last executing test programs: 5.734220472s ago: executing program 2 (id=311): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000009c0)={'vcan0\x00', 0x0}) setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, &(0x7f0000000280)=[{0x0, 0x1, {}, {0x0, 0x1}, 0x0, 0xff}, {0x0, 0x0, {0x0, 0xff, 0x2}, {0x0, 0x1}, 0xfd}], 0x40) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1}}, 0xee) socketpair(0x1d, 0x1, 0xfffffffe, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@ax25={{0x3, @default, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000480)="912cf7100df336a6879f7111f747cd6d212354290450a791cbcce568a65ede579fed606331cf095118c9319178c2f0884d417d63fbdfd3812968ce049886b65f72719a8621ec9162cf0ef654bd8db2e4b82ed865d7b299662b6dbd676f9ce4c63314ccc05c53d94d1d550a0bd9a87028dd8ff5a7d02480928798ea80986e4873870985860cdf72ca00e99caaf310c32e", 0x90}, {&(0x7f00000006c0)="740ab0b34926cbf6661288130bf6c2a285d93e605e846dbcf32ec6dd48356a32cdb44d8e04446cce09cfd4be41ebe009ff78f2da57611773813550b45e853e23e3a490e35d64c584deaf784d7c20158e14e91c9fe52af5daf38bc7bd571e49914b308bcdd2f436c9012714b600ad80c93df10945c79d512ae570cbed22f7320e351c6e9a3108de9ec00dcc3239d6425c0834a5c8dc7412b61930ae6fc8c0a87387b8bafa7fb7b224f2dc5f3849858ddef1e21707a7b5cf92f2e0536aa5d0bfe4d81767488beda00c99ed1ecc3a3f92390902d187d12fc078b0aaa1ebcf11bf7b34383493251c9f5eb07ca0de04e64d", 0xef}], 0x2, &(0x7f00000007c0)=ANY=[], 0xd8}, 0x20000000) fsmount(0xffffffffffffffff, 0x0, 0x85) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r5}, 0x10) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x121) mkdir(&(0x7f0000000300)='./bus\x00', 0x100) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x10000, 0x0) mknodat(r6, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./bus\x00') r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYRES8=r0, @ANYRES32=r8], 0x3c}}, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) linkat(r6, &(0x7f0000000100)='./file1\x00', r6, &(0x7f0000000240)='./file0\x00', 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) 5.465200086s ago: executing program 2 (id=312): socket$inet_udplite(0x2, 0x2, 0x88) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) pipe(&(0x7f0000000080)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x6}, {0xf}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_INGRESS={0x8}, @TCA_CAKE_FWMARK={0x8}]}}]}, 0x44}}, 0x4) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x2000026a, &(0x7f0000000240)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r1}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/cpuinfo\x00', 0x0, 0x0) rseq(&(0x7f0000000480)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) acct(0x0) 3.255381624s ago: executing program 1 (id=329): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x242840) socket(0x40000000015, 0x5, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000007c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) accept$alg(r1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x4d, 0x0, 0x0, 0x0, 0xfffffffffffffffe}}, {{@in=@loopback, 0x0, 0x6c}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbd}}, 0xe8) r3 = socket$key(0xf, 0x3, 0x2) recvmmsg(r3, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) socket(0x10, 0x3, 0x0) write$tun(r0, &(0x7f00000008c0)=ANY=[], 0x73) 2.999533794s ago: executing program 1 (id=331): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[], 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="48000000100005", @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xb, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)=@getstats={0x1b, 0x1c, 0x1, 0x0, 0x0, {0x7}}, 0x1c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x5, 0x4}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.937933621s ago: executing program 3 (id=333): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="20000000101401000000000000000f000800030000000000080001"], 0x20}}, 0x0) 2.937550516s ago: executing program 1 (id=334): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x400) socket$inet_dccp(0x2, 0x6, 0x0) pipe2(0x0, 0x0) r1 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='sync\x00', 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000080)='sync\x00', 0x0, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) getpid() r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) write(r2, &(0x7f0000000000)="fa", 0xfffffdef) syz_clone(0x80280, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) getdents64(0xffffffffffffffff, &(0x7f0000002ec0)=""/4096, 0x1000) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$inet(0x2, 0x2, 0x1) connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @local}, 0xfffffec7) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000040)=[@ip_tos_int={{0x14}}], 0x18}, 0x0) clock_settime(0x0, &(0x7f00000009c0)={0x0, r3+60000000}) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x1, &(0x7f00000000c0)=[{}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x2, &(0x7f0000000280)=[{}, {0x0, 0x0, 0x0, 0x1}]}) ioctl$BTRFS_IOC_SCRUB_CANCEL(r6, 0xc0182101, 0x20000000) socket$nl_audit(0x10, 0x3, 0x9) gettid() 2.831848442s ago: executing program 3 (id=335): socket$inet6(0xa, 0x800000000000002, 0x0) (async) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) chmod(&(0x7f00000003c0)='./file0\x00', 0x2) (async) sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@ipv6_getaddrlabel={0x1c, 0x4a, 0x1}, 0x1c}}, 0x0) (async) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) r4 = getpid() (async) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r5}, 0x10) (async) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000080)={0x19, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r6, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r7, 0x0, 0xffffffffffffffff}) ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r6, 0x3ba0, &(0x7f0000000240)={0x48, 0x8, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}) (async) process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r9 = socket$netlink(0x10, 0x3, 0x4) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x82, 0x2) (async) writev(r9, 0x0, 0x0) (async) r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r10, 0x40345410, 0x0) (async) r11 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) (async) r12 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @erspan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x2, 0x30}]}}}]}, 0x3c}}, 0x0) r13 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r13, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) (async) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r13, 0x40605346, &(0x7f0000000440)) (async) close_range(r1, r11, 0x0) 2.755294305s ago: executing program 3 (id=336): ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000200)={'ip_vti0\x00', &(0x7f0000000140)={'gretap0\x00', 0x0, 0x40, 0x20, 0x5a, 0xbe0, {{0x23, 0x4, 0x3, 0x3, 0x8c, 0x66, 0x0, 0xb, 0x2f, 0x0, @loopback, @private=0xa010100, {[@timestamp={0x44, 0x10, 0xe4, 0x0, 0x0, [0x9, 0x679, 0x9]}, @generic={0x88, 0x11, "24337166cf09dc5935745eee427191"}, @generic={0x88, 0x9, "c0d2e1a492160d"}, @generic={0x88, 0x9, "2ce06c5b6a14a6"}, @timestamp={0x44, 0x1c, 0xba, 0x0, 0x8, [0x10, 0x1, 0x3, 0xd, 0x0, 0x0]}, @ssrr={0x89, 0x3, 0xaa}, @noop, @timestamp={0x44, 0x8, 0x4a, 0x0, 0x3, [0x7]}, @timestamp_addr={0x44, 0x1c, 0xa4, 0x1, 0x3, [{@remote, 0x159da011}, {@empty, 0x1}, {@rand_addr=0x64010102, 0x7}]}]}}}}}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x9, 0x0, 0xffffffffffffffff, 0x1, '\x00', r0, 0xffffffffffffffff, 0xfffffffd, 0x4, 0x23}, 0x48) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000001, 0x8031, 0xffffffffffffffff, 0x0) pipe(0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f0000000080)={'raw\x00', 0x0, [0x0, 0x0, 0x4, 0x0, 0x8000]}, &(0x7f0000000140)=0x54) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f0000000000)={'nat\x00', 0x7003}, &(0x7f0000000100)=0x54) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x14, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r5, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x19}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x200000000000013e, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.75222219s ago: executing program 2 (id=337): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000140081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) (fail_nth: 4) 2.635128798s ago: executing program 2 (id=338): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) socket(0x21, 0xa, 0xc13) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000080)=0x9e7, 0x4) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @dev}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000003800), 0x4) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000c40)="5c00000016006bab9a3fe3d86e17aa0a046b876c060048007ea60864160af36504811a0038001d001931a0e69ee517d34460be06000000a705251e6182949a9a7b9bcb84c9f4d4938037e70e4509c5bb4de385aa2adb88", 0x57}, {&(0x7f0000000940)="a91e020086", 0x5}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x20001400) recvmsg$kcm(r3, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) socket$kcm(0x10, 0x2, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15) socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) 2.115406645s ago: executing program 2 (id=339): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x242840) socket(0x40000000015, 0x5, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000007c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) accept$alg(r1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x4d, 0x0, 0x0, 0x0, 0xfffffffffffffffe}}, {{@in=@loopback, 0x0, 0x6c}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbd}}, 0xe8) r3 = socket$key(0xf, 0x3, 0x2) recvmmsg(r3, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) write$tun(r0, &(0x7f00000008c0)=ANY=[], 0x73) 2.115018887s ago: executing program 3 (id=340): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f00000002c0), 0x80000001, 0xcf, 0xfffffc) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000180)={0x0, 0x0, 0x8, &(0x7f0000000140)={0x0, "96e67ad2d329458afe83c910c40800000000000000000000000000f000"}}) pipe(0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$drirender128(0xffffffffffffff9c, &(0x7f0000001340), 0x0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d000905820349"], 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180063da32dd7afafde2d17d00000000009500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x90) r4 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x6) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000200)={@cgroup=r5, r3, 0x12}, 0x10) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x1}, 0x48) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) mmap(&(0x7f00001e7000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)=@generic={&(0x7f00000006c0)='./file0\x00', 0x0, 0x10}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, &(0x7f0000002840)=ANY=[@ANYRES32=r2], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x72) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000000c0)) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000080)) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x5, 0x0, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5}, 0x48) mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) rename(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000800)='./file0\x00') pipe2$9p(&(0x7f00000001c0), 0x0) 1.983633404s ago: executing program 1 (id=342): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000009c0)={'vcan0\x00', 0x0}) setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, &(0x7f0000000280)=[{0x0, 0x1, {}, {0x0, 0x1}, 0x0, 0xff}, {0x0, 0x0, {0x0, 0xff, 0x2}, {0x0, 0x1}, 0xfd}], 0x40) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1}}, 0xee) socketpair(0x1d, 0x1, 0xfffffffe, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@ax25={{0x3, @default, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000480)="912cf7100df336a6879f7111f747cd6d212354290450a791cbcce568a65ede579fed606331cf095118c9319178c2f0884d417d63fbdfd3812968ce049886b65f72719a8621ec9162cf0ef654bd8db2e4b82ed865d7b299662b6dbd676f9ce4c63314ccc05c53d94d1d550a0bd9a87028dd8ff5a7d02480928798ea80986e4873870985860cdf72ca00e99caaf310c32e", 0x90}, {&(0x7f00000006c0)="740ab0b34926cbf6661288130bf6c2a285d93e605e846dbcf32ec6dd48356a32cdb44d8e04446cce09cfd4be41ebe009ff78f2da57611773813550b45e853e23e3a490e35d64c584deaf784d7c20158e14e91c9fe52af5daf38bc7bd571e49914b308bcdd2f436c9012714b600ad80c93df10945c79d512ae570cbed22f7320e351c6e9a3108de9ec00dcc3239d6425c0834a5c8dc7412b61930ae6fc8c0a87387b8bafa7fb7b224f2dc5f3849858ddef1e21707a7b5cf92f2e0536aa5d0bfe4d81767488beda00c99ed1ecc3a3f92390902d187d12fc078b0aaa1ebcf11bf7b34383493251c9f5eb07ca0de04e64d", 0xef}], 0x2, &(0x7f00000007c0)=ANY=[], 0xd8}, 0x20000000) fsmount(0xffffffffffffffff, 0x0, 0x85) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r5}, 0x10) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x121) mkdir(&(0x7f0000000300)='./bus\x00', 0x100) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x10000, 0x0) mknodat(r6, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./bus\x00') r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYRES8=r0, @ANYRES32=r8], 0x3c}}, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) linkat(r6, &(0x7f0000000100)='./file1\x00', r6, &(0x7f0000000240)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) 1.92531539s ago: executing program 1 (id=343): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTLQI(r0, 0x0, 0x3, &(0x7f0000000340)=0x1, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000000300)=[{&(0x7f0000000500)=""/4096, 0x1000}], 0x1, &(0x7f0000001840)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0) (async) socket(0xa, 0x3, 0x87) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b4"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r2, r2, 0x2e, 0x0, 0x0, @prog_fd}, 0x20) (async) mount$bind(0x0, 0x0, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) (async) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000240)=""/53, 0xffffffffffffff97}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) (async) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) open$dir(&(0x7f00000002c0)='./control/file0\x00', 0x80040, 0x0) (async) unlink(&(0x7f00000001c0)='./control/file0\x00') (async) rmdir(&(0x7f0000000040)='./control\x00') bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10) (async) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x19, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0xf}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) syz_emit_ethernet(0x120, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xeb, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@response={0x2, 0x0, 0x0, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0xfffd, 0x8000, 0x401, 0x1400, 0xffffffffffffffff, 0x7ff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x5, 0xa}, 0x48) (async) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) (async) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000540)={0x0, 0x1, 0x6, @random="cc5b50256cfa"}, 0x10) (async) ptrace$ARCH_GET_CPUID(0x1e, r4, 0x0, 0x1011) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000000)={0x1fe}, &(0x7f0000000040), 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) 1.83546607s ago: executing program 2 (id=344): openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) mprotect(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x5) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x7fffffff}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$capi20(0xffffffffffffff9c, &(0x7f00000003c0), 0x2000c3, 0x0) ioctl$CAPI_SET_FLAGS(r0, 0xc0044306, &(0x7f0000000340)=0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x1aa3f47e4859ddb7, 0x43) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='sched_kthread_work_execute_end\x00', r3}, 0x10) syz_open_dev$evdev(&(0x7f00000004c0), 0x8, 0x200000) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffed) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_GET_TSC(0x43, &(0x7f0000000040)) prctl$PR_MCE_KILL(0x43, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'dvmrp1\x00', @local}) write$tun(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYRES8=r3], 0xffe) add_key(0x0, &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) r4 = socket(0x840000000002, 0x3, 0x100) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x29, 0x0, 0x1000000) 1.835185491s ago: executing program 1 (id=345): socket$inet_udplite(0x2, 0x2, 0x88) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) pipe(&(0x7f0000000080)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x6}, {0xf}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_INGRESS={0x8}, @TCA_CAKE_FWMARK={0x8}]}}]}, 0x44}}, 0x4) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x2000026a, &(0x7f0000000240)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r1}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/cpuinfo\x00', 0x0, 0x0) rseq(&(0x7f0000000480)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) acct(0x0) 1.145239472s ago: executing program 0 (id=346): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r3 = syz_open_procfs(r2, &(0x7f0000000600)='fd/4\x00') ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000180)=0x2000000) r4 = socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) sendmmsg$inet6(r4, &(0x7f0000001a80)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000008900)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000100), 0xe) r5 = socket$pppoe(0x18, 0x1, 0x0) sendmmsg(r5, 0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r6 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) read$msr(r6, &(0x7f0000021940)=""/102393, 0x18ff9) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f00000001c0)=ANY=[@ANYRESOCT], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90) r7 = syz_open_procfs(0x0, 0x0) wait4(0x0, &(0x7f0000000000), 0x4, &(0x7f00000003c0)) r8 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) getsockopt$inet_mreqn(r7, 0x0, 0x0, 0x0, &(0x7f0000000380)) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xf, 0x11012, r8, 0x6000) pread64(r7, 0x0, 0x0, 0x100008) 988.394153ms ago: executing program 0 (id=347): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) socket(0x21, 0xa, 0xc13) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000080)=0x9e7, 0x4) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @dev}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000003800), 0x4) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000c40)="5c00000016006bab9a3fe3d86e17aa0a046b876c060048007ea60864160af36504811a0038001d001931a0e69ee517d34460be06000000a705251e6182949a9a7b9bcb84c9f4d4938037e70e4509c5bb4de385aa2adb88", 0x57}, {&(0x7f0000000940)="a91e020086", 0x5}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x20001400) recvmsg$kcm(r3, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) socket$kcm(0x10, 0x2, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15) socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) 562.644885ms ago: executing program 3 (id=348): r0 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) mq_open(&(0x7f00000001c0)='\x00', 0x40, 0x30, &(0x7f0000000180)={0x0, 0x3, 0x3, 0x401}) futex(&(0x7f0000000000), 0x2, 0x0, &(0x7f0000000080)={0x77359400}, &(0x7f0000000100)=0x1, 0x1) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) r4 = eventfd(0x0) r5 = fcntl$dupfd(r4, 0x0, r4) write$FUSE_ATTR(r5, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78) write$cgroup_devices(r5, &(0x7f0000000380)=ANY=[@ANYBLOB="01202a3a8a"], 0x8) close(r5) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) dup3(r7, r6, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r8, 0x6, 0x23, 0x0, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@ccm_128={{0x304}, "8e44c05dfd57e5b3", "591f44ef0756020a9e1d86882c0348a6", "a29f817c", "51eb071129f5da07"}, 0x28) setsockopt$inet6_tcp_int(r2, 0x11a, 0x4, 0x0, 0x0) semget$private(0x0, 0x4000000009, 0x82) 465.412632ms ago: executing program 3 (id=349): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x10, 0xffffffffffffffff, 0xffffe000) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @empty}, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000380)={0x0}) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f0000000180)={r4, 0x0, 0x4}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000004c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r5, 0x3, r3, 0x5}) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) get_mempolicy(&(0x7f0000000100), &(0x7f0000000280), 0x101, &(0x7f0000ffc000/0x4000)=nil, 0x3) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, 0x0, 0x0, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4048aec9, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1fb}, 0x0, 0x0) r7 = socket$igmp(0x2, 0x3, 0x2) sendmmsg$inet(r7, &(0x7f0000004840)=[{{&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="3800000000000000000000000700000094040000442424"], 0x58}}], 0x1, 0x0) socket$packet(0x11, 0x2, 0x300) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000000206010300"/20, @ANYRES64=r0, @ANYRESHEX=r0], 0x14}, 0x1, 0x0, 0x0, 0x2000c881}, 0x0) 399.054016ms ago: executing program 0 (id=350): syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="0406932685d9a48c9a4c6bcfc3518604da7d94ffa8d7f794bb728fde4b6b15e2e59a78ea1350075035ea25669c675f48449bcc26fe3e838ec5842253a78830c1e62033082b1daad8887d10280fff1113b032da806061cf70c507ab40ae9400f84f128dc7a7c7b567d7b78c95299abf35e9ea9934b1ea7dce8098f47c163549e4c8"], 0x6) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00', 0x0}) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) chown(&(0x7f0000000000)='./file1\x00', 0xee01, 0xffffffffffffffff) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) (async) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x12, &(0x7f0000000500)=ANY=[@ANYRES32, @ANYBLOB], 0x0}, 0x90) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) (async) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="a40000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000006800128009000100766c616e00000000580002804c0003800c00010003000000020000000c00010009000000060000000c00010003000000030000000c00010000100000810000000c00010040000000080000000c0001000000f8e4e21a0000060001000000000008000500", @ANYRES32=r8, @ANYBLOB, @ANYRES32], 0xa4}}, 0x0) (async) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8=r9, @ANYRES32=r10, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) mknod(0x0, 0x0, 0x0) (async) r11 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r11, 0x89f1, &(0x7f00000006c0)={'ip6_vti0\x00', &(0x7f0000000640)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast2, @loopback, 0x0, 0x0, 0x0, 0x7f}}) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r11, 0x89f0, &(0x7f0000000180)={'syztnl2\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}) (async) r12 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r12, 0x89f1, &(0x7f0000000380)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x1}}) 335.009286ms ago: executing program 0 (id=351): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000009c0)={'vcan0\x00', 0x0}) setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, &(0x7f0000000280)=[{0x0, 0x1, {}, {0x0, 0x1}, 0x0, 0xff}, {0x0, 0x0, {0x0, 0xff, 0x2}, {0x0, 0x1}, 0xfd}], 0x40) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1}}, 0xee) socketpair(0x1d, 0x1, 0xfffffffe, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@ax25={{0x3, @default, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000480)="912cf7100df336a6879f7111f747cd6d212354290450a791cbcce568a65ede579fed606331cf095118c9319178c2f0884d417d63fbdfd3812968ce049886b65f72719a8621ec9162cf0ef654bd8db2e4b82ed865d7b299662b6dbd676f9ce4c63314ccc05c53d94d1d550a0bd9a87028dd8ff5a7d02480928798ea80986e4873870985860cdf72ca00e99caaf310c32e", 0x90}, {&(0x7f00000006c0)="740ab0b34926cbf6661288130bf6c2a285d93e605e846dbcf32ec6dd48356a32cdb44d8e04446cce09cfd4be41ebe009ff78f2da57611773813550b45e853e23e3a490e35d64c584deaf784d7c20158e14e91c9fe52af5daf38bc7bd571e49914b308bcdd2f436c9012714b600ad80c93df10945c79d512ae570cbed22f7320e351c6e9a3108de9ec00dcc3239d6425c0834a5c8dc7412b61930ae6fc8c0a87387b8bafa7fb7b224f2dc5f3849858ddef1e21707a7b5cf92f2e0536aa5d0bfe4d81767488beda00c99ed1ecc3a3f92390902d187d12fc078b0aaa1ebcf11bf7b34383493251c9f5eb07ca0de04e64d", 0xef}], 0x2, &(0x7f00000007c0)=ANY=[], 0xd8}, 0x20000000) fsmount(0xffffffffffffffff, 0x0, 0x85) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r5}, 0x10) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x121) mkdir(&(0x7f0000000300)='./bus\x00', 0x100) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x10000, 0x0) mknodat(r6, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./bus\x00') r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYRES8=r0, @ANYRES32=r8], 0x3c}}, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) 204.008797ms ago: executing program 0 (id=352): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x242840) socket(0x40000000015, 0x5, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000007c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) accept$alg(r1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x4d, 0x0, 0x0, 0x0, 0xfffffffffffffffe}}, {{@in=@loopback, 0x0, 0x6c}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbd}}, 0xe8) r3 = socket$key(0xf, 0x3, 0x2) recvmmsg(r3, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) write$tun(r0, &(0x7f00000008c0)=ANY=[], 0x73) 0s ago: executing program 0 (id=353): r0 = socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) sendmmsg$inet6(r0, &(0x7f0000001a80)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000008900)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100), 0xe) r1 = socket$pppoe(0x18, 0x1, 0x0) sendmmsg(r1, 0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) getsockopt$inet_mreqn(r3, 0x0, 0x0, 0x0, &(0x7f0000000380)) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xf, 0x11012, r4, 0x0) (fail_nth: 14) pread64(r3, 0x0, 0x0, 0x100008) ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, 0x0) kernel console output (not intermixed with test programs): [ 46.962831][ T39] audit: type=1400 audit(1722214249.070:83): avc: denied { read } for pid=4810 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 46.974808][ T39] audit: type=1400 audit(1722214249.070:84): avc: denied { append } for pid=4810 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 46.985075][ T39] audit: type=1400 audit(1722214249.070:85): avc: denied { open } for pid=4810 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 46.994430][ T39] audit: type=1400 audit(1722214249.070:86): avc: denied { getattr } for pid=4810 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '[localhost]:23418' (ED25519) to the list of known hosts. [ 48.454380][ T39] audit: type=1400 audit(1722214250.560:87): avc: denied { name_bind } for pid=5305 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 50.706290][ T5315] cgroup: Unknown subsys name 'net' [ 50.841160][ T5315] cgroup: Unknown subsys name 'rlimit' [ 51.009464][ T39] kauditd_printk_skb: 5 callbacks suppressed [ 51.009474][ T39] audit: type=1400 audit(1722214253.110:93): avc: denied { setattr } for pid=5315 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=763 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 51.021452][ T39] audit: type=1400 audit(1722214253.120:94): avc: denied { create } for pid=5315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 51.030062][ T39] audit: type=1400 audit(1722214253.120:95): avc: denied { write } for pid=5315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 51.040671][ T39] audit: type=1400 audit(1722214253.120:96): avc: denied { read } for pid=5315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 51.049945][ T39] audit: type=1400 audit(1722214253.130:97): avc: denied { mounton } for pid=5315 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 51.059038][ T39] audit: type=1400 audit(1722214253.130:98): avc: denied { mount } for pid=5315 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 51.067657][ T39] audit: type=1400 audit(1722214253.140:99): avc: denied { read } for pid=5048 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 51.087844][ T5329] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 51.093227][ T39] audit: type=1400 audit(1722214253.200:100): avc: denied { relabelto } for pid=5329 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 51.105240][ T39] audit: type=1400 audit(1722214253.200:101): avc: denied { write } for pid=5329 comm="mkswap" path="/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 51.116199][ T39] audit: type=1400 audit(1722214253.200:102): avc: denied { write } for pid=5329 comm="mkswap" path="pipe:[3740]" dev="pipefs" ino=3740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 51.875646][ T5315] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 56.154364][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 56.154379][ T39] audit: type=1400 audit(1722214258.260:105): avc: denied { execmem } for pid=5331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 56.837057][ T39] audit: type=1400 audit(1722214258.940:106): avc: denied { mounton } for pid=5335 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 56.846140][ T39] audit: type=1400 audit(1722214258.940:107): avc: denied { mount } for pid=5335 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 56.855186][ T39] audit: type=1400 audit(1722214258.940:108): avc: denied { create } for pid=5335 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 56.863105][ T39] audit: type=1400 audit(1722214258.940:109): avc: denied { read write } for pid=5335 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 56.871814][ T39] audit: type=1400 audit(1722214258.940:110): avc: denied { open } for pid=5335 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 56.880200][ T39] audit: type=1400 audit(1722214258.960:111): avc: denied { ioctl } for pid=5335 comm="syz-executor" path="socket:[5423]" dev="sockfs" ino=5423 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 56.905732][ T5340] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 56.907116][ T5342] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 56.910383][ T5340] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 56.912560][ T5342] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 56.915441][ T5340] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 56.917594][ T5342] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 56.920989][ T5340] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 56.923514][ T5342] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.926043][ T5340] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 56.927922][ T5351] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 56.928454][ T5342] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 56.928759][ T5342] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 56.931972][ T5342] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 56.936518][ T5349] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 56.940213][ T5340] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 56.940815][ T39] audit: type=1400 audit(1722214259.040:112): avc: denied { read } for pid=5335 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 56.940863][ T39] audit: type=1400 audit(1722214259.040:113): avc: denied { open } for pid=5335 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 56.940907][ T39] audit: type=1400 audit(1722214259.040:114): avc: denied { mounton } for pid=5335 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 56.943952][ T5349] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 56.952389][ T5340] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 56.958955][ T5349] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 56.968157][ T5340] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 56.975790][ T5349] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 56.978407][ T5340] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 56.980289][ T5349] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 56.982331][ T5340] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 56.984963][ T5349] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 57.278518][ T5335] chnl_net:caif_netlink_parms(): no params data found [ 57.400330][ T5346] chnl_net:caif_netlink_parms(): no params data found [ 57.412484][ T5336] chnl_net:caif_netlink_parms(): no params data found [ 57.528780][ T5335] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.532844][ T5335] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.536165][ T5335] bridge_slave_0: entered allmulticast mode [ 57.540084][ T5335] bridge_slave_0: entered promiscuous mode [ 57.551759][ T5335] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.554905][ T5335] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.557995][ T5335] bridge_slave_1: entered allmulticast mode [ 57.562445][ T5335] bridge_slave_1: entered promiscuous mode [ 57.633648][ T5343] chnl_net:caif_netlink_parms(): no params data found [ 57.676717][ T5335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.789276][ T5335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.793452][ T5346] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.796271][ T5346] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.799036][ T5346] bridge_slave_0: entered allmulticast mode [ 57.803581][ T5346] bridge_slave_0: entered promiscuous mode [ 57.891256][ T5346] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.894527][ T5346] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.897787][ T5346] bridge_slave_1: entered allmulticast mode [ 57.902038][ T5346] bridge_slave_1: entered promiscuous mode [ 57.906021][ T5336] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.909134][ T5336] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.912315][ T5336] bridge_slave_0: entered allmulticast mode [ 57.916151][ T5336] bridge_slave_0: entered promiscuous mode [ 57.929601][ T5335] team0: Port device team_slave_0 added [ 57.975994][ T5336] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.979305][ T5336] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.982856][ T5336] bridge_slave_1: entered allmulticast mode [ 57.986874][ T5336] bridge_slave_1: entered promiscuous mode [ 57.998806][ T5335] team0: Port device team_slave_1 added [ 58.006066][ T5346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.014541][ T5346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.186568][ T5336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.190317][ T5343] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.194058][ T5343] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.196848][ T5343] bridge_slave_0: entered allmulticast mode [ 58.199520][ T5343] bridge_slave_0: entered promiscuous mode [ 58.225724][ T5346] team0: Port device team_slave_0 added [ 58.230794][ T5336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.234920][ T5343] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.237678][ T5343] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.240850][ T5343] bridge_slave_1: entered allmulticast mode [ 58.244781][ T5343] bridge_slave_1: entered promiscuous mode [ 58.271722][ T5335] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.274715][ T5335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.285410][ T5335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.292586][ T5346] team0: Port device team_slave_1 added [ 58.357179][ T5335] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.359838][ T5335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.369069][ T5335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.427758][ T5336] team0: Port device team_slave_0 added [ 58.432858][ T5343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.439872][ T5343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.475131][ T5336] team0: Port device team_slave_1 added [ 58.529135][ T5346] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.532356][ T5346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.542586][ T5346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.608002][ T5336] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.611175][ T5336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.622278][ T5336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.652296][ T5346] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.655208][ T5346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.666268][ T5346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.696119][ T5336] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.699064][ T5336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.709909][ T5336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.724144][ T5343] team0: Port device team_slave_0 added [ 58.734049][ T5343] team0: Port device team_slave_1 added [ 58.741456][ T5335] hsr_slave_0: entered promiscuous mode [ 58.744689][ T5335] hsr_slave_1: entered promiscuous mode [ 58.913165][ T5336] hsr_slave_0: entered promiscuous mode [ 58.916233][ T5336] hsr_slave_1: entered promiscuous mode [ 58.919106][ T5336] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.922670][ T5336] Cannot create hsr debugfs directory [ 58.944005][ T5343] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.947085][ T5343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.957812][ T5343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.971435][ T5348] Bluetooth: hci0: command tx timeout [ 58.981011][ T5348] Bluetooth: hci1: command tx timeout [ 58.989900][ T5346] hsr_slave_0: entered promiscuous mode [ 58.993383][ T5346] hsr_slave_1: entered promiscuous mode [ 58.996207][ T5346] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.999092][ T5346] Cannot create hsr debugfs directory [ 59.008650][ T5343] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.011350][ T5343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.021210][ T5343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.050691][ T5348] Bluetooth: hci2: command tx timeout [ 59.053461][ T5348] Bluetooth: hci3: command tx timeout [ 59.230694][ T5343] hsr_slave_0: entered promiscuous mode [ 59.233347][ T5343] hsr_slave_1: entered promiscuous mode [ 59.236106][ T5343] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.239212][ T5343] Cannot create hsr debugfs directory [ 59.523096][ T5335] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 59.567338][ T5335] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 59.579593][ T5335] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 59.588083][ T5335] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 59.638736][ T5336] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.649701][ T5336] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.655662][ T5336] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.661068][ T5336] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.722063][ T5346] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 59.742340][ T5346] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 59.749163][ T5346] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 59.774360][ T5346] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.819898][ T5343] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 59.830059][ T5343] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 59.838007][ T5343] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 59.845001][ T5343] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 59.875739][ T5335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.910870][ T5335] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.940190][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.943485][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.963782][ T5336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.978351][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.981476][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.031167][ T5336] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.050959][ T5335] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.055042][ T5335] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.072286][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.075501][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.106063][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.108875][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.132883][ T5346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.148973][ T5343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.180469][ T5346] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.193712][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.196697][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.211176][ T5343] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.233797][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.236965][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.242172][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.245346][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.250381][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.253664][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.286445][ T5335] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.382797][ T5335] veth0_vlan: entered promiscuous mode [ 60.392502][ T5336] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.408704][ T5335] veth1_vlan: entered promiscuous mode [ 60.457584][ T5335] veth0_macvtap: entered promiscuous mode [ 60.474716][ T5335] veth1_macvtap: entered promiscuous mode [ 60.492677][ T5336] veth0_vlan: entered promiscuous mode [ 60.499187][ T5346] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.507750][ T5335] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.523977][ T5335] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.529679][ T5343] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.539005][ T5336] veth1_vlan: entered promiscuous mode [ 60.546914][ T5335] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.550013][ T5335] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.553526][ T5335] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.557009][ T5335] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.624720][ T5336] veth0_macvtap: entered promiscuous mode [ 60.646524][ T5346] veth0_vlan: entered promiscuous mode [ 60.652210][ T5336] veth1_macvtap: entered promiscuous mode [ 60.666068][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.668188][ T5346] veth1_vlan: entered promiscuous mode [ 60.669761][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.697825][ T5343] veth0_vlan: entered promiscuous mode [ 60.726860][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.730434][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.732203][ T5343] veth1_vlan: entered promiscuous mode [ 60.738775][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.743985][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.749272][ T5336] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.763590][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.767661][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.773731][ T5336] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.785837][ T5336] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.789628][ T5336] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.794352][ T5336] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.798187][ T5336] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.810300][ T5346] veth0_macvtap: entered promiscuous mode [ 60.821845][ T5346] veth1_macvtap: entered promiscuous mode [ 60.859739][ T5346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.866154][ T5346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.874626][ T5346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.878918][ T5346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.891493][ T5346] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.904240][ T5343] veth0_macvtap: entered promiscuous mode [ 60.912470][ T5346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.916430][ T5346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.920198][ T5346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.924278][ T5346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.930207][ T5346] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.944308][ T5343] veth1_macvtap: entered promiscuous mode [ 60.952116][ T5346] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.955753][ T5346] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.959538][ T5346] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.962661][ T5346] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.033981][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.038210][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.043072][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.048087][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.050753][ T5348] Bluetooth: hci1: command tx timeout [ 61.052914][ T5345] Bluetooth: hci0: command tx timeout [ 61.053942][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.053978][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.055246][ T5343] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.078574][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.082629][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.105613][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.110168][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.115257][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.120092][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.130165][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.135746][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.140850][ T5345] Bluetooth: hci3: command tx timeout [ 61.141192][ T5348] Bluetooth: hci2: command tx timeout [ 61.142915][ T5343] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.178676][ T39] kauditd_printk_skb: 16 callbacks suppressed [ 61.178690][ T39] audit: type=1400 audit(1722214263.280:131): avc: denied { create } for pid=5401 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 61.191782][ T5343] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.195498][ T5343] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.199590][ T5343] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.204945][ T5343] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.212624][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.218313][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.232032][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.238568][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.239417][ T39] audit: type=1400 audit(1722214263.340:132): avc: denied { setopt } for pid=5401 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 61.249155][ T5404] IPVS: length: 131 != 8 [ 61.253609][ T39] audit: type=1400 audit(1722214263.360:133): avc: denied { mounton } for pid=5336 comm="syz-executor" path="/syzkaller.wiNe1u/syz-tmp" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 61.264858][ T39] audit: type=1400 audit(1722214263.360:134): avc: denied { getopt } for pid=5401 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 61.288560][ T1204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.293370][ T1204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.348355][ T1204] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.352779][ T1204] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.380239][ T5348] Bluetooth: hci3: unexpected event 0x09 length: 50 > 3 [ 61.380779][ T39] audit: type=1400 audit(1722214263.480:135): avc: denied { create } for pid=5408 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 61.399584][ T39] audit: type=1400 audit(1722214263.480:136): avc: denied { write } for pid=5408 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 61.409186][ T39] audit: type=1400 audit(1722214263.490:137): avc: denied { map_create } for pid=5408 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 61.417267][ T39] audit: type=1400 audit(1722214263.490:138): avc: denied { bpf } for pid=5408 comm="syz.1.2" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 61.426864][ T39] audit: type=1400 audit(1722214263.490:139): avc: denied { map_read map_write } for pid=5408 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 61.438170][ T39] audit: type=1400 audit(1722214263.490:140): avc: denied { prog_load } for pid=5408 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 61.438957][ T1204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.449899][ T1204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.503351][ T5348] Bluetooth: hci1: ACL packet for unknown connection handle 204 [ 61.641047][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.723228][ T5414] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5'. [ 61.727213][ T5414] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5'. [ 61.731779][ T5414] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5'. [ 61.735485][ T5414] netlink: 5 bytes leftover after parsing attributes in process `syz.0.5'. [ 61.739288][ T5414] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5'. [ 61.743480][ T5414] netlink: 3288 bytes leftover after parsing attributes in process `syz.0.5'. [ 62.495942][ T5425] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 63.130717][ T5348] Bluetooth: hci0: command tx timeout [ 63.131242][ T5345] Bluetooth: hci1: command tx timeout [ 63.210788][ T5345] Bluetooth: hci2: command tx timeout [ 63.211370][ T5348] Bluetooth: hci3: command tx timeout [ 63.304293][ T5433] IPVS: length: 131 != 8 [ 63.330347][ T5434] IPVS: length: 131 != 8 [ 64.543179][ T5449] netlink: 24 bytes leftover after parsing attributes in process `syz.2.16'. [ 64.553363][ T5449] netlink: 16 bytes leftover after parsing attributes in process `syz.2.16'. [ 64.558575][ T5449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16'. [ 64.943820][ T5458] IPVS: length: 131 != 8 [ 64.990834][ T5378] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 65.170831][ T5378] usb 5-1: Using ep0 maxpacket: 8 [ 65.181282][ T5378] usb 5-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 65.191405][ T5378] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 65.196802][ T5378] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 65.208303][ T5378] usb 5-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 65.213147][ T5348] Bluetooth: hci1: command tx timeout [ 65.216866][ T5378] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 65.220963][ T5348] Bluetooth: hci0: command tx timeout [ 65.222567][ T5378] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 65.232047][ T5378] usb 5-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 65.236768][ T5378] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 65.242409][ T5378] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 65.256700][ T5378] usb 5-1: string descriptor 0 read error: -22 [ 65.259891][ T5378] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 65.265548][ T5378] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.285938][ T5378] adutux 5-1:168.0: interrupt endpoints not found [ 65.290947][ T5348] Bluetooth: hci3: command tx timeout [ 65.291944][ T5345] Bluetooth: hci2: command tx timeout [ 65.499154][ T5381] usb 5-1: USB disconnect, device number 2 [ 65.655912][ T5345] Bluetooth: hci0: unexpected event 0x09 length: 50 > 3 [ 65.750959][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.090729][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 66.102390][ T5472] IPVS: length: 131 != 8 [ 66.299372][ T5476] netlink: 24 bytes leftover after parsing attributes in process `syz.0.25'. [ 66.304133][ T5476] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pid=5476 comm=syz.0.25 [ 66.491517][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 66.500856][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 66.741741][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 66.771742][ T5483] IPVS: length: 131 != 8 [ 66.940764][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 66.943866][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 67.419183][ T0] NOHZ tick-stop error: local softirq work is pending, handler #20a!!! [ 67.451592][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.407749][ T5504] IPVS: length: 131 != 8 [ 68.548864][ T5506] __nla_validate_parse: 2 callbacks suppressed [ 68.548879][ T5506] netlink: 24 bytes leftover after parsing attributes in process `syz.3.34'. [ 68.556746][ T5506] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pid=5506 comm=syz.3.34 [ 68.564199][ T5506] netlink: 16 bytes leftover after parsing attributes in process `syz.3.34'. [ 68.568852][ T5506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.34'. [ 69.154582][ T5509] IPVS: length: 131 != 8 [ 69.884864][ T5525] IPVS: length: 131 != 8 [ 70.166382][ T5536] netlink: 24 bytes leftover after parsing attributes in process `syz.3.43'. [ 70.172087][ T5536] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pid=5536 comm=syz.3.43 [ 70.179999][ T5536] netlink: 16 bytes leftover after parsing attributes in process `syz.3.43'. [ 70.186809][ T5536] netlink: 8 bytes leftover after parsing attributes in process `syz.3.43'. [ 70.264478][ T5345] Bluetooth: hci2: unexpected event 0x09 length: 50 > 3 [ 72.148300][ T5563] netlink: 24 bytes leftover after parsing attributes in process `syz.0.52'. [ 72.158561][ T5563] netlink: 16 bytes leftover after parsing attributes in process `syz.0.52'. [ 72.164045][ T5563] netlink: 8 bytes leftover after parsing attributes in process `syz.0.52'. [ 72.699382][ T5577] IPVS: length: 131 != 8 [ 73.788188][ T39] kauditd_printk_skb: 39 callbacks suppressed [ 73.788202][ T39] audit: type=1400 audit(1722214275.890:180): avc: denied { ioctl } for pid=5590 comm="syz.0.60" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 73.866825][ T39] audit: type=1400 audit(1722214275.970:181): avc: denied { write } for pid=5590 comm="syz.0.60" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 73.986288][ T5594] netlink: 24 bytes leftover after parsing attributes in process `syz.2.61'. [ 73.999830][ T5594] netlink: 16 bytes leftover after parsing attributes in process `syz.2.61'. [ 74.005144][ T5594] netlink: 8 bytes leftover after parsing attributes in process `syz.2.61'. [ 75.139002][ T5345] Bluetooth: hci1: unexpected event 0x09 length: 50 > 3 [ 75.263101][ T5345] Bluetooth: Wrong link type (-71) [ 75.910863][ T5627] netlink: 24 bytes leftover after parsing attributes in process `syz.2.70'. [ 75.917838][ T5627] netlink: 16 bytes leftover after parsing attributes in process `syz.2.70'. [ 75.924570][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.70'. [ 76.148105][ T5630] IPVS: length: 131 != 8 [ 76.756482][ T5645] IPVS: length: 131 != 8 [ 76.978108][ T1379] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.981540][ T1379] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.330772][ T57] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 77.510677][ T57] usb 6-1: Using ep0 maxpacket: 8 [ 77.518164][ T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 77.521826][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 77.527316][ T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 77.533074][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 77.537664][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 77.548048][ T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 77.551463][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 77.555989][ T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 77.560096][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 77.565161][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 77.572884][ T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 77.575910][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 77.580309][ T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 77.584994][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 77.589261][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 77.596846][ T57] usb 6-1: string descriptor 0 read error: -22 [ 77.599226][ T57] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 77.603024][ T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.614169][ T57] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 77.876910][ T830] usb 6-1: USB disconnect, device number 2 [ 78.133022][ T5658] Zero length message leads to an empty skb [ 79.137012][ T5345] Bluetooth: hci1: unexpected event 0x09 length: 50 > 3 [ 79.248194][ T5681] IPVS: length: 131 != 8 [ 81.383520][ T5720] IPVS: length: 131 != 8 [ 84.640474][ T5762] IPVS: length: 131 != 8 [ 85.729454][ T5785] netlink: 24 bytes leftover after parsing attributes in process `syz.3.115'. [ 85.783674][ T5785] netlink: 16 bytes leftover after parsing attributes in process `syz.3.115'. [ 85.788672][ T5785] netlink: 8 bytes leftover after parsing attributes in process `syz.3.115'. [ 86.389899][ T39] audit: type=1400 audit(1722214288.490:182): avc: denied { create } for pid=5797 comm="syz.3.119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 86.401918][ T39] audit: type=1400 audit(1722214288.510:183): avc: denied { bind } for pid=5797 comm="syz.3.119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 86.464668][ T39] audit: type=1400 audit(1722214288.560:184): avc: denied { setopt } for pid=5797 comm="syz.3.119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 86.473750][ T39] audit: type=1400 audit(1722214288.560:185): avc: denied { ioctl } for pid=5797 comm="syz.3.119" path="socket:[8603]" dev="sockfs" ino=8603 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 86.485848][ T39] audit: type=1400 audit(1722214288.560:186): avc: denied { accept } for pid=5797 comm="syz.3.119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 86.494521][ T39] audit: type=1400 audit(1722214288.560:187): avc: denied { read } for pid=5797 comm="syz.3.119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 86.502762][ T39] audit: type=1400 audit(1722214288.580:188): avc: denied { ioctl } for pid=5802 comm="syz.1.121" path="socket:[10788]" dev="sockfs" ino=10788 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 86.514643][ T39] audit: type=1400 audit(1722214288.580:189): avc: denied { create } for pid=5802 comm="syz.1.121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 86.523141][ T39] audit: type=1400 audit(1722214288.580:190): avc: denied { bind } for pid=5802 comm="syz.1.121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 86.531011][ T39] audit: type=1400 audit(1722214288.580:191): avc: denied { name_bind } for pid=5802 comm="syz.1.121" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 86.752711][ T5811] IPVS: length: 131 != 8 [ 87.023902][ T5819] IPVS: length: 131 != 8 [ 87.223544][ T1287] cfg80211: failed to load regulatory.db [ 87.539085][ T5822] IPVS: length: 131 != 8 [ 89.253287][ T5839] FAULT_INJECTION: forcing a failure. [ 89.253287][ T5839] name failslab, interval 1, probability 0, space 0, times 1 [ 89.258072][ T5839] CPU: 2 UID: 0 PID: 5839 Comm: syz.1.131 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 89.262359][ T5839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.267155][ T5839] Call Trace: [ 89.268572][ T5839] [ 89.269596][ T5839] dump_stack_lvl+0x16c/0x1f0 [ 89.271596][ T5839] should_fail_ex+0x497/0x5b0 [ 89.276180][ T5839] ? fs_reclaim_acquire+0xae/0x160 [ 89.278461][ T5839] should_failslab+0xc2/0x120 [ 89.280666][ T5839] kmem_cache_alloc_node_noprof+0x71/0x310 [ 89.283309][ T5839] ? __alloc_skb+0x2b1/0x380 [ 89.285429][ T5839] __alloc_skb+0x2b1/0x380 [ 89.287481][ T5839] ? __pfx___alloc_skb+0x10/0x10 [ 89.289679][ T5839] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 89.292305][ T5839] netlink_alloc_large_skb+0x69/0x130 [ 89.294661][ T5839] netlink_sendmsg+0x689/0xd70 [ 89.296850][ T5839] ? __pfx_netlink_sendmsg+0x10/0x10 [ 89.299584][ T5839] ? __import_iovec+0x1fd/0x6e0 [ 89.301745][ T5839] ____sys_sendmsg+0xab5/0xc90 [ 89.303867][ T5839] ? copy_msghdr_from_user+0x10b/0x160 [ 89.306250][ T5839] ? __pfx_____sys_sendmsg+0x10/0x10 [ 89.308569][ T5839] ? find_held_lock+0x2d/0x110 [ 89.310669][ T5839] ? __pfx___lock_acquire+0x10/0x10 [ 89.312925][ T5839] ___sys_sendmsg+0x135/0x1e0 [ 89.314865][ T5839] ? __pfx____sys_sendmsg+0x10/0x10 [ 89.316884][ T5839] ? ksys_write+0x21c/0x260 [ 89.318656][ T5839] ? __fget_light+0x173/0x210 [ 89.320799][ T5839] __sys_sendmsg+0x117/0x1f0 [ 89.322799][ T5839] ? __pfx___sys_sendmsg+0x10/0x10 [ 89.324968][ T5839] do_syscall_64+0xcd/0x250 [ 89.326938][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.329499][ T5839] RIP: 0033:0x7f1a41777299 [ 89.331477][ T5839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.339886][ T5839] RSP: 002b:00007f1a42554048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 89.343215][ T5839] RAX: ffffffffffffffda RBX: 00007f1a41905f80 RCX: 00007f1a41777299 [ 89.345955][ T5839] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 89.348911][ T5839] RBP: 00007f1a425540a0 R08: 0000000000000000 R09: 0000000000000000 [ 89.352298][ T5839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.355592][ T5839] R13: 000000000000000b R14: 00007f1a41905f80 R15: 00007ffcac727d88 [ 89.358970][ T5839] [ 89.543596][ T5345] Bluetooth: hci2: unexpected event 0x09 length: 50 > 3 [ 89.585146][ T5846] input: syz1 as /devices/virtual/input/input5 [ 90.232664][ T5850] IPVS: length: 131 != 8 [ 90.306454][ T5857] IPVS: length: 131 != 8 [ 91.847131][ T39] kauditd_printk_skb: 18 callbacks suppressed [ 91.847146][ T39] audit: type=1400 audit(1722214293.950:210): avc: denied { setopt } for pid=5865 comm="syz.1.140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 91.895182][ T5868] IPVS: sync thread started: state = BACKUP, mcast_ifn = syz_tun, syncid = 0, id = 0 [ 91.905041][ T39] audit: type=1400 audit(1722214294.010:211): avc: denied { create } for pid=5865 comm="syz.1.140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 91.923388][ T39] audit: type=1400 audit(1722214294.020:212): avc: denied { create } for pid=5865 comm="syz.1.140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 91.931229][ T39] audit: type=1400 audit(1722214294.020:213): avc: denied { create } for pid=5865 comm="syz.1.140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 91.938884][ T39] audit: type=1400 audit(1722214294.020:214): avc: denied { setopt } for pid=5865 comm="syz.1.140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 91.951456][ T39] audit: type=1400 audit(1722214294.020:215): avc: denied { write } for pid=5865 comm="syz.1.140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 91.959973][ T39] audit: type=1400 audit(1722214294.020:216): avc: denied { connect } for pid=5865 comm="syz.1.140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 91.971236][ T39] audit: type=1400 audit(1722214294.020:217): avc: denied { name_connect } for pid=5865 comm="syz.1.140" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 92.063079][ T39] audit: type=1400 audit(1722214294.170:218): avc: denied { write } for pid=5874 comm="syz.0.142" name="001" dev="devtmpfs" ino=753 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 92.206353][ T39] audit: type=1326 audit(1722214294.310:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5878 comm="syz.2.144" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71e0f77299 code=0x7ffc0000 [ 92.517061][ T5889] netlink: 24 bytes leftover after parsing attributes in process `syz.0.147'. [ 92.551813][ T5889] netlink: 16 bytes leftover after parsing attributes in process `syz.0.147'. [ 92.556936][ T5889] netlink: 16 bytes leftover after parsing attributes in process `syz.0.147'. [ 92.561368][ T5889] netlink: 8 bytes leftover after parsing attributes in process `syz.0.147'. [ 92.742805][ T5345] Bluetooth: hci3: unexpected event 0x09 length: 50 > 3 [ 93.201071][ T35] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 93.259696][ T5921] netlink: 24 bytes leftover after parsing attributes in process `syz.2.156'. [ 93.295638][ T5921] netlink: 8 bytes leftover after parsing attributes in process `syz.2.156'. [ 93.338787][ T5345] Bluetooth: hci0: unexpected event 0x09 length: 50 > 3 [ 93.404452][ T35] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 93.412089][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 93.417070][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 93.422207][ T35] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 93.427943][ T35] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 93.431776][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.439106][ T35] usb 5-1: config 0 descriptor?? [ 93.855899][ T35] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 93.869203][ T35] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 93.974471][ T5932] x_tables: duplicate underflow at hook 2 [ 93.978095][ T5345] Bluetooth: hci2: SCO packet for unknown connection handle 1 [ 94.686698][ T8] usb 5-1: USB disconnect, device number 3 [ 94.750804][ T35] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 94.950672][ T35] usb 8-1: Using ep0 maxpacket: 8 [ 94.955303][ T35] usb 8-1: config 0 has no interfaces? [ 94.959345][ T35] usb 8-1: config 0 has no interfaces? [ 94.963975][ T35] usb 8-1: config 0 has no interfaces? [ 94.967951][ T35] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 94.972542][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 94.976475][ T35] usb 8-1: SerialNumber: syz [ 94.982179][ T35] usb 8-1: config 0 descriptor?? [ 95.189768][ T5940] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 95.194011][ T5940] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.565010][ T8] usb 8-1: USB disconnect, device number 2 [ 96.441004][ T5955] IPVS: length: 131 != 8 [ 96.555587][ T5957] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.563221][ T5957] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 97.035860][ T39] kauditd_printk_skb: 15 callbacks suppressed [ 97.035875][ T39] audit: type=1400 audit(1722214299.150:235): avc: denied { write } for pid=5967 comm="syz.0.169" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 97.307019][ T39] audit: type=1400 audit(1722214299.410:236): avc: denied { read } for pid=5973 comm="syz.0.170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 97.377146][ T39] audit: type=1400 audit(1722214299.490:237): avc: denied { write } for pid=5973 comm="syz.0.170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 97.381965][ T5974] netlink: 12 bytes leftover after parsing attributes in process `syz.0.170'. [ 97.386663][ T39] audit: type=1400 audit(1722214299.490:238): avc: denied { getopt } for pid=5973 comm="syz.0.170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 97.491350][ T39] audit: type=1400 audit(1722214299.590:239): avc: denied { watch watch_reads } for pid=5976 comm="syz.2.171" path="/41/file0" dev="tmpfs" ino=229 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 97.638743][ T39] audit: type=1400 audit(1722214299.740:240): avc: denied { write } for pid=5980 comm="syz.2.172" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 97.686872][ T5345] Bluetooth: hci0: unexpected event 0x09 length: 50 > 3 [ 97.774613][ T5986] IPVS: length: 131 != 8 [ 97.810673][ T5989] dlm: no locking on control device [ 97.811024][ T39] audit: type=1400 audit(1722214299.910:241): avc: denied { append } for pid=5988 comm="syz.1.175" name="dlm-control" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 97.825634][ T5989] ufs: You didn't specify the type of your ufs filesystem [ 97.825634][ T5989] [ 97.825634][ T5989] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 97.825634][ T5989] [ 97.825634][ T5989] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 97.840231][ T39] audit: type=1400 audit(1722214299.940:242): avc: denied { mounton } for pid=5988 comm="syz.1.175" path="/36/file0" dev="tmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 97.844059][ T5989] syz.1.175: attempt to access beyond end of device [ 97.844059][ T5989] loop1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 98.121936][ T5992] nfs: Unknown parameter '$' [ 98.531718][ T39] audit: type=1400 audit(1722214300.640:243): avc: denied { checkpoint_restore } for pid=5995 comm="syz.3.176" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 98.548482][ T5996] netlink: 20 bytes leftover after parsing attributes in process `syz.3.176'. [ 99.990842][ T6021] FAULT_INJECTION: forcing a failure. [ 99.990842][ T6021] name failslab, interval 1, probability 0, space 0, times 0 [ 99.996727][ T6021] CPU: 1 UID: 0 PID: 6021 Comm: syz.1.182 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 100.001099][ T6021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.005587][ T6021] Call Trace: [ 100.006775][ T6021] [ 100.008075][ T6021] dump_stack_lvl+0x16c/0x1f0 [ 100.010113][ T6021] should_fail_ex+0x497/0x5b0 [ 100.012179][ T6021] ? fs_reclaim_acquire+0xae/0x160 [ 100.014205][ T6021] should_failslab+0xc2/0x120 [ 100.016088][ T6021] kmem_cache_alloc_node_noprof+0x71/0x310 [ 100.018379][ T6021] ? __alloc_skb+0x2b1/0x380 [ 100.020188][ T6021] ? ip_generic_getfrag+0x119/0x260 [ 100.022313][ T6021] __alloc_skb+0x2b1/0x380 [ 100.024115][ T6021] ? __pfx___alloc_skb+0x10/0x10 [ 100.026058][ T6021] ? raw6_getfrag+0x235/0x2a0 [ 100.028021][ T6021] __ip6_append_data.isra.0+0x2976/0x4450 [ 100.030489][ T6021] ? __pfx_raw6_getfrag+0x10/0x10 [ 100.032744][ T6021] ? __pfx___ip6_append_data.isra.0+0x10/0x10 [ 100.035644][ T6021] ? ip6_mtu+0x231/0x4a0 [ 100.037577][ T6021] ? ip6_setup_cork+0xbdc/0x1370 [ 100.039800][ T6021] ip6_append_data+0x1e6/0x500 [ 100.041922][ T6021] ? __pfx_raw6_getfrag+0x10/0x10 [ 100.043870][ T6021] rawv6_sendmsg+0x1565/0x43f0 [ 100.045724][ T6021] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 100.047974][ T6021] ? avc_has_perm_noaudit+0x143/0x3a0 [ 100.050367][ T6021] ? avc_has_perm+0x11b/0x1c0 [ 100.052598][ T6021] ? __pfx_avc_has_perm+0x10/0x10 [ 100.054824][ T6021] ? sock_has_perm+0x25a/0x2f0 [ 100.056972][ T6021] ? __pfx_sock_has_perm+0x10/0x10 [ 100.058964][ T6021] ? __import_iovec+0x1fd/0x6e0 [ 100.060439][ T6021] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 100.062246][ T6021] ? inet_sendmsg+0x119/0x140 [ 100.064332][ T6021] inet_sendmsg+0x119/0x140 [ 100.066263][ T6021] ____sys_sendmsg+0x992/0xc90 [ 100.068440][ T6021] ? copy_msghdr_from_user+0x10b/0x160 [ 100.070966][ T6021] ? __pfx_____sys_sendmsg+0x10/0x10 [ 100.073374][ T6021] ? find_held_lock+0x2d/0x110 [ 100.075542][ T6021] ? __pfx___lock_acquire+0x10/0x10 [ 100.077896][ T6021] ___sys_sendmsg+0x135/0x1e0 [ 100.080027][ T6021] ? __pfx____sys_sendmsg+0x10/0x10 [ 100.080639][ T39] audit: type=1400 audit(1722214302.110:244): avc: denied { getopt } for pid=6022 comm="syz.0.183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 100.082394][ T6021] ? ksys_write+0x21c/0x260 [ 100.097638][ T6021] ? __fget_light+0x173/0x210 [ 100.099757][ T6021] __sys_sendmsg+0x117/0x1f0 [ 100.102080][ T6021] ? __pfx___sys_sendmsg+0x10/0x10 [ 100.104311][ T6021] do_syscall_64+0xcd/0x250 [ 100.106380][ T6021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.108940][ T6021] RIP: 0033:0x7f1a41777299 [ 100.110965][ T6021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.119806][ T6021] RSP: 002b:00007f1a42554048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.123447][ T6021] RAX: ffffffffffffffda RBX: 00007f1a41905f80 RCX: 00007f1a41777299 [ 100.126229][ T6021] RDX: 0000000000000060 RSI: 0000000020000080 RDI: 0000000000000004 [ 100.129098][ T6021] RBP: 00007f1a425540a0 R08: 0000000000000000 R09: 0000000000000000 [ 100.132079][ T6021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.135160][ T6021] R13: 000000000000000b R14: 00007f1a41905f80 R15: 00007ffcac727d88 [ 100.138387][ T6021] [ 100.146756][ T6018] netlink: 12 bytes leftover after parsing attributes in process `syz.3.181'. [ 100.212778][ T6028] netlink: 'syz.1.184': attribute type 11 has an invalid length. [ 100.482414][ T6041] FAULT_INJECTION: forcing a failure. [ 100.482414][ T6041] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 100.488402][ T6041] CPU: 2 UID: 0 PID: 6041 Comm: syz.0.190 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 100.492726][ T6041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.497268][ T6041] Call Trace: [ 100.498703][ T6041] [ 100.499972][ T6041] dump_stack_lvl+0x16c/0x1f0 [ 100.502156][ T6041] should_fail_ex+0x497/0x5b0 [ 100.507407][ T6041] _copy_to_user+0x30/0xc0 [ 100.509196][ T6041] simple_read_from_buffer+0xd0/0x160 [ 100.511968][ T6041] proc_fail_nth_read+0x1b0/0x290 [ 100.514312][ T6041] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 100.516699][ T6034] IPVS: length: 131 != 8 [ 100.518495][ T6041] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 100.520627][ T6041] vfs_read+0x1d4/0xbd0 [ 100.522187][ T6041] ? selinux_socket_connect+0x6b/0x80 [ 100.524218][ T6041] ? __fdget_pos+0xeb/0x180 [ 100.525921][ T6041] ? __pfx_vfs_read+0x10/0x10 [ 100.527965][ T6041] ? __pfx___mutex_lock+0x10/0x10 [ 100.530253][ T6041] ? __fget_files+0x256/0x400 [ 100.532675][ T6041] ksys_read+0x12f/0x260 [ 100.544691][ T6041] ? __pfx_ksys_read+0x10/0x10 [ 100.546912][ T6041] do_syscall_64+0xcd/0x250 [ 100.556431][ T6041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.559145][ T6041] RIP: 0033:0x7fad8f975d7c [ 100.561146][ T6041] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 100.568920][ T6041] RSP: 002b:00007fad9080a040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 100.577185][ T6041] RAX: ffffffffffffffda RBX: 00007fad8fb05f80 RCX: 00007fad8f975d7c [ 100.580732][ T6041] RDX: 000000000000000f RSI: 00007fad9080a0b0 RDI: 0000000000000003 [ 100.584933][ T6041] RBP: 00007fad9080a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 100.588900][ T6041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.597634][ T6041] R13: 000000000000000b R14: 00007fad8fb05f80 R15: 00007ffc00a87868 [ 100.601761][ T6041] [ 100.666304][ T6046] netlink: 16 bytes leftover after parsing attributes in process `syz.0.191'. [ 101.781898][ T6072] FAULT_INJECTION: forcing a failure. [ 101.781898][ T6072] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 101.788669][ T6072] CPU: 2 UID: 0 PID: 6072 Comm: syz.2.200 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 101.793805][ T6072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.798994][ T6072] Call Trace: [ 101.800512][ T6072] [ 101.801964][ T6072] dump_stack_lvl+0x16c/0x1f0 [ 101.804152][ T6072] should_fail_ex+0x497/0x5b0 [ 101.806311][ T6072] _copy_from_user+0x30/0xf0 [ 101.808357][ T6072] copy_msghdr_from_user+0x99/0x160 [ 101.810658][ T6072] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 101.813269][ T6072] ? __lock_acquire+0x1620/0x3cb0 [ 101.815504][ T6072] ___sys_sendmsg+0xff/0x1e0 [ 101.817561][ T6072] ? __pfx____sys_sendmsg+0x10/0x10 [ 101.819989][ T6072] ? __pfx___might_resched+0x10/0x10 [ 101.822376][ T6072] ? __might_fault+0xe3/0x190 [ 101.824456][ T6072] __sys_sendmmsg+0x1a1/0x450 [ 101.826495][ T6072] ? __pfx___sys_sendmmsg+0x10/0x10 [ 101.828694][ T6072] ? vfs_write+0x14d/0x1140 [ 101.830619][ T6072] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 101.833225][ T6072] ? fput+0x32/0x390 [ 101.834981][ T6072] ? ksys_write+0x1ab/0x260 [ 101.837065][ T6072] ? __pfx_ksys_write+0x10/0x10 [ 101.839375][ T6072] __x64_sys_sendmmsg+0x9c/0x100 [ 101.841541][ T6072] ? lockdep_hardirqs_on+0x7c/0x110 [ 101.844037][ T6072] do_syscall_64+0xcd/0x250 [ 101.846116][ T6072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.848333][ T6072] RIP: 0033:0x7f71e0f77299 [ 101.849935][ T6072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.860539][ T6072] RSP: 002b:00007f71e097f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 101.864106][ T6072] RAX: ffffffffffffffda RBX: 00007f71e1106058 RCX: 00007f71e0f77299 [ 101.867520][ T6072] RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000008 [ 101.870896][ T6072] RBP: 00007f71e097f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 101.874360][ T6072] R10: 0000000000000810 R11: 0000000000000246 R12: 0000000000000002 [ 101.877727][ T6072] R13: 000000000000006e R14: 00007f71e1106058 R15: 00007ffcfc3c8568 [ 101.881118][ T6072] [ 101.901624][ T5345] Bluetooth: hci1: unexpected event 0x09 length: 50 > 3 [ 101.910745][ T5378] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 102.140994][ T5378] usb 8-1: Using ep0 maxpacket: 8 [ 102.149421][ T5378] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 102.153967][ T5378] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 102.158732][ T5378] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 102.176969][ T5378] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 102.182034][ T5378] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 102.189896][ T5378] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 102.193228][ T5378] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 102.198380][ T5378] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 102.203673][ T5378] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 102.208291][ T5378] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 102.219647][ T5378] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 102.223139][ T5378] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 102.228014][ T5378] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 102.234410][ T5378] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 102.239878][ T5378] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 102.255481][ T5378] usb 8-1: string descriptor 0 read error: -22 [ 102.258445][ T5378] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 102.263117][ T5378] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.284379][ T5378] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 102.559205][ T6084] dlm: no locking on control device [ 102.565781][ T39] kauditd_printk_skb: 9 callbacks suppressed [ 102.565794][ T39] audit: type=1400 audit(1722214304.670:254): avc: denied { mounton } for pid=6082 comm="syz.1.204" path="/41/file0" dev="tmpfs" ino=226 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 102.579062][ T6084] ufs: You didn't specify the type of your ufs filesystem [ 102.579062][ T6084] [ 102.579062][ T6084] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 102.579062][ T6084] [ 102.579062][ T6084] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 102.595936][ T6084] syz.1.204: attempt to access beyond end of device [ 102.595936][ T6084] loop1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 102.604765][ T57] usb 8-1: USB disconnect, device number 3 [ 102.903323][ T6088] IPVS: length: 131 != 8 [ 102.970144][ T6089] nfs: Unknown parameter '$' [ 103.448614][ T6093] netlink: 8 bytes leftover after parsing attributes in process `syz.1.207'. [ 103.452618][ T6093] netlink: 16 bytes leftover after parsing attributes in process `syz.1.207'. [ 103.469332][ T6093] gtp0: entered promiscuous mode [ 103.472343][ T6093] gtp0: entered allmulticast mode [ 103.524884][ T6097] FAULT_INJECTION: forcing a failure. [ 103.524884][ T6097] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 103.530482][ T6097] CPU: 3 UID: 0 PID: 6097 Comm: syz.3.209 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 103.534777][ T6097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 103.539606][ T6097] Call Trace: [ 103.541099][ T6097] [ 103.542414][ T6097] dump_stack_lvl+0x16c/0x1f0 [ 103.544505][ T6097] should_fail_ex+0x497/0x5b0 [ 103.546645][ T6097] _copy_from_user+0x30/0xf0 [ 103.548757][ T6097] generic_map_update_batch+0x391/0x5f0 [ 103.551199][ T6097] ? __pfx_generic_map_update_batch+0x10/0x10 [ 103.553787][ T6097] ? __pfx_generic_map_update_batch+0x10/0x10 [ 103.556681][ T6097] bpf_map_do_batch+0x64a/0x720 [ 103.559022][ T6097] __sys_bpf+0x19a9/0x4a20 [ 103.561004][ T6097] ? ksys_write+0x21c/0x260 [ 103.562912][ T6097] ? reacquire_held_locks+0x410/0x4c0 [ 103.565236][ T6097] ? __pfx___sys_bpf+0x10/0x10 [ 103.567319][ T6097] ? vfs_write+0x14d/0x1140 [ 103.569317][ T6097] ? __mutex_unlock_slowpath+0x164/0x650 [ 103.571681][ T6097] ? fput+0x32/0x390 [ 103.573242][ T6097] ? ksys_write+0x1ab/0x260 [ 103.575040][ T6097] ? __pfx_ksys_write+0x10/0x10 [ 103.577027][ T6097] __x64_sys_bpf+0x78/0xc0 [ 103.578772][ T6097] ? lockdep_hardirqs_on+0x7c/0x110 [ 103.580705][ T6097] do_syscall_64+0xcd/0x250 [ 103.582547][ T6097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.585138][ T6097] RIP: 0033:0x7f07bc377299 [ 103.587099][ T6097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.595502][ T6097] RSP: 002b:00007f07bd194048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 103.599309][ T6097] RAX: ffffffffffffffda RBX: 00007f07bc505f80 RCX: 00007f07bc377299 [ 103.602781][ T6097] RDX: 0000000000000038 RSI: 0000000020000200 RDI: 000000000000001a [ 103.606018][ T6097] RBP: 00007f07bd1940a0 R08: 0000000000000000 R09: 0000000000000000 [ 103.609210][ T6097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.612771][ T6097] R13: 000000000000000b R14: 00007f07bc505f80 R15: 00007ffdae5ce9c8 [ 103.616164][ T6097] [ 103.643030][ T39] audit: type=1400 audit(1722214305.730:255): avc: denied { create } for pid=6098 comm="syz.1.210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 103.709454][ T39] audit: type=1400 audit(1722214305.810:256): avc: denied { create } for pid=6100 comm="syz.3.211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 103.724963][ T39] audit: type=1400 audit(1722214305.830:257): avc: denied { read } for pid=6100 comm="syz.3.211" name="card1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 103.751162][ T39] audit: type=1400 audit(1722214305.830:258): avc: denied { open } for pid=6100 comm="syz.3.211" path="/dev/dri/card1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 103.762220][ T39] audit: type=1400 audit(1722214305.830:259): avc: denied { ioctl } for pid=6100 comm="syz.3.211" path="/dev/dri/card1" dev="devtmpfs" ino=638 ioctlcmd=0x640d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 103.807187][ T39] audit: type=1400 audit(1722214305.910:260): avc: denied { write } for pid=6098 comm="syz.1.210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 104.370945][ T57] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 104.423514][ T39] audit: type=1400 audit(1722214306.530:261): avc: denied { create } for pid=6113 comm="syz.3.215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 104.432454][ T39] audit: type=1400 audit(1722214306.530:262): avc: denied { bind } for pid=6113 comm="syz.3.215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 104.440990][ T39] audit: type=1400 audit(1722214306.540:263): avc: denied { listen } for pid=6113 comm="syz.3.215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 104.550889][ T57] usb 6-1: Using ep0 maxpacket: 8 [ 104.559132][ T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 104.562645][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 104.567131][ T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 104.573317][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 104.578479][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 104.585557][ T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 104.588561][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 104.593826][ T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 104.598789][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 104.605124][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 104.611835][ T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 104.616193][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 104.621701][ T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 104.626734][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 104.631465][ T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 104.638536][ T57] usb 6-1: string descriptor 0 read error: -22 [ 104.641681][ T57] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 104.645512][ T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.654213][ T57] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 104.703585][ T6128] netlink: 129248 bytes leftover after parsing attributes in process `syz.3.219'. [ 104.977827][ T5385] usb 6-1: USB disconnect, device number 3 [ 105.245974][ T6149] netlink: 4 bytes leftover after parsing attributes in process `syz.0.225'. [ 105.255090][ T6149] ip6gretap1: entered allmulticast mode [ 106.127953][ T5345] Bluetooth: hci2: unexpected event 0x09 length: 50 > 3 [ 107.354966][ T6206] FAULT_INJECTION: forcing a failure. [ 107.354966][ T6206] name failslab, interval 1, probability 0, space 0, times 0 [ 107.364264][ T6206] CPU: 1 UID: 0 PID: 6206 Comm: syz.1.242 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 107.368606][ T6206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 107.374686][ T6206] Call Trace: [ 107.376159][ T6206] [ 107.377439][ T6206] dump_stack_lvl+0x16c/0x1f0 [ 107.379627][ T6206] should_fail_ex+0x497/0x5b0 [ 107.381680][ T6206] should_failslab+0xc2/0x120 [ 107.383717][ T6206] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 107.385861][ T6206] ? skb_clone+0x190/0x3f0 [ 107.387722][ T6206] skb_clone+0x190/0x3f0 [ 107.389610][ T6206] netlink_deliver_tap+0xab3/0xd90 [ 107.391802][ T6206] netlink_unicast+0x606/0x830 [ 107.393889][ T6206] ? __pfx_netlink_unicast+0x10/0x10 [ 107.396257][ T6206] netlink_sendmsg+0x8b8/0xd70 [ 107.398340][ T6206] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.401202][ T6206] ? __import_iovec+0x1fd/0x6e0 [ 107.403412][ T6206] ____sys_sendmsg+0xab5/0xc90 [ 107.405490][ T6206] ? copy_msghdr_from_user+0x10b/0x160 [ 107.407799][ T6206] ? __pfx_____sys_sendmsg+0x10/0x10 [ 107.410071][ T6206] ? find_held_lock+0x2d/0x110 [ 107.410707][ T5385] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 107.412167][ T6206] ? __pfx___lock_acquire+0x10/0x10 [ 107.417506][ T6206] ___sys_sendmsg+0x135/0x1e0 [ 107.419504][ T6206] ? __pfx____sys_sendmsg+0x10/0x10 [ 107.421606][ T6206] ? ksys_write+0x21c/0x260 [ 107.423368][ T6206] ? __fget_light+0x173/0x210 [ 107.425448][ T6206] __sys_sendmsg+0x117/0x1f0 [ 107.427493][ T6206] ? __pfx___sys_sendmsg+0x10/0x10 [ 107.429673][ T6206] do_syscall_64+0xcd/0x250 [ 107.431601][ T6206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.434200][ T6206] RIP: 0033:0x7f1a41777299 [ 107.436145][ T6206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.444452][ T6206] RSP: 002b:00007f1a42554048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 107.448034][ T6206] RAX: ffffffffffffffda RBX: 00007f1a41905f80 RCX: 00007f1a41777299 [ 107.451374][ T6206] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003 [ 107.454630][ T6206] RBP: 00007f1a425540a0 R08: 0000000000000000 R09: 0000000000000000 [ 107.457916][ T6206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.461007][ T6206] R13: 000000000000000b R14: 00007f1a41905f80 R15: 00007ffcac727d88 [ 107.463959][ T6206] [ 107.469904][ T6206] netlink: 36 bytes leftover after parsing attributes in process `syz.1.242'. [ 107.501059][ T830] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 107.620605][ T5385] usb 5-1: Using ep0 maxpacket: 8 [ 107.626342][ T5385] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 107.629476][ T5385] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 107.633860][ T5385] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.638439][ T5385] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 107.644178][ T5385] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 107.650021][ T5385] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 107.653712][ T5385] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 107.658397][ T5385] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.663740][ T5385] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 107.668585][ T5385] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 107.675460][ T5385] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 107.678678][ T5385] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 107.683818][ T5385] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.688681][ T5385] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 107.697313][ T5385] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 107.709590][ T5385] usb 5-1: string descriptor 0 read error: -22 [ 107.712866][ T5385] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 107.717735][ T5385] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.728506][ T5385] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 107.748011][ T830] usb 7-1: Using ep0 maxpacket: 8 [ 107.757251][ T830] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 107.760106][ T830] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 107.764840][ T830] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.770248][ T830] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 107.775513][ T830] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 107.781959][ T830] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 107.785560][ T830] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 107.790609][ T830] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.795560][ T830] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 107.800884][ T830] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 107.807075][ T830] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 107.810344][ T830] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 107.815246][ T830] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.819854][ T830] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 107.824143][ T830] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 107.832394][ T830] usb 7-1: string descriptor 0 read error: -22 [ 107.834919][ T830] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 107.838446][ T830] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.847785][ T830] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 108.068587][ T830] usb 7-1: USB disconnect, device number 2 [ 108.330928][ T5348] Bluetooth: hci1: command tx timeout [ 109.440791][ T39] kauditd_printk_skb: 15 callbacks suppressed [ 109.440834][ T39] audit: type=1400 audit(1722214311.550:279): avc: denied { create } for pid=6227 comm="syz.3.247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 109.462040][ T39] audit: type=1400 audit(1722214311.550:280): avc: denied { bind } for pid=6230 comm="syz.2.248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 109.474135][ T39] audit: type=1400 audit(1722214311.550:281): avc: denied { name_bind } for pid=6230 comm="syz.2.248" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 109.485106][ T39] audit: type=1400 audit(1722214311.550:282): avc: denied { node_bind } for pid=6230 comm="syz.2.248" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 109.495257][ T39] audit: type=1400 audit(1722214311.550:283): avc: denied { read } for pid=6230 comm="syz.2.248" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 109.571802][ T39] audit: type=1400 audit(1722214311.680:284): avc: denied { write } for pid=6235 comm="syz.2.250" path="" dev="sockfs" ino=13372 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 109.572022][ T6236] Bluetooth: MGMT ver 1.23 [ 109.893495][ T39] audit: type=1400 audit(1722214312.000:285): avc: denied { shutdown } for pid=6241 comm="syz.1.253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 110.891051][ T5348] Bluetooth: hci0: command tx timeout [ 110.968040][ T6242] syz.1.253 (6242): drop_caches: 2 [ 111.310745][ T5385] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 111.452100][ T39] audit: type=1400 audit(1722214313.560:286): avc: denied { write } for pid=6259 comm="syz.2.258" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 111.463717][ T39] audit: type=1400 audit(1722214313.570:287): avc: denied { create } for pid=6259 comm="syz.2.258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 111.499921][ T5385] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 111.509304][ T5385] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.513272][ T5385] usb 6-1: Product: syz [ 111.515051][ T5385] usb 6-1: Manufacturer: syz [ 111.517107][ T5385] usb 6-1: SerialNumber: syz [ 111.521813][ T5385] usb 6-1: config 0 descriptor?? [ 111.587897][ T5345] Bluetooth: hci0: link tx timeout [ 111.590748][ T5345] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 111.594644][ T5345] Bluetooth: hci0: link tx timeout [ 111.597219][ T5345] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 111.734082][ T830] usb 6-1: USB disconnect, device number 4 [ 111.939886][ T6258] FAULT_INJECTION: forcing a failure. [ 111.939886][ T6258] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.946346][ T6258] CPU: 2 UID: 0 PID: 6258 Comm: syz.1.257 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 111.950917][ T6258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.956081][ T6258] Call Trace: [ 111.957626][ T6258] [ 111.959063][ T6258] dump_stack_lvl+0x16c/0x1f0 [ 111.961915][ T6258] should_fail_ex+0x497/0x5b0 [ 111.964485][ T6258] _copy_from_user+0x30/0xf0 [ 111.967073][ T6258] copy_msghdr_from_user+0x99/0x160 [ 111.969517][ T6258] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 111.972480][ T6258] ? find_held_lock+0x2d/0x110 [ 111.974976][ T6258] ? __pfx___lock_acquire+0x10/0x10 [ 111.977296][ T6258] ___sys_sendmsg+0xff/0x1e0 [ 111.979462][ T6258] ? __pfx____sys_sendmsg+0x10/0x10 [ 111.981834][ T6258] ? ksys_write+0x21c/0x260 [ 111.983876][ T6258] ? __fget_light+0x173/0x210 [ 111.986096][ T6258] __sys_sendmsg+0x117/0x1f0 [ 111.988496][ T6258] ? __pfx___sys_sendmsg+0x10/0x10 [ 111.991062][ T6258] do_syscall_64+0xcd/0x250 [ 111.993363][ T6258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.996747][ T6258] RIP: 0033:0x7f1a41777299 [ 111.998847][ T6258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.006893][ T6258] RSP: 002b:00007f1a42554048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 112.010582][ T6258] RAX: ffffffffffffffda RBX: 00007f1a41905f80 RCX: 00007f1a41777299 [ 112.013850][ T6258] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004 [ 112.016325][ T6258] RBP: 00007f1a425540a0 R08: 0000000000000000 R09: 0000000000000000 [ 112.018914][ T6258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.022076][ T6258] R13: 000000000000000b R14: 00007f1a41905f80 R15: 00007ffcac727d88 [ 112.025174][ T6258] [ 112.029559][ T39] audit: type=1400 audit(1722214314.130:288): avc: denied { ioctl } for pid=6257 comm="syz.1.257" path="/dev/sg0" dev="devtmpfs" ino=707 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 112.139651][ T6267] netlink: 24 bytes leftover after parsing attributes in process `syz.3.259'. [ 112.172949][ T1415] usb 5-1: USB disconnect, device number 4 [ 112.632402][ T6276] input: syz1 as /devices/virtual/input/input9 [ 113.522869][ T6294] netlink: 24 bytes leftover after parsing attributes in process `syz.0.269'. [ 113.611120][ T5345] Bluetooth: hci0: command 0x0406 tx timeout [ 113.664279][ T56] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 113.870619][ T56] usb 7-1: Using ep0 maxpacket: 8 [ 113.875553][ T56] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 113.879053][ T56] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 113.884308][ T56] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 113.889566][ T56] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 113.898619][ T56] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 113.905413][ T56] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 113.908867][ T56] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 113.917915][ T56] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 113.932893][ T56] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 113.942906][ T56] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 113.954600][ T56] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 113.959262][ T56] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 113.967299][ T56] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 113.972851][ T56] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 173, changing to 11 [ 113.977779][ T56] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 113.987550][ T56] usb 7-1: string descriptor 0 read error: -22 [ 113.990990][ T56] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 113.995502][ T56] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.021603][ T56] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 114.650254][ T39] kauditd_printk_skb: 5 callbacks suppressed [ 114.650264][ T39] audit: type=1400 audit(1722214316.750:294): avc: denied { accept } for pid=6320 comm="syz.0.278" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 114.783327][ T6324] xt_l2tp: missing protocol rule (udp|l2tpip) [ 114.788339][ T39] audit: type=1400 audit(1722214316.890:295): avc: denied { read write } for pid=6323 comm="syz.1.279" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 114.792218][ T6324] fuse: Bad value for 'rootmode' [ 114.800919][ T39] audit: type=1400 audit(1722214316.890:296): avc: denied { open } for pid=6323 comm="syz.1.279" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 114.833968][ T6324] input: syz1 as /devices/virtual/input/input10 [ 114.952404][ T6327] fuse: blksize only supported for fuseblk [ 115.106862][ T6329] netlink: 24 bytes leftover after parsing attributes in process `syz.3.281'. [ 115.458111][ T6336] mmap: syz.3.284 (6336) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 115.465816][ T39] audit: type=1400 audit(1722214317.580:297): avc: denied { execute } for pid=6335 comm="syz.3.284" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=8949 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 115.528415][ T6342] warning: `syz.3.285' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 115.542913][ T6342] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 115.599160][ T6344] netlink: 24 bytes leftover after parsing attributes in process `syz.3.286'. [ 115.647253][ T6344] netlink: 8 bytes leftover after parsing attributes in process `syz.3.286'. [ 115.691152][ T5345] Bluetooth: hci0: command 0x0406 tx timeout [ 115.782829][ T39] audit: type=1400 audit(1722214317.890:298): avc: denied { write } for pid=6345 comm="syz.3.287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 115.928187][ T6353] fuse: Unknown parameter 'grĘGĢ½§ī00000000000000000000' [ 115.935892][ T39] audit: type=1400 audit(1722214318.040:299): avc: denied { connect } for pid=6352 comm="syz.0.290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 115.945765][ T39] audit: type=1400 audit(1722214318.040:300): avc: denied { ioctl } for pid=6352 comm="syz.0.290" path="socket:[11506]" dev="sockfs" ino=11506 ioctlcmd=0xb100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 115.956418][ T39] audit: type=1400 audit(1722214318.050:301): avc: denied { getopt } for pid=6352 comm="syz.0.290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 115.958763][ T6353] bond0: entered promiscuous mode [ 115.967239][ T6353] bond_slave_0: entered promiscuous mode [ 115.970309][ T6353] bond_slave_1: entered promiscuous mode [ 116.007376][ T6353] process 'syz.0.290' launched '/dev/fd/11' with NULL argv: empty string added [ 116.007591][ T39] audit: type=1400 audit(1722214318.110:302): avc: denied { execute } for pid=6352 comm="syz.0.290" dev="tmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 116.009061][ T39] audit: type=1400 audit(1722214318.110:303): avc: denied { execute_no_trans } for pid=6352 comm="syz.0.290" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F520C8103EC95C85174CBFCF91DF4DF3025E542A202864656C6574656429 dev="tmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 116.421711][ T5348] Bluetooth: hci3: command 0x0405 tx timeout [ 116.427508][ T56] usb 7-1: USB disconnect, device number 3 [ 116.496602][ T6370] netlink: 24 bytes leftover after parsing attributes in process `syz.0.295'. [ 116.547439][ T6370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.295'. [ 116.644335][ T6375] input: syz1 as /devices/virtual/input/input11 [ 116.720382][ T6378] FAULT_INJECTION: forcing a failure. [ 116.720382][ T6378] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 116.727139][ T6378] CPU: 2 UID: 0 PID: 6378 Comm: syz.1.298 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 116.731017][ T6378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 116.735778][ T6378] Call Trace: [ 116.737425][ T6378] [ 116.738546][ T6383] fuse: Unknown parameter 'grĘGĢ½§ī00000000000000000000' [ 116.738827][ T6378] dump_stack_lvl+0x16c/0x1f0 [ 116.744645][ T6378] should_fail_ex+0x497/0x5b0 [ 116.746925][ T5348] Bluetooth: Unexpected start frame (len 0) [ 116.747158][ T6378] ? fs_reclaim_acquire+0xae/0x160 [ 116.751875][ T6378] should_fail_alloc_page+0xe7/0x130 [ 116.754257][ T6378] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 116.757337][ T6378] __alloc_pages_noprof+0x194/0x2460 [ 116.759681][ T6378] ? mark_lock+0xb5/0xc60 [ 116.761596][ T6378] ? __pfx_mark_lock+0x10/0x10 [ 116.763720][ T6378] ? hlock_class+0x4e/0x130 [ 116.766408][ T6378] ? mark_lock+0xb5/0xc60 [ 116.766432][ T6378] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 116.766457][ T6378] ? __pfx_mark_lock+0x10/0x10 [ 116.766476][ T6378] ? hlock_class+0x4e/0x130 [ 116.766491][ T6378] ? mark_lock+0xb5/0xc60 [ 116.777619][ T6378] ? hlock_class+0x4e/0x130 [ 116.777639][ T6378] ? mark_lock+0xb5/0xc60 [ 116.777658][ T6378] ? hlock_class+0x4e/0x130 [ 116.777673][ T6378] ? mark_lock+0xb5/0xc60 [ 116.777692][ T6378] ? __pfx_mark_lock+0x10/0x10 [ 116.777711][ T6378] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 116.790269][ T6378] ? policy_nodemask+0xea/0x4e0 [ 116.790297][ T6378] alloc_pages_mpol_noprof+0x275/0x610 [ 116.790323][ T6378] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 116.797524][ T6378] ? hlock_class+0x4e/0x130 [ 116.799441][ T6378] ? find_held_lock+0x2d/0x110 [ 116.801332][ T6378] folio_alloc_mpol_noprof+0x36/0xd0 [ 116.803350][ T6378] vma_alloc_folio_noprof+0xee/0x1b0 [ 116.805716][ T6378] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 116.808196][ T6378] ? __pfx___lock_acquire+0x10/0x10 [ 116.810397][ T6378] ? __pfx_lock_acquire+0x10/0x10 [ 116.812576][ T6378] do_wp_page+0xfd7/0x3430 [ 116.814839][ T6378] ? __pfx_lock_acquire+0x10/0x10 [ 116.817051][ T6378] ? __pfx_do_wp_page+0x10/0x10 [ 116.819101][ T6378] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 116.821317][ T6378] __handle_mm_fault+0x2468/0x5660 [ 116.823248][ T6378] ? __pfx_mt_find+0x10/0x10 [ 116.825010][ T6378] ? __pfx___handle_mm_fault+0x10/0x10 [ 116.827622][ T6378] ? find_vma+0xc0/0x140 [ 116.829452][ T6378] ? __pfx_find_vma+0x10/0x10 [ 116.831460][ T6378] ? rds_message_inc_copy_to_user+0x345/0x410 [ 116.834279][ T6378] handle_mm_fault+0x44e/0x7b0 [ 116.836544][ T6378] ? __pkru_allows_pkey+0x52/0xb0 [ 116.838813][ T6378] do_user_addr_fault+0x7a3/0x13f0 [ 116.841111][ T6378] exc_page_fault+0x5c/0xc0 [ 116.843168][ T6378] asm_exc_page_fault+0x26/0x30 [ 116.845307][ T6378] RIP: 0010:__put_user_nocheck_4+0x7/0x20 [ 116.848323][ T6378] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 [ 116.848344][ T6378] RSP: 0018:ffffc9000355f9d8 EFLAGS: 00050293 [ 116.848362][ T6378] RAX: 0000000040000000 RBX: 0000000040000000 RCX: 0000000020005030 [ 116.848375][ T6378] RDX: ffff88802b6f0000 RSI: ffffffff88e00c1a RDI: 0000000000000005 [ 116.848387][ T6378] RBP: ffffc9000355fd98 R08: 0000000000000005 R09: 0000000000000000 [ 116.848399][ T6378] R10: 0000000040000022 R11: 0000000000000000 R12: 0000000000000000 [ 116.848411][ T6378] R13: 0000000020005000 R14: ffffc9000355fddc R15: 0000000040000022 [ 116.848425][ T6378] ? ____sys_recvmsg+0x2ea/0x6b0 [ 116.848449][ T6378] ____sys_recvmsg+0x2f5/0x6b0 [ 116.848470][ T6378] ? __pfx_____sys_recvmsg+0x10/0x10 [ 116.848491][ T6378] ? __pfx___lock_acquire+0x10/0x10 [ 116.848513][ T6378] ___sys_recvmsg+0x115/0x1a0 [ 116.848538][ T6378] ? __pfx____sys_recvmsg+0x10/0x10 [ 116.848562][ T6378] ? find_held_lock+0x2d/0x110 [ 116.848590][ T6378] ? __pfx___might_resched+0x10/0x10 [ 116.848615][ T6378] ? __might_fault+0xe3/0x190 [ 116.848632][ T6378] do_recvmmsg+0x2ba/0x750 [ 116.848657][ T6378] ? __pfx_do_recvmmsg+0x10/0x10 [ 116.848681][ T6378] ? vfs_write+0x14d/0x1140 [ 116.848699][ T6378] ? __mutex_unlock_slowpath+0x164/0x650 [ 116.848723][ T6378] __x64_sys_recvmmsg+0x239/0x290 [ 116.848749][ T6378] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 116.848777][ T6378] do_syscall_64+0xcd/0x250 [ 116.848796][ T6378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.848819][ T6378] RIP: 0033:0x7f1a41777299 [ 116.848832][ T6378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.848848][ T6378] RSP: 002b:00007f1a42554048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 116.848866][ T6378] RAX: ffffffffffffffda RBX: 00007f1a41905f80 RCX: 00007f1a41777299 [ 116.848879][ T6378] RDX: 0000000000001001 RSI: 0000000020004940 RDI: 0000000000000003 [ 116.848891][ T6378] RBP: 00007f1a425540a0 R08: 0000000000000000 R09: 0000000000000000 [ 116.848902][ T6378] R10: 0000000040000022 R11: 0000000000000246 R12: 0000000000000002 [ 116.848913][ T6378] R13: 000000000000000b R14: 00007f1a41905f80 R15: 00007ffcac727d88 [ 116.848928][ T6378] [ 118.051238][ T6408] netlink: 40 bytes leftover after parsing attributes in process `syz.2.308'. [ 118.057059][ T6408] FAULT_INJECTION: forcing a failure. [ 118.057059][ T6408] name failslab, interval 1, probability 0, space 0, times 0 [ 118.065588][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.2.308 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 118.070367][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.075609][ T6408] Call Trace: [ 118.077452][ T6408] [ 118.078831][ T6408] dump_stack_lvl+0x16c/0x1f0 [ 118.080934][ T6408] should_fail_ex+0x497/0x5b0 [ 118.083029][ T6408] should_failslab+0xc2/0x120 [ 118.085191][ T6408] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 118.087661][ T6408] ? skb_clone+0x190/0x3f0 [ 118.089663][ T6408] skb_clone+0x190/0x3f0 [ 118.091556][ T6408] netlink_deliver_tap+0xab3/0xd90 [ 118.093920][ T6408] netlink_unicast+0x6c2/0x830 [ 118.096204][ T6408] ? __pfx_netlink_unicast+0x10/0x10 [ 118.098590][ T6408] ? rtnetlink_rcv_msg+0x3e6/0xea0 [ 118.100813][ T6408] netlink_ack+0x6a8/0xb90 [ 118.102944][ T6408] netlink_rcv_skb+0x348/0x440 [ 118.105168][ T6408] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 118.107567][ T6408] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 118.109722][ T6408] ? netlink_deliver_tap+0x1ae/0xd90 [ 118.112536][ T6408] netlink_unicast+0x544/0x830 [ 118.114648][ T6408] ? __pfx_netlink_unicast+0x10/0x10 [ 118.117317][ T6408] netlink_sendmsg+0x8b8/0xd70 [ 118.119559][ T6408] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.122043][ T6408] ? __import_iovec+0x1fd/0x6e0 [ 118.124233][ T6408] ____sys_sendmsg+0xab5/0xc90 [ 118.126253][ T6408] ? copy_msghdr_from_user+0x10b/0x160 [ 118.128618][ T6408] ? __pfx_____sys_sendmsg+0x10/0x10 [ 118.130396][ T6408] ? __pfx___lock_acquire+0x10/0x10 [ 118.132509][ T6408] ___sys_sendmsg+0x135/0x1e0 [ 118.134493][ T6408] ? __pfx____sys_sendmsg+0x10/0x10 [ 118.136551][ T6408] ? __pfx_lock_release+0x10/0x10 [ 118.138532][ T6408] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 118.141068][ T6408] ? __fget_light+0x173/0x210 [ 118.143377][ T6408] __sys_sendmmsg+0x1a1/0x450 [ 118.145582][ T6408] ? __pfx___sys_sendmmsg+0x10/0x10 [ 118.147869][ T6408] ? vfs_write+0x14d/0x1140 [ 118.149860][ T6408] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 118.152452][ T6408] ? fput+0x32/0x390 [ 118.154229][ T6408] ? ksys_write+0x1ab/0x260 [ 118.156168][ T6408] ? __pfx_ksys_write+0x10/0x10 [ 118.158408][ T6408] __x64_sys_sendmmsg+0x9c/0x100 [ 118.160959][ T6408] ? lockdep_hardirqs_on+0x7c/0x110 [ 118.163700][ T6408] do_syscall_64+0xcd/0x250 [ 118.165619][ T6408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.168104][ T6408] RIP: 0033:0x7f71e0f77299 [ 118.170119][ T6408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.178431][ T6408] RSP: 002b:00007f71e1de3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 118.182301][ T6408] RAX: ffffffffffffffda RBX: 00007f71e1105f80 RCX: 00007f71e0f77299 [ 118.185602][ T6408] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000005 [ 118.188677][ T6408] RBP: 00007f71e1de30a0 R08: 0000000000000000 R09: 0000000000000000 [ 118.191856][ T6408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.195280][ T6408] R13: 000000000000000b R14: 00007f71e1105f80 R15: 00007ffcfc3c8568 [ 118.198449][ T6408] [ 118.231169][ T6405] IPVS: length: 131 != 8 [ 118.278811][ T6413] fuse: Unknown parameter 'grĘGĢ½§ī00000000000000000000' [ 118.315081][ T6413] bond0: entered promiscuous mode [ 118.315103][ T6413] bond_slave_0: entered promiscuous mode [ 118.315282][ T6413] bond_slave_1: entered promiscuous mode [ 119.209205][ T6442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 119.570904][ T1287] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 119.753397][ T1287] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 119.758079][ T1287] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.763535][ T1287] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.768174][ T1287] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 119.776631][ T1287] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 119.780812][ T1287] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 119.784627][ T1287] usb 5-1: Manufacturer: syz [ 119.806273][ T1287] usb 5-1: config 0 descriptor?? [ 120.029504][ T6445] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6445 comm=syz.3.322 [ 120.039911][ T5348] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 120.236734][ T1287] usbhid 5-1:0.0: can't add hid device: -71 [ 120.239374][ T1287] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 120.280634][ T1287] usb 5-1: USB disconnect, device number 5 [ 120.509178][ T6458] fuse: Unknown parameter '000000000000000000000000x0000000000000003' [ 120.651244][ T6458] netlink: 40 bytes leftover after parsing attributes in process `syz.1.328'. [ 120.656587][ T6458] netlink: 24 bytes leftover after parsing attributes in process `syz.1.328'. [ 121.029926][ T6468] netlink: 40 bytes leftover after parsing attributes in process `syz.1.331'. [ 121.295477][ T39] kauditd_printk_skb: 23 callbacks suppressed [ 121.295490][ T39] audit: type=1400 audit(1722214579.400:327): avc: denied { create } for pid=6483 comm="syz.2.337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 121.308094][ T6485] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 121.311751][ T6485] audit: out of memory in audit_log_start [ 121.317953][ T39] audit: type=1400 audit(1722214579.420:328): avc: denied { nlmsg_read } for pid=6483 comm="syz.2.337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 122.114811][ T39] audit: type=1400 audit(1722214580.220:329): avc: denied { create } for pid=6504 comm="syz.1.343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 122.126192][ T39] audit: type=1400 audit(1722214580.240:330): avc: denied { setopt } for pid=6504 comm="syz.1.343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 122.261468][ T830] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 122.465277][ T6514] syz.2.344 uses obsolete (PF_INET,SOCK_PACKET) [ 122.471688][ T830] usb 8-1: Using ep0 maxpacket: 8 [ 122.476120][ T830] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 122.481909][ T830] usb 8-1: config 0 has no interface number 0 [ 122.486763][ T830] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 122.518323][ T830] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 122.522783][ T830] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.533080][ T830] usb 8-1: config 0 descriptor?? [ 122.550938][ T830] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 122.947689][ T39] audit: type=1400 audit(1722214581.050:331): avc: denied { map } for pid=6515 comm="syz.0.346" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=744 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 122.958235][ T39] audit: type=1400 audit(1722214581.050:332): avc: denied { execute } for pid=6515 comm="syz.0.346" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=744 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 123.052650][ T5348] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 123.057533][ T5348] Bluetooth: hci1: Injecting HCI hardware error event [ 123.062356][ T5348] Bluetooth: hci1: hardware error 0x00 [ 123.270078][ T5385] usb 8-1: USB disconnect, device number 4 [ 123.278607][ T5385] iowarrior 8-1:0.1: I/O-Warror #0 now disconnected [ 124.137108][ T6543] FAULT_INJECTION: forcing a failure. [ 124.137108][ T6543] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 124.146375][ T6543] CPU: 3 UID: 0 PID: 6543 Comm: syz.0.353 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 124.150916][ T6543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.155605][ T6543] Call Trace: [ 124.157134][ T6543] [ 124.158527][ T6543] dump_stack_lvl+0x16c/0x1f0 [ 124.160629][ T6543] should_fail_ex+0x497/0x5b0 [ 124.163093][ T6543] ? fs_reclaim_acquire+0xae/0x160 [ 124.165449][ T6543] should_fail_alloc_page+0xe7/0x130 [ 124.167784][ T6543] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 124.170503][ T6543] ? stack_depot_save_flags+0x28/0x8f0 [ 124.172916][ T6543] __alloc_pages_noprof+0x194/0x2460 [ 124.175482][ T6543] ? __lock_acquire+0xbdd/0x3cb0 [ 124.177801][ T6543] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 124.180604][ T6543] ? __pfx___lock_acquire+0x10/0x10 [ 124.183233][ T6543] ? __pfx___lock_acquire+0x10/0x10 [ 124.185591][ T6543] ? lock_acquire+0x1b1/0x560 [ 124.187981][ T6543] ? find_held_lock+0x2d/0x110 [ 124.190070][ T6543] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 124.192746][ T6543] ? policy_nodemask+0xea/0x4e0 [ 124.194921][ T6543] alloc_pages_mpol_noprof+0x275/0x610 [ 124.197425][ T6543] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 124.200240][ T6543] ? find_held_lock+0x2d/0x110 [ 124.202582][ T6543] ? find_held_lock+0x2d/0x110 [ 124.204916][ T6543] pte_alloc_one+0x20/0x370 [ 124.207377][ T6543] __pte_alloc+0x6e/0x3a0 [ 124.209800][ T6543] ? __pfx___pte_alloc+0x10/0x10 [ 124.212050][ T6543] remap_pfn_range_notrack+0xaab/0xdb0 [ 124.214513][ T6543] ? __pfx_remap_pfn_range_notrack+0x10/0x10 [ 124.217204][ T6543] ? up_write+0x1b2/0x520 [ 124.219154][ T6543] remap_pfn_range+0xce/0x140 [ 124.221252][ T6543] ? __pfx_remap_pfn_range+0x10/0x10 [ 124.223808][ T6543] usbdev_mmap+0x77b/0xae0 [ 124.225886][ T6543] ? __pfx_usbdev_mmap+0x10/0x10 [ 124.228125][ T6543] ? __raw_spin_lock_init+0x3a/0x110 [ 124.230739][ T6543] mmap_region+0x757/0x2760 [ 124.232778][ T6543] ? __pfx_mmap_region+0x10/0x10 [ 124.234971][ T6543] ? security_mmap_addr+0x8e/0xb0 [ 124.236990][ T6543] ? __get_unmapped_area+0x271/0x3a0 [ 124.239533][ T6543] do_mmap+0xbfb/0xfb0 [ 124.241381][ T6543] ? security_mmap_file+0x192/0x1d0 [ 124.243748][ T6543] vm_mmap_pgoff+0x1ba/0x360 [ 124.245870][ T6543] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 124.248174][ T6543] ksys_mmap_pgoff+0x332/0x5d0 [ 124.250328][ T6543] ? __pfx_ksys_write+0x10/0x10 [ 124.252547][ T6543] __x64_sys_mmap+0x125/0x190 [ 124.254760][ T6543] do_syscall_64+0xcd/0x250 [ 124.256788][ T6543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.259375][ T6543] RIP: 0033:0x7fad8f977299 [ 124.261339][ T6543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.269698][ T6543] RSP: 002b:00007fad907e9048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 124.273904][ T6543] RAX: ffffffffffffffda RBX: 00007fad8fb06058 RCX: 00007fad8f977299 [ 124.276954][ T6543] RDX: 000000000000000f RSI: 0000000000400000 RDI: 0000000020000000 [ 124.280432][ T6543] RBP: 00007fad907e90a0 R08: 0000000000000007 R09: 0000000000000000 [ 124.283781][ T6543] R10: 0000000000011012 R11: 0000000000000246 R12: 0000000000000002 [ 124.287321][ T6543] R13: 000000000000006e R14: 00007fad8fb06058 R15: 00007ffc00a87868 [ 124.290830][ T6543] [ 124.294972][ T6543] ------------[ cut here ]------------ [ 124.297710][ T6543] kernel BUG at mm/page_table_check.c:157! [ 124.300318][ T6543] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 124.303985][ T6543] CPU: 2 UID: 0 PID: 6543 Comm: syz.0.353 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 124.313918][ T6543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.318317][ T6543] RIP: 0010:__page_table_check_zero+0x306/0x370 [ 124.321107][ T6543] Code: ff 48 89 ef e8 ab d0 ff ff 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f e9 a8 8e 98 ff e8 a3 8e 98 ff 90 0f 0b e8 9b 8e 98 ff 90 <0f> 0b e8 93 8e 98 ff 90 0f 0b e8 9b b5 f5 ff e9 85 fd ff ff 48 c7 [ 124.329624][ T6543] RSP: 0018:ffffc9000357f9f0 EFLAGS: 00010293 [ 124.332390][ T6543] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81f1fffb [ 124.336031][ T6543] RDX: ffff888028dba440 RSI: ffffffff81f20115 RDI: 0000000000000005 [ 124.339696][ T6543] RBP: ffff888018190000 R08: 0000000000000005 R09: 0000000000000000 [ 124.343230][ T6543] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 124.343352][ T6545] Context (ID=0x0) not attached to queue pair (handle=0x0:0x0) [ 124.346755][ T6543] R13: 000000000000000a R14: ffff88801819004c R15: dffffc0000000000 [ 124.346769][ T6543] FS: 00007fad907e96c0(0000) GS:ffff88806b200000(0000) knlGS:0000000000000000 [ 124.346802][ T6543] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.359982][ T6543] CR2: 000000002001d200 CR3: 000000002794a000 CR4: 0000000000350ef0 [ 124.363081][ T6543] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.366131][ T6543] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 124.369209][ T6543] Call Trace: [ 124.370554][ T6543] [ 124.372438][ T6543] ? show_regs+0x8c/0xa0 [ 124.374483][ T6543] ? die+0x36/0xa0 [ 124.376013][ T6543] ? do_trap+0x232/0x430 [ 124.377756][ T6543] ? __page_table_check_zero+0x306/0x370 [ 124.380249][ T6543] ? __page_table_check_zero+0x306/0x370 [ 124.382565][ T6543] ? do_error_trap+0xf4/0x230 [ 124.384495][ T6543] ? __page_table_check_zero+0x306/0x370 [ 124.386794][ T6543] ? handle_invalid_op+0x34/0x40 [ 124.388820][ T6543] ? __page_table_check_zero+0x306/0x370 [ 124.390835][ T6543] ? exc_invalid_op+0x2e/0x50 [ 124.392969][ T6543] ? asm_exc_invalid_op+0x1a/0x20 [ 124.395194][ T6543] ? __page_table_check_zero+0x1eb/0x370 [ 124.397591][ T6543] ? __page_table_check_zero+0x305/0x370 [ 124.399910][ T6543] ? __page_table_check_zero+0x306/0x370 [ 124.401985][ T6543] __free_pages_ok+0x5d4/0xbd0 [ 124.403756][ T6543] hcd_buffer_free_pages+0xe8/0x180 [ 124.405888][ T6543] dec_usb_memory_use_count+0x27b/0x410 [ 124.408280][ T6543] usbdev_mmap+0x7a7/0xae0 [ 124.409882][ T6543] ? __pfx_usbdev_mmap+0x10/0x10 [ 124.411770][ T6543] ? __raw_spin_lock_init+0x3a/0x110 [ 124.413984][ T6543] mmap_region+0x757/0x2760 [ 124.416032][ T6543] ? __pfx_mmap_region+0x10/0x10 [ 124.418201][ T6543] ? security_mmap_addr+0x8e/0xb0 [ 124.420449][ T6543] ? __get_unmapped_area+0x271/0x3a0 [ 124.422788][ T6543] do_mmap+0xbfb/0xfb0 [ 124.424556][ T6543] ? security_mmap_file+0x192/0x1d0 [ 124.426728][ T6543] vm_mmap_pgoff+0x1ba/0x360 [ 124.428758][ T6543] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 124.431004][ T6543] ksys_mmap_pgoff+0x332/0x5d0 [ 124.432929][ T6543] ? __pfx_ksys_write+0x10/0x10 [ 124.435068][ T6543] __x64_sys_mmap+0x125/0x190 [ 124.436943][ T6543] do_syscall_64+0xcd/0x250 [ 124.438837][ T6543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.441037][ T6543] RIP: 0033:0x7fad8f977299 [ 124.442796][ T6543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.451255][ T6543] RSP: 002b:00007fad907e9048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 124.454745][ T6543] RAX: ffffffffffffffda RBX: 00007fad8fb06058 RCX: 00007fad8f977299 [ 124.458129][ T6543] RDX: 000000000000000f RSI: 0000000000400000 RDI: 0000000020000000 [ 124.461582][ T6543] RBP: 00007fad907e90a0 R08: 0000000000000007 R09: 0000000000000000 [ 124.465498][ T6543] R10: 0000000000011012 R11: 0000000000000246 R12: 0000000000000002 [ 124.468748][ T6543] R13: 000000000000006e R14: 00007fad8fb06058 R15: 00007ffc00a87868 [ 124.472139][ T6543] [ 124.473450][ T6543] Modules linked in: [ 124.476316][ T6543] ---[ end trace 0000000000000000 ]--- [ 124.481436][ T6543] RIP: 0010:__page_table_check_zero+0x306/0x370 [ 124.484388][ T6543] Code: ff 48 89 ef e8 ab d0 ff ff 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f e9 a8 8e 98 ff e8 a3 8e 98 ff 90 0f 0b e8 9b 8e 98 ff 90 <0f> 0b e8 93 8e 98 ff 90 0f 0b e8 9b b5 f5 ff e9 85 fd ff ff 48 c7 [ 124.491703][ T6543] RSP: 0018:ffffc9000357f9f0 EFLAGS: 00010293 [ 124.494073][ T6543] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81f1fffb [ 124.498285][ T6543] RDX: ffff888028dba440 RSI: ffffffff81f20115 RDI: 0000000000000005 [ 124.503110][ T6543] RBP: ffff888018190000 R08: 0000000000000005 R09: 0000000000000000 [ 124.506766][ T6543] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 124.509863][ T6543] R13: 000000000000000a R14: ffff88801819004c R15: dffffc0000000000 [ 124.513238][ T6543] FS: 00007fad907e96c0(0000) GS:ffff88806b200000(0000) knlGS:0000000000000000 [ 124.517121][ T6543] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.520310][ T6543] CR2: 000000002001d200 CR3: 000000002794a000 CR4: 0000000000350ef0 [ 124.524357][ T6543] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.528274][ T6543] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 124.532487][ T6543] Kernel panic - not syncing: Fatal exception [ 124.535869][ T6543] Kernel Offset: disabled [ 124.537727][ T6543] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:52:06 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff813cedbe RDX=ffff8880248e8000 RSI=0000000000000000 RDI=0000000000000001 RBP=ffffffff8b49d680 RSP=ffffc90026ad7508 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000001 R13=0000000000000001 R14=0000000000000003 R15=0000000000000001 RIP=ffffffff818a896d RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007fc873c20500 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f2b885ffb28 CR3=000000002be16000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000012002 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff778c1020 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c5f5f0045544156 4952505f4342494c ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000042494c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6362696c5f5f0045 5441564952505f43 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f6e3a6d5e007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4b1f485e005600 0b56000041000b56 000040494a564b4a 460a5340410a000a ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6373203434373d 616e692022725f6d 6461736564223d6f 656420223130302f ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000080080783 RBX=0000000000000000 RCX=ffff888023c50fb0 RDX=000000000000009d RSI=ffffffff863c43d6 RDI=ffff888023c51188 RBP=0000000000000001 RSP=ffffc900008b0b88 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000001 R13=0000000000004e20 R14=ffff888023c50fb0 R15=0000000000000001 RIP=ffffffff863c441d RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fad992f7d00 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f1a424356c0 CR3=0000000011db4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 ZMM17=057f7a3b41d4f5ac 2adf4e225faa16f3 057f7a3b41d4f5ac 2adf4e225faa16f3 057f7a3b41d4f5ac 2adf4e225faa16f3 057f7a3b41d4f5ac 2adf4e225faa16f3 ZMM18=22ca44cbd846b6ed 4b77cc12989432bf 22ca44cbd846b6ed 4b77cc12989432bf 22ca44cbd846b6ed 4b77cc12989432bf 22ca44cbd846b6ed 4b77cc12989432bf ZMM19=ea06000000000000 0000000000000005 ea06000000000000 0000000000000004 ea06000000000000 0000000000000003 ea06000000000000 0000000000000002 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=2adf4e222adf4e22 2adf4e222adf4e22 2adf4e222adf4e22 2adf4e222adf4e22 2adf4e222adf4e22 2adf4e222adf4e22 2adf4e222adf4e22 2adf4e222adf4e22 ZMM22=41d4f5ac41d4f5ac 41d4f5ac41d4f5ac 41d4f5ac41d4f5ac 41d4f5ac41d4f5ac 41d4f5ac41d4f5ac 41d4f5ac41d4f5ac 41d4f5ac41d4f5ac 41d4f5ac41d4f5ac ZMM23=057f7a3b057f7a3b 057f7a3b057f7a3b 057f7a3b057f7a3b 057f7a3b057f7a3b 057f7a3b057f7a3b 057f7a3b057f7a3b 057f7a3b057f7a3b 057f7a3b057f7a3b ZMM24=989432bf989432bf 989432bf989432bf 989432bf989432bf 989432bf989432bf 989432bf989432bf 989432bf989432bf 989432bf989432bf 989432bf989432bf ZMM25=4b77cc124b77cc12 4b77cc124b77cc12 4b77cc124b77cc12 4b77cc124b77cc12 4b77cc124b77cc12 4b77cc124b77cc12 4b77cc124b77cc12 4b77cc124b77cc12 ZMM26=d846b6edd846b6ed d846b6edd846b6ed d846b6edd846b6ed d846b6edd846b6ed d846b6edd846b6ed d846b6edd846b6ed d846b6edd846b6ed d846b6edd846b6ed ZMM27=22ca44cb22ca44cb 22ca44cb22ca44cb 22ca44cb22ca44cb 22ca44cb22ca44cb 22ca44cb22ca44cb 22ca44cb22ca44cb 22ca44cb22ca44cb 22ca44cb22ca44cb ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=e9060000e9060000 e9060000e9060000 e9060000e9060000 e9060000e9060000 e9060000e9060000 e9060000e9060000 e9060000e9060000 e9060000e9060000 info registers vcpu 2 CPU#2 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fe2b85 RDI=ffffffff9519a720 RBP=ffffffff9519a6e0 RSP=ffffc9000357f388 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552032203a555043 R12=0000000000000000 R13=000000000000005b R14=ffffffff84fe2b20 R15=0000000000000000 RIP=ffffffff84fe2baf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fad907e96c0 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002001d200 CR3=000000002794a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00003170726d7664 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71e0fe56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71e0fe56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71e0fe56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71e0fe56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71e0fe5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71e0fe5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71e10d5488 00007f71e10d5480 00007f71e10d5478 00007f71e10d5450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71e1c3d100 00007f71e10d5440 00007f71e10d0004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f71e10d5498 00007f71e10d5490 00007f71e10d5488 00007f71e10d5480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000009a27c RBX=0000000000000003 RCX=ffffffff8b11a529 RDX=ffffed100d666fe2 RSI=ffffffff8bb08ec0 RDI=ffffffff8162609c RBP=ffffed100305b488 RSP=ffffc900001a7e08 R8 =0000000000000000 R9 =ffffed100d666fe1 R10=ffff88806b337f0b R11=0000000000000000 R12=0000000000000003 R13=ffff8880182da440 R14=ffffffff9012b318 R15=0000000000000000 RIP=ffffffff8b11b91f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fad907e8fa8 CR3=000000001ea9a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000004080 Opmask01=00000000000001ff Opmask02=00000000efffffff Opmask03=0104100080810010 Opmask04=00000000ffffffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffa9cf21d0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffa9cf2610 0000003000000010 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ff00000000 00ff000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373735822 7373737373730a07 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73001605121f0073 431e161e035c1810 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30303a0031706f6f 6c2f6b636f6c622f 6c6175747269762f 736563697665642f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f7379732f002f73 75622f7379732f00 2f6d657473797362 75732f7379732f00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30706f6f6c2f6b63 6f6c622f6c00313a 37006b636f6c6200 7665642f7379732f ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 dbf6ac90f05d7b30 0000564465abc4f9 00000000000000a1 000000302f716d00 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000323230332f 323135312f306337 0000000000000021 000000000000312e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000007cd1 0000000000007974 00736576616c7300 306d656d702f6b63 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a3a263e383a3a26 39383a3a2638383a 3a263b383a3a263a 383a3a26493b3a3a ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e205f61000a0064 6e000a003d000a61 6e61642e74206e22 0000656e000a0064 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20000a00000a005f 64000a000a00004d 544e47202c004600 00000049000a0064 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020