0)=""/177, 0xb1}], 0x1, 0x800ee, 0x3, 0x0) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)}], 0x1000000000000095}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0) 3.6203104s ago: executing program 3 (id=729): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, 0x0, 0x0) listen(r0, 0x3) accept4$bt_l2cap(r0, 0x0, 0x0, 0x800) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) 3.61980144s ago: executing program 3 (id=730): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x5, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) read$watch_queue(r1, &(0x7f0000000540)=""/4096, 0x1000) 2.993358638s ago: executing program 8 (id=731): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_FRAME={0x20, 0x33, @data_frame={@msdu=@type10={{0x0, 0x2, 0x7, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x9}, @random="589733b902f1", @broadcast, @device_a, {0x2, 0x500}, "", @void, @value=@ver_80211n={0x0, 0x5f, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, @a_msdu}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 2.910226246s ago: executing program 8 (id=734): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="00220f000000540b4550182195f57584839e"], 0x0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000002, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$HIDIOCSUSAGE(r1, 0x4018480c, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000680)=ANY=[@ANYBLOB="20018c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 2.750626473s ago: executing program 3 (id=735): openat$uhid(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) socket$netlink(0x10, 0x3, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc) 2.700271284s ago: executing program 7 (id=738): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000002080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x0, 0x2}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000000)=0xffffffff, 0x4) 2.620458953s ago: executing program 7 (id=739): syz_usb_connect(0x1, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000009a65d0860040800dee20102030109021b05000000000009040000f678eaf500090584", @ANYBLOB="0b87"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) openat$mice(0xffffffffffffff9c, &(0x7f0000000300), 0x0) 1.829276421s ago: executing program 3 (id=741): r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2) read$msr(r1, &(0x7f0000019680)=""/102384, 0x18ff0) listxattr(0x0, 0x0, 0x0) r2 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)={'team0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000b00)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r3, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_OVERHEAD={0x8, 0x6, 0x4}]}}]}, 0x3c}}, 0x48004) 1.338296081s ago: executing program 7 (id=743): connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x4f, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$unix(0x1, 0x5, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='yeah', 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x23) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="f0", 0x1}], 0x1}}], 0x1, 0x40) sendmmsg$inet(r0, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001580)="e7fd379780c24b198c9ebd2cbb2b697c63dcb2ad9924f068956ae9bff5b6d902955f083d7b63744819e97a58eda43c74e9d230bc284b81001b09ce5be3d9c808be0e4a06f04cd3b92717af30809bcb8660e838655d1f593b3d2d6ce2116da270d9f579336fae578558549f2b72b6eee49171b323c4b04f482877197be535fddd8c7710c5df4ff18be68856f2cdc2c9150a734c9e873ddb095f7c8d8520dab8b358b59a2c2dc5baf56eb7b8892847da1da3352bd078a54b58c147e25793a3318dd3b60e0b1f4de4bf6cf33d916ca1fdd2091c257cdac954320967fa95515b89ba1dcf4bdbcdce9129390d4f5484c1d29932547c71fd647e4439968c50f5fd216670412ede7666a114329f8dfb39309bc0931964ec5a28ac77925a80758f69989180241615e3ac5a02e46128e507691fcaadeeb5d2e277417e2a326acfea772bcbde319b563731a69e0db4e17c3ce7dbcf33ad70290f33c2f99842fc45988102c53e7442a82c91c73de101a328c6f1c20b849fe4b1cf8a8dc36f703bf1774d3bbea1c99f0963d6811649a60b8eff49ea31e23b1b91016d027a10a7304658291a3bc17bc4b56626852331d4077ac11b9ef7edcd4cbfb77d8fb9665ba44be5aa24f706e7cbc7fcaa3b8a234f4361ba9789fb71f69d0a3eda497d7573e8404d5272cd822a2529c62c64eebad406d2ecbac4d0a1ad1c27e42d0c5737066654ea18a2a7ca66eb3b96732db01d1c569549f75804eb8776218ed282f884924a21cbc565687b33bf6d4f243fcbe500c910cf9e75183584c336b23c3c7bbacf7cda462eed4e1d9c75d39f3814369537d5f1a2804058f9afb402f7b2e57b48437b558be97dc3cd6a45f1ec5b4c4f97566fb77101fe66a1f122dccc1cf95ca7cac098dea0f4576b8ddd601443d3a7adeac82995b3c12490d285c854e4d79d201702ee68c852a8402d420bded5262a91bfd8b0e123b07a24fae022d5c061c3519db619e8648c77ed6600bb6d0f03e70e05861602d48fb668ba0a90774cf364013dcb2997b875157281bc7c592f652f06cc66b60317687c41cec9ad66a136c46b485a26ada56e1c863cda4aec9f227a0eef8f8e9cc43546ddf53663e1e1cceef8ff73ea387a842bbbf992956e7391eeecc124b7c2c8986e84a0b09936a4574832df951a6c595892e7815f9005446675880a24019b18c820a29a0e72371e7d4dcd2188cbeec3e7b099288d2a6899c6171ad53fb58526a911dc31579f1a98d2dfaa18ccfe210a927e8ab8060588271fddbdcfafc801fe6ba1462060c0d856c2fdd917bab2a1c07f9f562c29bcf9fa83e45201933fd643988555b056513ea0cebf6d8e057032e3e8eeef67a20db39cfd42c4f4c57d0aab701117d218d046fbd372584af6fd633e92317f08c36e66f8623c0a0dcbcb7382e958518e12beea5caa75d73612bee01e5229f706842fd3ecc5679973c31b424c9d5bead2fb92c77c5988d6b33b7439c1bc3c2da8bc330e1c6cf03d3b612e82c275f5225803d16fb7f10661d502720a35961a99aac976c59b93121d38b282d5302afa4004a843bd119c9d7bef5f0e193ec093868ed6a5e665ce9b6a23b7d1c247c8d2380f491cfceb914baa65f60a7bea8f25449c9ea7c45963b7e073289c9c9722c8024defb942c4a2daad3aaaf6f7ef4c893ebcf4fff9ec8d5735af085c32e118794f0a2f206fde76cb28cd571f28540765f09aa243ad8bef6516dc46767230498ae011436f29adf8a40d858ca41efe03db9ef4332d1419a2805d20738cb12562230305d118523d9682540cfc3393c52b29859399f19311863c35b0e7f3e190997723d82859ef35af16044f8cab80cfc48bc2ea8e69a1cb64678e5cc93d49c87824f63838337f02806e2d0964f9e7f8d7e876dfd55d00d5e7f7d3c78b068972b1d8e962573018fb5ffe5b775f6028434db0361b4f94e3df8caa8d0a7dfbd34e859e88bcf2b787b353c69add0df04b477383cccaa4b78f8dd97d0cce1cb9d2135913c5f436d54b1ca29697768e94f5f52a0a4962def4fda83a2be4d23b450fbf0fef234d2f2c1e773a5a78bd7af6201a92b1a1dc3498b936f6", 0x5c7}], 0x1}}], 0x1, 0xc4) 1.280932472s ago: executing program 7 (id=745): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @remote}]}, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f"], 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.190529466s ago: executing program 6 (id=747): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x7, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000800)={r3, r1, 0x25, 0x0, @val=@netkit={@void, @value=r3}}, 0x1c) syz_emit_ethernet(0x32, &(0x7f0000000ac0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x3, 0x9, 0x24, 0x67, 0x0, 0x40, 0x21, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x4e20, 0x4e22, 0x4, 0x1, 0x7, 0x0, 0x0, 0x5, 0x4, "db8404", 0x7, "11141f"}}}}}}, 0x0) 1.090540594s ago: executing program 6 (id=748): sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000080)=ANY=[@ANYBLOB="34000000000701042000000000000000000000000c0006400000000000000808090001fd88e5789863c7dd0073797a3100000000"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x10000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000"], 0xd8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge0\x00'}) socket(0x10, 0x80002, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$can_bcm(r0, 0x0, 0x4008001) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 1.08091056s ago: executing program 7 (id=749): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x4}, 0xe) listen(r0, 0x3) accept4$bt_l2cap(r0, 0x0, 0x0, 0x800) syz_emit_vhci(0x0, 0x16) 720.622965ms ago: executing program 8 (id=750): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x204402, 0x0) readlinkat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=""/134, 0x86) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, r0, 0x9a974000) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/slabinfo\x00', 0x0, 0x0) preadv2(r3, &(0x7f0000000200)=[{&(0x7f00000006c0)=""/177, 0xb1}], 0x1, 0x800ee, 0x3, 0x0) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)}], 0x1000000000000095}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0) 479.043336ms ago: executing program 3 (id=751): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x8, 0x800007, 0x0, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x2}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xa}, @hci_rp_user_confirm_reply={{0x5}, {0x9}}}}, 0xd) socket$netlink(0x10, 0x3, 0x14) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wpan3\x00'}) 205.467802ms ago: executing program 6 (id=752): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x3c, 0x0, 0x431, 0x70bd28, 0x259fdc00, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_RX={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4c810}, 0x20000000) 205.192698ms ago: executing program 6 (id=753): r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=@newtfilter={0x5c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x30, 0x2, [@TCA_U32_CLASSID={0x8, 0x1, {0xfff3, 0x4}}, @TCA_U32_SEL={0x12, 0x5, {0xa, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0x3, 0x58f}}]}}]}, 0x5c}}, 0x24040084) 128.407158ms ago: executing program 7 (id=754): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x2d, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000007f0000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083", @ANYRES32=0x1, @ANYBLOB="0000000000000000852000000300000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000018110000", @ANYBLOB="0000000000000000b70200000000000200000000860000000978001801010000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823000028b7e464860e3c63dd33d86fc302124c1d11aa680e9ae1854fd8aab8cd13c022e0e5bddab38728dab76efc7a95e276abd144ba4bfe1b098d4414b16f898947841cbacf22fff2638b5bcee796e468e8a7843ff9812cc3fa461ac1741677256f076069b46157f68bbc1420698cdc7a05dea14ed0ddbf2b985707f86482b0e3c4164fee58e91e7bb1ee4f6b0f015901e273fa20b18a02468cd78de71e62b963a91b72e99a5774", @ANYRES32], &(0x7f0000000040)='syzkaller\x00', 0x1000, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000005c0)={0x4, 0xa, 0x7fffffff, 0x4}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000600)=[{0x0, 0x80000001, 0xe, 0xc}], 0x10, 0x6bc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r5 = accept4(r4, 0x0, 0x0, 0x80000) sendmsg$kcm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}, 0x20000000) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x45, 0x0, 0x0) recvmsg$can_j1939(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x100) r6 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x1, 0x1) fchdir(r7) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) 227.99µs ago: executing program 6 (id=755): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) fdatasync(r0) 0s ago: executing program 6 (id=756): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$BLKPG(r1, 0x1269, &(0x7f0000001080)={0x3, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): dge0: port 1(bridge_slave_0) entered blocking state [ 56.230568][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.247517][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.250401][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.262499][ T5930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.276163][ T5938] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.294560][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.297179][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.304891][ T5930] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.316941][ T5942] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.329596][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.332693][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.339337][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.342402][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.358033][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.360308][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.373526][ T40] audit: type=1400 audit(1760702808.392:89): avc: denied { sys_module } for pid=5942 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 56.374989][ T5934] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.459253][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.498964][ T5942] veth0_vlan: entered promiscuous mode [ 56.513832][ T5942] veth1_vlan: entered promiscuous mode [ 56.542647][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.548877][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.564230][ T5930] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.568532][ T5942] veth0_macvtap: entered promiscuous mode [ 56.576105][ T5942] veth1_macvtap: entered promiscuous mode [ 56.598931][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.606546][ T5938] veth0_vlan: entered promiscuous mode [ 56.616698][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.634093][ T5938] veth1_vlan: entered promiscuous mode [ 56.639511][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.643977][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.653104][ T5930] veth0_vlan: entered promiscuous mode [ 56.656455][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.659333][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.662810][ T5934] veth0_vlan: entered promiscuous mode [ 56.682646][ T5930] veth1_vlan: entered promiscuous mode [ 56.688523][ T5934] veth1_vlan: entered promiscuous mode [ 56.720105][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.723225][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.739841][ T5938] veth0_macvtap: entered promiscuous mode [ 56.761120][ T5938] veth1_macvtap: entered promiscuous mode [ 56.765070][ T5930] veth0_macvtap: entered promiscuous mode [ 56.768841][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.769242][ T5934] veth0_macvtap: entered promiscuous mode [ 56.771693][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.782786][ T5934] veth1_macvtap: entered promiscuous mode [ 56.786464][ T5930] veth1_macvtap: entered promiscuous mode [ 56.801277][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.811631][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.812455][ T5942] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.817182][ T46] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.828680][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.835440][ T46] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.839607][ T46] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.845790][ T5930] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.852579][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.858734][ T46] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.868581][ T5930] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.874810][ T1148] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.878685][ T1148] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.893729][ T1148] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.907896][ T1148] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.911694][ T1148] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.931070][ T1148] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.935878][ T1148] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.952229][ T1148] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.964881][ T1179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.972125][ T1179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.995942][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.998838][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.037879][ T1179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.040357][ T1179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.072634][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.075958][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.084461][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.087646][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.114669][ T1179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.118744][ T1179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.251791][ T6038] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6'. [ 57.402479][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.407104][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.422225][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 57.472228][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 57.475323][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.477487][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.481992][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.485259][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.492672][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.492734][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.507569][ T6048] IPv4: Oversized IP packet from 172.20.20.24 [ 57.510768][ C3] IPv4: Oversized IP packet from 172.20.20.24 [ 57.513520][ C3] IPv4: Oversized IP packet from 172.20.20.24 [ 57.633208][ T5933] Bluetooth: hci1: command tx timeout [ 57.722630][ T5933] Bluetooth: hci3: command tx timeout [ 57.722768][ T5940] Bluetooth: hci0: command tx timeout [ 57.727931][ T5291] Bluetooth: hci2: command tx timeout [ 58.181005][ T6061] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13'. [ 58.186128][ T40] kauditd_printk_skb: 57 callbacks suppressed [ 58.186138][ T40] audit: type=1400 audit(1760702810.202:147): avc: denied { create } for pid=6060 comm="syz.1.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 58.198083][ T40] audit: type=1400 audit(1760702810.202:148): avc: denied { connect } for pid=6060 comm="syz.1.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 58.207467][ T40] audit: type=1400 audit(1760702810.202:149): avc: denied { create } for pid=6060 comm="syz.1.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 58.217478][ T40] audit: type=1400 audit(1760702810.202:150): avc: denied { create } for pid=6060 comm="syz.1.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 58.225608][ T40] audit: type=1400 audit(1760702810.202:151): avc: denied { connect } for pid=6060 comm="syz.1.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 58.247423][ T40] audit: type=1400 audit(1760702810.262:152): avc: denied { create } for pid=6060 comm="syz.1.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 58.257061][ T40] audit: type=1400 audit(1760702810.262:153): avc: denied { ioctl } for pid=6060 comm="syz.1.13" path="socket:[9892]" dev="sockfs" ino=9892 ioctlcmd=0x8990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 58.269732][ T6062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.277176][ T6062] bond0: (slave rose0): Enslaving as an active interface with an up link [ 58.283783][ T40] audit: type=1400 audit(1760702810.302:154): avc: denied { search } for pid=6063 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.293549][ T40] audit: type=1400 audit(1760702810.302:155): avc: denied { search } for pid=6063 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1897 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.303519][ T40] audit: type=1400 audit(1760702810.302:156): avc: denied { search } for pid=6063 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1901 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.565514][ T6080] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 59.713070][ T5291] Bluetooth: hci1: command tx timeout [ 59.792833][ T5291] Bluetooth: hci2: command tx timeout [ 59.794686][ T5940] Bluetooth: hci0: command tx timeout [ 59.802873][ T5291] Bluetooth: hci3: command tx timeout [ 60.203924][ T6124] netlink: 16 bytes leftover after parsing attributes in process `syz.3.30'. [ 60.207605][ T6124] netlink: 48 bytes leftover after parsing attributes in process `syz.3.30'. [ 60.277708][ T6128] overlayfs: failed to clone lowerpath [ 60.282428][ T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 60.435348][ T24] usb 7-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 60.439410][ T24] usb 7-1: config 0 interface 0 has no altsetting 0 [ 60.441845][ T24] usb 7-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00 [ 60.445719][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.456344][ T24] usb 7-1: config 0 descriptor?? [ 60.874447][ T24] apple 0003:05AC:027A.0002: hidraw1: USB HID v8.00 Device [HID 05ac:027a] on usb-dummy_hcd.2-1/input0 [ 61.077292][ T24] usb 7-1: USB disconnect, device number 2 [ 61.679762][ T6165] capability: warning: `syz.2.44' uses deprecated v2 capabilities in a way that may be insecure [ 61.792117][ T5291] Bluetooth: hci1: command tx timeout [ 61.872279][ T5291] Bluetooth: hci3: command tx timeout [ 61.872639][ T5940] Bluetooth: hci2: command tx timeout [ 61.874659][ T5291] Bluetooth: hci0: command tx timeout [ 62.253188][ T6185] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 62.702749][ T6203] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 62.922134][ T842] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 63.132100][ T842] usb 6-1: Using ep0 maxpacket: 8 [ 63.139006][ T842] usb 6-1: config 0 has an invalid interface number: 87 but max is 0 [ 63.143120][ T842] usb 6-1: config 0 has no interface number 0 [ 63.147843][ T842] usb 6-1: New USB device found, idVendor=1e59, idProduct=0002, bcdDevice=76.a0 [ 63.151152][ T842] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.154215][ T842] usb 6-1: Product: syz [ 63.155756][ T842] usb 6-1: Manufacturer: syz [ 63.157254][ T842] usb 6-1: SerialNumber: syz [ 63.159990][ T842] usb 6-1: config 0 descriptor?? [ 63.545748][ T6224] ubi31: attaching mtd0 [ 63.549272][ T6224] ubi31: scanning is finished [ 63.550942][ T6224] ubi31: empty MTD device detected [ 63.759764][ T6231] process 'syz.2.63' launched './file0' with NULL argv: empty string added [ 63.765091][ T40] kauditd_printk_skb: 43 callbacks suppressed [ 63.765104][ T40] audit: type=1400 audit(1760702815.782:200): avc: denied { execute_no_trans } for pid=6218 comm="syz.2.63" path="/13/file0" dev="tmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 63.792251][ T40] audit: type=1400 audit(1760702815.792:201): avc: denied { getopt } for pid=6218 comm="syz.2.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 64.317472][ T6224] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 64.320399][ T6224] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 64.325559][ T6224] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 64.329425][ T6224] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 64.332519][ T6224] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 64.335542][ T6224] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 64.338775][ T6224] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2278279907 [ 64.342900][ T6224] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 64.420961][ T6239] ubi31: background thread "ubi_bgt31d" started, PID 6239 [ 64.532670][ T40] audit: type=1400 audit(1760702816.552:202): avc: denied { execute } for pid=6242 comm="syz.2.68" path="/dev/nullb0" dev="devtmpfs" ino=2851 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 64.565592][ T40] audit: type=1800 audit(1760702816.552:203): pid=6243 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.68" name="nullb0" dev="devtmpfs" ino=2851 res=0 errno=0 [ 64.847833][ T40] audit: type=1400 audit(1760702816.862:204): avc: denied { mounton } for pid=6246 comm="syz.2.69" path="/15/file0" dev="tmpfs" ino=95 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 64.858702][ T6247] virtio-pci 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 64.896142][ T40] audit: type=1400 audit(1760702816.872:205): avc: denied { read write } for pid=6246 comm="syz.2.69" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 64.903970][ T40] audit: type=1400 audit(1760702816.872:206): avc: denied { open } for pid=6246 comm="syz.2.69" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 64.913604][ T40] audit: type=1400 audit(1760702816.882:207): avc: denied { append } for pid=6246 comm="syz.2.69" name="001" dev="devtmpfs" ino=764 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 64.921006][ T40] audit: type=1400 audit(1760702816.892:208): avc: denied { bind } for pid=6246 comm="syz.2.69" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 65.072287][ T40] audit: type=1400 audit(1760702817.052:209): avc: denied { unmount } for pid=5930 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 65.253613][ T6258] overlayfs: overlapping lowerdir path [ 65.435628][ T6266] netlink: 14560 bytes leftover after parsing attributes in process `syz.0.78'. [ 66.205261][ T6292] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 66.538364][ T6307] Zero length message leads to an empty skb [ 66.745728][ T842] dvb-usb: found a 'EvolutePC TVWay+' in cold state, will try to load a firmware [ 66.829114][ T842] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 66.832672][ T842] dib0700: firmware download failed at 7 with -22 [ 66.858535][ T842] usb 6-1: USB disconnect, device number 2 [ 67.044029][ T6327] Bluetooth: MGMT ver 1.23 [ 67.532243][ T24] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 67.563992][ T6353] overlayfs: failed to clone lowerpath [ 67.682079][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 67.686086][ T24] usb 7-1: config 0 has an invalid interface number: 87 but max is 0 [ 67.688680][ T24] usb 7-1: config 0 has no interface number 0 [ 67.692826][ T24] usb 7-1: New USB device found, idVendor=1e59, idProduct=0002, bcdDevice=76.a0 [ 67.695732][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.701294][ T24] usb 7-1: Product: syz [ 67.712023][ T24] usb 7-1: Manufacturer: syz [ 67.718684][ T24] usb 7-1: SerialNumber: syz [ 67.739849][ T24] usb 7-1: config 0 descriptor?? [ 67.912580][ T60] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 68.072036][ T60] usb 5-1: Using ep0 maxpacket: 8 [ 68.079387][ T60] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 68.085668][ T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.092010][ T60] usb 5-1: Product: syz [ 68.093360][ T60] usb 5-1: Manufacturer: syz [ 68.096738][ T60] usb 5-1: SerialNumber: syz [ 68.102498][ T6364] ubi: mtd0 is already attached to ubi31 [ 68.106627][ T60] usb 5-1: config 0 descriptor?? [ 68.314909][ T60] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 68.941842][ T60] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 68.952130][ T40] kauditd_printk_skb: 6 callbacks suppressed [ 68.952182][ T40] audit: type=1400 audit(1760702820.872:216): avc: denied { read } for pid=6370 comm="syz.3.117" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.953094][ T60] usb 5-1: USB disconnect, device number 2 [ 69.828931][ T6387] netlink: 32 bytes leftover after parsing attributes in process `syz.3.119'. [ 69.842419][ T60] IPVS: starting estimator thread 0... [ 69.892091][ T29] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 69.932212][ T6388] IPVS: using max 44 ests per chain, 105600 per kthread [ 70.042641][ T40] audit: type=1400 audit(1760702822.002:217): avc: denied { create } for pid=6389 comm="dhcpcd-run-hook" name="resolv.conf.bond0.ipv4ll" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 70.058462][ T40] audit: type=1400 audit(1760702822.002:218): avc: denied { write open } for pid=6389 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.bond0.ipv4ll" dev="tmpfs" ino=2472 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 70.071015][ T40] audit: type=1400 audit(1760702822.002:219): avc: denied { append } for pid=6389 comm="dhcpcd-run-hook" name="resolv.conf.bond0.ipv4ll" dev="tmpfs" ino=2472 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 70.085466][ T40] audit: type=1400 audit(1760702822.002:220): avc: denied { getattr } for pid=6389 comm="dhcpcd-run-hook" path="/tmp/resolv.conf" dev="tmpfs" ino=4 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 70.098632][ T40] audit: type=1400 audit(1760702822.052:221): avc: denied { read } for pid=6391 comm="cmp" name="resolv.conf" dev="tmpfs" ino=4 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 70.169437][ T40] audit: type=1400 audit(1760702822.182:222): avc: denied { unlink } for pid=6392 comm="rm" name="resolv.conf.bond0.ipv4ll" dev="tmpfs" ino=2472 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 70.263111][ T24] dvb-usb: found a 'EvolutePC TVWay+' in cold state, will try to load a firmware [ 70.268349][ T29] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 70.268792][ T24] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 70.273166][ T29] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 70.276773][ T24] dib0700: firmware download failed at 7 with -22 [ 70.280186][ T29] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 70.280201][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.283422][ T6385] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 70.290361][ T24] usb 7-1: USB disconnect, device number 3 [ 70.299517][ T29] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 70.498494][ T10] usb 6-1: USB disconnect, device number 3 [ 70.520838][ T6404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.125'. [ 70.849219][ T40] audit: type=1400 audit(1760702822.862:223): avc: denied { setopt } for pid=6410 comm="syz.2.127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 70.883788][ T40] audit: type=1400 audit(1760702822.902:224): avc: denied { unlink } for pid=6412 comm="syz.2.128" name="#1" dev="tmpfs" ino=143 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 70.891027][ T40] audit: type=1400 audit(1760702822.902:225): avc: denied { mount } for pid=6412 comm="syz.2.128" name="/" dev="overlay" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 71.111095][ T6417] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 71.114138][ T6417] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 71.120490][ T6417] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 71.126453][ T6417] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 71.129607][ T6417] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 71.135311][ T6417] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 71.138233][ T6417] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 71.140274][ T6417] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 71.144040][ T6417] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 71.243929][ T6422] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 72.029524][ T5940] Bluetooth: hci3: unexpected event for opcode 0x2006 [ 72.912050][ T6453] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 72.914911][ T6453] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 72.917522][ T6453] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 73.028131][ T5940] Bluetooth: hci3: unexpected event for opcode 0x1405 [ 73.075920][ T6472] syz.3.147 uses obsolete (PF_INET,SOCK_PACKET) [ 73.382657][ T5940] Bluetooth: hci1: Malformed HCI Event: 0x22 [ 73.639012][ T5940] Bluetooth: hci1: unexpected event for opcode 0x1405 [ 74.571101][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 74.571119][ T40] audit: type=1400 audit(1760702826.582:228): avc: denied { create } for pid=6584 comm="syz.0.167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 74.584956][ T40] audit: type=1400 audit(1760702826.602:229): avc: denied { bind } for pid=6584 comm="syz.0.167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 74.592649][ T40] audit: type=1400 audit(1760702826.602:230): avc: denied { write } for pid=6584 comm="syz.0.167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 74.787872][ T40] audit: type=1400 audit(1760702826.802:231): avc: denied { create } for pid=6593 comm="syz.2.170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 74.807318][ T40] audit: type=1400 audit(1760702826.812:232): avc: denied { override_creds } for pid=6593 comm="syz.2.170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 74.872053][ T40] audit: type=1400 audit(1760702826.882:233): avc: denied { mount } for pid=6593 comm="syz.2.170" name="/" dev="configfs" ino=1086 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 74.963199][ T6602] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 75.002479][ T5940] Bluetooth: hci2: command 0x0c1a tx timeout [ 75.449613][ T40] audit: type=1400 audit(1760702827.462:234): avc: denied { execute } for pid=6611 comm="syz.1.174" name="file0" dev="tmpfs" ino=272 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 75.456743][ T40] audit: type=1400 audit(1760702827.462:235): avc: denied { execute_no_trans } for pid=6611 comm="syz.1.174" path="/48/file0" dev="tmpfs" ino=272 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 75.733624][ T5940] Bluetooth: hci1: unexpected event for opcode 0x2006 [ 75.790339][ T40] audit: type=1400 audit(1760702827.782:236): avc: denied { listen } for pid=6624 comm="syz.2.179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 76.281552][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.284530][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.409812][ T5940] Bluetooth: hci1: unexpected event for opcode 0x1405 [ 76.765677][ T40] audit: type=1400 audit(1760702828.782:237): avc: denied { create } for pid=6642 comm="syz.0.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 77.087663][ T5940] Bluetooth: hci2: command 0x0c1a tx timeout [ 77.101258][ T6653] netlink: 14560 bytes leftover after parsing attributes in process `syz.2.190'. [ 77.224509][ T6658] netlink: 164 bytes leftover after parsing attributes in process `syz.2.191'. [ 77.522388][ T5940] Bluetooth: hci1: unexpected event for opcode 0x1405 [ 78.352135][ T842] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 78.502087][ T842] usb 8-1: Using ep0 maxpacket: 16 [ 78.505399][ T842] usb 8-1: config 0 interface 0 altsetting 218 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 78.509715][ T842] usb 8-1: config 0 interface 0 has no altsetting 0 [ 78.512745][ T842] usb 8-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00 [ 78.516263][ T842] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.527386][ T842] usb 8-1: config 0 descriptor?? [ 78.856854][ T5940] Bluetooth: hci3: Malformed HCI Event: 0x22 [ 78.937589][ T842] logitech-djreceiver 0003:046D:C52B.0003: unknown main item tag 0x0 [ 79.055557][ T6696] netlink: 14560 bytes leftover after parsing attributes in process `syz.2.207'. [ 79.135789][ T842] usb 8-1: USB disconnect, device number 2 [ 79.162203][ T5940] Bluetooth: hci2: command 0x0c1a tx timeout [ 79.584445][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 79.584463][ T40] audit: type=1400 audit(1760702831.602:240): avc: denied { read write } for pid=6704 comm="syz.1.210" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 79.597304][ T40] audit: type=1400 audit(1760702831.602:241): avc: denied { open } for pid=6704 comm="syz.1.210" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 79.607455][ T40] audit: type=1400 audit(1760702831.602:242): avc: denied { mounton } for pid=6704 comm="syz.1.210" path="/56/file0" dev="tmpfs" ino=314 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 79.657088][ T40] audit: type=1400 audit(1760702831.672:243): avc: denied { unmount } for pid=5934 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 79.952094][ T9] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 79.962117][ T6120] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 79.978467][ T40] audit: type=1326 audit(1760702831.992:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6716 comm="syz.2.215" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e58efc9 code=0x7ffc0000 [ 79.988258][ T40] audit: type=1326 audit(1760702831.992:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6716 comm="syz.2.215" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e58efc9 code=0x7ffc0000 [ 79.997857][ T40] audit: type=1400 audit(1760702831.992:246): avc: denied { name_bind } for pid=6715 comm="syz.0.216" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 80.009406][ T40] audit: type=1326 audit(1760702831.992:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6716 comm="syz.2.215" exe="/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f206e58efc9 code=0x7ffc0000 [ 80.019324][ T40] audit: type=1326 audit(1760702831.992:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6716 comm="syz.2.215" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e58efc9 code=0x7ffc0000 [ 80.028876][ T40] audit: type=1326 audit(1760702831.992:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6716 comm="syz.2.215" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f206e58efc9 code=0x7ffc0000 [ 80.132093][ T9] usb 8-1: Using ep0 maxpacket: 32 [ 80.135786][ T9] usb 8-1: config 0 has an invalid interface number: 51 but max is 0 [ 80.139375][ T9] usb 8-1: config 0 has no interface number 0 [ 80.145476][ T9] usb 8-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 80.149632][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.151420][ T6120] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 80.153419][ T9] usb 8-1: Product: syz [ 80.156839][ T6120] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.156859][ T6120] usb 6-1: Product: syz [ 80.156871][ T6120] usb 6-1: Manufacturer: syz [ 80.156884][ T6120] usb 6-1: SerialNumber: syz [ 80.158854][ T9] usb 8-1: Manufacturer: syz [ 80.170448][ T9] usb 8-1: SerialNumber: syz [ 80.175244][ T6120] usb 6-1: config 0 descriptor?? [ 80.177650][ T9] usb 8-1: config 0 descriptor?? [ 80.182929][ T9] quatech2 8-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 80.387227][ T6120] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 80.389091][ T9] usb 8-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 80.397902][ T9] usb 8-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 80.552143][ T6020] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 80.702070][ T6020] usb 5-1: Using ep0 maxpacket: 16 [ 80.706654][ T6020] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.711264][ T6020] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.715454][ T6020] usb 5-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00 [ 80.719845][ T6020] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.726373][ T6020] usb 5-1: config 0 descriptor?? [ 80.785462][ C0] usb 8-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 80.791320][ T9] usb 8-1: USB disconnect, device number 3 [ 80.800540][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 80.811076][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 80.816958][ T9] quatech2 8-1:0.51: device disconnected [ 81.139049][ T6020] input: HID 0458:5012 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:0458:5012.0004/input/input5 [ 81.232795][ T6020] input: HID 0458:5012 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:0458:5012.0004/input/input6 [ 81.276450][ T6020] kye 0003:0458:5012.0004: input,hiddev0,hidraw1: USB HID v0.09 Device [HID 0458:5012] on usb-dummy_hcd.0-1/input0 [ 81.357933][ T60] usb 5-1: USB disconnect, device number 3 [ 82.008771][ T6120] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 82.023788][ T6120] usb 6-1: USB disconnect, device number 4 [ 82.043077][ T6755] Illegal XDP return value 4294967274 on prog (id 20) dev N/A, expect packet loss! [ 83.464251][ T60] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 83.522335][ T5940] Bluetooth: hci1: unexpected event for opcode 0x2006 [ 83.614846][ T60] usb 7-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 83.618778][ T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.625069][ T60] usb 7-1: config 0 descriptor?? [ 83.843502][ T60] kaweth 7-1:0.0: Firmware present in device. [ 84.037653][ T60] kaweth 7-1:0.0: Statistics collection: 0 [ 84.040301][ T60] kaweth 7-1:0.0: Multicast filter limit: 0 [ 84.043067][ T60] kaweth 7-1:0.0: MTU: 0 [ 84.044479][ T60] kaweth 7-1:0.0: Read MAC address 00:00:00:00:00:00 [ 84.372201][ T6020] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 84.393235][ T6799] syzkaller0: entered allmulticast mode [ 84.395579][ T6799] syzkaller0: entered promiscuous mode [ 84.403198][ T6799] syzkaller0 (unregistering): left allmulticast mode [ 84.406847][ T6799] syzkaller0 (unregistering): left promiscuous mode [ 84.522110][ T6020] usb 5-1: Using ep0 maxpacket: 8 [ 84.526783][ T6020] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 84.529965][ T6020] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.532765][ T6020] usb 5-1: Product: syz [ 84.534280][ T6020] usb 5-1: Manufacturer: syz [ 84.535970][ T6020] usb 5-1: SerialNumber: syz [ 84.538863][ T6020] usb 5-1: config 0 descriptor?? [ 84.646622][ T60] kaweth 7-1:0.0: kaweth interface created at eth2 [ 84.756983][ T6020] dvb_usb_rtl28xxu 5-1:0.0: chip type detection failed -71 [ 84.759725][ T6020] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 84.764523][ T6020] usb 5-1: USB disconnect, device number 4 [ 84.798390][ T5940] Bluetooth: hci2: unexpected event for opcode 0x1405 [ 84.840622][ T843] usb 7-1: USB disconnect, device number 4 [ 85.131874][ T6832] netlink: 8 bytes leftover after parsing attributes in process `syz.1.252'. [ 85.137733][ T6832] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 85.418141][ T6853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.262'. [ 85.423253][ T6853] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 85.525948][ T5940] Bluetooth: hci3: unexpected event for opcode 0x2006 [ 85.602153][ T59] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 85.611348][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 85.611359][ T40] audit: type=1400 audit(1760702837.622:261): avc: denied { create } for pid=6863 comm="syz.2.267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 85.620896][ T40] audit: type=1400 audit(1760702837.632:262): avc: denied { connect } for pid=6863 comm="syz.2.267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 85.655696][ C2] IPv4: Oversized IP packet from 172.20.20.24 [ 85.660015][ T6870] netlink: 14560 bytes leftover after parsing attributes in process `syz.0.270'. [ 85.709574][ T40] audit: type=1400 audit(1760702837.722:263): avc: denied { remount } for pid=6873 comm="syz.3.273" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 85.756077][ T59] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 85.760560][ T59] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.770554][ T59] usb 6-1: config 0 descriptor?? [ 85.774595][ T59] cp210x 6-1:0.0: cp210x converter detected [ 86.521836][ T53] cfg80211: failed to load regulatory.db [ 86.633676][ C2] IPv4: Oversized IP packet from 172.20.20.24 [ 86.702797][ T6901] netlink: 14560 bytes leftover after parsing attributes in process `syz.3.281'. [ 86.760826][ T59] cp210x 6-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 86.776155][ T59] cp210x 6-1:0.0: GPIO initialisation failed: -524 [ 86.802223][ T59] usb 6-1: cp210x converter now attached to ttyUSB0 [ 86.983642][ T60] usb 6-1: USB disconnect, device number 5 [ 86.993040][ T60] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 86.996703][ T60] cp210x 6-1:0.0: device disconnected [ 87.452532][ T40] audit: type=1400 audit(1760702839.472:264): avc: denied { create } for pid=6935 comm="syz.2.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 87.460439][ T40] audit: type=1400 audit(1760702839.472:265): avc: denied { setopt } for pid=6935 comm="syz.2.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 88.262042][ T6025] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 88.269480][ T5940] Bluetooth: hci3: unexpected event for opcode 0x1405 [ 88.412710][ T6025] usb 8-1: Using ep0 maxpacket: 8 [ 88.418423][ T6025] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 88.422896][ T6025] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.426123][ T6025] usb 8-1: Product: syz [ 88.442013][ T6025] usb 8-1: Manufacturer: syz [ 88.443517][ T6025] usb 8-1: SerialNumber: syz [ 88.446190][ T6025] usb 8-1: config 0 descriptor?? [ 88.653465][ T6025] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 88.762428][ T60] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 88.860803][ T6025] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 88.876119][ T6025] usb 8-1: USB disconnect, device number 4 [ 88.912044][ T60] usb 5-1: Using ep0 maxpacket: 8 [ 88.916814][ T60] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 88.919663][ T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.923701][ T60] usb 5-1: Product: syz [ 88.925490][ T60] usb 5-1: Manufacturer: syz [ 88.927013][ T60] usb 5-1: SerialNumber: syz [ 88.932696][ T60] usb 5-1: config 0 descriptor?? [ 88.966131][ T40] audit: type=1400 audit(1760702840.982:266): avc: denied { unlink } for pid=6984 comm="syz.1.314" name="controlC#" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 89.146192][ T60] dvb_usb_rtl28xxu 5-1:0.0: chip type detection failed -71 [ 89.148559][ T60] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 89.153377][ T60] usb 5-1: USB disconnect, device number 5 [ 90.703594][ T6025] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 90.863135][ T6025] usb 8-1: Using ep0 maxpacket: 8 [ 91.039164][ T6025] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 91.043079][ T6025] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.046379][ T6025] usb 8-1: Product: syz [ 91.047959][ T6025] usb 8-1: Manufacturer: syz [ 91.049505][ T6025] usb 8-1: SerialNumber: syz [ 91.053313][ T6025] usb 8-1: config 0 descriptor?? [ 91.260988][ T6025] dvb_usb_rtl28xxu 8-1:0.0: chip type detection failed -71 [ 91.266975][ T6025] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 91.292314][ T6025] usb 8-1: USB disconnect, device number 5 [ 92.098528][ T7077] netem: change failed [ 92.401076][ T40] audit: type=1400 audit(1760702844.412:267): avc: denied { read write } for pid=7078 comm="syz.3.346" name="file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 92.408206][ T40] audit: type=1400 audit(1760702844.412:268): avc: denied { open } for pid=7078 comm="syz.3.346" path="/78/file0/file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 93.402174][ T6025] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 93.562428][ T6025] usb 5-1: Using ep0 maxpacket: 8 [ 93.576631][ T6025] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 93.580476][ T6025] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.583957][ T6025] usb 5-1: Product: syz [ 93.585802][ T6025] usb 5-1: Manufacturer: syz [ 93.587856][ T6025] usb 5-1: SerialNumber: syz [ 93.592687][ T6025] usb 5-1: config 0 descriptor?? [ 93.816004][ T6025] dvb_usb_rtl28xxu 5-1:0.0: chip type detection failed -71 [ 93.819256][ T6025] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 93.826315][ T5940] Bluetooth: hci2: unexpected event for opcode 0x2006 [ 93.832453][ T6025] usb 5-1: USB disconnect, device number 6 [ 93.997435][ T5940] Bluetooth: hci2: unexpected event for opcode 0x1405 [ 94.174913][ T40] audit: type=1400 audit(1760702846.182:269): avc: denied { listen } for pid=7132 comm="syz.3.368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 94.183328][ T40] audit: type=1400 audit(1760702846.182:270): avc: denied { accept } for pid=7132 comm="syz.3.368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 95.367827][ T40] audit: type=1400 audit(1760702847.382:271): avc: denied { mount } for pid=7162 comm="syz.0.378" name="/" dev="ramfs" ino=13175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 95.383361][ T40] audit: type=1400 audit(1760702847.382:272): avc: denied { mounton } for pid=7162 comm="syz.0.378" path="/file0" dev="ramfs" ino=13176 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 95.421616][ T7165] ======================================================= [ 95.421616][ T7165] WARNING: The mand mount option has been deprecated and [ 95.421616][ T7165] and is ignored by this kernel. Remove the mand [ 95.421616][ T7165] option from the mount to silence this warning. [ 95.421616][ T7165] ======================================================= [ 95.563477][ T40] audit: type=1400 audit(1760702847.582:273): avc: denied { ioctl } for pid=7168 comm="syz.0.381" path="/dev/vhost-net" dev="devtmpfs" ino=1300 ioctlcmd=0xaf00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 95.609788][ T5933] Bluetooth: hci3: unexpected event for opcode 0x2006 [ 95.766252][ T40] audit: type=1400 audit(1760702847.782:274): avc: denied { read write } for pid=7180 comm="syz.2.386" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 95.774685][ T40] audit: type=1400 audit(1760702847.782:275): avc: denied { open } for pid=7180 comm="syz.2.386" path="/dev/raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 95.785220][ T40] audit: type=1400 audit(1760702847.782:276): avc: denied { ioctl } for pid=7180 comm="syz.2.386" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 95.857352][ T7183] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 96.044157][ T60] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 96.202090][ T60] usb 7-1: Using ep0 maxpacket: 8 [ 96.216544][ T60] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 96.220163][ T60] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.223707][ T60] usb 7-1: Product: syz [ 96.225483][ T60] usb 7-1: Manufacturer: syz [ 96.227398][ T60] usb 7-1: SerialNumber: syz [ 96.242738][ T60] usb 7-1: config 0 descriptor?? [ 96.452728][ T60] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 96.508312][ T5933] Bluetooth: hci2: unexpected event for opcode 0x1405 [ 96.655226][ T60] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 96.660742][ T60] usb 7-1: USB disconnect, device number 5 [ 96.816078][ T7214] netlink: 8 bytes leftover after parsing attributes in process `syz.1.398'. [ 96.875007][ T7217] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7217 comm=syz.1.399 [ 97.023925][ T5933] Bluetooth: hci1: unexpected event for opcode 0x1405 [ 97.532117][ T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 97.628945][ T7239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.407'. [ 97.682053][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 97.688528][ T24] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 97.691589][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.694681][ T24] usb 6-1: Product: syz [ 97.696187][ T24] usb 6-1: Manufacturer: syz [ 97.697742][ T24] usb 6-1: SerialNumber: syz [ 97.701073][ T24] usb 6-1: config 0 descriptor?? [ 97.701921][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 97.701934][ T40] audit: type=1400 audit(1760702849.712:280): avc: denied { connect } for pid=7240 comm="syz.3.408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 97.750627][ T7243] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7243 comm=syz.3.409 [ 97.905978][ T24] dvb_usb_rtl28xxu 6-1:0.0: chip type detection failed -71 [ 97.909166][ T24] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 97.915035][ T24] usb 6-1: USB disconnect, device number 6 [ 98.115088][ T40] audit: type=1400 audit(1760702850.132:281): avc: denied { bind } for pid=7254 comm="syz.2.414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 98.199783][ T7257] netlink: 8 bytes leftover after parsing attributes in process `syz.2.415'. [ 98.258607][ T7258] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 99.910005][ T7307] netlink: 8 bytes leftover after parsing attributes in process `syz.3.433'. [ 99.968976][ T7308] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 100.522059][ T59] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 100.672065][ T59] usb 7-1: Using ep0 maxpacket: 8 [ 100.679040][ T59] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 100.682183][ T59] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.684738][ T59] usb 7-1: Product: syz [ 100.686456][ T59] usb 7-1: Manufacturer: syz [ 100.687997][ T59] usb 7-1: SerialNumber: syz [ 100.691721][ T59] usb 7-1: config 0 descriptor?? [ 100.887945][ T7329] netlink: 36 bytes leftover after parsing attributes in process `syz.3.440'. [ 100.899108][ T59] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 101.154817][ T40] audit: type=1400 audit(1760702853.112:282): avc: denied { create } for pid=7334 comm="syz.3.443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 101.155980][ T59] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 101.161115][ T40] audit: type=1400 audit(1760702853.152:283): avc: denied { read write } for pid=7338 comm="syz.1.444" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 101.168782][ T59] usb 7-1: USB disconnect, device number 6 [ 101.173738][ T40] audit: type=1400 audit(1760702853.152:284): avc: denied { open } for pid=7338 comm="syz.1.444" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 101.228853][ T40] audit: type=1400 audit(1760702853.162:285): avc: denied { ioctl } for pid=7338 comm="syz.1.444" path="/dev/sg0" dev="devtmpfs" ino=721 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 101.712485][ T7348] netlink: 8 bytes leftover after parsing attributes in process `syz.2.448'. [ 101.717268][ T7348] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.721217][ T7348] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.960495][ T40] audit: type=1400 audit(1760702853.972:286): avc: denied { shutdown } for pid=7358 comm="syz.3.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 101.967207][ T40] audit: type=1400 audit(1760702853.972:287): avc: denied { connect } for pid=7358 comm="syz.3.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 101.975395][ T40] audit: type=1400 audit(1760702853.972:288): avc: denied { name_connect } for pid=7358 comm="syz.3.453" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 102.098124][ T7367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.457'. [ 102.139413][ T40] audit: type=1400 audit(1760702854.152:289): avc: denied { create } for pid=7370 comm="syz.3.459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 102.156453][ T7372] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 103.538864][ T7399] netlink: 14560 bytes leftover after parsing attributes in process `syz.0.468'. [ 103.654969][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 103.654980][ T40] audit: type=1400 audit(1760702855.672:292): avc: denied { mount } for pid=7379 comm="syz.2.462" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 103.811494][ T7409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.472'. [ 103.868008][ T7410] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 103.961653][ T40] audit: type=1400 audit(1760702855.972:293): avc: denied { write } for pid=7413 comm="syz.2.474" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 104.098878][ T7423] netlink: 14560 bytes leftover after parsing attributes in process `syz.2.478'. [ 104.516476][ T7428] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 104.711527][ T40] audit: type=1400 audit(1760702856.722:294): avc: denied { create } for pid=7437 comm="syz.3.483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 104.887106][ T40] audit: type=1400 audit(1760702856.902:295): avc: denied { create } for pid=7441 comm="syz.2.484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 104.896386][ T7442] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 104.903319][ T40] audit: type=1400 audit(1760702856.902:296): avc: denied { setopt } for pid=7441 comm="syz.2.484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 104.909629][ T40] audit: type=1400 audit(1760702856.902:297): avc: denied { write } for pid=7441 comm="syz.2.484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 105.032516][ T40] audit: type=1400 audit(1760702857.042:298): avc: denied { bind } for pid=7437 comm="syz.3.483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 105.035295][ T7448] netlink: 4 bytes leftover after parsing attributes in process `syz.3.483'. [ 105.038469][ T40] audit: type=1400 audit(1760702857.042:299): avc: denied { name_bind } for pid=7437 comm="syz.3.483" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 105.038494][ T40] audit: type=1400 audit(1760702857.042:300): avc: denied { node_bind } for pid=7437 comm="syz.3.483" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 105.061274][ T40] audit: type=1400 audit(1760702857.042:301): avc: denied { setopt } for pid=7437 comm="syz.3.483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 105.170066][ T7456] netlink: 8 bytes leftover after parsing attributes in process `syz.1.490'. [ 105.228524][ T7458] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 105.295248][ T7461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 105.508887][ T6490] Bluetooth: hci4: Frame reassembly failed (-84) [ 105.513198][ T6490] Bluetooth: hci4: Frame reassembly failed (-84) [ 105.992420][ T6020] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 106.293944][ T6020] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 106.297611][ T6020] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.302287][ T6020] usb 5-1: config 0 descriptor?? [ 106.309238][ T6020] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 106.531511][ T6020] gp8psk: usb in 128 operation failed. [ 106.535794][ T6020] gp8psk: usb in 137 operation failed. [ 106.537680][ T6020] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 106.542179][ T6020] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 106.546641][ T6020] usb 5-1: USB disconnect, device number 7 [ 106.997919][ T7503] Cannot find set identified by id 65534 to match [ 107.522081][ T10] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 107.552198][ T5933] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 107.552213][ T5940] Bluetooth: hci4: command 0x1003 tx timeout [ 107.692081][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 107.698060][ T10] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 107.702113][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.705545][ T10] usb 8-1: Product: syz [ 107.707417][ T10] usb 8-1: Manufacturer: syz [ 107.709490][ T10] usb 8-1: SerialNumber: syz [ 107.715153][ T10] usb 8-1: config 0 descriptor?? [ 107.922475][ T10] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 108.125122][ T10] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 108.145374][ T10] usb 8-1: USB disconnect, device number 6 [ 108.695001][ T5933] Bluetooth: hci1: unexpected event for opcode 0x1405 [ 109.075146][ T7549] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 109.610187][ T7573] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 109.872534][ T59] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 110.012062][ T59] usb 5-1: device descriptor read/64, error -71 [ 110.202452][ T6025] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 110.262626][ T59] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 110.362088][ T6025] usb 8-1: Using ep0 maxpacket: 16 [ 110.365982][ T6025] usb 8-1: config 1 has an invalid interface number: 69 but max is 0 [ 110.369230][ T6025] usb 8-1: config 1 has no interface number 0 [ 110.371733][ T6025] usb 8-1: config 1 interface 69 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 110.376251][ T6025] usb 8-1: config 1 interface 69 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 64 [ 110.380058][ T6025] usb 8-1: config 1 interface 69 has no altsetting 0 [ 110.385950][ T6025] usb 8-1: New USB device found, idVendor=0bb4, idProduct=0a7e, bcdDevice=60.c4 [ 110.388783][ T6025] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.391302][ T6025] usb 8-1: Product: syz [ 110.392916][ T6025] usb 8-1: Manufacturer: syz [ 110.394437][ T6025] usb 8-1: SerialNumber: syz [ 110.398677][ T7585] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 110.401243][ T7585] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 110.402015][ T59] usb 5-1: device descriptor read/64, error -71 [ 110.405259][ T6025] ipaq 8-1:1.69: PocketPC PDA converter detected [ 110.430221][ T7599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.542'. [ 110.522331][ T59] usb usb5-port1: attempt power cycle [ 110.613362][ T6025] usb 8-1: PocketPC PDA converter now attached to ttyUSB0 [ 110.813227][ T10] usb 8-1: USB disconnect, device number 7 [ 110.827447][ T10] ipaq ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0 [ 110.832544][ T10] ipaq 8-1:1.69: device disconnected [ 110.882070][ T59] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 110.903630][ T59] usb 5-1: device descriptor read/8, error -71 [ 111.152192][ T59] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 111.172754][ T59] usb 5-1: device descriptor read/8, error -71 [ 111.292454][ T59] usb usb5-port1: unable to enumerate USB device [ 111.543461][ T7611] comedi comedi3: 8255: I/O port conflict (0x7,4) [ 111.546408][ T7611] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 111.549184][ T7611] comedi comedi3: 8255: I/O port conflict (0x16,4) [ 111.552091][ T7611] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 111.554346][ T7611] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 111.556373][ T7611] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 111.558389][ T7611] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 111.560407][ T7611] comedi comedi3: 8255: I/O port conflict (0xa,4) [ 111.562568][ T7611] comedi comedi3: 8255: I/O port conflict (0xfd,4) [ 111.564800][ T7611] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 111.566891][ T7611] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 111.569256][ T7611] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 111.571714][ T7611] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 111.574430][ T7611] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 111.577138][ T7611] comedi comedi3: 8255: I/O port conflict (0x80009,4) [ 111.579972][ T7611] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 111.583734][ T7611] comedi comedi3: 8255: I/O port conflict (0x7f,4) [ 111.588493][ T7611] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 111.591214][ T7611] comedi comedi3: 8255: I/O port conflict (0x40000004,4) [ 111.595224][ T7611] comedi comedi3: 8255: I/O port conflict (0x89,4) [ 111.598039][ T7611] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 111.600663][ T7611] comedi comedi3: 8255: I/O port conflict (0x20001e58,4) [ 111.603763][ T7611] comedi comedi3: 8255: I/O port conflict (0xb,4) [ 111.606576][ T7611] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 111.609241][ T7611] comedi comedi3: 8255: I/O port conflict (0x995d000,4) [ 111.739699][ T7620] netlink: 8 bytes leftover after parsing attributes in process `syz.3.550'. [ 111.803201][ T7621] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 112.249556][ T6554] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.331467][ T6554] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.447579][ T6554] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.455644][ T5940] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 112.459623][ T5940] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 112.464378][ T5940] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 112.468886][ T5940] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 112.473247][ T5940] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 112.532248][ T6554] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.697715][ T7630] chnl_net:caif_netlink_parms(): no params data found [ 112.773614][ T6554] bridge_slave_1: left allmulticast mode [ 112.776252][ T6554] bridge_slave_1: left promiscuous mode [ 112.779965][ T6554] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.796573][ T6554] bridge_slave_0: left allmulticast mode [ 112.798591][ T6554] bridge_slave_0: left promiscuous mode [ 112.801461][ T6554] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.013889][ T40] audit: type=1400 audit(1760702865.032:302): avc: denied { mounton } for pid=7652 comm="syz.1.560" path="/132/file0/file0" dev="afs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1 [ 113.046647][ T40] audit: type=1400 audit(1760702865.062:303): avc: denied { unmount } for pid=5934 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 113.185320][ T6554] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 113.189679][ T6554] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.193849][ T6554] bond0 (unregistering): Released all slaves [ 113.627121][ T7630] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.631874][ T7630] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.636609][ T7630] bridge_slave_0: entered allmulticast mode [ 113.642220][ T7630] bridge_slave_0: entered promiscuous mode [ 113.646701][ T7630] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.648960][ T7630] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.651288][ T7630] bridge_slave_1: entered allmulticast mode [ 113.655066][ T7630] bridge_slave_1: entered promiscuous mode [ 113.724447][ T7630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 113.731313][ T7630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 113.793888][ T6554] hsr_slave_0: left promiscuous mode [ 113.796366][ T6554] hsr_slave_1: left promiscuous mode [ 113.798513][ T6554] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.800904][ T6554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 113.804293][ T6554] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 113.807035][ T6554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.838933][ T6554] veth1_macvtap: left promiscuous mode [ 113.841802][ T6554] veth0_macvtap: left promiscuous mode [ 113.846286][ T6554] veth1_vlan: left promiscuous mode [ 113.848719][ T6554] veth0_vlan: left promiscuous mode [ 113.974713][ T40] audit: type=1400 audit(1760702865.992:304): avc: denied { execute } for pid=7667 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 113.992119][ T40] audit: type=1400 audit(1760702865.992:305): avc: denied { execute_no_trans } for pid=7667 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 114.117522][ T5940] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 114.125129][ T5940] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 114.130289][ T5940] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 114.132378][ T7672] Bluetooth: MGMT ver 1.23 [ 114.137526][ T5940] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 114.141405][ T5940] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 114.159582][ T5291] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 114.168809][ T5291] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 114.176157][ T5291] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 114.179373][ T5291] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 114.187702][ T5291] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 114.498910][ T6554] team0 (unregistering): Port device team_slave_1 removed [ 114.512193][ T5940] Bluetooth: hci0: command tx timeout [ 114.571421][ T6554] team0 (unregistering): Port device team_slave_0 removed [ 115.020597][ T7630] team0: Port device team_slave_0 added [ 115.026452][ T7630] team0: Port device team_slave_1 added [ 115.085909][ T7630] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.088782][ T7630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 115.102132][ T7630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.108578][ T7630] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.111495][ T7630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 115.122186][ T7630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.251937][ T7630] hsr_slave_0: entered promiscuous mode [ 115.255437][ T7630] hsr_slave_1: entered promiscuous mode [ 115.258358][ T7630] debugfs: 'hsr0' already exists in 'hsr' [ 115.260793][ T7630] Cannot create hsr debugfs directory [ 115.571719][ T7673] chnl_net:caif_netlink_parms(): no params data found [ 115.576604][ T7669] chnl_net:caif_netlink_parms(): no params data found [ 115.614010][ T7695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 115.662918][ T7630] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 115.712152][ T7630] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 115.777354][ T6554] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.785290][ T7630] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 115.807800][ T7669] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.810089][ T7669] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.812610][ T7669] bridge_slave_0: entered allmulticast mode [ 115.815399][ T7669] bridge_slave_0: entered promiscuous mode [ 115.819972][ T7669] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.823787][ T7669] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.827053][ T7669] bridge_slave_1: entered allmulticast mode [ 115.831061][ T7669] bridge_slave_1: entered promiscuous mode [ 115.837034][ T7630] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 115.886897][ T7673] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.889919][ T7673] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.893890][ T7673] bridge_slave_0: entered allmulticast mode [ 115.897816][ T7673] bridge_slave_0: entered promiscuous mode [ 115.901934][ T7673] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.905132][ T7673] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.908241][ T7673] bridge_slave_1: entered allmulticast mode [ 115.914503][ T7673] bridge_slave_1: entered promiscuous mode [ 115.961788][ T7669] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.972743][ T6554] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.994577][ T7669] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.031020][ T7673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.036232][ T7673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.073675][ T7669] team0: Port device team_slave_0 added [ 116.091607][ T6554] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.101041][ T7673] team0: Port device team_slave_0 added [ 116.104922][ T7669] team0: Port device team_slave_1 added [ 116.111160][ T7673] team0: Port device team_slave_1 added [ 116.145731][ T7669] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.148168][ T7669] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 116.159239][ T7669] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.165990][ T7669] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.168390][ T7669] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 116.179220][ T7669] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.202215][ T5940] Bluetooth: hci1: command tx timeout [ 116.238778][ T6554] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.253801][ T40] audit: type=1400 audit(1760702868.272:306): avc: denied { bind } for pid=7722 comm="syz.3.574" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 116.260274][ T40] audit: type=1400 audit(1760702868.272:307): avc: denied { name_bind } for pid=7722 comm="syz.3.574" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 116.282111][ T5940] Bluetooth: hci3: command tx timeout [ 116.283678][ T40] audit: type=1400 audit(1760702868.272:308): avc: denied { node_bind } for pid=7722 comm="syz.3.574" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 116.284771][ T7673] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.295307][ T7673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 116.302301][ T40] audit: type=1400 audit(1760702868.282:309): avc: denied { block_suspend } for pid=7722 comm="syz.3.574" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 116.306774][ T7673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.318930][ T7673] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.321691][ T7673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 116.331742][ T7673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.354007][ T7669] hsr_slave_0: entered promiscuous mode [ 116.356876][ T7669] hsr_slave_1: entered promiscuous mode [ 116.359164][ T7669] debugfs: 'hsr0' already exists in 'hsr' [ 116.361042][ T7669] Cannot create hsr debugfs directory [ 116.436085][ T7727] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 116.470643][ T7673] hsr_slave_0: entered promiscuous mode [ 116.474448][ T7673] hsr_slave_1: entered promiscuous mode [ 116.477384][ T7673] debugfs: 'hsr0' already exists in 'hsr' [ 116.479808][ T7673] Cannot create hsr debugfs directory [ 116.603215][ T5940] Bluetooth: hci0: command tx timeout [ 116.671415][ T6554] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.728104][ T7630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.764273][ T6554] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.777699][ T7673] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 116.793320][ T7673] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 116.798330][ T7673] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 116.804837][ T7630] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.815477][ T7673] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 116.834217][ T6555] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.837246][ T6555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.848105][ T6506] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.851136][ T6506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.865579][ T6554] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.895649][ T7669] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 116.904912][ T7669] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 116.910973][ T7669] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 116.918824][ T7669] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 116.944609][ T6554] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.982376][ T40] audit: type=1400 audit(1760702869.002:310): avc: denied { ioctl } for pid=7743 comm="syz.3.577" path="socket:[17612]" dev="sockfs" ino=17612 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 117.051898][ T7673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.095971][ T7673] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.122045][ T6497] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.125129][ T6497] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.139990][ T7669] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.150855][ T6554] bridge_slave_1: left allmulticast mode [ 117.153577][ T6554] bridge_slave_1: left promiscuous mode [ 117.155435][ T6554] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.160254][ T6554] bridge_slave_0: left allmulticast mode [ 117.164021][ T6554] bridge_slave_0: left promiscuous mode [ 117.165974][ T6554] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.171827][ T6554] bridge_slave_1: left allmulticast mode [ 117.174776][ T6554] bridge_slave_1: left promiscuous mode [ 117.177239][ T6554] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.183766][ T6554] bridge_slave_0: left allmulticast mode [ 117.185755][ T6554] bridge_slave_0: left promiscuous mode [ 117.187600][ T6554] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.491694][ T6554] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 117.496013][ T6554] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 117.499617][ T6554] bond0 (unregistering): Released all slaves [ 117.715191][ T6554] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 117.720640][ T6554] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 117.726185][ T6554] bond0 (unregistering): Released all slaves [ 117.737397][ T6497] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.740077][ T6497] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.748604][ T7669] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.768046][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.770371][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.782732][ T7630] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.788971][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.791792][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.050822][ T7673] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.058412][ T7669] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.090717][ T7776] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 118.119905][ T7630] veth0_vlan: entered promiscuous mode [ 118.129592][ T7630] veth1_vlan: entered promiscuous mode [ 118.148753][ T7630] veth0_macvtap: entered promiscuous mode [ 118.170284][ T7630] veth1_macvtap: entered promiscuous mode [ 118.181383][ T7630] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.189152][ T7630] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.197802][ T6543] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.203391][ T6543] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.207062][ T6543] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.214825][ T6543] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.237703][ T6554] hsr_slave_0: left promiscuous mode [ 118.240901][ T6554] hsr_slave_1: left promiscuous mode [ 118.245095][ T6554] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.247451][ T6554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.250395][ T6554] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.253951][ T6554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.261878][ T6554] hsr_slave_0: left promiscuous mode [ 118.265790][ T6554] hsr_slave_1: left promiscuous mode [ 118.268729][ T6554] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.271850][ T6554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.275049][ T5940] Bluetooth: hci1: command tx timeout [ 118.278676][ T6554] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.282167][ T6554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.342927][ T6554] veth1_macvtap: left promiscuous mode [ 118.345527][ T6554] veth0_macvtap: left promiscuous mode [ 118.347850][ T6554] veth1_vlan: left promiscuous mode [ 118.350043][ T6554] veth0_vlan: left promiscuous mode [ 118.354602][ T6554] veth1_macvtap: left promiscuous mode [ 118.356902][ T6554] veth0_macvtap: left promiscuous mode [ 118.360409][ T6554] veth1_vlan: left promiscuous mode [ 118.362108][ T5940] Bluetooth: hci3: command tx timeout [ 118.363186][ T6554] veth0_vlan: left promiscuous mode [ 118.682135][ T5940] Bluetooth: hci0: command tx timeout [ 118.882099][ T842] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 119.054281][ T842] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 119.058697][ T842] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 119.063590][ T842] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 119.067532][ T842] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 119.072824][ T6554] team0 (unregistering): Port device team_slave_1 removed [ 119.084401][ T842] usb 8-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16 [ 119.088356][ T842] usb 8-1: New USB device strings: Mfr=28, Product=2, SerialNumber=3 [ 119.092554][ T842] usb 8-1: Product: syz [ 119.094437][ T842] usb 8-1: Manufacturer: syz [ 119.096320][ T842] usb 8-1: SerialNumber: syz [ 119.100647][ T842] usb 8-1: config 0 descriptor?? [ 119.110227][ T842] kvaser_usb 8-1:0.0: CMD_MAP_CHANNEL_REQ failed for CAN0 [ 119.114524][ T842] kvaser_usb 8-1:0.0: error -EMSGSIZE: Failed to initialize card [ 119.117863][ T842] kvaser_usb 8-1:0.0: probe with driver kvaser_usb failed with error -90 [ 119.146137][ T6554] team0 (unregistering): Port device team_slave_0 removed [ 119.314511][ T6020] usb 8-1: USB disconnect, device number 8 [ 120.129300][ T6554] team0 (unregistering): Port device team_slave_1 removed [ 120.203310][ T6554] team0 (unregistering): Port device team_slave_0 removed [ 120.353488][ T5940] Bluetooth: hci1: command tx timeout [ 120.434142][ T5940] Bluetooth: hci3: command tx timeout [ 120.723023][ T7791] : entered promiscuous mode [ 120.762115][ T5940] Bluetooth: hci0: command tx timeout [ 120.774862][ T40] audit: type=1326 audit(1760702872.792:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7793 comm="syz.3.585" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f64f8efc9 code=0x7ffc0000 [ 120.783752][ T6553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.785909][ T40] audit: type=1326 audit(1760702872.792:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7793 comm="syz.3.585" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f64f8efc9 code=0x7ffc0000 [ 120.788271][ T6553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.799408][ T40] audit: type=1326 audit(1760702872.792:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7793 comm="syz.3.585" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f64f8efc9 code=0x7ffc0000 [ 120.815149][ T40] audit: type=1326 audit(1760702872.792:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7793 comm="syz.3.585" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f64f8efc9 code=0x7ffc0000 [ 120.830674][ T40] audit: type=1326 audit(1760702872.792:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7793 comm="syz.3.585" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4f64f8efc9 code=0x7ffc0000 [ 120.837711][ T7669] veth0_vlan: entered promiscuous mode [ 120.841369][ T40] audit: type=1326 audit(1760702872.792:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7793 comm="syz.3.585" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f64f8efc9 code=0x7ffc0000 [ 120.853005][ T40] audit: type=1326 audit(1760702872.792:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7793 comm="syz.3.585" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f64f8efc9 code=0x7ffc0000 [ 120.855856][ T6543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.863360][ T40] audit: type=1326 audit(1760702872.792:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7793 comm="syz.3.585" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f64f8efc9 code=0x7ffc0000 [ 120.868147][ T6543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.875321][ T40] audit: type=1326 audit(1760702872.792:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7793 comm="syz.3.585" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4f64f8efc9 code=0x7ffc0000 [ 120.876822][ T7669] veth1_vlan: entered promiscuous mode [ 120.880497][ T7673] veth0_vlan: entered promiscuous mode [ 120.888401][ T40] audit: type=1326 audit(1760702872.802:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7793 comm="syz.3.585" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f64f8efc9 code=0x7ffc0000 [ 120.897873][ T7673] veth1_vlan: entered promiscuous mode [ 120.931926][ T7669] veth0_macvtap: entered promiscuous mode [ 120.936318][ T7669] veth1_macvtap: entered promiscuous mode [ 120.950570][ T7673] veth0_macvtap: entered promiscuous mode [ 120.955804][ T7673] veth1_macvtap: entered promiscuous mode [ 120.967512][ T7669] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.974685][ T7673] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.985873][ T7669] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.997623][ T6506] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.002606][ T6553] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.009033][ T7673] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 121.021530][ T6553] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.026463][ T6553] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.034387][ T7804] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 121.061438][ T6506] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.066743][ T6506] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.075097][ T6506] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.082655][ T6506] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.104217][ T6490] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.111628][ T6490] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.135917][ T6553] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.139416][ T6553] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.165235][ T6543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.169176][ T6543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.211676][ T6543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.216492][ T6543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.502752][ T5940] Bluetooth: hci1: command tx timeout [ 122.509641][ T6490] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.562537][ T7830] netlink: 68 bytes leftover after parsing attributes in process `syz.6.594'. [ 122.755458][ T5291] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 122.760087][ T5291] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 122.764157][ T5291] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 122.767174][ T5291] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 122.769899][ T5291] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 122.921066][ T7841] chnl_net:caif_netlink_parms(): no params data found [ 122.973351][ T7846] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 123.097872][ T7841] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.100202][ T7841] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.103041][ T7841] bridge_slave_0: entered allmulticast mode [ 123.105745][ T7841] bridge_slave_0: entered promiscuous mode [ 123.109820][ T7841] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.112549][ T7841] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.114848][ T7841] bridge_slave_1: entered allmulticast mode [ 123.117460][ T7841] bridge_slave_1: entered promiscuous mode [ 123.175273][ T7841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 123.179688][ T7841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 123.239947][ T6490] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.250558][ T7841] team0: Port device team_slave_0 added [ 123.257868][ T7841] team0: Port device team_slave_1 added [ 123.290644][ T7841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 123.293557][ T7841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 123.301577][ T7841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 123.306038][ T7841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 123.308227][ T7841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 123.316927][ T7841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 123.356559][ T7841] hsr_slave_0: entered promiscuous mode [ 123.359120][ T7841] hsr_slave_1: entered promiscuous mode [ 123.374484][ T5940] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 123.377707][ T5940] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 123.380713][ T5940] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 123.384887][ T5940] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 123.388306][ T5940] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 123.630938][ T7841] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 123.648032][ T7841] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 123.675946][ T7841] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 123.688203][ T7841] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 123.722698][ T7853] chnl_net:caif_netlink_parms(): no params data found [ 123.945598][ T7853] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.945695][ T7853] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.945784][ T7853] bridge_slave_0: entered allmulticast mode [ 123.946546][ T7853] bridge_slave_0: entered promiscuous mode [ 123.961500][ T7853] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.965037][ T7853] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.965178][ T7853] bridge_slave_1: entered allmulticast mode [ 123.966171][ T7853] bridge_slave_1: entered promiscuous mode [ 124.056517][ T6490] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.110920][ T7853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 124.127768][ T7853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 124.169360][ T6490] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.235829][ T7853] team0: Port device team_slave_0 added [ 124.239480][ T7853] team0: Port device team_slave_1 added [ 124.331578][ T7853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 124.331625][ T7853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 124.331640][ T7853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 124.335689][ T7853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 124.335700][ T7853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 124.335714][ T7853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 124.371607][ T7841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 124.464802][ T7841] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.517419][ T7853] hsr_slave_0: entered promiscuous mode [ 124.520830][ T7853] hsr_slave_1: entered promiscuous mode [ 124.524617][ T7853] debugfs: 'hsr0' already exists in 'hsr' [ 124.526990][ T7853] Cannot create hsr debugfs directory [ 124.536568][ T6490] bridge_slave_1: left allmulticast mode [ 124.539047][ T6490] bridge_slave_1: left promiscuous mode [ 124.541581][ T6490] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.549144][ T6490] bridge_slave_0: left allmulticast mode [ 124.551095][ T6490] bridge_slave_0: left promiscuous mode [ 124.553222][ T6490] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.644846][ T6554] Bluetooth: hci4: Frame reassembly failed (-84) [ 124.839539][ T6490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 124.842213][ T5940] Bluetooth: hci3: command tx timeout [ 124.847423][ T6490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 124.851644][ T6490] bond0 (unregistering): Released all slaves [ 124.862892][ T6555] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.865210][ T6555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.896887][ T6506] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.899765][ T6506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.102121][ T7853] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 125.108667][ T7853] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 125.115014][ T7853] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 125.120372][ T7853] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 125.132226][ T5977] usb 11-1: new high-speed USB device number 2 using dummy_hcd [ 125.148660][ T6490] hsr_slave_0: left promiscuous mode [ 125.150900][ T6490] hsr_slave_1: left promiscuous mode [ 125.155918][ T6490] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 125.158936][ T6490] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 125.162468][ T6490] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 125.164831][ T6490] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 125.189618][ T6490] veth1_macvtap: left promiscuous mode [ 125.191475][ T6490] veth0_macvtap: left promiscuous mode [ 125.193650][ T6490] veth1_vlan: left promiscuous mode [ 125.195429][ T6490] veth0_vlan: left promiscuous mode [ 125.303795][ T5977] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.308321][ T5977] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.312649][ T5977] usb 11-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 125.316375][ T5977] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.321613][ T5977] usb 11-1: config 0 descriptor?? [ 125.472455][ T5940] Bluetooth: hci0: command tx timeout [ 125.769343][ T6490] team0 (unregistering): Port device team_slave_1 removed [ 125.829602][ T6490] team0 (unregistering): Port device team_slave_0 removed [ 126.310077][ T7841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.343595][ T7853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.364784][ T7853] 8021q: adding VLAN 0 to HW filter on device team0 [ 126.372023][ T6506] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.374433][ T6506] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.382818][ T6543] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.385140][ T6543] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.477146][ T7841] veth0_vlan: entered promiscuous mode [ 126.484080][ T7841] veth1_vlan: entered promiscuous mode [ 126.515706][ T7841] veth0_macvtap: entered promiscuous mode [ 126.521606][ T7841] veth1_macvtap: entered promiscuous mode [ 126.539330][ T7841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 126.547976][ T7841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.558480][ T6553] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.563282][ T6553] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.570699][ T6553] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.574847][ T6553] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.604185][ T7853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.627596][ T6553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.630313][ T6553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.650249][ T6506] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.654347][ T6506] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.673451][ T5291] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 126.676382][ T5940] Bluetooth: hci4: command 0x1003 tx timeout [ 126.747830][ T6490] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.749809][ T7916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.812567][ T6490] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.848945][ T7853] veth0_vlan: entered promiscuous mode [ 126.855205][ T7853] veth1_vlan: entered promiscuous mode [ 126.875140][ T7853] veth0_macvtap: entered promiscuous mode [ 126.879551][ T7853] veth1_macvtap: entered promiscuous mode [ 126.890841][ T7853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 126.898886][ T7853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.906327][ T6553] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.909327][ T6553] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.912867][ T5291] Bluetooth: hci3: command tx timeout [ 126.916304][ T6497] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.919285][ T6497] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.953154][ T6490] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.974699][ T6543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.977299][ T6543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.000093][ T6497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.004405][ T6497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.017481][ T6490] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.143709][ T6490] bridge_slave_1: left allmulticast mode [ 127.145688][ T6490] bridge_slave_1: left promiscuous mode [ 127.147886][ T6490] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.152970][ T6490] bridge_slave_0: left allmulticast mode [ 127.154799][ T6490] bridge_slave_0: left promiscuous mode [ 127.156765][ T6490] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.322221][ T2295] usb 13-1: new full-speed USB device number 2 using dummy_hcd [ 127.436189][ T6490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 127.442708][ T6490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 127.448062][ T6490] bond0 (unregistering): Released all slaves [ 127.552071][ T5291] Bluetooth: hci0: command tx timeout [ 127.878041][ T5977] usbhid 11-1:0.0: can't add hid device: -71 [ 127.882445][ T5977] usbhid 11-1:0.0: probe with driver usbhid failed with error -71 [ 127.903039][ T5977] usb 11-1: USB disconnect, device number 2 [ 127.908443][ T6490] hsr_slave_0: left promiscuous mode [ 127.911876][ T6490] hsr_slave_1: left promiscuous mode [ 127.916507][ T6490] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.919073][ T6490] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.920607][ T2295] usb 13-1: config 0 has an invalid interface number: 151 but max is 0 [ 127.924413][ T2295] usb 13-1: config 0 has no interface number 0 [ 127.926430][ T2295] usb 13-1: config 0 interface 151 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 127.931072][ T6490] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 127.933595][ T6490] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 127.942199][ T2295] usb 13-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 127.945141][ T2295] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.947671][ T2295] usb 13-1: Product: syz [ 127.949029][ T2295] usb 13-1: Manufacturer: syz [ 127.950553][ T2295] usb 13-1: SerialNumber: syz [ 127.954726][ T2295] usb 13-1: config 0 descriptor?? [ 127.970675][ T6490] veth1_macvtap: left promiscuous mode [ 127.972600][ T6490] veth0_macvtap: left promiscuous mode [ 127.974624][ T6490] veth1_vlan: left promiscuous mode [ 127.976390][ T6490] veth0_vlan: left promiscuous mode [ 128.119673][ T6543] Bluetooth: hci4: Frame reassembly failed (-84) [ 128.122454][ T6543] Bluetooth: hci4: Frame reassembly failed (-84) [ 128.197067][ T2295] usb 13-1: USB disconnect, device number 2 [ 128.609413][ T6490] team0 (unregistering): Port device team_slave_1 removed [ 128.681083][ T6490] team0 (unregistering): Port device team_slave_0 removed [ 128.748108][ T40] kauditd_printk_skb: 35 callbacks suppressed [ 128.748120][ T40] audit: type=1400 audit(1760702880.762:356): avc: denied { append } for pid=7962 comm="syz.8.620" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 128.936752][ T7964] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 129.002017][ T5940] Bluetooth: hci3: command tx timeout [ 129.307245][ T7956] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 129.311134][ T7956] batadv_slave_0: entered promiscuous mode [ 129.318340][ T7956] netlink: 16 bytes leftover after parsing attributes in process `syz.6.618'. [ 129.495159][ T7974] netlink: 24 bytes leftover after parsing attributes in process `syz.6.624'. [ 129.642317][ T5940] Bluetooth: hci0: command tx timeout [ 129.673948][ T40] audit: type=1400 audit(1760702881.692:357): avc: denied { map } for pid=7979 comm="syz.6.626" path="/dev/zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 129.965430][ T40] audit: type=1400 audit(1760702881.982:358): avc: denied { create } for pid=7989 comm="syz.6.630" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 129.971903][ T40] audit: type=1400 audit(1760702881.982:359): avc: denied { write } for pid=7989 comm="syz.6.630" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 130.103108][ T40] audit: type=1400 audit(1760702882.092:360): avc: denied { write } for pid=8016 comm="syz.8.641" name="001" dev="devtmpfs" ino=767 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 130.112396][ T5291] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 130.270091][ T8027] netlink: 28 bytes leftover after parsing attributes in process `syz.3.640'. [ 130.273695][ T8027] netlink: 28 bytes leftover after parsing attributes in process `syz.3.640'. [ 130.280481][ T8027] gretap0: entered promiscuous mode [ 130.344607][ T40] audit: type=1400 audit(1760702882.362:361): avc: denied { create } for pid=8028 comm="syz.7.645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 130.351435][ T40] audit: type=1400 audit(1760702882.362:362): avc: denied { connect } for pid=8028 comm="syz.7.645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 130.352948][ T8029] netlink: 'syz.7.645': attribute type 4 has an invalid length. [ 130.533009][ T8027] gretap0: left promiscuous mode [ 131.053206][ T8051] program syz.8.654 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 131.077381][ T5940] Bluetooth: hci3: command tx timeout [ 131.522206][ T60] usb 13-1: new high-speed USB device number 3 using dummy_hcd [ 131.672103][ T60] usb 13-1: Using ep0 maxpacket: 8 [ 131.676218][ T60] usb 13-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.680156][ T60] usb 13-1: config 0 has no interfaces? [ 131.682072][ T60] usb 13-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 131.685836][ T60] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.692606][ T60] usb 13-1: config 0 descriptor?? [ 131.712092][ T5940] Bluetooth: hci0: command tx timeout [ 131.900750][ T60] usb 13-1: USB disconnect, device number 3 [ 131.970883][ T5940] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 132.213122][ T40] audit: type=1400 audit(1760702884.232:363): avc: denied { ioctl } for pid=8071 comm="syz.3.662" path="socket:[19231]" dev="sockfs" ino=19231 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 132.803350][ T40] audit: type=1400 audit(1760702884.822:364): avc: denied { create } for pid=8077 comm="syz.8.665" name="#15" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 132.809927][ T40] audit: type=1400 audit(1760702884.822:365): avc: denied { link } for pid=8077 comm="syz.8.665" name="#15" dev="tmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 132.917107][ T5933] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 132.920332][ T5933] CPU: 2 UID: 0 PID: 5933 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) [ 132.920349][ T5933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 132.920358][ T5933] Workqueue: hci1 hci_rx_work [ 132.920394][ T5933] Call Trace: [ 132.920398][ T5933] [ 132.920404][ T5933] dump_stack_lvl+0x16c/0x1f0 [ 132.920427][ T5933] sysfs_warn_dup+0x7f/0xa0 [ 132.920447][ T5933] sysfs_create_dir_ns+0x24b/0x2b0 [ 132.920458][ T5933] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 132.920469][ T5933] ? find_held_lock+0x2b/0x80 [ 132.920483][ T5933] ? do_raw_spin_unlock+0x172/0x230 [ 132.920501][ T5933] kobject_add_internal+0x2c4/0x9b0 [ 132.920520][ T5933] kobject_add+0x16e/0x240 [ 132.920535][ T5933] ? __pfx_kobject_add+0x10/0x10 [ 132.920551][ T5933] ? do_raw_spin_unlock+0x172/0x230 [ 132.920568][ T5933] ? kobject_put+0xab/0x5a0 [ 132.920586][ T5933] device_add+0x288/0x1aa0 [ 132.920605][ T5933] ? __pfx_dev_set_name+0x10/0x10 [ 132.920620][ T5933] ? __pfx_device_add+0x10/0x10 [ 132.920634][ T5933] ? mgmt_send_event_skb+0x2fb/0x460 [ 132.920672][ T5933] hci_conn_add_sysfs+0x17e/0x230 [ 132.920688][ T5933] le_conn_complete_evt+0x1260/0x2150 [ 132.920706][ T5933] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 132.920720][ T5933] ? hci_event_packet+0x459/0x11c0 [ 132.920737][ T5933] hci_le_conn_complete_evt+0x23c/0x370 [ 132.920754][ T5933] hci_le_meta_evt+0x357/0x5e0 [ 132.920769][ T5933] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 132.920785][ T5933] hci_event_packet+0x685/0x11c0 [ 132.920798][ T5933] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 132.920812][ T5933] ? __pfx_hci_event_packet+0x10/0x10 [ 132.920825][ T5933] ? kcov_remote_start+0x3c9/0x6d0 [ 132.920836][ T5933] ? lockdep_hardirqs_on+0x7c/0x110 [ 132.920854][ T5933] hci_rx_work+0x2c5/0x16b0 [ 132.920869][ T5933] ? rcu_is_watching+0x12/0xc0 [ 132.920881][ T5933] process_one_work+0x9cf/0x1b70 [ 132.920903][ T5933] ? __pfx_process_one_work+0x10/0x10 [ 132.920929][ T5933] ? assign_work+0x1a0/0x250 [ 132.920946][ T5933] worker_thread+0x6c8/0xf10 [ 132.920969][ T5933] ? __pfx_worker_thread+0x10/0x10 [ 132.920985][ T5933] kthread+0x3c5/0x780 [ 132.921001][ T5933] ? __pfx_kthread+0x10/0x10 [ 132.921017][ T5933] ? rcu_is_watching+0x12/0xc0 [ 132.921028][ T5933] ? __pfx_kthread+0x10/0x10 [ 132.921044][ T5933] ret_from_fork+0x675/0x7d0 [ 132.921059][ T5933] ? __pfx_kthread+0x10/0x10 [ 132.921073][ T5933] ret_from_fork_asm+0x1a/0x30 [ 132.921092][ T5933] [ 132.921257][ T5933] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 133.002935][ T5291] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 133.004928][ T5940] Bluetooth: hci4: command 0x1003 tx timeout [ 133.006570][ T5933] Bluetooth: hci1: failed to register connection device [ 134.266074][ T8122] overlayfs: failed to resolve './file1': -2 [ 134.405423][ T6490] Bluetooth: hci4: Frame reassembly failed (-84) [ 134.856749][ T8127] netlink: 28 bytes leftover after parsing attributes in process `syz.8.681'. [ 134.860335][ T8127] netlink: 32 bytes leftover after parsing attributes in process `syz.8.681'. [ 134.863640][ T8127] netlink: 28 bytes leftover after parsing attributes in process `syz.8.681'. [ 134.874012][ T8127] netlink: 32 bytes leftover after parsing attributes in process `syz.8.681'. [ 135.028343][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 135.028355][ T40] audit: type=1400 audit(1760702887.042:368): avc: denied { bind } for pid=8125 comm="syz.8.681" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 135.454174][ T40] audit: type=1400 audit(1760702887.472:369): avc: denied { read } for pid=8149 comm="syz.8.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 135.841075][ T40] audit: type=1400 audit(1760702887.812:370): avc: denied { write } for pid=8149 comm="syz.8.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 135.944523][ T5291] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 135.947684][ T5291] CPU: 0 UID: 0 PID: 5291 Comm: kworker/u33:1 Not tainted syzkaller #0 PREEMPT(full) [ 135.947711][ T5291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.947719][ T5291] Workqueue: hci3 hci_rx_work [ 135.947737][ T5291] Call Trace: [ 135.947741][ T5291] [ 135.947746][ T5291] dump_stack_lvl+0x16c/0x1f0 [ 135.947762][ T5291] sysfs_warn_dup+0x7f/0xa0 [ 135.947781][ T5291] sysfs_create_dir_ns+0x24b/0x2b0 [ 135.947792][ T5291] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 135.947802][ T5291] ? find_held_lock+0x2b/0x80 [ 135.947817][ T5291] ? do_raw_spin_unlock+0x172/0x230 [ 135.947835][ T5291] kobject_add_internal+0x2c4/0x9b0 [ 135.947853][ T5291] kobject_add+0x16e/0x240 [ 135.947868][ T5291] ? __pfx_kobject_add+0x10/0x10 [ 135.947884][ T5291] ? do_raw_spin_unlock+0x172/0x230 [ 135.947901][ T5291] ? kobject_put+0xab/0x5a0 [ 135.947920][ T5291] device_add+0x288/0x1aa0 [ 135.947935][ T5291] ? __pfx_dev_set_name+0x10/0x10 [ 135.947950][ T5291] ? __pfx_device_add+0x10/0x10 [ 135.947964][ T5291] ? mgmt_send_event_skb+0x2fb/0x460 [ 135.947980][ T5291] hci_conn_add_sysfs+0x17e/0x230 [ 135.947995][ T5291] le_conn_complete_evt+0x1260/0x2150 [ 135.948011][ T5291] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 135.948023][ T5291] ? hci_event_packet+0x459/0x11c0 [ 135.948040][ T5291] hci_le_conn_complete_evt+0x23c/0x370 [ 135.948056][ T5291] hci_le_meta_evt+0x357/0x5e0 [ 135.948069][ T5291] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 135.948085][ T5291] hci_event_packet+0x685/0x11c0 [ 135.948097][ T5291] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 135.948111][ T5291] ? __pfx_hci_event_packet+0x10/0x10 [ 135.948126][ T5291] ? kcov_remote_start+0x3d9/0x6d0 [ 135.948141][ T5291] hci_rx_work+0x2c5/0x16b0 [ 135.948155][ T5291] ? rcu_is_watching+0x12/0xc0 [ 135.948168][ T5291] process_one_work+0x9cf/0x1b70 [ 135.948190][ T5291] ? __pfx_process_one_work+0x10/0x10 [ 135.948210][ T5291] ? assign_work+0x1a0/0x250 [ 135.948225][ T5291] worker_thread+0x6c8/0xf10 [ 135.948247][ T5291] ? __pfx_worker_thread+0x10/0x10 [ 135.948262][ T5291] kthread+0x3c5/0x780 [ 135.948278][ T5291] ? __pfx_kthread+0x10/0x10 [ 135.948293][ T5291] ? rcu_is_watching+0x12/0xc0 [ 135.948303][ T5291] ? __pfx_kthread+0x10/0x10 [ 135.948318][ T5291] ret_from_fork+0x675/0x7d0 [ 135.948331][ T5291] ? __pfx_kthread+0x10/0x10 [ 135.948346][ T5291] ret_from_fork_asm+0x1a/0x30 [ 135.948366][ T5291] [ 135.948438][ T5291] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 136.028682][ T5291] Bluetooth: hci3: failed to register connection device [ 136.432356][ T5933] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 136.432518][ T5940] Bluetooth: hci4: command 0x1003 tx timeout [ 136.609085][ T6020] usb 11-1: new high-speed USB device number 3 using dummy_hcd [ 136.789692][ T6020] usb 11-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 136.793055][ T6020] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.801078][ T6020] usb 11-1: config 0 descriptor?? [ 136.811228][ T6020] cp210x 11-1:0.0: cp210x converter detected [ 136.892059][ T60] usb 13-1: new high-speed USB device number 4 using dummy_hcd [ 136.973772][ T8175] warning: `syz.7.695' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 137.034182][ T8176] netlink: 2384 bytes leftover after parsing attributes in process `syz.7.695'. [ 137.038116][ T8176] overlay: Unknown parameter 'fowner<00000000000000000000' [ 137.044060][ T40] audit: type=1400 audit(1760702889.062:371): avc: denied { create } for pid=8173 comm="syz.7.695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 137.044932][ T60] usb 13-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 137.054055][ T40] audit: type=1400 audit(1760702889.072:372): avc: denied { write } for pid=8173 comm="syz.7.695" path="socket:[22881]" dev="sockfs" ino=22881 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 137.054061][ T60] usb 13-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 137.070485][ T60] usb 13-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 137.074760][ T60] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 137.077387][ T60] usb 13-1: SerialNumber: syz [ 137.103820][ T60] usb 13-1: bad CDC descriptors [ 137.271116][ T6020] cp210x 11-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 137.306301][ T60] usb 13-1: USB disconnect, device number 4 [ 137.527693][ T6020] usb 11-1: cp210x converter now attached to ttyUSB0 [ 137.559533][ T8178] netlink: 4 bytes leftover after parsing attributes in process `syz.3.696'. [ 137.571404][ T8178] netlink: 4 bytes leftover after parsing attributes in process `syz.3.696'. [ 137.609811][ T40] audit: type=1400 audit(1760702889.622:373): avc: denied { mount } for pid=8179 comm="syz.3.697" name="/" dev="hugetlbfs" ino=23825 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 137.650350][ T8182] vivid-002: disconnect [ 137.654258][ T8182] vivid-002: reconnect [ 137.681897][ T6020] usb 11-1: USB disconnect, device number 3 [ 137.686800][ T6020] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 137.688457][ T5933] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 137.693032][ T6020] cp210x 11-1:0.0: device disconnected [ 137.715789][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.717924][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.784280][ T6497] Bluetooth: hci4: Frame reassembly failed (-84) [ 138.331434][ T8199] netlink: 28 bytes leftover after parsing attributes in process `syz.6.704'. [ 139.183548][ T5933] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 139.186653][ T5933] CPU: 3 UID: 0 PID: 5933 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) [ 139.186670][ T5933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 139.186679][ T5933] Workqueue: hci0 hci_rx_work [ 139.186697][ T5933] Call Trace: [ 139.186702][ T5933] [ 139.186707][ T5933] dump_stack_lvl+0x16c/0x1f0 [ 139.186723][ T5933] sysfs_warn_dup+0x7f/0xa0 [ 139.186743][ T5933] sysfs_create_dir_ns+0x24b/0x2b0 [ 139.186754][ T5933] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 139.186764][ T5933] ? find_held_lock+0x2b/0x80 [ 139.186779][ T5933] ? do_raw_spin_unlock+0x172/0x230 [ 139.186797][ T5933] kobject_add_internal+0x2c4/0x9b0 [ 139.186815][ T5933] kobject_add+0x16e/0x240 [ 139.186831][ T5933] ? __pfx_kobject_add+0x10/0x10 [ 139.186848][ T5933] ? do_raw_spin_unlock+0x172/0x230 [ 139.186865][ T5933] ? kobject_put+0xab/0x5a0 [ 139.186882][ T5933] device_add+0x288/0x1aa0 [ 139.186897][ T5933] ? __pfx_dev_set_name+0x10/0x10 [ 139.186912][ T5933] ? __pfx_device_add+0x10/0x10 [ 139.186926][ T5933] ? mgmt_send_event_skb+0x2fb/0x460 [ 139.186943][ T5933] hci_conn_add_sysfs+0x17e/0x230 [ 139.186957][ T5933] le_conn_complete_evt+0x1260/0x2150 [ 139.186973][ T5933] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 139.186985][ T5933] ? hci_event_packet+0x459/0x11c0 [ 139.187001][ T5933] hci_le_conn_complete_evt+0x23c/0x370 [ 139.187017][ T5933] hci_le_meta_evt+0x357/0x5e0 [ 139.187030][ T5933] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 139.187045][ T5933] hci_event_packet+0x685/0x11c0 [ 139.187057][ T5933] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 139.187071][ T5933] ? __pfx_hci_event_packet+0x10/0x10 [ 139.187085][ T5933] ? kcov_remote_start+0x3c9/0x6d0 [ 139.187095][ T5933] ? lockdep_hardirqs_on+0x7c/0x110 [ 139.187112][ T5933] hci_rx_work+0x2c5/0x16b0 [ 139.187126][ T5933] ? rcu_is_watching+0x12/0xc0 [ 139.187138][ T5933] process_one_work+0x9cf/0x1b70 [ 139.187161][ T5933] ? __pfx_process_one_work+0x10/0x10 [ 139.187180][ T5933] ? assign_work+0x1a0/0x250 [ 139.187196][ T5933] worker_thread+0x6c8/0xf10 [ 139.187217][ T5933] ? __pfx_worker_thread+0x10/0x10 [ 139.187233][ T5933] kthread+0x3c5/0x780 [ 139.187248][ T5933] ? __pfx_kthread+0x10/0x10 [ 139.187263][ T5933] ? rcu_is_watching+0x12/0xc0 [ 139.187273][ T5933] ? __pfx_kthread+0x10/0x10 [ 139.187287][ T5933] ret_from_fork+0x675/0x7d0 [ 139.187301][ T5933] ? __pfx_kthread+0x10/0x10 [ 139.187315][ T5933] ret_from_fork_asm+0x1a/0x30 [ 139.187335][ T5933] [ 139.187349][ T5933] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 139.273352][ T5933] Bluetooth: hci0: failed to register connection device [ 139.506893][ T40] audit: type=1400 audit(1760702891.522:374): avc: denied { ioctl } for pid=8223 comm="syz.6.714" path="socket:[23874]" dev="sockfs" ino=23874 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 139.802131][ T5940] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 139.804207][ T5291] Bluetooth: hci4: command 0x1003 tx timeout [ 139.943559][ T29] usb 11-1: new high-speed USB device number 4 using dummy_hcd [ 140.392809][ T29] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.396327][ T29] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.399487][ T29] usb 11-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 140.402903][ T29] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.407685][ T29] usb 11-1: config 0 descriptor?? [ 140.419977][ T5940] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 140.501412][ T40] audit: type=1400 audit(1760702892.512:375): avc: denied { create } for pid=8246 comm="syz.8.723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 140.508086][ T40] audit: type=1400 audit(1760702892.522:376): avc: denied { bind } for pid=8246 comm="syz.8.723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 140.960835][ T53] usb 12-1: new high-speed USB device number 2 using dummy_hcd [ 141.114753][ T53] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.118962][ T53] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.122592][ T53] usb 12-1: New USB device found, idVendor=09da, idProduct=0006, bcdDevice= 0.00 [ 141.129855][ T53] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.139177][ T53] usb 12-1: config 0 descriptor?? [ 141.143070][ T53] usbhid 12-1:0.0: can't add hid device: -22 [ 141.145050][ T53] usbhid 12-1:0.0: probe with driver usbhid failed with error -22 [ 141.346556][ T6015] usb 12-1: USB disconnect, device number 2 [ 141.967250][ T5291] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 142.482930][ C0] vcan0: j1939_tp_rxtimer: 0xffff888053c6d000: rx timeout, send abort [ 142.486790][ C0] vcan0: j1939_tp_rxtimer: 0xffff888053c6e800: rx timeout, send abort [ 142.489433][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888053c6d000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 142.495031][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888053c6e800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 142.515343][ T40] audit: type=1400 audit(1760702894.532:377): avc: denied { read } for pid=5322 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 142.526472][ T40] audit: type=1400 audit(1760702894.532:378): avc: denied { search } for pid=5322 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 142.535444][ T40] audit: type=1400 audit(1760702894.532:379): avc: denied { search } for pid=5322 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 142.551856][ T40] audit: type=1400 audit(1760702894.532:380): avc: denied { add_name } for pid=5322 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 142.552006][ C1] hrtimer: interrupt took 62625 ns [ 142.558557][ T40] audit: type=1400 audit(1760702894.532:381): avc: denied { create } for pid=5322 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 142.596761][ T40] audit: type=1400 audit(1760702894.532:382): avc: denied { append open } for pid=5322 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 142.620410][ T40] audit: type=1400 audit(1760702894.532:383): avc: denied { getattr } for pid=5322 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 142.627857][ T29] usbhid 11-1:0.0: can't add hid device: -71 [ 142.642212][ T29] usbhid 11-1:0.0: probe with driver usbhid failed with error -71 [ 142.648208][ T8271] cgroup: none used incorrectly [ 142.654631][ T29] usb 11-1: USB disconnect, device number 4 [ 142.855272][ T40] audit: type=1400 audit(1760702894.872:384): avc: denied { read write } for pid=8280 comm="syz.3.735" name="uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 142.932057][ T841] usb 13-1: new high-speed USB device number 5 using dummy_hcd [ 142.951439][ T8288] fuse: Bad value for 'fd' [ 143.085848][ T841] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.090442][ T841] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.094658][ T841] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 143.100121][ T841] usb 13-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 143.202104][ T6014] usb 12-1: new low-speed USB device number 3 using dummy_hcd [ 143.357411][ T6014] usb 12-1: config index 0 descriptor too short (expected 1307, got 27) [ 143.361244][ T6014] usb 12-1: config 0 has an invalid interface number: 0 but max is -1 [ 143.366127][ T6014] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 143.370173][ T6014] usb 12-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 143.375213][ T6014] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 143.380097][ T6014] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 135, setting to 8 [ 143.385001][ T6014] usb 12-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 143.386285][ T841] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.395626][ T841] usb 13-1: config 0 descriptor?? [ 143.399883][ T6014] usb 12-1: string descriptor 0 read error: -22 [ 143.403263][ T6014] usb 12-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 143.407706][ T6014] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.414092][ T6014] usb 12-1: config 0 descriptor?? [ 143.417160][ T8290] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22 [ 143.420714][ T6014] hub 12-1:0.0: bad descriptor, ignoring hub [ 143.423974][ T6014] hub 12-1:0.0: probe with driver hub failed with error -5 [ 143.431286][ T6014] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:0.0/input/input8 [ 143.703474][ T29] usb 12-1: USB disconnect, device number 3 [ 143.823590][ T841] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 144.135817][ C0] plantronics 0003:047F:FFFF.0005: hid_field_extract() called with n (132) > 32! (swapper/0) [ 144.311457][ T8308] overlayfs: failed to resolve './file0': -2 [ 144.341471][ T29] usb 13-1: USB disconnect, device number 5 [ 144.595402][ T8319] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 145.460695][ T5291] Bluetooth: hci2: unexpected event for opcode 0x042c [ 145.606777][ T8339] overlayfs: failed to resolve './file0': -2 [ 145.644185][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 145.644195][ T40] audit: type=1400 audit(1760702897.662:390): avc: denied { map } for pid=8340 comm="syz.6.756" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 145.669193][ T8341] ================================================================== [ 145.672400][ T8341] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220 [ 145.674793][ T8341] Read of size 8 at addr ffff88804f71f188 by task syz.6.756/8341 [ 145.678768][ T8341] [ 145.680097][ T8341] CPU: 1 UID: 0 PID: 8341 Comm: syz.6.756 Not tainted syzkaller #0 PREEMPT(full) [ 145.680115][ T8341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 145.680123][ T8341] Call Trace: [ 145.680129][ T8341] [ 145.680134][ T8341] dump_stack_lvl+0x116/0x1f0 [ 145.680153][ T8341] print_report+0xcd/0x630 [ 145.680171][ T8341] ? __virt_addr_valid+0x81/0x610 [ 145.680185][ T8341] ? __phys_addr+0xe8/0x180 [ 145.680198][ T8341] ? __cpa_addr+0x1d3/0x220 [ 145.680214][ T8341] kasan_report+0xe0/0x110 [ 145.680231][ T8341] ? __cpa_addr+0x1d3/0x220 [ 145.680247][ T8341] __cpa_addr+0x1d3/0x220 [ 145.680261][ T8341] cpa_flush+0x28b/0x8a0 [ 145.680278][ T8341] ? __pfx_cpa_flush+0x10/0x10 [ 145.680294][ T8341] ? pgprot2cachemode+0x9a/0x130 [ 145.680305][ T8341] ? __pfx_pgprot2cachemode+0x10/0x10 [ 145.680317][ T8341] ? drm_gem_get_pages+0x6a0/0xa10 [ 145.680337][ T8341] change_page_attr_set_clr+0x34e/0x4a0 [ 145.680354][ T8341] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 145.680377][ T8341] _set_pages_array+0x1ab/0x2c0 [ 145.680394][ T8341] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 145.680410][ T8341] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 145.680426][ T8341] ? __pfx___might_resched+0x10/0x10 [ 145.680443][ T8341] drm_gem_shmem_mmap+0xc9/0x550 [ 145.680458][ T8341] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 145.680475][ T8341] drm_gem_mmap_obj+0x1b5/0x560 [ 145.680492][ T8341] drm_gem_mmap+0x40b/0x620 [ 145.680509][ T8341] ? __pfx_drm_gem_mmap+0x10/0x10 [ 145.680556][ T8341] ? vm_area_alloc+0x1f/0x160 [ 145.680571][ T8341] ? lockdep_init_map_type+0x5c/0x280 [ 145.680588][ T8341] __mmap_region+0x1309/0x27a0 [ 145.680602][ T8341] ? __pfx___mmap_region+0x10/0x10 [ 145.680616][ T8341] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 145.680636][ T8341] ? audit_log_end+0x1f/0x30 [ 145.680651][ T8341] ? audit_log_end+0x1f/0x30 [ 145.680665][ T8341] ? common_lsm_audit+0x260/0x300 [ 145.680699][ T8341] ? __lock_acquire+0xb8a/0x1c90 [ 145.680715][ T8341] mmap_region+0x1ab/0x3f0 [ 145.680727][ T8341] ? __get_unmapped_area+0x267/0x440 [ 145.680744][ T8341] do_mmap+0xa3e/0x1210 [ 145.680760][ T8341] ? __pfx_do_mmap+0x10/0x10 [ 145.680776][ T8341] ? __pfx_down_write_killable+0x10/0x10 [ 145.680795][ T8341] vm_mmap_pgoff+0x29e/0x470 [ 145.680811][ T8341] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 145.680828][ T8341] ? __fget_files+0x20e/0x3c0 [ 145.680844][ T8341] ksys_mmap_pgoff+0x32c/0x5c0 [ 145.680860][ T8341] __x64_sys_mmap+0x125/0x190 [ 145.680874][ T8341] do_syscall_64+0xcd/0xfa0 [ 145.680888][ T8341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.680900][ T8341] RIP: 0033:0x7f136c38efc9 [ 145.680910][ T8341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.680922][ T8341] RSP: 002b:00007f136d2a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 145.680934][ T8341] RAX: ffffffffffffffda RBX: 00007f136c5e5fa0 RCX: 00007f136c38efc9 [ 145.680942][ T8341] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 145.680950][ T8341] RBP: 00007f136c411f91 R08: 0000000000000003 R09: 0000000100000000 [ 145.680957][ T8341] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 145.680964][ T8341] R13: 00007f136c5e6038 R14: 00007f136c5e5fa0 R15: 00007ffc18bcb178 [ 145.680974][ T8341] [ 145.680978][ T8341] [ 145.788498][ T8341] Allocated by task 8341: [ 145.789914][ T8341] kasan_save_stack+0x33/0x60 [ 145.791481][ T8341] kasan_save_track+0x14/0x30 [ 145.793058][ T8341] __kasan_kmalloc+0xaa/0xb0 [ 145.794571][ T8341] __kvmalloc_node_noprof+0x3a3/0x9c0 [ 145.796285][ T8341] drm_gem_get_pages+0x144/0xa10 [ 145.797929][ T8341] drm_gem_shmem_get_pages_locked+0x1e6/0x490 [ 145.799903][ T8341] drm_gem_shmem_mmap+0xc9/0x550 [ 145.801573][ T8341] drm_gem_mmap_obj+0x1b5/0x560 [ 145.803290][ T8341] drm_gem_mmap+0x40b/0x620 [ 145.804784][ T8341] __mmap_region+0x1309/0x27a0 [ 145.806334][ T8341] mmap_region+0x1ab/0x3f0 [ 145.807912][ T8341] do_mmap+0xa3e/0x1210 [ 145.809404][ T8341] vm_mmap_pgoff+0x29e/0x470 [ 145.810967][ T8341] ksys_mmap_pgoff+0x32c/0x5c0 [ 145.812870][ T8341] __x64_sys_mmap+0x125/0x190 [ 145.814616][ T8341] do_syscall_64+0xcd/0xfa0 [ 145.816126][ T8341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.818250][ T8341] [ 145.819157][ T8341] The buggy address belongs to the object at ffff88804f71f100 [ 145.819157][ T8341] which belongs to the cache kmalloc-192 of size 192 [ 145.824168][ T8341] The buggy address is located 0 bytes to the right of [ 145.824168][ T8341] allocated 136-byte region [ffff88804f71f100, ffff88804f71f188) [ 145.829076][ T8341] [ 145.829938][ T8341] The buggy address belongs to the physical page: [ 145.832288][ T8341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f71f [ 145.835106][ T8341] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 145.837573][ T8341] page_type: f5(slab) [ 145.838851][ T8341] raw: 00fff00000000000 ffff88801b4423c0 0000000000000000 dead000000000001 [ 145.841532][ T8341] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 145.844147][ T8341] page dumped because: kasan: bad access detected [ 145.846129][ T8341] page_owner tracks the page as allocated [ 145.847804][ T8341] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6554, tgid 6554 (kworker/u32:43), ts 120287290213, free_ts 119873226889 [ 145.853689][ T8341] post_alloc_hook+0x1c0/0x230 [ 145.855189][ T8341] get_page_from_freelist+0x10a3/0x3a30 [ 145.856893][ T8341] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 145.858740][ T8341] alloc_pages_mpol+0x1fb/0x550 [ 145.860326][ T8341] new_slab+0x24a/0x360 [ 145.861605][ T8341] ___slab_alloc+0xdc4/0x1ae0 [ 145.863029][ T8341] __slab_alloc.constprop.0+0x63/0x110 [ 145.864765][ T8341] __kmalloc_cache_noprof+0x477/0x780 [ 145.866428][ T8341] addr_event.constprop.0+0xcc/0x560 [ 145.868004][ T8341] inetaddr_event+0xef/0x140 [ 145.869497][ T8341] notifier_call_chain+0xbc/0x410 [ 145.871140][ T8341] blocking_notifier_call_chain+0x69/0xa0 [ 145.872966][ T8341] __inet_del_ifa+0x3dc/0xf70 [ 145.874468][ T8341] inetdev_event+0x593/0x18a0 [ 145.875977][ T8341] notifier_call_chain+0xbc/0x410 [ 145.877604][ T8341] call_netdevice_notifiers_info+0xbe/0x140 [ 145.879615][ T8341] page last free pid 6025 tgid 6025 stack trace: [ 145.881621][ T8341] __free_frozen_pages+0x7df/0x1160 [ 145.883282][ T8341] vfree+0x1fd/0xb50 [ 145.884555][ T8341] delayed_vfree_work+0x56/0x70 [ 145.886123][ T8341] process_one_work+0x9cf/0x1b70 [ 145.887686][ T8341] worker_thread+0x6c8/0xf10 [ 145.889165][ T8341] kthread+0x3c5/0x780 [ 145.890594][ T8341] ret_from_fork+0x675/0x7d0 [ 145.892144][ T8341] ret_from_fork_asm+0x1a/0x30 [ 145.893752][ T8341] [ 145.894555][ T8341] Memory state around the buggy address: [ 145.896368][ T8341] ffff88804f71f080: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 145.898954][ T8341] ffff88804f71f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 145.901586][ T8341] >ffff88804f71f180: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 145.904177][ T8341] ^ [ 145.905687][ T8341] ffff88804f71f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 145.908731][ T8341] ffff88804f71f280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 145.911347][ T8341] ================================================================== [ 145.915137][ T40] audit: type=1400 audit(1760702897.672:391): avc: denied { execute } for pid=8340 comm="syz.6.756" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 145.973946][ T8341] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 145.976265][ T8341] CPU: 1 UID: 0 PID: 8341 Comm: syz.6.756 Not tainted syzkaller #0 PREEMPT(full) [ 145.979166][ T8341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 145.982589][ T8341] Call Trace: [ 145.983689][ T8341] [ 145.984655][ T8341] dump_stack_lvl+0x3d/0x1f0 [ 145.986160][ T8341] vpanic+0x640/0x6f0 [ 145.987451][ T8341] panic+0xca/0xd0 [ 145.988672][ T8341] ? __pfx_panic+0x10/0x10 [ 145.990102][ T8341] ? __cpa_addr+0x1d3/0x220 [ 145.991583][ T8341] ? preempt_schedule_common+0x44/0xc0 [ 145.993460][ T8341] ? preempt_schedule_thunk+0x16/0x30 [ 145.995217][ T8341] check_panic_on_warn+0xab/0xb0 [ 145.996858][ T8341] end_report+0x107/0x170 [ 145.998287][ T8341] kasan_report+0xee/0x110 [ 145.999760][ T8341] ? __cpa_addr+0x1d3/0x220 [ 146.001282][ T8341] __cpa_addr+0x1d3/0x220 [ 146.002701][ T8341] cpa_flush+0x28b/0x8a0 [ 146.004120][ T8341] ? __pfx_cpa_flush+0x10/0x10 [ 146.005815][ T8341] ? pgprot2cachemode+0x9a/0x130 [ 146.007513][ T8341] ? __pfx_pgprot2cachemode+0x10/0x10 [ 146.009259][ T8341] ? drm_gem_get_pages+0x6a0/0xa10 [ 146.010962][ T8341] change_page_attr_set_clr+0x34e/0x4a0 [ 146.012817][ T8341] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 146.014801][ T8341] _set_pages_array+0x1ab/0x2c0 [ 146.016462][ T8341] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 146.018541][ T8341] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 146.020688][ T8341] ? __pfx___might_resched+0x10/0x10 [ 146.022408][ T8341] drm_gem_shmem_mmap+0xc9/0x550 [ 146.024033][ T8341] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 146.026053][ T8341] drm_gem_mmap_obj+0x1b5/0x560 [ 146.027644][ T8341] drm_gem_mmap+0x40b/0x620 [ 146.029158][ T8341] ? __pfx_drm_gem_mmap+0x10/0x10 [ 146.030804][ T8341] ? vm_area_alloc+0x1f/0x160 [ 146.032347][ T8341] ? lockdep_init_map_type+0x5c/0x280 [ 146.034129][ T8341] __mmap_region+0x1309/0x27a0 [ 146.035697][ T8341] ? __pfx___mmap_region+0x10/0x10 [ 146.037368][ T8341] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 146.039313][ T8341] ? audit_log_end+0x1f/0x30 [ 146.040878][ T8341] ? audit_log_end+0x1f/0x30 [ 146.042390][ T8341] ? common_lsm_audit+0x260/0x300 [ 146.044052][ T8341] ? __lock_acquire+0xb8a/0x1c90 [ 146.045684][ T8341] mmap_region+0x1ab/0x3f0 [ 146.047142][ T8341] ? __get_unmapped_area+0x267/0x440 [ 146.048872][ T8341] do_mmap+0xa3e/0x1210 [ 146.050234][ T8341] ? __pfx_do_mmap+0x10/0x10 [ 146.051783][ T8341] ? __pfx_down_write_killable+0x10/0x10 [ 146.053620][ T8341] vm_mmap_pgoff+0x29e/0x470 [ 146.055222][ T8341] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 146.056925][ T8341] ? __fget_files+0x20e/0x3c0 [ 146.058525][ T8341] ksys_mmap_pgoff+0x32c/0x5c0 [ 146.060170][ T8341] __x64_sys_mmap+0x125/0x190 [ 146.061819][ T8341] do_syscall_64+0xcd/0xfa0 [ 146.063356][ T8341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.065262][ T8341] RIP: 0033:0x7f136c38efc9 [ 146.066718][ T8341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.073049][ T8341] RSP: 002b:00007f136d2a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 146.075674][ T8341] RAX: ffffffffffffffda RBX: 00007f136c5e5fa0 RCX: 00007f136c38efc9 [ 146.078166][ T8341] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 146.080700][ T8341] RBP: 00007f136c411f91 R08: 0000000000000003 R09: 0000000100000000 [ 146.083219][ T8341] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 146.085751][ T8341] R13: 00007f136c5e6038 R14: 00007f136c5e5fa0 R15: 00007ffc18bcb178 [ 146.088361][ T8341] [ 146.090048][ T8341] Kernel Offset: disabled [ 146.091448][ T8341] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:08:17 Registers: info registers vcpu 0 CPU#0 RAX=000000000000f453 RBX=ffff888024534900 RCX=ffffffff81c5395f RDX=0000000000000000 RSI=ffffffff8db03e7e RDI=ffffffff8bf1ea40 RBP=ffffc900038ef4f0 RSP=ffffc900038ef4a8 R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff908338d7 R11=0000000000000001 R12=ffff88806a43a380 R13=ffff88802466c900 R14=ffff88806a43a380 R15=ffff88806a43b1b0 RIP=ffffffff818a683a RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f4f65e9c6c0 ffffffff 00c00000 GS =0000 ffff8880d69d6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f136c26605a CR3=0000000051e74000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff7381b960 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f104e612fdb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f104e612fe8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f104e612fe2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f104e612ff6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f104e61307c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f104e61315a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000079 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8530e595 RDI=ffffffff9ae0a820 RBP=ffffffff9ae0a7e0 RSP=ffffc90003abedf8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000079 R14=ffffffff9ae0a7e0 R15=ffffffff8530e530 RIP=ffffffff8530e5bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f136d2a16c0 ffffffff 00c00000 GS =0000 ffff8880d6ad6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c31964c CR3=0000000066233000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc18bcb500 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f136c412fdb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f136c412fe8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f136c412fe2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f136c412ff6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f136c41307c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f136c41315a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000001 RBX=0000000000000002 RCX=ffffffff893554e6 RDX=fffffbfff210671b RSI=0000000000000008 RDI=ffffffff908338d0 RBP=ffff88802a0cac80 RSP=ffffc90003e0f818 R8 =0000000000000000 R9 =fffffbfff210671a R10=ffffffff908338d7 R11=0000000000000001 R12=0000000000000000 R13=ffffc90003e0fd98 R14=0000000000000000 R15=ffff88802a0cac80 RIP=ffffffff893554ee RFL=00000247 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f4f65e7b6c0 ffffffff 00c00000 GS =0000 ffff8880d6bd6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f4f65e7af98 CR3=0000000051e74000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f65012fdb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f65012fe8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f65012fe2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f65012ff6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f6501307c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f6501315a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f651b74a8 00007f4f651b74a0 00007f4f651b7498 00007f4f651b7470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f65d1d100 00007f4f651b7460 00007f4f651b7478 00007f4f651b74c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f651b74b8 00007f4f651b74b0 00007f4f651b74a8 00007f4f651b74a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000002cb81d RBX=0000000000000003 RCX=ffffffff8b6692a9 RDX=0000000000000000 RSI=ffffffff8db03e7e RDI=ffffffff8bf1ea40 RBP=ffffed1003bd6000 RSP=ffffc90000197de8 R8 =0000000000000001 R9 =ffffed100d4e6655 R10=ffff88806a7332ab R11=ffffffff9addfbf8 R12=0000000000000003 R13=ffff88801deb0000 R14=ffffffff908338d0 R15=0000000000000000 RIP=ffffffff8b667d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6cd6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f4f64f74c40 CR3=0000000051e74000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000336e617077 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f65012fdb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f65012fe8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f65012fe2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f65012ff6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f6501307c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f6501315a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f651b74a8 00007f4f651b74a0 00007f4f651b7498 00007f4f651b7470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f65d1d100 00007f4f651b7460 00007f4f651b0004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4f651b74b8 00007f4f651b74b0 00007f4f651b74a8 00007f4f651b74a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000