last executing test programs: 1m45.125412368s ago: executing program 0 (id=31): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e23}, 0x6e) mkdir(&(0x7f0000000440)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f00000002c0)={[{@dyn}]}) unlink(&(0x7f0000000300)='./file0/file0\x00') 1m45.122989004s ago: executing program 0 (id=32): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x2}}, 0x26) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x1a8000, 0xa, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x3000}, {0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0xfc}, {0x0, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, 0x1}, {0x0, 0x10000, 0x1, 0x9, 0x0, 0xfd}, {0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x9, 0x2, 0x3}, {0x0, 0xeeee8000, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4}, {}, {}, 0xddf8ffdb, 0x0, 0x0, 0x140030, 0x80000a, 0x0, 0x3000, [0x800000000, 0x0, 0x1a7ff4f4]}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_TRANSLATE(r6, 0xc018ae85, &(0x7f00000002c0)={0x4, 0x4000, 0x7, 0x40, 0x63}) getsockopt$bt_BT_SECURITY(r1, 0x111, 0x2, 0x0, 0x20001f00) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r0, 0x4068aea3, &(0x7f0000019080)={0xbe, 0x0, 0x1}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0) creat(&(0x7f00000001c0)='./file0\x00', 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c8, 0x2b0, 0x268, 0x300, 0x2b0, 0x268, 0x3e8, 0x460, 0x460, 0x3e8, 0x460, 0x9, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @loopback, [], [], 'veth0_to_hsr\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xe8, 0x0, {0x9401}}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "1852aa405753905554ed000600ebaf5ffbbbcc15d0abddcb5ae29b3b8f45"}}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x328) mount$tmpfs(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000740), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='mpol=prefer=statiF:0']) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r7, 0x0, 0x8}, 0x18) pread64(r0, &(0x7f0000000080)=""/102356, 0x18fd4, 0x3) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000019140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}}], {0x14, 0x10}}, 0x5c}}, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000019100)={[&(0x7f0000000200)=' ']}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 1m44.933952839s ago: executing program 0 (id=33): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000003700)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r1) sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000940)={0x1148, r2, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0x28, 0xa9, @random="9870d337511b43025e82f4bf3c9c429f3d31b8d6e9e495af98b51fa5c8186789afeb00a5"}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0xd}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x1000}, @DEVLINK_ATTR_RATE_NODE_NAME={0x1004, 0xa8, @random="ffd30f68a3316dd02d712aebbd58cd035294ca1480bf33e1ec6f57e1a186443bd7bf26cd84f01687a63c48d6762ff34afea38105b032088955075bbc50cd3963c8726f38c563da91fce5a3fe0229f507d366497a58d4d152a98ace5af5ccf4f5c6f7ee7ab787996e13f0e01fdef01faeca6c38a80bf9dba91a99ca14435e791342af19b49685a980ee8acbc969ab603a7b563b38a85b227f2024a4fbc22b4e6411d065cc040e509a5909ca83c668f19343a21142a5d567e38c635d582c5ce5a10ad98a3f914550f997334f873b4336b176e79044e77e7cdd4624b231fe850f0d088e2271ae44c35ee52b3deb318a2c1a1e6f5187dad228359fe2a6cf6cc9685c908f1472df9a4f46059a4788a060aafbfa0409f2f64bfdb69fb693394922c7263ebc4956ec683ed2f001ea30bc4f34cb289c67b90c7b54c87b0da7abfb0d732f67a184dcb5d4ca8a28f3e0f35fc60eef69f1d8cdd3b745fc240f3a4d41ad216f33352cd45465b1ad11f566a0131be87ac389c3d7ce89cb5e1f008f6a1fcd648ac23294fe4da2fafd2e12fbd5fe57a59e9bf656fd182371e26e1dd6b8ac2e01da2a28d686252a2c5dd45234f2532845cbbde207c7311e7ccf4dc2509329458879ea2b77d015e4238bf11a1990a562a9e222b53a442180c7e53a8dc2ca274e7e19041697015ef794abbe3bc810b47a01a18176ab9fca964b271cf22f1bf1cf3a53901028384b9af954293cbeda440f6a206eaa0707a2f7a03906e1b341162ac0ce936bd84043128e001421ab5276e66467646f741f40d1fded6ba6208ff9d5b6be7b149d0c32f365b2723f20825e3d722bb907b27881481ae722bf04171f83520ec2795a7bfe4187726e4efbf8a50fb17304fd49ac9487469e1d68d607265857bf3ae95748c7e511719b67d7059a1217632d43374431562c4f048ace4ba238bb6d100a2e1b61f3b46ec7121cd8e2a135d54173a22f5af77dd5e8a3ac2abf481e0cc3ab5dbf4ecb8d90bf2ee12f8349f352e622d483c9f18e3e25bc2e5cef1f76eb913b69d0caca01b66f05572c768888f96f404f405d8177b5cf62378b3c03df1272e643afad1a30a431e675f584e2627df6a252ce0db27d86b78795eb362ab074faf8e9994cf2f0376c5568ef844cdb37b623afbfbfc0efd425c753a9d785f36df586e12264032fe319a891521a26efd42dcd9c78df5b280595180f8d4bc69903bbce7a9113d18f1f816947a578ca7e4d12cb6c51c6fcf826290188441a6d36ef2f4e543615d259379f079993575b24805ca1a363c31cae8c7f4212d3120d427f05b120ed19fbe15543e57d2e12b128245fe8d702d2a6efd97e025f5d860311690a6d48f7940ca58fca4e43bf46a7c3e19687822c481929ac914f9801fce8d4b5847a212126c4eebd5020912db494bd12e1e73982f33cad70d346be035b7762b22246c7746b89df4c0704558ab381ce9cf579ad74ce2aea7e6682799f3b0d5c4da96e7268b3313e6fa0d1183a4edf0cd329343d0a1a14d82bc52f1f8f3d0365e04d4e240eb7536bad10edd80724d82774e3a126abb9b02b4bd548c4822154797fe55605e712d9af524153f2549db5e608adc3d51c89b30a950035ab5dd0389911b8eb0caf6354fd0d48d554ff2a7ed59a5ea46e950712c0c5ddc09692680d1a9f94faaed55629cf20cca0c470108539fc86b72aa13633e3031547fd9db165bfea9eb964d6435a195d2779fa056d37761667541add7edbaac2f8a1566a189d67fdcbedcf4a11598bc51368553314144b01f9bcbe52785214f3471f6c34666f01ce1d10029b75a8aa7582ef1fa0a5914da425c575226be85fc7efb42f14d3d18d92485239fc3f5bbba9ac48b1fde92f5f426f7df13c59416f642bcf2d0759c4cb9d0f930408d51bca48311d5c9517c5fdd5219d8e82902e083b0f4778140a04eb995b2651d4c5ea545d324a3e496584d270223824139a905f67dad63f287e4d2ae101965c220e7aeb77eb68242fa9ac704f3568abcb70522922d49b7f2b851eebca2140c7d39936f5da6d6f12b1b857e2486d30728d307f2e6439dc2e1036aa88f5ca00493d73c552656d5ced756830b2d2b60a0b2bd33b81435fb0bd1572a327a664bc8a2fb0d8124ac99134adc63c1dc49f6e509367c0e60a07253b6741579350b31aaad74d59a857d9c54e7ee58e9460b7f512d54164812877e14da5a3b6fb58116ebc0a2f10772a16337475bc96b32419cb7f811569074cf9454aade6bde4e4bd909f170148fec084bdfde29b17d7ad854915f844828b9e8eef20b70d7a781f1be911fa0b6f7a104065d22c95d9a0e013089b1ffeaf68bbdfacea7a56c2d17cde94a1d744d9000039f2118d088b2154153fa17636e6a5b1a70bf762330f8dbe9e5a77621fdc003a0faca3a304ac92cf6c47eb8183c482cb2232f2330632d7c89e72188566e0d270b82b30cbc51db335b89f1cd3f17e5b529a18babdae01426bbdc3ba6e7fd048ca18b3afe893483e864ad2519142709df00b60239cbbe1dbb2be4d44a7bc36e1b3abcc964cec7b531908ddbce00b315cbd9fd663ffe3a479321a1bcb56305ac2a9a172e6bbdd19cd62ac2c4b3be5dad36fcb6d9d8c1223947e11e91690dba02e1ab44e785fc131bedea17be3176a153c46dff0f164519de5f4bd87e48ba0eff70e8ead8fc6485b1e9de4910b7de26b3769c46f79a6fd236ce9334c04db7bb959150490aad3a9b50441facfd1fa19b43d2bd066f96b51d32930e71a477692012ed7ce03a10f2730e4ae5b2ddc07912717108288c0aea7f045eef6be1cb06bd821b515617b58b8d9a2f900c386b315c648ac47f754af19f0feb4cc15c12a4ddcf646bbbf48646a1e5177d3688f2ac1a9f21c6697df34067f135fc612a5ebc8384a0b601d11dcf49e2949e230db7526eb9b1a8fd9ddcdf775701d1a521b2fa65d96ca1a8c4ccb309676303c25469f91b19e21595f87595f05c0311e375cfb13f7249c01ff1b64c830e833ec627c7d51c1ab3640f0b6b9b6548271f84b533070126d150c2d6fd6f2e5fd9ce9d05d25ef22176fefdb53337c43b4300ca19b3b8e5a954e9c38e5353cb04785b4b2cd1a458306525a4f3d90908e9ac1d29ae7d3431874c2e8ce4895822880ae7afd128bf91d9fbcc6efbbaf8a9f5000976d27e8760b38587555b4568848d159f691de1a60d493016100dbd11a8955808ea19bca8d15c7819e58845d3b3a4414f36d8cf811f38e9d51b2217b73f7dcefd24bcbae06c1e402c9093be4e1994e7fa7b19329af4b036d3d5351170ecb66c7bbfbb54256f95b5446c0a4a2eaaaaa28bd36250cad01b030e3d44afbcd720134f4f794c66fda7cb6d509471ba19d8b0b0470c99e6cb1e82ffd249cd745a4e2a681300939b432755603d63ca335096e8a4fb42c5f62cdcf0cec6f2d537a6c1818b8b5278d80b2cbb9e2d697304d4aa6615c57dc801561ca60bb3ac5f859d12f596eca43a9bb739dbba1d3aeffc24f6c3b3db5b151e87f5e54b2d9329a32671d3e355e88b37af02c2d6a56b5040aa83d3491a3ea0a53ad75fcc8eefbb27af43104a6fb6d59d4b9ea98910bd385871fcb5050609cb47fca4198e898c3d631646b2b2e3ae41ef93fca5ca0f2c248ac58a5381cae525cd61ed1668a8ab7e2d42787453dc362ff01d10019cfb9ab09f0b1c5678b42aecb099ea5a34b9b70bd93e95e773d7e6172e9a3486bef2b39b41a1fead59d8321557062f7e24eb43d4e9bb4fc511daa5b92d7b6bd494d0f0191756fedc5d65ca53025504c0530e0a33318a52788dd6ae4d2bcf898e999393b5ee9f19c553dfe54b93f1fd425196930f6350d7bc598b853ef783afecb60d69f8d2841051bbbeb47946a67aadeab578d645444c1658791e6226455956b8222af24803003060f938478d5925f1b09bd893248bfd849d52cde7964e8fb1135ad243863c179e5b77416b2dcda0c44e7cf9c641322e19dea3833dfcdf38d2a66312d45ffb112e52941c6dd3c99fc904b5ca14ce8fc583da54497c8670e7647bb3fe0402ba5807ed71bdec3d494d36219ab8bc69346325308260d3ce1d02044fbd0f8abf8d7fe52e5ca77736577419a1e10a7adabf70fbc20683228175464c0eb89981ee7e934a403b1d30bddda24fb9c9e270f5ddc36a9c08c9efb2981a493c5d4838edec3cee4bf027792d46d287bbee43409d0eb25914cd1c5c493bbd5a92e6185d193c11880356257bfa1616afcf0fdade4320ae7864cc525fcc7e0bdaeb4e8fac26ec2cf101ab3f048f0346281dbb0752a919848bcbb3620052aa04c42f2a0eed77cee2035a1b2adf3db2f49b74cfaa57e09921be8b0fb1dd2267a95ad1895cf5eb3805e1f529c8a1b5f2b483f0398cc5fad1cf04844b1f441ce68c766e70060acf52530eae1904eea76dd0b3e35b6f15b345caa267a4475b27dbe2d646eed3013e55e9783b3a4db8c06226909dcbfa6290f63032c8cc9e871b230d4e28ce0595305512f2c6a73c50846e9bbee4ba36c6c466e2f726766b1d4dddef4f3b447a818c12243c2eb6f57a79ace24f02e369216783c3a0c63217561351dd818a6f7984f29bbc1c3146d2736268a9d235d6caf20869013362a91f42e765eaab70bf18e23541fd0bee2f2f54a4c14e5ee8e581c1367954aac7bfe86ad40881dfbba170e5f1b2eed86ba0fef6024ffc665ab229723e4f8b3b8eef4a1252edafaaa8eeb88cebf0eaed6d3f8908839d0584104a5f923a274e5e5b039beee71f497ca62b3bd4c8fb12200dbc829cad32e84d0247133a86bce6f0617c009b3d372ee41ec5aee551dae42629a90f6518d890314340a514435c7fc81bbe684a880934cd03b0904a6db21482c6e53a7240aaec11f3e2e2d424f5e8fd470023c2d17bd30762d2ce39712c6ec068d45298569b0400d9e400e3c5ef3754be8f8ab3878bb1320c027e18aee768f20d6da94dad977b7f7294da444463877e12c46963f8a8a4b89acf68b960abb3416e7fe9cd2099a5946553200ebff8bc8904a81ee1eccf1a7abc212e6fad636790aaff3905a1a6904dcdfef20df4a41bf3a5880d3831bfaa8f4c631f42ae5fd78e91b46b4438698d6eaa73bd0bad9a794fb9bf9f45768f77e0d29ff6767e57285ff98a181af22d476727bd7dd4fe5d86dde37fbcd546b207076711248af978b0311b9c4b4e5e21d293a3b92d8f8e83896f25db7621dcb23371ba9036805c493e64f1d4502e4d4c8d350680769b2c2cc698cdd6294768dd115a8209edb226880487164beecb20a23fc662d1f8718f4bced664a03f8a6449615affbcf53f49bf57629f0c385b25ae2c4efdf6751f0eef1a31be9be4b460bad5944d783a1aa967564e254f14fdd284578962c1963d104392d9b7d98d27ab0fd8d0e8efe4ac10d434db400a12988edf0e1d6e155285f371142dc2b2455c678f381aad4783e4a9a0b04d3a880b6f90db91d066075517bbaf833a27b0f752aa1314fe2db365f24d9a96677ed9044416c4de50d654612cffd301f01fe1e4ec13740d030898936f97dd25e28ed265cf25331851c9808362da74a44f2065beae2c0ddc7b726c4609806960e6aeaee3f9bee24653bc0a3260b79aa789688dc3474d96b9336032653f963e5cc4555072c68a411a2391a534747f0d78760316e72c024f964e8c01c75a4c6361e87f74154863048aa49b94c1389bb97773210756c0546a7b200f9e30d2d12361d116f91e356f5cccd977305c5f008254ad4e4911e669a59bca6c210b07597f13fbbe1a61e3c2af10b2c4e9c3aa9b5838f35"}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xc3, 0xa8, @random="ff2e3d2feaaaf878bd848211ed311a3ebf41845942cafceb0b5b36ee0f1ba118e17ec4fb77a514dc225fafa239b0f9dcaf103213f8a81f4c40e905763acef48e79692a3c1db020aa69813b3c0cb7a9c1aa78ecfc254c4d8d331b2a1f345f38ba9e717a96c76ff3f67e39409b92aa63df46a8926d318f3b280b0c7effa911380a8b57494fde0f0de17539d1d0c30341235c97881488144b6203ded3f4e94024e65454dd4e34a07a98145ddc5c297c3f5a5e20a96763544d2252d71da1e69577"}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x7}]}, 0x1148}, 0x1, 0x0, 0x0, 0x4000}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000002440)={&(0x7f0000000500)=@newchain={0x43c, 0x64, 0x400, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x5, 0x4}, {0x0, 0xd}, {0xf, 0x9}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3f, 0x9, 0x9, 0x0, 0xd153, 0x1, 0x0, 0x200, 0xea90, 0x861, 0x1000, 0x5, 0x9, 0xb, 0x1, 0x7, 0x1, 0x0, 0x6090, 0x2000000, 0x6, 0x9, 0x4, 0x7fff, 0x7, 0x7, 0x6a, 0x8, 0xb, 0xa962, 0x932, 0x8, 0x6bf1, 0x480a, 0x6, 0x9da, 0x5, 0x100, 0x9, 0xec6, 0x100, 0xfff, 0x81, 0x7, 0x6, 0xd, 0x6, 0x682, 0x9b2, 0x6, 0x957, 0xfffffbdd, 0x1, 0x7, 0x7, 0x1, 0x3, 0x252b0000, 0x100, 0xfffffffd, 0x401, 0x0, 0x5, 0x401, 0x3, 0x1, 0x5, 0x1, 0x80008, 0x7, 0xffffffff, 0xe, 0x10000000, 0x1, 0x2, 0xd, 0x0, 0x80000001, 0xcb3, 0x7f, 0x1, 0x81, 0x4, 0x0, 0xffffffff, 0x1, 0x27180000, 0x8, 0x7fff, 0xbcf9, 0xf, 0x0, 0x2, 0x4, 0xb5c, 0x6, 0x4ec, 0x3, 0x3, 0x6, 0x9, 0x8, 0x7fffffff, 0x81, 0xabc0, 0x7e, 0x6, 0x2, 0x0, 0x0, 0x5, 0x2, 0x9, 0xff, 0x7631, 0x2, 0x37, 0x81, 0x101, 0x6, 0x3, 0x5, 0xfffffffe, 0x6, 0x5, 0x8, 0x5, 0x6, 0xe8f, 0x4d9a, 0x0, 0x800, 0x7, 0x7f, 0x9, 0x0, 0x6, 0x80, 0xd, 0x4, 0x0, 0xe9e, 0x2, 0x1000, 0x9, 0x4, 0x9, 0x100, 0x3, 0x6, 0x0, 0x6, 0x1ff, 0x7ff, 0xfffff9db, 0x0, 0x8bf, 0x80, 0x4, 0x200, 0x3, 0x5, 0x3302, 0x7, 0x1, 0x8, 0x9, 0xe, 0x7ac2, 0x6, 0x6, 0x81, 0xfffffffb, 0x2407, 0x2, 0x80000001, 0x8, 0xfffff0d1, 0x3, 0x401, 0x9, 0x5, 0x9, 0x5, 0x1, 0x3, 0x5, 0x5, 0x6, 0x81, 0x1, 0x8, 0x0, 0x8, 0xe, 0x0, 0x100, 0x0, 0x1000, 0x3, 0x0, 0x4, 0x7, 0xff, 0x2, 0x4, 0xe, 0x2e, 0x90, 0x2, 0x0, 0x7fffffff, 0x8, 0x6, 0x4, 0x7, 0x7fffffff, 0x9e, 0x3993, 0x9, 0x6f, 0x2, 0x4, 0x934c, 0x5, 0xfff, 0x4, 0x3, 0xfffffff9, 0x1, 0x1, 0x1, 0x1, 0x5, 0x3, 0x0, 0x1, 0x101, 0x0, 0x4, 0x8, 0x1, 0x8, 0xfffff001, 0x7a, 0x2, 0x6, 0x2, 0x1, 0x1, 0x4, 0x80000001, 0xb, 0xfc, 0x4, 0x7]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x5, &(0x7f0000002a80)=ANY=[@ANYBLOB="18000000030000000000641a6e7fb36946c9000000002abf18680000030000000000000006000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1m44.933273323s ago: executing program 0 (id=34): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0) umount2(&(0x7f0000000240)='./file0/file0\x00', 0x9) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000e40000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES8=r1, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ffffffffffffffff00000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060f5d9"], 0xb8}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 1m44.855260696s ago: executing program 0 (id=35): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x1ab083, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000200)=ANY=[@ANYBLOB="a5050f0000b55e04b45adbde080045000074000000000078e00000e0460000000000000000110000ac1414aaac1414aa830300070300443c0003ac1e000000ac1414bb00000000ac1e000100000000ac141400"/127], 0x0) 1m42.674154754s ago: executing program 0 (id=51): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000feffffff0f00000008000300", @ANYRES32=r2, @ANYBLOB="08009dec349029d87e01dccbccd818d1455977080000"], 0x24}, 0x1, 0x0, 0x0, 0x48008}, 0x40080) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1, 0x12, r5, 0x0) r6 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$ARPT_SO_GET_INFO(r6, 0x0, 0x60, &(0x7f0000001000), &(0x7f0000000f40)=0x44) prctl$PR_SET_PTRACER(0x59616d61, r4) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYRES32=r2, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000ac1414aa00000000000000000000000003000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000cd000000000000003400170015000000000000000000000000000000000000000000000004000000050000000100000008000000f7ffffff008000004c00140063"], 0x170}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x1, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2102}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0x9, 0x2, 0x2}}]}]}]}, 0x4c}}, 0x0) 1m42.641078425s ago: executing program 32 (id=51): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000feffffff0f00000008000300", @ANYRES32=r2, @ANYBLOB="08009dec349029d87e01dccbccd818d1455977080000"], 0x24}, 0x1, 0x0, 0x0, 0x48008}, 0x40080) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1, 0x12, r5, 0x0) r6 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$ARPT_SO_GET_INFO(r6, 0x0, 0x60, &(0x7f0000001000), &(0x7f0000000f40)=0x44) prctl$PR_SET_PTRACER(0x59616d61, r4) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYRES32=r2, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000ac1414aa00000000000000000000000003000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000cd000000000000003400170015000000000000000000000000000000000000000000000004000000050000000100000008000000f7ffffff008000004c00140063"], 0x170}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x1, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2102}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0x9, 0x2, 0x2}}]}]}]}, 0x4c}}, 0x0) 27.748021833s ago: executing program 4 (id=976): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {0x6}, {0x0, 0xb}, {0xfffd, 0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FWMARK={0x8, 0x12, 0x9b9}]}}]}, 0x3c}}, 0x4040890) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0) r1 = syz_io_uring_setup(0x7c1f, &(0x7f0000000140)={0x0, 0xeb65, 0x20, 0x2, 0xd2}, &(0x7f0000000040), &(0x7f00000000c0)) io_uring_setup(0x3eb2, &(0x7f00000001c0)={0x0, 0xb210, 0x2, 0x2, 0x257, 0x0, r1}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {0x6}, {0x0, 0xb}, {0xfffd, 0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FWMARK={0x8, 0x12, 0x9b9}]}}]}, 0x3c}}, 0x4040890) (async) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0) (async) syz_io_uring_setup(0x7c1f, &(0x7f0000000140)={0x0, 0xeb65, 0x20, 0x2, 0xd2}, &(0x7f0000000040), &(0x7f00000000c0)) (async) io_uring_setup(0x3eb2, &(0x7f00000001c0)={0x0, 0xb210, 0x2, 0x2, 0x257, 0x0, r1}) (async) 27.678722969s ago: executing program 4 (id=977): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x5}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x58}}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000001000)={0x20, 0x140d, 0xe3263c25d365e57d, 0x70bd2a, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x50) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r3, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x11) 27.678229794s ago: executing program 4 (id=979): madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000140)=0x11) close_range(r0, 0xffffffffffffffff, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = syz_open_dev$loop(&(0x7f0000000100), 0xd590, 0x513100) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r2) r4 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r4, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x5a}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000000) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00') read$FUSE(r5, &(0x7f0000004180)={0x2020}, 0x2020) 27.614075652s ago: executing program 4 (id=982): mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB='/'], 0x2) mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0xafa88, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountstats\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) readahead(r1, 0x1, 0x8001) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) read$FUSE(r0, &(0x7f00000001c0)={0x2020}, 0x2020) 27.605486802s ago: executing program 4 (id=984): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x511240, 0x0) ioctl$TUNGETIFF(r0, 0x800454d2, &(0x7f0000000040)={'gretap0\x00'}) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0) ioctl$TCGETS2(r1, 0x802c542a, &(0x7f00000000c0)) ioctl$TIOCGICOUNT(r1, 0x545d, 0x0) ioctl$TIOCNXCL(r1, 0x540d) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f0000000100)={0x0, 0x7}) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000001100)) r2 = socket$nl_route(0x10, 0x3, 0x0) syncfs(r2) r3 = syz_open_dev$audion(&(0x7f0000001140), 0x0, 0x200000) ioctl$BTRFS_IOC_QUOTA_RESCAN(r3, 0x4040942c, &(0x7f0000001180)={0x0, 0x2, [0x0, 0x4, 0x3, 0x3, 0x6, 0x7d66]}) ioctl$TIOCMGET(r1, 0x5415, &(0x7f00000011c0)) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x3) ioctl$LOOP_SET_FD(r3, 0x4c00, r0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000001400)={0x5, 0x10, 0xfa00, {&(0x7f0000001200)}}, 0x18) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f0000001440)=0x104000, 0x4) ioctl$LOOP_SET_FD(r3, 0x4c00, r4) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000001480), 0x802, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x80049367, &(0x7f00000014c0)) accept$ax25(r3, &(0x7f0000001500)={{0x3, @netrom}, [@remote, @default, @bcast, @rose, @netrom, @default, @remote, @rose]}, &(0x7f0000001580)=0x48) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r6, &(0x7f00000015c0), 0x14) fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f0000001600)='(#-\x00', 0x0, r5) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000001640)='/dev/net/tun\x00', &(0x7f0000001680)='gretap0\x00', 0x0) ioctl$TIOCPKT(r3, 0x5420, &(0x7f00000016c0)=0x1) r7 = syz_open_pts(0xffffffffffffffff, 0x80042) ioctl$TCGETS2(r7, 0x802c542a, &(0x7f0000001700)) 27.003062716s ago: executing program 4 (id=985): socket$nl_route(0x10, 0x3, 0x0) 27.002519741s ago: executing program 33 (id=985): socket$nl_route(0x10, 0x3, 0x0) 10.965070975s ago: executing program 5 (id=986): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}, 0x11}], 0x400000000000172, 0x4000000) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000100)=0x2, 0x4) 9.030526083s ago: executing program 5 (id=986): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}, 0x11}], 0x400000000000172, 0x4000000) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000100)=0x2, 0x4) 6.997587989s ago: executing program 1 (id=1096): r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x40002, 0x0) write$binfmt_script(r0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) r4 = syz_io_uring_setup(0x400095, &(0x7f0000000140)={0x0, 0x0, 0x10, 0x3, 0x2, 0x0, r3}, &(0x7f0000000240)=0x0, &(0x7f0000000100)=0x0) r7 = socket(0x40000000015, 0x5, 0x0) getsockopt(r7, 0x200000000114, 0x2721, 0x0, &(0x7f0000000000)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x24102}, &(0x7f0000000500)='./file0\x00', 0x18}) io_uring_enter(r4, 0x10ef, 0x71cd, 0x40, &(0x7f0000000000), 0x8) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000500), 0x101, 0x0) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/13], 0x48) r9 = msgget$private(0x0, 0x20) msgsnd(r9, &(0x7f0000000400)=ANY=[@ANYBLOB="9e0e015cee5c7832bb6dea31eab7f454a2737fbc9f159b78931f6bd9fc37241deba817a8c8bd2b3ea30b1db54d791d990a64a3ac157b0bf9d14e683e8bc430f7851d0845f9c7cb6d84e9f2aef63212b0be826886a9815facc8994c601232ea3fd2bc7c00343073e5e53f65676f1544f844a8ee25aec65a98ee6555de7eb757b84b8605ba7cd6a9688afd16ebc517bd64f9c58471b22bc5e3dcfbc12823e6f250db5669536cdbf673f12cb99456ef12eb247cb79a76870885e752c31764"], 0x8, 0x800) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0xbc, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0xaa, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@local}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94"]}]}, 0xbc}], 0x1}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552d215f6", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e00000018000280140011"], 0x48}}, 0x0) r10 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r10, &(0x7f0000000140), 0x4924b68, 0x0) msgrcv(r9, 0x0, 0x0, 0x2, 0x800) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000880)={{r8}, &(0x7f00000007c0), &(0x7f0000000040)='%pI4 \x00'}, 0x20) r11 = openat$cdrom(0xffffff9c, &(0x7f0000000640), 0x0, 0x0) ioctl$CDROMCLOSETRAY(r11, 0x5382) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000800)={r8}, 0x4) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r8}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@var={0x0, 0x21}]}}, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r12, 0x2f08, 0x10, 0x10, &(0x7f00000006c0)="0000000000000005", &(0x7f0000000700)=""/8, 0x447, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) io_uring_enter(r4, 0x47f6, 0xbacc, 0x0, 0x0, 0x0) 6.927186681s ago: executing program 5 (id=986): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}, 0x11}], 0x400000000000172, 0x4000000) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000100)=0x2, 0x4) 4.918131701s ago: executing program 1 (id=1099): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) (async) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='percpu_create_chunk\x00', r3}, 0x18) (async) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r4}, 0x10) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63d, 0x1, 0x2, 0xd59f83, 0x19f2, 0x3b, 0x19ef, 0x3, 0x8, 0x2800, 0x2800, 0x2, 0xba2, 0x0, 0x38, {0x8, 0xffffffff}, 0xd1, 0x9}}) 4.724982304s ago: executing program 1 (id=1105): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000077ceb5d48500000084000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ppoll(&(0x7f0000000900)=[{r1}], 0x1, &(0x7f0000000940)={0x77359400}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000040)='hrtimer_init\x00', r2}, 0x10) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000040)="0f017715b9800000c00f3235000100000f300f01cb0f01c9b8010000000f01c10f090fc7ab008000000f20e035400000000f22e00f01cf0f01c3", 0x3a}], 0x1, 0x0, 0x0, 0x0) preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r6, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) bind$inet(r6, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10) r7 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r7, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) bind$inet(r7, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)=""/103, 0x67}], 0x1, 0x20000, 0x100) r8 = syz_open_dev$evdev(&(0x7f00000002c0), 0x0, 0x4e6400) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r9, 0x4018aebd, &(0x7f0000000340)={0x0, r4}) ioctl$EVIOCSABS0(r8, 0x401845c0, &(0x7f0000000300)={0xca, 0x7, 0x1, 0x81, 0x8, 0xbce8}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 4.724683025s ago: executing program 5 (id=986): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}, 0x11}], 0x400000000000172, 0x4000000) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000100)=0x2, 0x4) 2.555791472s ago: executing program 1 (id=1106): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) io_uring_setup(0x1b94, &(0x7f0000000000)) r1 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0xc1105511, &(0x7f0000000000)={0xb, 0x0, 0x0, 0x0, 'syz1\x00'}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) io_uring_setup(0x4f01, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x396}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000001040)={0x0, 0x54, &(0x7f0000001000)={&(0x7f0000000040)=ANY=[@ANYBLOB="d8010000", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf25010000000800050001000000060006004e220000140002007767320000000000000000000000000024000400a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5427c0108800c01008006000500070000002400020086650b35f0b4c2dc04a95e352f55e8204db1e72262099a4daa6bd5d598d1ecdb24000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002004e24ac1e0001000000000000000008000300000000009c0009801c000080060001000200000008000200e0000002050003000300000028000080060001000a0000001400020020010000000000000000000000000001050003"], 0x1d8}}, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000480)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000580)={@flat=@binder={0x73622a85, 0x1, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000900)=""/206, 0xce}, @fda={0x66646185, 0x6, 0xffffffffffffffff, 0x15}}, &(0x7f0000001280)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x12, 0x6, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085100000010000009500000000000010bfa000000000000095"], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={@fallback=r7, 0x6, 0x0, 0xd, &(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) 2.554248488s ago: executing program 3 (id=1108): r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000fc0)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x31}, 0x80, &(0x7f0000001000)=[{&(0x7f0000001040)="b8b2cc1e00c1dba49dbb66ca3a66bb0280000788fb", 0x15}], 0x1}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/sockstat6\x00') pread64(r1, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000200)={0x7, 0x0, {0x8, @struct={0x8000, 0x5}, 0x0, 0x47, 0xffff, 0xd, 0x6, 0x1, 0x83, @struct={0x50000000, 0x10}, 0x1a89, 0x8, [0x1a7d, 0x97, 0x8, 0x0, 0x9, 0xffffffff]}, {0x8, @struct={0x3, 0x9}, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x1, 0x7, 0x39, @usage, 0x4, 0x6, [0x6, 0x9, 0x6, 0x7, 0x3, 0x1]}, {0xfffffffffffffff6, @struct={0x8, 0x4}, 0x0, 0x7, 0x7, 0xffffffff, 0x1, 0x3, 0x40, @usage=0x3, 0x9, 0x1, [0x0, 0x8, 0x5, 0x4, 0x10, 0x9]}, {0x5, 0xc000000000000000, 0x6}}) ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000600)={0x0, "42dd63036cb5d1883caa495e4f39b15e"}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0xa, [@fwd={0x8}, @struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x0, [{0xd}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f]}}, &(0x7f00000003c0)=""/4096, 0x46, 0x1000, 0x1, 0x0, 0x0, @void, @value}, 0x20) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r4, &(0x7f0000006180)={0x2020, 0x0, 0x0}, 0x2020) r6 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) write$FUSE_DIRENT(r4, &(0x7f0000000440)=ANY=[@ANYBLOB="0001000000000000", @ANYRES64=r5, @ANYBLOB='\a\x00\x00\x00'], 0x100) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r8, &(0x7f0000001c00)={0x0, 0x0, 0x0}, 0x0) sendmsg$inet(r7, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000000040)="a5", 0x1}], 0x1}, 0x11) sendmsg$inet(r7, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001140)=[{&(0x7f0000000080)='\b', 0x1}], 0x1}, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000001600)={0x8, 0x4, {0x3ff, @struct={0x4, 0x2}, r2, 0x7, 0xffffffff, 0x9, 0xff8000000000000, 0xd4b, 0x20, @struct={0x6, 0x1}, 0x71, 0x2, [0x3c, 0x4, 0x7fe, 0x3800000000, 0x8, 0x3]}, {0x6, @usage=0x1, 0x0, 0x5, 0x1ff, 0x3ff, 0xea3f, 0x3, 0x42, @struct={0x7, 0x2}, 0x0, 0x3, [0x7, 0x7, 0x8d7, 0x66c1, 0x52, 0x5]}, {0x619e3a21, @usage=0x9, r3, 0x100000000, 0x9, 0xa, 0x3, 0x8000000000000000, 0x40a, @struct={0x4, 0x8001}, 0x4, 0x41e, [0x10, 0xe, 0x7fff, 0x3, 0x6, 0x6]}, {0xffffffffffffffff, 0xffffffff, 0xf}}) 2.535279859s ago: executing program 1 (id=1109): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0405665, &(0x7f0000000180)={0x1, 0x4, 0x80000000, 0x1000, 0x3ff, 0x8, 0x8}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000030022d6850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x6e0}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000002c0)='percpu_alloc_percpu_fail\x00', r2}, 0x10) prctl$PR_SET_IO_FLUSHER(0x39, 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 2.533573879s ago: executing program 2 (id=1110): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000002500), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0x40086806, 0x0) write$P9_RSTATu(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="930200007d00000005f00000000000000000000000000000000000000000000000000000000000046e6f6465767b63762f5b109e461bd57702000000000031ffcebc920000003800704a86cec602007dfa673effeb09b5351f5bde05f7"], 0x232) 2.531721751s ago: executing program 2 (id=1111): r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) close(r1) openat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x42200, 0xa0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) execveat(r2, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x1000) 2.448145941s ago: executing program 3 (id=1112): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000d40), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000440)={0x34, r2, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xc2}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}]}]}, 0x34}}, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000d80)=@e={0xff, 0xb, 0x0, 0x0, @SEQ_NOTEON}) 2.447887228s ago: executing program 2 (id=1113): arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000dc0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, &(0x7f0000000300), 0xd) write$binfmt_elf64(r1, &(0x7f0000000580)=ANY=[], 0x78) recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/11, 0xb}, 0xe4d}], 0x1, 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x840, 0x100) faccessat(r2, &(0x7f0000000080)='./file0\x00', 0x10) 2.447559335s ago: executing program 3 (id=1114): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 32) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="042fff01aaaaaaaaaa0200"], 0x102) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000019180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000fcdbdf252100000008000300", @ANYRES32=r2, @ANYBLOB="08009e005a300000a12fab8874cd4d2f56cb88e905a7c4915ed6e845625a48031364"], 0x24}, 0x1, 0x0, 0x0, 0x24004801}, 0x9590f6cc3aa711f2) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) (async, rerun: 32) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async, rerun: 32) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000adb000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x33, 0x0, 0x0) (async, rerun: 64) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000140)={&(0x7f0000362000/0x2000)=nil, &(0x7f0000fea000/0x1000)=nil, 0x2000}) (async, rerun: 32) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001800010000000000f8dbdf2102200008000000090000000008000100e000000206001c004e20000008000700e000000208000200ffffffff080001"], 0x4c}}, 0x0) (async, rerun: 32) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000440)={0xd28, r6, 0x615cd924cba39ce}) ioctl$F2FS_IOC_GET_FEATURES(r7, 0x8004f50c, &(0x7f0000000480)) (async, rerun: 64) r8 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3400000050000104002ff827a754c3549faa7bb2", @ANYRES32=0x0, @ANYBLOB="00000000201200001400128009000100626f6e640000000004000280"], 0x34}}, 0x0) (async) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x0) (async) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x88, r1, 0x300, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x2e}, @NL80211_ATTR_MAC={0xa, 0x6, @random="0bb654b0a21c"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}, @NL80211_ATTR_PMKID={0x14, 0x55, "54fbc23f8adc3ffea67c20f66b924ceb"}, @NL80211_ATTR_PMKID={0x14, 0x55, "7980c09923d84eb5b96ca6a7baacaf62"}, @NL80211_ATTR_SSID={0xd, 0x34, @random="7c40ded1b547620f0a"}]}, 0x88}, 0x1, 0x0, 0x0, 0x8040}, 0x40001) 2.444968771s ago: executing program 2 (id=1115): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r1 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RTC_AIE_ON(r1, 0x7001) socket$alg(0x26, 0x5, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="78010000170001000000000000000000fc0000000000000000000000000000000000000000000000fe8000000000000000000000000000bbac1414bb000000000000000000000000fc00"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000ffffffff00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000044000500"], 0x178}}, 0x0) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000180)={0x0, 0x1, {0x6, 0x20, 0x16, 0x4, 0x0, 0xff, 0x4, 0x4b}}) r4 = openat2(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x80, 0x6d, 0x19}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1e00000001000000fd0f00000308000000100200", @ANYRES32, @ANYBLOB="4712192800"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0900009ff56e66b20400001006000000c036920a1156f15b50000000"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="10000000040000000400000002000000000000", @ANYRES32=0x1, @ANYBLOB="000000000000000000bc001e5b58bce3e7ea351757160d24de9c9acb1956ef951658447c08a78e6d4b703dc62515b780000000e3b1db532abbc9e2cd9b33ff72b8", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000ffffffff00"/28], 0x48) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="4400000022aca1613e090601020000000200000000000000000900020073797a3100000000050001000755f36bad22560000001c0027800c00018008000140e00000020c30ce7ce0c687cf60bca16d9fd1bafb0bd9922e4e185a37448e14916f95dd57d61db22716d860a87a35518046ff30411db18372feaaafc98d2a517528e5c9b51f25702b83351addac11d7a467ae02db6a1957303d41e1b095238c649fb96b6b71f9a60e6b42c3d5a7b08964d4699327633b9c4ff168f792aed6eef9c5920f0ad3759a802bc4c796372f735a19af2c3eb53f2f889b321ccc311ca2b99d564322ae7a6c1f033fc203a94da2b60d6c6c1543478e9538c15396e94055374672ad03af59"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) syz_emit_ethernet(0x86, &(0x7f0000000780)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "5b29ab", 0x0, 0x11, 0x0, @private1, @empty, [@dstopts={0x0, 0x0, '\x00', [@ra={0x5, 0x21}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000040)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0], &(0x7f0000000280), 0x4000024e, r7}) setreuid(0xee01, 0xee01) ioctl$TIOCSPTLCK(r4, 0x40045431, &(0x7f0000000200)=0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x3, 0xe, &(0x7f0000000440)=ANY=[@ANYRES16], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0)={0x20, 0x1, 0x0, 0xfffffffc}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.441363412s ago: executing program 5 (id=986): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}, 0x11}], 0x400000000000172, 0x4000000) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000100)=0x2, 0x4) 227.004719ms ago: executing program 1 (id=1116): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="00220fe0ffc563448900000083854081000000f9ff00007687f5137e567200fbc498e82e00800000000000007de8d651e8dedc11a2cf4c39c3fd164ad51c2b1563deee24047737504eafc48262b5bab595d207e08b139a4e15eec68f4335c909f0c08ab7999d99ec30a74b27c5c7aba88bb2b23c8cc78a7f53265df50489da3fb67eec8a5fe1a4d8ea39c98e4699a000366fb5c2586fb572109059a7795b8124183db01273db1f2e790883c810c22118a12f652bf24880a75fcde54fa10df88625dcefb2360e79db1f09e96ebe7ed95273b3ad1d9a5635893ef9c4bc68758594ec565758fac037f972ebedc99fa33a5134fcc2c9f5201612d38381a7f27d9ad6728d9d011de9445c5e7af4a854f5e3728442cc7e6c0d3566f69ed08b664df95933fdb25dbcce4829ca19ce85d3b97bc092a65195ed56b67533dacb894405d5bf7e2c4a987734aa234c867704"], 0x0}, 0x0) r2 = syz_open_dev$hiddev(&(0x7f0000000100), 0xfffffffffffffffd, 0x311802) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000006c0)=':\x00', &(0x7f0000000700)='ext4_mark_inode_dirty\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f0000000100)='fuseblk\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000580)='\xc8/A\xe3\xfe[\x16@:\xe5\xfc\xb7\xff\x02\xb0Z!\xa6\xcc+\xed\t\x10\x11\xe8\xcb4\x06\xfa@\x11l\xbd-Rw\xf4}\x11\xc0\xb3:!\x19\x9cq\xe6\x1f8cE\xe7\x05\x97.\xb6YJ\x89\x930\x01\xd0\xfd\xfd\xf7L\xff\xc7$J\xb5H+e\x9e\x99&\xb5\x0e\xab\a.\xde\xb9\x7f\xb7\x9a\xf0\x0e\xe0Xb\x8f\x99\xe7\xa2Vs\n\xea\xaf\x04=\xb5t\xb6\'9T\x84\xe0\xc4\xbfMHo$\xca)\x1a\t\xa6\xb2\x9c\x80\x1fBz\xa4\xf7./O\x87,V\x16\\O\x90\xac\xc9\xc9k~\x99\xd1\x84Y\"$L\xbe\x83\xcf\xd3!\xa0,|b\xf5.\x06\x9d\x97\x1d\x91\xf6P\xfaNp\x1b8\xc3\x1e6\xe9\xb5\xc2\xe8\xa4#\x10\xc22t>\xf2\x909\f\xe2-[\xaf~B=\x94s\x93\xee\xce\x06\xb9\x89\xfc\xb3`P\xeao\x03\a\x9f\xc9]\x13\x99\xa1\x1b\xc7\xa0\xa8\x1eD`G\x897\x16\xbb\x1e\xf2r\xad\x16?$a\x96\x9aH\xd9\xdc\x1a\xbf<\x05\x87\x06\xa1\x98\x1e', 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x200c0000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x6, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000400), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000240)=@gcm_128={{0x303}, "c8e0292cb7697fe2", "3092c0272f43fe598175368ffca23f3d", "7ecee3c0", "244e081424ae6f89"}, 0x28) sendto$inet6(r4, &(0x7f0000000340)="d1", 0x1, 0x8000, 0x0, 0xfffffffffffffed5) write$binfmt_aout(r4, 0x0, 0xfdef) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$HIDIOCGREPORTINFO(r2, 0xc00c4809, &(0x7f0000000000)={0x1, 0xfffffffa, 0x15}) ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x560f, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x80000f, 0x2010, 0xffffffffffffffff, 0xe91ca000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x380}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r5, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) 225.3929ms ago: executing program 2 (id=1117): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='xprt_reserve\x00', r1, 0x0, 0x1}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x6a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x10, 0x0, 0x0, 0x11, 0x0, @private=0xa010102, @remote}, {0xfffd, 0x4e20, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "6d4dfdeb8cf7bbfe143803bec2ce783e04cd32308cdd8dde", "c71cb8adfce542a4bc5a026c208fd0c45787e4aa384e3d26b21ea41cc128364c"}}}}}}, 0x0) syz_emit_ethernet(0x68, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbb0100000001000000dd60828bf7003200000000000000000000ff020000000000000000000000000001020090780000000060fd906300002b00fc010000000000000000000000000000200100000000000000000000000000001e520000000000000000"], 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040), 0x55af) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0) syz_kvm_setup_cpu$x86(r3, r3, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000340)="ba4000ed0f350f01d166f20fd0ae16000f1e220f01c40f01792eba4200b023ee0f204566b9220a000066b8ca47000066ba000000000f30", 0x37}], 0x1, 0x1, &(0x7f00000003c0)=[@flags={0x3, 0x82a00}], 0x1) io_uring_enter(r3, 0x146c, 0x5318, 0x62, &(0x7f0000000240)={[0x7fffffffffffffff]}, 0x8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x10400, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000000440)={'macsec0\x00', @multicast}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8200, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000e020000040"]) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) setsockopt$inet6_tcp_TLS_TX(r9, 0x6, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "2d798f5de36892dc", "75eefbe8c1c60fd12c1df15717dc9373", "47338759", "942376a06c87e614"}, 0x28) 224.047077ms ago: executing program 3 (id=1118): r0 = socket$nl_route(0x10, 0x3, 0x0) flock(r0, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) socket$nl_generic(0x10, 0x3, 0x10) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000001300)) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000001300)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="05a300000000000000000d00000008000300", @ANYRES32=r10], 0x1c}}, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0) (async) mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r7, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0) r11 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x8d, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r11, 0xc4c85512, &(0x7f00000007c0)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x7, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x426, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18000000, 0x2, 0x0, 0x0, 0x0, 0x7, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x20000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x1, 0x0, 0x0, 0x4000000, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffff1085, 0x0, 0x4, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x1]}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r11, 0xc4c85512, &(0x7f00000007c0)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x7, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x426, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18000000, 0x2, 0x0, 0x0, 0x0, 0x7, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x20000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x1, 0x0, 0x0, 0x4000000, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffff1085, 0x0, 0x4, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x1]}) write$nci(r4, &(0x7f0000000340)=@NCI_OP_RF_DISCOVER_SELECT_RSP={0x1, 0x1, 0x2, 0x4, 0x1, 0x1}, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) r12 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r12, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000140)="4ba72c4cfd81685544f46c3f08004e363b992f21047c1d40c216930920178d659736", 0x22}], 0x1, 0x0, 0x0, 0x11000000}, 0x0) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="010000008000000000003f00000008000300", @ANYRES32=r3, @ANYBLOB="18005e800800020000edff000800010001000080"], 0x34}}, 0x0) (async) sendmsg$NL80211_CMD_SET_CQM(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="010000008000000000003f00000008000300", @ANYRES32=r3, @ANYBLOB="18005e800800020000edff000800010001000080"], 0x34}}, 0x0) 74.791588ms ago: executing program 2 (id=1119): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x71, 0x121381) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000008000/0x11000)=nil, 0x11000, 0x100000c) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'gretap0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b03f6ff78ff64000200475400f6a13bb1000000080086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r3}, 0x14) r4 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x6000, 0x0) ioctl$CDROMSTOP(r4, 0x5307) ioctl$USBDEVFS_SETINTERFACE(r0, 0x80085504, &(0x7f0000000140)={0x0, 0x6}) 71.770573ms ago: executing program 3 (id=1120): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newlink={0x28, 0x10, 0x601, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, 0x0, 0x24041}, [@IFLA_OPERSTATE={0x5, 0x10, 0x7}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 756.913µs ago: executing program 3 (id=1121): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r0, 0x117, 0x6, 0x0, 0x0) (async) r1 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 0s ago: executing program 5 (id=986): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}, 0x11}], 0x400000000000172, 0x4000000) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000100)=0x2, 0x4) kernel console output (not intermixed with test programs): ====== [ 55.641426][ T5999] usb 9-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 55.661976][ T5999] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.667507][ T5999] usb 9-1: config 0 descriptor?? [ 55.670950][ T6456] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 55.681366][ T5999] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.120/input/input6 [ 55.696185][ C3] usbtouchscreen 9-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -1 [ 55.756057][ T6492] IPVS: sync thread started: state = BACKUP, mcast_ifn = ip6tnl0, syncid = 2, id = 0 [ 55.910128][ T6500] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6500 comm=syz.2.117 [ 56.645533][ T9] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 56.752506][ T5945] Bluetooth: hci2: command 0x040f tx timeout [ 56.763144][ T5945] Bluetooth: hci0: command 0x040f tx timeout [ 56.806031][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 56.808987][ T9] usb 8-1: config 0 has no interfaces? [ 56.810619][ T9] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 56.813155][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.818330][ T9] usb 8-1: config 0 descriptor?? [ 56.843952][ T6519] netlink: 36 bytes leftover after parsing attributes in process `syz.2.123'. [ 57.009220][ T5945] Bluetooth: hci3: command tx timeout [ 57.252007][ T6505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 57.256014][ T6505] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 57.281650][ T5979] usb 8-1: USB disconnect, device number 2 [ 57.726136][ T6527] netlink: 'syz.1.124': attribute type 1 has an invalid length. [ 57.729222][ T6527] netlink: 24 bytes leftover after parsing attributes in process `syz.1.124'. [ 57.946624][ T5945] Bluetooth: hci2: unexpected event for opcode 0x201c [ 57.969068][ T6537] capability: warning: `syz.3.127' uses deprecated v2 capabilities in a way that may be insecure [ 57.994762][ T6540] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 57.998621][ T6543] binder: BINDER_SET_CONTEXT_MGR already set [ 58.000542][ T6543] binder: 6539:6543 ioctl 4018620d 20000100 returned -16 [ 58.004301][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 58.012369][ T6540] netlink: 8 bytes leftover after parsing attributes in process `syz.2.128'. [ 58.021555][ T6540] netlink: 8 bytes leftover after parsing attributes in process `syz.2.128'. [ 58.048461][ T5945] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 58.054717][ T6546] input: syz0 as /devices/virtual/input/input7 [ 58.064989][ T6548] tipc: Enabling of bearer rejected, failed to enable media [ 58.071861][ T6546] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 58.174729][ T9] usb 6-1: too many configurations: 13, using maximum allowed: 8 [ 58.178620][ T9] usb 6-1: config 0 has no interfaces? [ 58.181650][ T9] usb 6-1: config 0 has no interfaces? [ 58.185328][ T9] usb 6-1: config 0 has no interfaces? [ 58.188344][ T9] usb 6-1: config 0 has no interfaces? [ 58.191354][ T9] usb 6-1: config 0 has no interfaces? [ 58.194520][ T9] usb 6-1: config 0 has no interfaces? [ 58.197604][ T9] usb 6-1: config 0 has no interfaces? [ 58.200632][ T9] usb 6-1: config 0 has no interfaces? [ 58.205330][ T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 58.212216][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.215524][ T9] usb 6-1: Product: syz [ 58.217336][ T9] usb 6-1: Manufacturer: syz [ 58.219193][ T9] usb 6-1: SerialNumber: syz [ 58.224479][ T9] usb 6-1: config 0 descriptor?? [ 58.288430][ T5809] usb 9-1: USB disconnect, device number 2 [ 58.331534][ T6556] __nla_validate_parse: 1 callbacks suppressed [ 58.331550][ T6556] netlink: 8 bytes leftover after parsing attributes in process `syz.4.134'. [ 58.424726][ T6563] afs: Unknown parameter 'uid<00000000000000060928' [ 58.445532][ T9] usb 6-1: USB disconnect, device number 2 [ 58.483628][ T6566] tmpfs: Unknown parameter 'mpod' [ 58.663134][ T6569] netlink: 8 bytes leftover after parsing attributes in process `syz.3.138'. [ 58.664230][ T6571] tmpfs: Cannot change global quota limit on remount [ 58.722943][ T6573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.139'. [ 58.976087][ T5945] Bluetooth: hci0: command 0x040f tx timeout [ 59.125784][ T5999] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 59.232731][ T5945] Bluetooth: hci3: command tx timeout [ 59.278904][ T6598] dlm: no locking on control device [ 59.281996][ T6600] netlink: 20 bytes leftover after parsing attributes in process `syz.2.146'. [ 59.289117][ T5999] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 59.292209][ T5999] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 59.294943][ T5999] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 59.299664][ T5999] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 59.302278][ T5999] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 59.304575][ T5999] usb 6-1: Product: syz [ 59.305921][ T5999] usb 6-1: Manufacturer: syz [ 59.307272][ T5999] usb 6-1: SerialNumber: syz [ 59.310085][ T5999] usb 6-1: config 0 descriptor?? [ 59.445030][ T6615] netlink: 'syz.4.150': attribute type 9 has an invalid length. [ 59.448640][ T6615] netlink: 244 bytes leftover after parsing attributes in process `syz.4.150'. [ 59.530502][ T5999] adutux 6-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 59.568002][ T6633] program syz.4.152 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 59.642795][ T9] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 59.814855][ T9] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 59.818673][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.822461][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.826466][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 59.829760][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.833578][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.837617][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 59.840972][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.845373][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.849902][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 59.853945][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.858620][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.862972][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 59.866505][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.869850][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.873910][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 59.877647][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.881076][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.885449][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 59.888762][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.892080][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.896465][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 59.899415][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.901958][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.905008][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 59.910216][ T9] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 59.912842][ T9] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 59.915207][ T9] usb 8-1: Product: syz [ 59.916431][ T9] usb 8-1: Manufacturer: syz [ 59.917835][ T9] usb 8-1: SerialNumber: syz [ 59.925312][ T9] usb 8-1: config 0 descriptor?? [ 59.934672][ T9] yurex 8-1:0.0: USB YUREX device now attached to Yurex #1 [ 59.959597][ T6662] delete_channel: no stack [ 59.962220][ T5312] usb 6-1: USB disconnect, device number 3 [ 60.143289][ T5312] usb 8-1: USB disconnect, device number 3 [ 60.146902][ T5312] yurex 8-1:0.0: USB YUREX #1 now disconnected [ 60.523088][ T40] kauditd_printk_skb: 63 callbacks suppressed [ 60.523104][ T40] audit: type=1400 audit(1736077431.395:390): avc: denied { create } for pid=6675 comm="syz.4.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 60.525116][ T6676] xt_hashlimit: size too large, truncated to 1048576 [ 60.583686][ T6681] @: renamed from vlan0 (while UP) [ 60.649069][ T6682] overlayfs: invalid origin (0000) [ 60.756705][ T6684] netlink: 132 bytes leftover after parsing attributes in process `syz.2.161'. [ 60.825291][ T40] audit: type=1400 audit(1736077431.676:391): avc: denied { execute } for pid=6686 comm="syz.2.162" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=13580 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 61.026802][ T40] audit: type=1400 audit(1736077431.872:392): avc: denied { create } for pid=6691 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 61.033119][ T40] audit: type=1400 audit(1736077431.882:393): avc: denied { connect } for pid=6691 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 61.045478][ T40] audit: type=1400 audit(1736077431.891:394): avc: denied { bind } for pid=6691 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 61.058260][ T40] audit: type=1400 audit(1736077431.891:395): avc: denied { setopt } for pid=6691 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 61.065899][ T6692] netlink: 20 bytes leftover after parsing attributes in process `syz.3.164'. [ 61.066739][ T40] audit: type=1400 audit(1736077431.891:396): avc: denied { write } for pid=6691 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 61.080237][ T40] audit: type=1400 audit(1736077431.900:397): avc: denied { read } for pid=6691 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 61.152362][ T6698] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 61.152362][ T6698] The task syz.3.165 (6698) triggered the difference, watch for misbehavior. [ 61.186418][ T40] audit: type=1400 audit(1736077432.022:398): avc: denied { create } for pid=6701 comm="syz.3.166" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 61.195703][ T40] audit: type=1400 audit(1736077432.031:399): avc: denied { write } for pid=6701 comm="syz.3.166" name="file0" dev="tmpfs" ino=235 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 61.222417][ T5943] Bluetooth: hci1: unexpected event for opcode 0x2029 [ 61.231885][ T5943] Bluetooth: hci1: unexpected event for opcode 0x2029 [ 61.275510][ T6702] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 61.417026][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.3.167'. [ 61.423080][ T6706] syz.3.167 uses obsolete (PF_INET,SOCK_PACKET) [ 61.426856][ T6706] netlink: 28 bytes leftover after parsing attributes in process `syz.3.167'. [ 61.430043][ T6706] netlink: 'syz.3.167': attribute type 7 has an invalid length. [ 61.432350][ T6706] netlink: 'syz.3.167': attribute type 8 has an invalid length. [ 61.435411][ T6706] netlink: 4 bytes leftover after parsing attributes in process `syz.3.167'. [ 61.467710][ T6709] syz.3.168: attempt to access beyond end of device [ 61.467710][ T6709] nbd3: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 61.472392][ T6709] gfs2: error -5 reading superblock [ 61.548233][ T6713] vivid-002: ================= START STATUS ================= [ 61.550574][ T6713] vivid-002: Radio HW Seek Mode: Bounded [ 61.552267][ T6713] vivid-002: Radio Programmable HW Seek: false [ 61.554171][ T6713] vivid-002: RDS Rx I/O Mode: Block I/O [ 61.555862][ T6713] vivid-002: Generate RBDS Instead of RDS: false [ 61.557942][ T6713] vivid-002: RDS Reception: true [ 61.559517][ T6713] vivid-002: RDS Program Type: 0 inactive [ 61.561258][ T6713] vivid-002: RDS PS Name: inactive [ 61.562849][ T6713] vivid-002: RDS Radio Text: inactive [ 61.565564][ T6713] vivid-002: RDS Traffic Announcement: false inactive [ 61.567570][ T6713] vivid-002: RDS Traffic Program: false inactive [ 61.569416][ T6713] vivid-002: RDS Music: false inactive [ 61.572063][ T6713] vivid-002: ================== END STATUS ================== [ 61.601276][ T6713] netlink: 'syz.3.170': attribute type 1 has an invalid length. [ 61.840238][ T6735] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 61.999708][ T6757] netlink: 'syz.4.181': attribute type 1 has an invalid length. [ 62.067709][ T6767] sp0: Synchronizing with TNC [ 62.171014][ T6771] 9pnet_fd: Insufficient options for proto=fd [ 62.175727][ T6771] tap0: tun_chr_ioctl cmd 1074025677 [ 62.177593][ T6771] tap0: linktype set to 772 [ 62.413121][ T6794] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 62.415349][ T6794] UDF-fs: Scanning with blocksize 2048 failed [ 62.417986][ T6794] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 62.420159][ T6794] UDF-fs: Scanning with blocksize 4096 failed [ 62.424999][ T6794] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6794 comm=syz.2.193 [ 62.515756][ T6801] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39 sclass=netlink_route_socket pid=6801 comm=syz.4.195 [ 62.521712][ T6801] netlink: 'syz.4.195': attribute type 3 has an invalid length. [ 62.621616][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 62.733399][ T6830] ======================================================= [ 62.733399][ T6830] WARNING: The mand mount option has been deprecated and [ 62.733399][ T6830] and is ignored by this kernel. Remove the mand [ 62.733399][ T6830] option from the mount to silence this warning. [ 62.733399][ T6830] ======================================================= [ 62.745052][ T6830] overlay: filesystem on ./file0 is read-only [ 62.881084][ T6840] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 63.042096][ T6854] usb 2-1: USB disconnect, device number 2 [ 63.092464][ T5943] Bluetooth: hci3: command 0x0405 tx timeout [ 63.192719][ T6868] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 63.192897][ T6866] netlink: 'syz.4.210': attribute type 5 has an invalid length. [ 63.197502][ T6868] cramfs: wrong magic [ 63.446047][ T6895] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 63.454853][ T6895] batadv_slave_0: entered promiscuous mode [ 63.566035][ T6903] netlink: 'syz.2.220': attribute type 25 has an invalid length. [ 63.573066][ T6903] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 63.576029][ T6903] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 63.578782][ T6903] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 63.581374][ T6903] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 63.757788][ T6920] xt_connbytes: Forcing CT accounting to be enabled [ 63.761056][ T6920] --map-set only usable from mangle table [ 64.022186][ T5312] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 64.155717][ T6931] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 64.205888][ T5312] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 64.211171][ T5312] usb 6-1: config 0 has no interfaces? [ 64.214625][ T5312] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 64.218424][ T5312] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.225542][ T5312] usb 6-1: config 0 descriptor?? [ 64.450407][ T5312] usb 6-1: USB disconnect, device number 4 [ 64.706036][ T6967] syz.2.239: attempt to access beyond end of device [ 64.706036][ T6967] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0 [ 64.711872][ T6967] syz.2.239: attempt to access beyond end of device [ 64.711872][ T6967] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0 [ 64.718894][ T6967] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 64.723293][ T6967] syz.2.239: attempt to access beyond end of device [ 64.723293][ T6967] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0 [ 64.730136][ T6967] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 64.733959][ T6967] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found [ 64.735889][ T6971] xt_hashlimit: size too large, truncated to 1048576 [ 64.737709][ T6967] UDF-fs: Scanning with blocksize 512 failed [ 64.741747][ T6970] xt_hashlimit: size too large, truncated to 1048576 [ 64.748964][ T6967] syz.2.239: attempt to access beyond end of device [ 64.748964][ T6967] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 64.754140][ T6967] syz.2.239: attempt to access beyond end of device [ 64.754140][ T6967] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 64.760725][ T6967] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 64.764703][ T6967] syz.2.239: attempt to access beyond end of device [ 64.764703][ T6967] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 64.770606][ T63] usb 9-1: new full-speed USB device number 3 using dummy_hcd [ 64.770717][ T6967] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 64.777508][ T6967] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found [ 64.781455][ T6967] UDF-fs: Scanning with blocksize 1024 failed [ 64.784448][ T6967] syz.2.239: attempt to access beyond end of device [ 64.784448][ T6967] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 64.789716][ T6967] syz.2.239: attempt to access beyond end of device [ 64.789716][ T6967] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 64.794688][ T6967] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 64.798985][ T6967] syz.2.239: attempt to access beyond end of device [ 64.798985][ T6967] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 64.804586][ T6967] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 64.808605][ T6967] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found [ 64.811884][ T6967] UDF-fs: Scanning with blocksize 2048 failed [ 64.815297][ T6967] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 64.819357][ T6967] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 64.823318][ T6967] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found [ 64.827256][ T6967] UDF-fs: Scanning with blocksize 4096 failed [ 64.829849][ T6967] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 64.880223][ T5943] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 64.883717][ T5943] Bluetooth: hci3: Injecting HCI hardware error event [ 64.955470][ T63] usb 9-1: config 0 has an invalid interface number: 55 but max is 0 [ 64.957825][ T63] usb 9-1: config 0 has no interface number 0 [ 64.959578][ T63] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 64.973423][ T63] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 64.976698][ T63] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 64.979811][ T63] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64 [ 64.983304][ T63] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 64.994850][ T63] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 64.997936][ T63] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.009849][ T63] usb 9-1: config 0 descriptor?? [ 65.011967][ T6949] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 65.026986][ T63] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 65.053066][ T6984] loop6: detected capacity change from 0 to 524287999 [ 65.109479][ T6986] __nla_validate_parse: 13 callbacks suppressed [ 65.109489][ T6986] netlink: 16 bytes leftover after parsing attributes in process `syz.1.242'. [ 65.138066][ T6986] netlink: 28 bytes leftover after parsing attributes in process `syz.1.242'. [ 65.315571][ T5943] Bluetooth: hci3: command 0x0405 tx timeout [ 65.326663][ T5945] Bluetooth: hci3: hardware error 0x00 [ 65.794860][ T7024] netlink: 'syz.2.250': attribute type 9 has an invalid length. [ 65.798971][ T7024] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.250'. [ 65.879952][ T7033] netlink: 4 bytes leftover after parsing attributes in process `syz.3.253'. [ 65.882914][ T7034] mmap: syz.2.254 (7034) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 65.888911][ T7033] netlink: 5 bytes leftover after parsing attributes in process `syz.3.253'. [ 65.921727][ T7037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.256'. [ 65.926499][ T7037] netlink: 16 bytes leftover after parsing attributes in process `syz.3.256'. [ 65.929099][ T7037] netlink: 208 bytes leftover after parsing attributes in process `syz.3.256'. [ 65.931774][ T7037] netlink: 64 bytes leftover after parsing attributes in process `syz.3.256'. [ 65.941773][ T7037] qnx6: unable to set blocksize [ 65.968972][ T40] kauditd_printk_skb: 28 callbacks suppressed [ 65.968983][ T40] audit: type=1400 audit(1736077436.503:428): avc: denied { setopt } for pid=7042 comm="syz.2.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 66.152149][ T40] audit: type=1400 audit(1736077436.671:429): avc: denied { bind } for pid=7062 comm="syz.3.262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 66.157672][ T40] audit: type=1400 audit(1736077436.671:430): avc: denied { name_bind } for pid=7062 comm="syz.3.262" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 66.163723][ T40] audit: type=1400 audit(1736077436.671:431): avc: denied { node_bind } for pid=7062 comm="syz.3.262" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 66.169819][ T40] audit: type=1400 audit(1736077436.671:432): avc: denied { listen } for pid=7062 comm="syz.3.262" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 66.175679][ T40] audit: type=1400 audit(1736077436.671:433): avc: denied { connect } for pid=7062 comm="syz.3.262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 66.181483][ T40] audit: type=1400 audit(1736077436.671:434): avc: denied { name_connect } for pid=7062 comm="syz.3.262" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 66.182330][ T7047] kvm: emulating exchange as write [ 66.209030][ T40] audit: type=1400 audit(1736077436.718:435): avc: denied { accept } for pid=7062 comm="syz.3.262" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 66.215565][ T40] audit: type=1400 audit(1736077436.718:436): avc: denied { read } for pid=7062 comm="syz.3.262" laddr=127.0.0.1 lport=52314 faddr=127.0.0.1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 66.281803][ T40] audit: type=1400 audit(1736077436.793:437): avc: denied { create } for pid=7073 comm="syz.1.265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 66.300266][ T7074] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.303804][ T7074] bond0: (slave rose0): Enslaving as an active interface with an up link [ 66.350401][ T7081] netlink: 68 bytes leftover after parsing attributes in process `syz.2.266'. [ 67.192393][ T7116] overlayfs: conflicting lowerdir path [ 67.323144][ T7126] 9pnet_virtio: no channels available for device syz [ 67.329658][ T7125] netlink: 'syz.2.276': attribute type 1 has an invalid length. [ 67.457902][ T5979] usb 9-1: USB disconnect, device number 3 [ 67.462762][ T5979] ldusb 9-1:0.55: LD USB Device #0 now disconnected [ 67.528536][ T5945] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 67.679685][ T7155] loop7: detected capacity change from 0 to 16384 [ 67.735462][ T7158] batman_adv: batadv0: Interface deactivated: dummy0 [ 67.747258][ T7158] batman_adv: batadv0: Removing interface: dummy0 [ 67.820615][ T7160] IPv6: Can't replace route, no match found [ 67.979726][ T7166] gfs2: path_lookup on ™6(ï+‰d‹QÌnB´!eU‚çVè!š`:Ñ 8×DSEíÄðÃÄèÎ Áy|YT¢®{-€íê°”,mb/ returned error -2 [ 68.345126][ T7188] 9pnet_fd: p9_fd_create_tcp (7188): problem connecting socket to 127.0.0.1 [ 69.034704][ T7231] bridge_slave_0: left allmulticast mode [ 69.037089][ T7231] bridge_slave_0: left promiscuous mode [ 69.039422][ T7231] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.045420][ T7231] bridge_slave_1: left promiscuous mode [ 69.049524][ T7231] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.056887][ T7231] bond0: (slave bond_slave_0): Releasing backup interface [ 69.067307][ T7231] bond0: (slave bond_slave_1): Releasing backup interface [ 69.077554][ T7231] team0: Port device team_slave_0 removed [ 69.083425][ T7231] team0: Port device team_slave_1 removed [ 69.085388][ T7231] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 69.087603][ T7231] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 69.091104][ T7231] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.093298][ T7231] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 69.106525][ T7233] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 69.136031][ T7233] bridge_slave_0: left allmulticast mode [ 69.138383][ T7233] bridge_slave_0: left promiscuous mode [ 69.140681][ T7233] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.149190][ T7233] bridge_slave_1: left allmulticast mode [ 69.150861][ T7233] bridge_slave_1: left promiscuous mode [ 69.152532][ T7233] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.157621][ T7233] bond0: (slave bond_slave_0): Releasing backup interface [ 69.161376][ T7233] bond0: (slave bond_slave_1): Releasing backup interface [ 69.172151][ T7233] team0: Port device team_slave_0 removed [ 69.178543][ T7233] team0: Port device team_slave_1 removed [ 69.181436][ T7233] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 69.184953][ T7233] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.185756][ T7239] netlink: 'syz.1.307': attribute type 10 has an invalid length. [ 69.187739][ T7233] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 69.208265][ T7239] mac80211_hwsim hwsim9 wlan1: left allmulticast mode [ 69.216392][ T7239] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.222295][ T7239] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 69.267910][ T7243] netlink: 'syz.3.309': attribute type 1 has an invalid length. [ 69.403940][ T7256] netlink: 'syz.3.313': attribute type 3 has an invalid length. [ 69.441626][ T7261] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 69.447690][ T7261] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 69.860696][ T5945] block nbd2: Receive control failed (result -32) [ 69.870297][ T7216] block nbd2: shutting down sockets [ 69.911622][ T7277] kernel profiling enabled (shift: 63) [ 69.914213][ T7277] profiling shift: 63 too large [ 69.915692][ T7278] kernel profiling enabled (shift: 63) [ 69.917265][ T7278] profiling shift: 63 too large [ 69.995941][ T7295] netlink: 'syz.3.324': attribute type 29 has an invalid length. [ 69.999769][ T7295] netlink: 'syz.3.324': attribute type 29 has an invalid length. [ 70.057086][ T7295] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.145640][ T7295] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.169771][ T7294] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 70.236498][ T7295] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.352063][ T7295] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.402902][ T5945] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 70.457256][ T7295] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.466474][ T7295] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.474060][ T7295] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.479833][ T7295] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.635194][ T7352] xt_hashlimit: size too large, truncated to 1048576 [ 70.911346][ T7356] openvswitch: netlink: IP tunnel dst address not specified [ 70.969288][ T7357] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 70.972591][ T7357] TCP: tcp_parse_options: Illegal window scaling value 42 > 14 received [ 72.578393][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 72.580331][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.831108][ T5945] Bluetooth: hci0: command 0x040f tx timeout [ 72.831294][ T7346] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 73.718025][ T7346] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 73.720664][ T7346] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 73.799406][ T7377] xt_l2tp: v2 tid > 0xffff: 150994944 [ 73.870594][ T40] kauditd_printk_skb: 34 callbacks suppressed [ 73.870609][ T40] audit: type=1400 audit(1736077443.892:472): avc: denied { open } for pid=7384 comm="syz.4.348" path="/dev/ptyqc" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 73.882423][ T40] audit: type=1400 audit(1736077443.892:473): avc: denied { ioctl } for pid=7384 comm="syz.4.348" path="/dev/ptyqc" dev="devtmpfs" ino=139 ioctlcmd=0x5438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 73.963640][ T6264] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.966929][ T6264] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.038872][ T40] audit: type=1400 audit(1736077444.042:474): avc: denied { write } for pid=7396 comm="syz.3.351" name="mcfilter6" dev="proc" ino=4026533243 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 74.082856][ T7404] __nla_validate_parse: 75 callbacks suppressed [ 74.082867][ T7404] netlink: 8 bytes leftover after parsing attributes in process `syz.4.353'. [ 74.087637][ T7403] netlink: 8 bytes leftover after parsing attributes in process `syz.4.353'. [ 74.137122][ T7410] No such timeout policy "syz1" [ 74.146112][ T832] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 74.233077][ T40] audit: type=1400 audit(1736077444.229:475): avc: denied { listen } for pid=7418 comm="syz.4.357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 74.258309][ T7422] netlink: 24 bytes leftover after parsing attributes in process `syz.3.358'. [ 74.306392][ T832] usb 7-1: Using ep0 maxpacket: 8 [ 74.310593][ T832] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 74.314104][ T832] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 74.327753][ T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 74.328284][ T40] audit: type=1400 audit(1736077444.323:476): avc: denied { accept } for pid=7418 comm="syz.4.357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 74.331680][ T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 74.345056][ T40] audit: type=1400 audit(1736077444.323:477): avc: denied { shutdown } for pid=7418 comm="syz.4.357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 74.370531][ T832] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 74.374290][ T832] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 74.376853][ T832] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.388924][ T40] audit: type=1400 audit(1736077444.369:478): avc: denied { write } for pid=7429 comm="syz.1.362" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 74.592117][ T40] audit: type=1400 audit(1736077444.556:479): avc: denied { remount } for pid=7453 comm="syz.4.372" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 74.601437][ T832] usb 7-1: usb_control_msg returned -32 [ 74.603101][ T832] usbtmc 7-1:16.0: can't read capabilities [ 74.689189][ T7471] xt_l2tp: v2 doesn't support IP mode [ 74.693234][ T7471] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 74.817238][ T7478] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 74.850032][ T7480] 9pnet_virtio: no channels available for device [ 75.062428][ T5945] Bluetooth: hci1: command 0x040f tx timeout [ 75.150727][ T40] audit: type=1400 audit(1736077445.080:480): avc: denied { map } for pid=7496 comm="syz.4.387" path="/dev/pmem0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 75.192778][ T7500] [U] [ 75.193807][ T7500] [U] [ 75.194615][ T7500] [U] [ 75.195435][ T7500] [U] [ 75.196733][ T7500] [U] [ 75.197556][ T7500] [U] [ 75.198364][ T7500] [U] [ 75.199154][ T7500] [U] [ 75.200016][ T7500] [U] [ 75.200812][ T7500] [U] [ 75.201601][ T7500] [U] [ 75.202395][ T7500] [U] [ 75.203221][ T7500] [U] [ 75.204004][ T7500] [U] [ 75.204794][ T7500] [U] [ 75.205631][ T7500] [U] [ 75.208614][ T7500] [U] [ 75.209439][ T7500] [U] [ 75.210249][ T7500] [U] [ 75.211059][ T7500] [U] [ 75.212010][ T7500] [U] [ 75.212870][ T7500] [U] [ 75.213691][ T7500] [U] [ 75.214499][ T7500] [U] [ 75.215652][ T7500] [U] [ 75.216472][ T7500] [U] [ 75.217274][ T7500] [U] [ 75.218079][ T7500] [U] [ 75.218886][ T7500] [U] [ 75.219690][ T7500] [U] [ 75.220512][ T7500] [U] [ 75.221311][ T7500] [U] [ 75.222133][ T7500] [U] [ 75.222982][ T7500] [U] [ 75.223783][ T7500] [U] [ 75.224583][ T7500] [U] [ 75.225439][ T7500] [U] [ 75.226264][ T7500] [U] [ 75.227060][ T7500] [U] [ 75.227860][ T7500] [U] [ 75.230358][ T7500] [U] [ 75.231168][ T7500] [U] [ 75.231979][ T7500] [U] [ 75.232804][ T7500] [U] [ 75.233636][ T7500] [U] [ 75.234439][ T7500] [U] [ 75.235239][ T7500] [U] [ 75.236039][ T7500] [U] [ 75.244832][ T7500] [U] [ 75.245646][ T7500] [U] [ 75.246430][ T7500] [U] [ 75.247194][ T7500] [U] [ 75.248785][ T7500] [U] [ 75.249606][ T7500] [U] [ 75.250401][ T7500] [U] [ 75.250565][ T40] audit: type=1400 audit(1736077445.183:481): avc: denied { create } for pid=7499 comm="syz.4.388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 75.251189][ T7500] [U] [ 75.257927][ T7500] [U] [ 75.258741][ T7500] [U] [ 75.259543][ T7500] [U] [ 75.260394][ T7500] [U] [ 75.261237][ T7500] [U] [ 75.262046][ T7500] [U] [ 75.262859][ T7500] [U] [ 75.263652][ T7500] [U] [ 75.264615][ T7500] [U] [ 75.265425][ T7500] [U] [ 75.266226][ T7500] [U] [ 75.267011][ T7500] [U] [ 75.267881][ T7500] [U] [ 75.268696][ T7500] [U] [ 75.269493][ T7500] [U] [ 75.270299][ T7500] [U] [ 75.271214][ T7500] [U] [ 75.272010][ T7500] [U] [ 75.272823][ T7500] [U] [ 75.273624][ T7500] [U] [ 75.274423][ T7500] [U] [ 75.275232][ T7500] [U] [ 75.276038][ T7500] [U] [ 75.276832][ T7500] [U] [ 75.277733][ T7500] [U] [ 75.278534][ T7500] [U] [ 75.279334][ T7500] [U] [ 75.280139][ T7500] [U] [ 75.281615][ T7500] [U] [ 75.282416][ T7500] [U] [ 75.283209][ T7500] [U] [ 75.284003][ T7500] [U] [ 75.284811][ T7500] [U] [ 75.285607][ T7500] [U] [ 75.286398][ T7500] [U] [ 75.287187][ T7500] [U] [ 75.288014][ T7500] [U] [ 75.288820][ T7500] [U] [ 75.289623][ T7500] [U] [ 75.290436][ T7500] [U] [ 75.291436][ T7500] [U] [ 75.292256][ T7500] [U] [ 75.293099][ T7500] [U] [ 75.293903][ T7500] [U] [ 75.294701][ T7500] [U] [ 75.295494][ T7500] [U] [ 75.296289][ T7500] [U] [ 75.297121][ T7500] [U] [ 75.297942][ T7500] [U] [ 75.300136][ T7500] [U] [ 75.300154][ T7500] [U] [ 75.300168][ T7500] [U] [ 75.300221][ T7500] [U] [ 75.303523][ T7500] [U] [ 75.304341][ T7500] [U] [ 75.305138][ T7500] [U] [ 75.306285][ T7500] [U] [ 75.307094][ T7500] [U] [ 75.308479][ T7500] [U] [ 75.308494][ T7500] [U] [ 75.308517][ T7500] [U] [ 75.308538][ T7500] [U] [ 75.308555][ T7500] [U] [ 75.308568][ T7500] [U] [ 75.308593][ T7500] [U] [ 75.308605][ T7500] [U] [ 75.308618][ T7500] [U] [ 75.308630][ T7500] [U] [ 75.308646][ T7500] [U] [ 75.308658][ T7500] [U] [ 75.308671][ T7500] [U] [ 75.313176][ T7499] [U] [ 75.541410][ T7529] netlink: 8 bytes leftover after parsing attributes in process `syz.4.393'. [ 75.544889][ T7527] mkiss: ax0: crc mode is auto. [ 75.648698][ T7533] input: syz0 as /devices/virtual/input/input8 [ 75.767671][ T7550] netlink: 12 bytes leftover after parsing attributes in process `syz.3.398'. [ 75.910445][ T5945] Bluetooth: hci2: command 0x040f tx timeout [ 77.092769][ T35] usb 7-1: USB disconnect, device number 2 [ 77.117255][ T7598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.403'. [ 77.120439][ T7598] netlink: 24 bytes leftover after parsing attributes in process `syz.2.403'. [ 77.168523][ T7600] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 77.278407][ T5945] Bluetooth: hci1: command 0x040f tx timeout [ 77.326172][ T7604] bio_check_eod: 3 callbacks suppressed [ 77.326185][ T7604] syz.2.405: attempt to access beyond end of device [ 77.326185][ T7604] loop2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 77.333737][ T7604] efs: cannot read volume header [ 77.336216][ T7605] syz.2.405: attempt to access beyond end of device [ 77.336216][ T7605] loop2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 77.340741][ T7605] efs: cannot read volume header [ 77.373758][ T7607] netlink: 'syz.2.406': attribute type 10 has an invalid length. [ 77.877110][ T57] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 77.877135][ T5945] Bluetooth: hci0: command 0x040f tx timeout [ 77.880959][ T57] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 79.502091][ T5945] Bluetooth: hci1: command 0x040f tx timeout [ 79.504110][ T57] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 79.506407][ T57] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 81.725859][ T5945] Bluetooth: hci2: command 0x040f tx timeout [ 81.727646][ T57] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 81.729365][ T57] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 81.830107][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 81.830118][ T40] audit: type=1400 audit(1736077451.319:487): avc: denied { read write } for pid=7642 comm="syz.1.417" name="uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 81.838658][ T40] audit: type=1400 audit(1736077451.319:488): avc: denied { open } for pid=7642 comm="syz.1.417" path="/dev/uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 81.918361][ T7664] netlink: 4 bytes leftover after parsing attributes in process `syz.4.422'. [ 82.120175][ T7689] netlink: 20 bytes leftover after parsing attributes in process `syz.1.426'. [ 82.138291][ T40] audit: type=1400 audit(1736077451.619:489): avc: denied { associate } for pid=7686 comm="syz.1.426" name="cpuset.effective_cpus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 82.147157][ T40] audit: type=1400 audit(1736077451.628:490): avc: denied { lock } for pid=7686 comm="syz.1.426" path="/88/file0/cpuset.effective_cpus" dev="9p" ino=36575184 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 82.186088][ T7694] netlink: 16 bytes leftover after parsing attributes in process `syz.3.428'. [ 82.267413][ T7705] tipc: Enabled bearer , priority 0 [ 82.319542][ T7712] capability: warning: `syz.3.434' uses 32-bit capabilities (legacy support in use) [ 82.357292][ T40] audit: type=1400 audit(1736077451.815:491): avc: denied { connect } for pid=7713 comm="syz.3.435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 82.365371][ T40] audit: type=1400 audit(1736077451.824:492): avc: denied { setopt } for pid=7713 comm="syz.3.435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 82.375684][ T7705] tipc: Disabling bearer [ 82.397200][ T35] IPVS: starting estimator thread 0... [ 82.420680][ T40] audit: type=1400 audit(1736077451.890:493): avc: denied { getopt } for pid=7723 comm="syz.3.438" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 82.426744][ T40] audit: type=1400 audit(1736077451.890:494): avc: denied { mounton } for pid=7723 comm="syz.3.438" path="/proc/359/cgroup" dev="proc" ino=17384 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 82.440995][ T7728] syz_tun: entered allmulticast mode [ 82.446849][ T7716] dvmrp8: entered allmulticast mode [ 82.495944][ T7722] IPVS: using max 44 ests per chain, 105600 per kthread [ 82.507769][ T7715] syz_tun: left allmulticast mode [ 82.509842][ T7715] dvmrp8: left allmulticast mode [ 82.584157][ T7741] netlink: 'syz.3.443': attribute type 10 has an invalid length. [ 82.587055][ T7741] netlink: 40 bytes leftover after parsing attributes in process `syz.3.443'. [ 82.590199][ T7741] ipvlan1: entered promiscuous mode [ 82.592812][ T7741] ipvlan1: entered allmulticast mode [ 82.594449][ T7741] veth0_vlan: entered allmulticast mode [ 82.598156][ T7741] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 82.693605][ T7760] workqueue: name exceeds WQ_NAME_LEN. Truncating to: þÜ»}ÆÓž»räءÑV§ïj×ì·Pbô [ 82.791461][ T40] audit: type=1400 audit(1736077452.227:495): avc: denied { write } for pid=7768 comm="syz.4.448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 82.797896][ T40] audit: type=1326 audit(1736077452.236:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7768 comm="syz.4.448" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe06ad85d29 code=0x0 [ 82.885708][ T7772] netdevsim netdevsim2 netdevsim0: Unsupported IPsec algorithm [ 82.917021][ T7778] 9pnet_virtio: no channels available for device syz [ 83.303427][ T7796] 9pnet_virtio: no channels available for device syz [ 83.334326][ T7802] sctp: [Deprecated]: syz.2.458 (pid 7802) Use of struct sctp_assoc_value in delayed_ack socket option. [ 83.334326][ T7802] Use struct sctp_sack_info instead [ 83.342015][ T7802] netlink: 4 bytes leftover after parsing attributes in process `syz.2.458'. [ 83.455059][ T7808] netlink: 'syz.2.461': attribute type 1 has an invalid length. [ 83.457280][ T7808] netlink: 'syz.2.461': attribute type 3 has an invalid length. [ 83.459944][ T7808] netlink: 224 bytes leftover after parsing attributes in process `syz.2.461'. [ 83.524405][ T25] cfg80211: failed to load regulatory.db [ 83.552756][ T7813] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.554963][ T7813] bridge0: port 2(bridge_slave_1) entered listening state [ 83.557117][ T7813] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.559154][ T7813] bridge0: port 1(bridge_slave_0) entered listening state [ 83.563985][ T7813] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 83.797830][ T7822] fuse: Bad value for 'rootmode' [ 83.889011][ T7830] netlink: 12 bytes leftover after parsing attributes in process `syz.3.468'. [ 83.889189][ T7833] netlink: 4 bytes leftover after parsing attributes in process `syz.4.469'. [ 83.894908][ T7833] netlink: 24 bytes leftover after parsing attributes in process `syz.4.469'. [ 84.033590][ T7854] binder: 7853:7854 ioctl c0306201 20000300 returned -22 [ 84.038172][ T7854] binder: 7853:7854 ioctl c0306201 20000180 returned -22 [ 84.042645][ T7854] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 84.047173][ T7854] bond0: (slave lo): Error: Device can not be enslaved while up [ 84.202838][ T7874] tipc: Can't bind to reserved service type 0 [ 84.207049][ T7874] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7874 comm=syz.4.482 [ 84.241917][ T7889] netlink: 'syz.1.484': attribute type 10 has an invalid length. [ 84.390932][ T7896] netlink: 'syz.4.486': attribute type 10 has an invalid length. [ 84.397844][ T7896] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.402905][ T7896] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 84.549035][ T7919] bridge1: entered promiscuous mode [ 84.551145][ T7919] bridge1: entered allmulticast mode [ 84.826187][ T7932] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7932 comm=syz.4.495 [ 84.845821][ T7932] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57 sclass=netlink_route_socket pid=7932 comm=syz.4.495 [ 85.017303][ T7940] netlink: 232 bytes leftover after parsing attributes in process `syz.4.498'. [ 85.152612][ T7944] netlink: 'syz.1.500': attribute type 6 has an invalid length. [ 85.155390][ T7944] netlink: 'syz.1.500': attribute type 5 has an invalid length. [ 85.213752][ C3] IPv4: Oversized IP packet from 172.20.20.24 [ 85.359747][ T7958] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0 [ 85.398270][ T7961] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 85.401738][ T7961] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 85.441614][ T7964] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 85.445095][ T7964] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 85.448666][ T7964] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 86.236895][ T8036] netlink: 'syz.1.526': attribute type 10 has an invalid length. [ 86.263188][ T1175] bond0: (slave wlan1): link status definitely down, disabling slave [ 86.267578][ T1175] bond0: now running without any active interface! [ 86.473943][ T8052] macvtap1: entered promiscuous mode [ 86.476262][ T8052] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 86.479151][ T8052] macvtap1: entered allmulticast mode [ 86.481328][ T8052] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 86.486177][ T8052] mac80211_hwsim hwsim8 wlan0: left allmulticast mode [ 86.493847][ T8052] mac80211_hwsim hwsim8 wlan0: left promiscuous mode [ 86.758764][ T8061] infiniband syz!: set down [ 86.761319][ T8061] infiniband syz!: added team_slave_0 [ 86.781008][ T8061] RDS/IB: syz!: added [ 86.783623][ T8061] smc: adding ib device syz! with port count 1 [ 86.786118][ T8061] smc: ib device syz! port 1 has pnetid [ 87.032150][ T8066] xt_cgroup: invalid path, errno=-2 [ 87.092503][ T8068] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 87.180486][ T8076] exFAT-fs (nullb0): invalid boot record signature [ 87.183358][ T8076] exFAT-fs (nullb0): failed to read boot sector [ 87.185813][ T8076] exFAT-fs (nullb0): failed to recognize exfat type [ 87.191221][ T8076] erspan0: entered promiscuous mode [ 87.277370][ T8096] macsec0: entered promiscuous mode [ 87.286746][ T8098] ALSA: mixer_oss: invalid index 100000 [ 87.349824][ T8110] kAFS: No cell specified [ 87.352321][ T40] kauditd_printk_skb: 69 callbacks suppressed [ 87.352331][ T40] audit: type=1400 audit(1736077456.501:566): avc: denied { watch } for pid=8109 comm="syz.4.545" path="/126/file0" dev="tmpfs" ino=694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 87.360807][ T40] audit: type=1400 audit(1736077456.501:567): avc: denied { watch_sb } for pid=8109 comm="syz.4.545" path="/126/file0" dev="tmpfs" ino=694 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 87.687340][ T8127] vlan0: entered promiscuous mode [ 87.689145][ T8127] vlan0: entered allmulticast mode [ 87.690892][ T8127] hsr_slave_1: entered allmulticast mode [ 87.695210][ T8127] __nla_validate_parse: 12 callbacks suppressed [ 87.695223][ T8127] netlink: 48 bytes leftover after parsing attributes in process `syz.4.551'. [ 87.797133][ T8133] binder: 8130:8133 ioctl c0306201 200003c0 returned -14 [ 87.808480][ T8133] overlayfs: invalid origin (0000) [ 87.819479][ T8129] loop7: detected capacity change from 16384 to 0 [ 87.942514][ T8137] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled [ 88.404509][ T8170] program syz.1.563 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 88.445803][ T40] audit: type=1400 audit(1736077457.521:568): avc: denied { create } for pid=8168 comm="syz.1.563" name="#1c" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 88.453026][ T40] audit: type=1400 audit(1736077457.521:569): avc: denied { link } for pid=8168 comm="syz.1.563" name="#1c" dev="tmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 88.461396][ T40] audit: type=1400 audit(1736077457.521:570): avc: denied { rename } for pid=8168 comm="syz.1.563" name="#1d" dev="tmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 88.608313][ T8197] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 88.610984][ T8197] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 88.673869][ T40] audit: type=1400 audit(1736077457.727:571): avc: denied { shutdown } for pid=8204 comm="syz.1.570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 88.690735][ T40] audit: type=1400 audit(1736077457.746:572): avc: denied { setopt } for pid=8209 comm="syz.3.571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 88.697345][ T40] audit: type=1400 audit(1736077457.755:573): avc: denied { bind } for pid=8209 comm="syz.3.571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 88.703731][ T40] audit: type=1400 audit(1736077457.755:574): avc: denied { read } for pid=8209 comm="syz.3.571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 88.705871][ T8210] XFS (nullb0): Invalid superblock magic number [ 88.754223][ T40] audit: type=1400 audit(1736077457.811:575): avc: denied { write } for pid=8209 comm="syz.3.571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 88.894921][ T8223] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 88.898012][ T8235] netlink: 8 bytes leftover after parsing attributes in process `syz.3.575'. [ 89.010279][ T8226] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 89.013304][ T8226] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 89.017133][ T8226] netlink: 'syz.2.574': attribute type 7 has an invalid length. [ 89.031149][ T8248] fuse: Unknown parameter '´a?f0x0000000000000003' [ 89.105214][ T8259] binder: 8258:8259 ioctl c0306201 0 returned -14 [ 89.123618][ T8259] binder: 8258:8259 ioctl c0306201 0 returned -14 [ 89.129467][ T8259] bridge0: port 1(netdevsim0) entered blocking state [ 89.134415][ T8259] bridge0: port 1(netdevsim0) entered disabled state [ 89.137211][ T8259] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 89.141575][ T8259] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 89.184337][ T8259] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.278742][ T8259] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.342741][ T8259] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.402356][ T8259] netdevsim netdevsim4 netdevsim0 (unregistering): left allmulticast mode [ 89.405455][ T8259] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode [ 89.408806][ T8259] bridge0: port 1(netdevsim0) entered disabled state [ 89.414026][ T8259] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.544039][ T8259] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.550700][ T8259] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.555891][ T8259] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.560954][ T8259] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.755668][ T8285] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2758444543 (5516889086 ns) > initial count (4208136 ns). Using initial count to start timer. [ 89.760716][ T8287] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2758444543 (5516889086 ns) > initial count (4208136 ns). Using initial count to start timer. [ 89.889557][ T8316] Invalid/unusable pipe [ 90.014450][ T8335] loop9: detected capacity change from 0 to 7 [ 90.017223][ T8335] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 90.018892][ T8335] loop9: partition table partially beyond EOD, truncated [ 90.021715][ T8335] loop9: p1 size 501170297 extends beyond EOD, truncated [ 90.028145][ T8335] openvswitch: netlink: IPv4 frag type 224 is out of range max 2 [ 90.149947][ T9] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 90.287400][ T8353] : entered promiscuous mode [ 90.291475][ T8353] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 90.331706][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 90.334446][ T9] usb 6-1: config 0 has an invalid interface number: 52 but max is 0 [ 90.336890][ T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 90.340081][ T9] usb 6-1: config 0 has no interface number 0 [ 90.342012][ T9] usb 6-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 90.345639][ T9] usb 6-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 90.348617][ T9] usb 6-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 90.352411][ T9] usb 6-1: config 0 interface 52 has no altsetting 0 [ 90.355842][ T9] usb 6-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 90.358587][ T9] usb 6-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 90.360998][ T9] usb 6-1: Product: syz [ 90.362338][ T9] usb 6-1: SerialNumber: syz [ 90.365747][ T9] usb 6-1: config 0 descriptor?? [ 90.584256][ T9] input: syz (Stick) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.52/input/input9 [ 90.588576][ T5336] synaptics_usb 6-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 90.592744][ T5336] synaptics_usb 6-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 90.597135][ T5336] synaptics_usb 6-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 90.607001][ T5336] synaptics_usb 6-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 90.631463][ T7781] synaptics_usb 6-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 90.639894][ T5336] synaptics_usb 6-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 90.643330][ T5336] synaptics_usb 6-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 90.683667][ T8375] "syz.3.612" (8375) uses obsolete ecb(arc4) skcipher [ 90.798812][ T8315] synaptics_usb 6-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 90.812223][ T8385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.815957][ T8385] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 90.825651][ T5312] usb 6-1: USB disconnect, device number 6 [ 90.942726][ T8402] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 90.953260][ T8405] pim6reg: entered allmulticast mode [ 90.961660][ T8405] pim6reg: left allmulticast mode [ 90.994935][ T8410] program syz.2.622 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.996067][ T8407] netlink: 12 bytes leftover after parsing attributes in process `syz.4.621'. [ 91.078307][ T8418] netlink: 40 bytes leftover after parsing attributes in process `'. [ 91.101537][ T8418] devpts: called with bogus options [ 91.208532][ T8439] netlink: 280 bytes leftover after parsing attributes in process `syz.1.629'. [ 91.303925][ T8442] syz.3.632(8442): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 91.351251][ T8438] delete_channel: no stack [ 91.391087][ T8450] netlink: 8 bytes leftover after parsing attributes in process `syz.3.633'. [ 91.423543][ T8455] netlink: 16 bytes leftover after parsing attributes in process `syz.4.635'. [ 91.426148][ T8455] netem: invalid attributes len -13 [ 91.427691][ T8455] netem: change failed [ 91.433522][ T8457] mkiss: ax0: crc mode is auto. [ 91.803457][ T8473] overlay: filesystem on ./bus not supported [ 91.811042][ T8473] xt_CT: You must specify a L4 protocol and not use inversions on it [ 92.300393][ T8511] loop6: detected capacity change from 0 to 524287999 [ 92.549127][ T8535] skbuff: bad partial csum: csum=65506/2 headroom=160 headlen=65526 [ 92.666629][ T8547] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 92.781291][ T8551] team0: Mode "" not found [ 92.825644][ T8555] binfmt_misc: register: failed to install interpreter file ./file0 [ 92.869885][ T8557] xfrm1: entered allmulticast mode [ 92.945693][ T8562] netlink: 'syz.4.671': attribute type 27 has an invalid length. [ 93.052385][ T40] kauditd_printk_skb: 31 callbacks suppressed [ 93.052396][ T40] audit: type=1400 audit(1736077461.833:607): avc: denied { read } for pid=8570 comm="syz.4.674" path="socket:[24231]" dev="sockfs" ino=24231 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 93.192949][ T8579] netlink: 44 bytes leftover after parsing attributes in process `syz.2.676'. [ 93.295446][ T8587] Can't find a SQUASHFS superblock on nullb0 [ 93.299053][ T8587] overlay: Unknown parameter './bus' [ 93.314623][ T8] usb 9-1: new full-speed USB device number 4 using dummy_hcd [ 93.434752][ T8596] netlink: 8 bytes leftover after parsing attributes in process `syz.1.682'. [ 93.437415][ T8596] bridge_slAve_0: renamed from lo (while UP) [ 93.463981][ T8] usb 9-1: device descriptor read/64, error -71 [ 93.742124][ T8] usb 9-1: new full-speed USB device number 5 using dummy_hcd [ 93.762354][ T8602] loop9: detected capacity change from 0 to 7 [ 93.764667][ T8602] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 93.766290][ T8602] loop9: partition table partially beyond EOD, truncated [ 93.768440][ T8602] loop9: p1 size 501170297 extends beyond EOD, truncated [ 93.816844][ T8604] netlink: 'syz.1.685': attribute type 9 has an invalid length. [ 93.820305][ T8604] netlink: 244 bytes leftover after parsing attributes in process `syz.1.685'. [ 93.914806][ T8] usb 9-1: device descriptor read/64, error -71 [ 93.918626][ T8608] netlink: 44 bytes leftover after parsing attributes in process `syz.1.687'. [ 93.922423][ T8609] netlink: 44 bytes leftover after parsing attributes in process `syz.1.687'. [ 93.951448][ T40] audit: type=1400 audit(1736077462.666:608): avc: denied { lock } for pid=8607 comm="syz.1.687" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 94.031649][ T8] usb usb9-port1: attempt power cycle [ 94.043586][ T8616] ubi0: attaching mtd0 [ 94.046177][ T8616] ubi0: scanning is finished [ 94.047595][ T8616] ubi0: empty MTD device detected [ 94.123772][ T8616] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 94.126577][ T8616] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 94.133470][ T8616] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 94.135960][ T8616] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 94.138951][ T8616] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 94.141443][ T8616] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 94.144309][ T8616] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1044126177 [ 94.147618][ T8624] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=36 sclass=netlink_audit_socket pid=8624 comm=syz.2.689 [ 94.147932][ T8616] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 94.159568][ T8621] ubi0: background thread "ubi_bgt0d" started, PID 8621 [ 94.165098][ T8624] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=8624 comm=syz.2.689 [ 94.182102][ T8624] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=36 sclass=netlink_audit_socket pid=8624 comm=syz.2.689 [ 94.335021][ T8636] netlink: 4 bytes leftover after parsing attributes in process `syz.1.693'. [ 94.345092][ T8638] netlink: 44 bytes leftover after parsing attributes in process `syz.2.694'. [ 94.351517][ T40] audit: type=1400 audit(1736077463.049:609): avc: denied { ioctl } for pid=8635 comm="syz.1.693" path="socket:[24703]" dev="sockfs" ino=24703 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 94.351868][ T8639] netlink: 44 bytes leftover after parsing attributes in process `syz.2.694'. [ 94.415419][ T8] usb 9-1: new full-speed USB device number 6 using dummy_hcd [ 94.462054][ T8] usb 9-1: device descriptor read/8, error -71 [ 94.714881][ T8] usb 9-1: new full-speed USB device number 7 using dummy_hcd [ 94.736626][ T8] usb 9-1: device descriptor read/8, error -71 [ 94.855993][ T8] usb usb9-port1: unable to enumerate USB device [ 94.885875][ T30] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 95.056841][ T30] usb 6-1: Using ep0 maxpacket: 8 [ 95.059432][ T30] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 196, changing to 11 [ 95.062750][ T30] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 42818, setting to 1024 [ 95.065950][ T30] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 95.068985][ T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.072299][ T30] usb 6-1: config 0 descriptor?? [ 95.074473][ T8654] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 95.292526][ T30] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 95.381794][ T40] audit: type=1400 audit(1736077464.013:610): avc: denied { watch } for pid=8658 comm="syz.2.702" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 95.386413][ T8659] netlink: 'syz.2.702': attribute type 2 has an invalid length. [ 95.393806][ T8659] tmpfs: Invalid uid '0x00000000ffffffff' [ 95.397857][ T8659] netlink: 20 bytes leftover after parsing attributes in process `syz.2.702'. [ 95.400803][ T8659] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 95.540296][ T5999] usb 6-1: USB disconnect, device number 7 [ 95.590653][ T8667] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2564 sclass=netlink_route_socket pid=8667 comm=syz.3.704 [ 95.596941][ T8667] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1540 sclass=netlink_route_socket pid=8667 comm=syz.3.704 [ 95.628875][ T8674] netlink: 'syz.2.707': attribute type 1 has an invalid length. [ 95.633703][ T8674] netlink: 'syz.2.707': attribute type 2 has an invalid length. [ 95.677878][ T40] audit: type=1400 audit(1736077464.284:611): avc: denied { read write } for pid=8675 comm="syz.1.709" name="btrfs-control" dev="devtmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 95.686500][ T40] audit: type=1400 audit(1736077464.284:612): avc: denied { open } for pid=8675 comm="syz.1.709" path="/dev/btrfs-control" dev="devtmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 95.702905][ T5943] Bluetooth: hci4: sending frame failed (-49) [ 95.707998][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 95.880437][ T8707] fuse: blksize only supported for fuseblk [ 96.136594][ T5312] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 96.275742][ T5312] usb 6-1: device descriptor read/64, error -71 [ 96.318855][ T8724] netlink: 'syz.3.723': attribute type 1 has an invalid length. [ 96.321102][ T8724] netlink: 32 bytes leftover after parsing attributes in process `syz.3.723'. [ 96.349729][ T8727] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 96.351872][ T8727] overlayfs: failed to set xattr on upper [ 96.353540][ T8727] overlayfs: ...falling back to redirect_dir=nofollow. [ 96.355491][ T8727] overlayfs: ...falling back to index=off. [ 96.357284][ T8727] overlayfs: ...falling back to uuid=null. [ 96.379858][ T40] audit: type=1400 audit(1736077464.939:613): avc: denied { create } for pid=8726 comm="syz.2.724" name="#2a" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=chr_file permissive=1 [ 96.386678][ T40] audit: type=1400 audit(1736077464.948:614): avc: denied { link } for pid=8726 comm="syz.2.724" name="#2a" dev="ramfs" ino=25696 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=chr_file permissive=1 [ 96.395256][ T40] audit: type=1400 audit(1736077464.948:615): avc: denied { unlink } for pid=8726 comm="syz.2.724" name="#2b" dev="ramfs" ino=25696 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=chr_file permissive=1 [ 96.402177][ T40] audit: type=1400 audit(1736077464.948:616): avc: denied { rename } for pid=8726 comm="syz.2.724" name="#2b" dev="ramfs" ino=25696 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=chr_file permissive=1 [ 96.553601][ T5312] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 96.676144][ T8757] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 96.714239][ T5312] usb 6-1: device descriptor read/64, error -71 [ 96.831913][ T5312] usb usb6-port1: attempt power cycle [ 96.916783][ T8767] mkiss: ax0: crc mode is auto. [ 97.195656][ T5312] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 97.227558][ T5312] usb 6-1: device descriptor read/8, error -71 [ 97.516326][ T5312] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 97.539226][ T5312] usb 6-1: device descriptor read/8, error -71 [ 97.667085][ T5312] usb usb6-port1: unable to enumerate USB device [ 98.060513][ T8797] hugetlbfs: Unknown parameter 'nr_hnode8' [ 98.512221][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 98.512236][ T40] audit: type=1400 audit(1736077466.941:626): avc: denied { bind } for pid=8804 comm="syz.2.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 98.519466][ T40] audit: type=1400 audit(1736077466.941:627): avc: denied { ioctl } for pid=8804 comm="syz.2.750" path="cgroup:[4026532884]" dev="nsfs" ino=4026532884 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 98.659679][ T5999] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 98.676488][ T40] audit: type=1400 audit(1736077467.090:628): avc: denied { ioctl } for pid=8807 comm="syz.2.751" path="socket:[25056]" dev="sockfs" ino=25056 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 98.819975][ T5999] usb 9-1: Using ep0 maxpacket: 8 [ 98.823764][ T5999] usb 9-1: unable to get BOS descriptor or descriptor too short [ 98.827609][ T5999] usb 9-1: config 3 has an invalid interface number: 42 but max is 2 [ 98.830954][ T5999] usb 9-1: config 3 has an invalid interface number: 255 but max is 2 [ 98.834066][ T5999] usb 9-1: config 3 has an invalid interface number: 138 but max is 2 [ 98.836978][ T5999] usb 9-1: config 3 has no interface number 0 [ 98.839466][ T5999] usb 9-1: config 3 has no interface number 1 [ 98.841983][ T5999] usb 9-1: config 3 has no interface number 2 [ 98.844321][ T5999] usb 9-1: config 3 interface 42 altsetting 13 bulk endpoint 0x9 has invalid maxpacket 1023 [ 98.848227][ T5999] usb 9-1: config 3 interface 42 altsetting 13 endpoint 0xB has invalid maxpacket 512, setting to 64 [ 98.852641][ T5999] usb 9-1: config 3 interface 42 altsetting 13 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 98.856728][ T5999] usb 9-1: config 3 interface 42 altsetting 13 has a duplicate endpoint with address 0x2, skipping [ 98.860781][ T5999] usb 9-1: config 3 interface 42 altsetting 13 has a duplicate endpoint with address 0x2, skipping [ 98.865155][ T5999] usb 9-1: config 3 interface 42 altsetting 13 bulk endpoint 0x4 has invalid maxpacket 16 [ 98.868880][ T5999] usb 9-1: config 3 interface 42 altsetting 13 has a duplicate endpoint with address 0xE, skipping [ 98.872174][ T5999] usb 9-1: config 3 interface 42 altsetting 13 endpoint 0xA has invalid maxpacket 1024, setting to 64 [ 98.875398][ T5999] usb 9-1: config 3 interface 42 altsetting 13 endpoint 0x6 has invalid wMaxPacketSize 0 [ 98.878230][ T5999] usb 9-1: config 3 interface 42 altsetting 13 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 98.881399][ T5999] usb 9-1: config 3 interface 42 altsetting 13 has a duplicate endpoint with address 0xB, skipping [ 98.884563][ T5999] usb 9-1: config 3 interface 42 altsetting 13 has a duplicate endpoint with address 0x9, skipping [ 98.887642][ T5999] usb 9-1: config 3 interface 255 altsetting 9 has a duplicate endpoint with address 0xE, skipping [ 98.890708][ T5999] usb 9-1: config 3 interface 138 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 98.893810][ T5999] usb 9-1: config 3 interface 42 has no altsetting 0 [ 98.895965][ T5999] usb 9-1: config 3 interface 255 has no altsetting 0 [ 98.897938][ T5999] usb 9-1: config 3 interface 138 has no altsetting 0 [ 98.901472][ T5999] usb 9-1: Dual-Role OTG device on HNP port [ 98.903450][ T5999] usb 9-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=fb.ea [ 98.906145][ T5999] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.908464][ T5999] usb 9-1: Product: ê­¹å– [ 98.909863][ T5999] usb 9-1: Manufacturer: ã°Š [ 98.911231][ T5999] usb 9-1: SerialNumber: syz [ 98.915652][ T8800] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 98.918089][ T8800] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 98.956176][ T40] audit: type=1400 audit(1736077467.352:629): avc: denied { unmount } for pid=5939 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 99.104240][ T8816] can: request_module (can-proto-3) failed. [ 99.137265][ T8800] __nla_validate_parse: 3 callbacks suppressed [ 99.137275][ T8800] netlink: 20 bytes leftover after parsing attributes in process `syz.4.748'. [ 99.141967][ T8800] netlink: 4 bytes leftover after parsing attributes in process `syz.4.748'. [ 99.156441][ T5999] comedi comedi0: Wrong number of endpoints [ 99.158601][ T5999] dt9812 9-1:3.42: driver 'dt9812' failed to auto-configure device. [ 99.166821][ T5999] usb-storage 9-1:3.255: USB Mass Storage device detected [ 99.247202][ T5999] comedi comedi0: Wrong number of endpoints [ 99.249561][ T5999] dt9812 9-1:3.255: driver 'dt9812' failed to auto-configure device. [ 99.256113][ T5999] comedi comedi0: Wrong number of endpoints [ 99.258802][ T5999] dt9812 9-1:3.138: driver 'dt9812' failed to auto-configure device. [ 99.262656][ T5999] usb 9-1: USB disconnect, device number 8 [ 99.359084][ T8839] netlink: 16 bytes leftover after parsing attributes in process `syz.1.758'. [ 99.362330][ T8839] netlink: 92 bytes leftover after parsing attributes in process `syz.1.758'. [ 99.365624][ T8839] vlan0: entered allmulticast mode [ 99.367604][ T8839] veth0_vlan: entered allmulticast mode [ 99.415987][ T40] audit: type=1400 audit(1736077467.782:630): avc: denied { ioctl } for pid=8838 comm="syz.1.758" path="socket:[26743]" dev="sockfs" ino=26743 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 99.479392][ T8849] loop6: detected capacity change from 0 to 524287999 [ 99.485987][ T40] audit: type=1400 audit(1736077467.848:631): avc: denied { execute } for pid=8847 comm="syz.1.760" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 99.490183][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 99.496704][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.499519][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.505512][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.508282][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.511190][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.513895][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.516399][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.519060][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.522765][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.525408][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.527854][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.530575][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.533171][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.535930][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.539224][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.541922][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.544335][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.547116][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.550234][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.759924][ T8874] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2564 sclass=netlink_route_socket pid=8874 comm=syz.1.766 [ 99.766317][ T8874] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1540 sclass=netlink_route_socket pid=8874 comm=syz.1.766 [ 99.875981][ T40] audit: type=1400 audit(1736077468.213:632): avc: denied { view } for pid=8887 comm="syz.4.772" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 99.889052][ T40] audit: type=1400 audit(1736077468.222:633): avc: denied { setopt } for pid=8887 comm="syz.4.772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 99.909849][ T40] audit: type=1400 audit(1736077468.222:634): avc: denied { connect } for pid=8887 comm="syz.4.772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 99.941559][ T8897] team0: Port device gtp0 added [ 99.948440][ T8897] nbd: must specify at least one socket [ 100.121502][ T8914] netlink: 40 bytes leftover after parsing attributes in process `syz.1.780'. [ 100.129710][ T8916] netlink: 'syz.1.780': attribute type 1 has an invalid length. [ 100.131936][ T8916] netlink: 56 bytes leftover after parsing attributes in process `syz.1.780'. [ 100.434300][ T8] usb 6-1: new low-speed USB device number 12 using dummy_hcd [ 100.460692][ T8930] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 100.545652][ T8933] sctp: [Deprecated]: syz.2.786 (pid 8933) Use of int in max_burst socket option deprecated. [ 100.545652][ T8933] Use struct sctp_assoc_value instead [ 100.553250][ T8933] geneve2: entered promiscuous mode [ 100.554848][ T8933] geneve2: entered allmulticast mode [ 100.631278][ T8] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 100.637704][ T8] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 100.642318][ T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 100.646695][ T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.650932][ T8] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 100.654700][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.665367][ T8] hub 6-1:1.0: bad descriptor, ignoring hub [ 100.668048][ T8] hub 6-1:1.0: probe with driver hub failed with error -5 [ 100.671467][ T8] cdc_wdm 6-1:1.0: skipping garbage [ 100.673702][ T8] cdc_wdm 6-1:1.0: skipping garbage [ 100.678973][ T8] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 100.681580][ T8] cdc_wdm 6-1:1.0: Unknown control protocol [ 100.746519][ T8936] openvswitch: netlink: Missing valid actions attribute. [ 100.749318][ T8936] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 100.885049][ T8918] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.891005][ T8918] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.902521][ T8918] overlay: Unknown parameter 'workdir' [ 100.908184][ T8918] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 101.045924][ T8956] netlink: 5344 bytes leftover after parsing attributes in process `syz.2.793'. [ 101.460657][ T63] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 101.473782][ T8918] usb 6-1: reset low-speed USB device number 12 using dummy_hcd [ 101.620943][ T63] usb 7-1: Using ep0 maxpacket: 16 [ 101.629588][ T63] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 101.633583][ T63] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.636686][ T63] usb 7-1: Product: syz [ 101.638352][ T63] usb 7-1: Manufacturer: syz [ 101.640185][ T63] usb 7-1: SerialNumber: syz [ 101.646781][ T63] r8152-cfgselector 7-1: Unknown version 0x0000 [ 101.649473][ T63] r8152-cfgselector 7-1: config 0 descriptor?? [ 101.770725][ T8918] usb 6-1: device descriptor read/64, error -71 [ 101.870577][ T8965] 9pnet: p9_errstr2errno: server reported unknown error 184467440737095 [ 101.874667][ T63] r8152-cfgselector 7-1: Unknown version 0x0000 [ 101.876609][ T63] r8152-cfgselector 7-1: bad CDC descriptors [ 101.879876][ T63] r8152-cfgselector 7-1: USB disconnect, device number 4 [ 102.189522][ T8918] usb 6-1: reset low-speed USB device number 12 using dummy_hcd [ 102.209465][ T8970] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 102.246650][ T40] audit: type=1400 audit(1736077470.430:635): avc: denied { append } for pid=8977 comm="syz.3.798" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 102.477555][ T8918] usb 6-1: device descriptor read/64, error -71 [ 102.638925][ T8991] netlink: 4 bytes leftover after parsing attributes in process `syz.2.802'. [ 102.693190][ T8991] bond0: (slave bond_slave_0): Releasing backup interface [ 102.820147][ T8993] program syz.4.803 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 102.893390][ T8918] usb 6-1: reset low-speed USB device number 12 using dummy_hcd [ 102.926387][ T8918] usb 6-1: device descriptor read/8, error -71 [ 103.343118][ T8918] usb 6-1: reset low-speed USB device number 12 using dummy_hcd [ 103.364679][ T8918] usb 6-1: device descriptor read/8, error -71 [ 103.456514][ T9031] bridge_slave_0: default FDB implementation only supports local addresses [ 103.483356][ T8918] cdc_wdm 6-1:1.0: Error autopm - -16 [ 103.483439][ T8] usb 6-1: USB disconnect, device number 12 [ 103.725573][ T9059] netlink: 16 bytes leftover after parsing attributes in process `syz.2.821'. [ 103.758917][ T9055] netlink: 'syz.4.820': attribute type 1 has an invalid length. [ 103.761379][ T9055] netlink: 224 bytes leftover after parsing attributes in process `syz.4.820'. [ 103.783756][ T9064] mkiss: ax0: crc mode is auto. [ 103.982532][ T9074] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=9074 comm=syz.4.825 [ 104.023530][ T9076] mkiss: ax1: crc mode is auto. [ 104.783142][ T9096] bridge_slave_1: entered promiscuous mode [ 104.786175][ T9096] netlink: 'syz.1.832': attribute type 2 has an invalid length. [ 104.788441][ T9096] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 104.842199][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 104.842214][ T40] audit: type=1400 audit(1736077472.862:645): avc: denied { map } for pid=9103 comm="syz.1.834" path="socket:[26133]" dev="sockfs" ino=26133 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 104.854062][ T40] audit: type=1400 audit(1736077472.862:646): avc: denied { accept } for pid=9103 comm="syz.1.834" path="socket:[26133]" dev="sockfs" ino=26133 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 105.031208][ T9] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 105.043708][ T9107] syz.1.835[9107] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.043785][ T9107] syz.1.835[9107] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.048238][ T9107] syz.1.835[9107] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.214189][ T9] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 105.220524][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 105.223717][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1088, setting to 1024 [ 105.226847][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 105.233204][ T9] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 105.235862][ T9] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 105.238174][ T9] usb 7-1: Manufacturer: syz [ 105.240913][ T9] usb 7-1: config 0 descriptor?? [ 105.242836][ T9101] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 105.681229][ T9] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 105.684280][ T9] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 105.697547][ T9] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 105.717817][ T9113] Illegal XDP return value 3187854524 on prog (id 178) dev N/A, expect packet loss! [ 105.834900][ T40] audit: type=1400 audit(1736077473.788:647): avc: denied { watch watch_reads } for pid=9133 comm="syz.1.841" path="/proc/608" dev="proc" ino=26167 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 105.873510][ T9141] __nla_validate_parse: 1 callbacks suppressed [ 105.873521][ T9141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.842'. [ 105.948726][ T9149] fuse: Unknown parameter 'grotp_id' [ 105.993970][ T9141] hsr_slave_1 (unregistering): left promiscuous mode [ 106.556509][ T30] usb 7-1: USB disconnect, device number 5 [ 106.649213][ T40] audit: type=1400 audit(1736077474.545:648): avc: denied { ioctl } for pid=9180 comm="syz.1.853" path="/dev/loop-control" dev="devtmpfs" ino=657 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 106.657110][ T9181] IPVS: Scheduler module ip_vs_non not found [ 106.686733][ T40] audit: type=1400 audit(1736077474.583:649): avc: denied { append } for pid=9186 comm="syz.1.854" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 106.780712][ T9190] sp0: Synchronizing with TNC [ 106.989724][ T9205] IPVS: Scheduler module ip_vs_non not found [ 106.996175][ T40] audit: type=1326 audit(1736077474.873:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9208 comm="syz.4.861" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe06ad85d29 code=0x0 [ 107.011804][ T9205] netlink: 4 bytes leftover after parsing attributes in process `syz.1.859'. [ 107.066796][ T40] audit: type=1400 audit(1736077474.938:651): avc: denied { mounton } for pid=9204 comm="syz.1.859" path="mnt:[4026532878]" dev="nsfs" ino=4026532878 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 115.681287][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 115.684698][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 120.238465][ T9227] program syz.2.864 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 120.241652][ T40] audit: type=1400 audit(1736077487.257:652): avc: denied { getopt } for pid=9226 comm="syz.1.863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 120.247657][ T9231] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=29723 sclass=netlink_xfrm_socket pid=9231 comm=syz.4.862 [ 120.424797][ T9266] netlink: 16 bytes leftover after parsing attributes in process `syz.2.874'. [ 120.575388][ T9] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 120.578386][ T9283] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 120.634426][ T9285] netlink: 12 bytes leftover after parsing attributes in process `syz.2.881'. [ 120.638177][ T9285] bridge_slave_0: default FDB implementation only supports local addresses [ 120.757196][ T9] usb 9-1: Using ep0 maxpacket: 8 [ 120.786687][ T9] usb 9-1: config 0 has no interfaces? [ 120.788328][ T9] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 120.791011][ T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.795027][ T9] usb 9-1: config 0 descriptor?? [ 120.889433][ T9305] netlink: 24 bytes leftover after parsing attributes in process `syz.3.887'. [ 120.906416][ T9305] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=9305 comm=syz.3.887 [ 120.910614][ T9305] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=9305 comm=syz.3.887 [ 120.914264][ T9305] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=9305 comm=syz.3.887 [ 120.918106][ T9305] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=9305 comm=syz.3.887 [ 120.921755][ T9305] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2584 sclass=netlink_route_socket pid=9305 comm=syz.3.887 [ 120.976801][ T9307] ebtables: ebtables: counters copy to user failed while replacing table [ 121.014712][ T40] audit: type=1400 audit(1736077487.987:653): avc: denied { write } for pid=9242 comm="syz.4.868" path="socket:[27520]" dev="sockfs" ino=27520 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 121.015175][ T30] usb 9-1: USB disconnect, device number 9 [ 121.085382][ T40] audit: type=1400 audit(1736077488.052:654): avc: denied { rename } for pid=9313 comm="syz.2.890" name="file0" dev="9p" ino=36575056 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 121.092999][ T40] audit: type=1400 audit(1736077488.062:655): avc: denied { create } for pid=9313 comm="syz.2.890" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 121.115429][ T9318] fuse: Bad value for 'group_id' [ 121.116900][ T9318] fuse: Bad value for 'group_id' [ 121.118791][ T40] audit: type=1400 audit(1736077488.081:656): avc: denied { setopt } for pid=9317 comm="syz.3.891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 121.121417][ T9318] netlink: 20 bytes leftover after parsing attributes in process `syz.3.891'. [ 121.171548][ T40] audit: type=1400 audit(1736077488.127:657): avc: denied { read append } for pid=9321 comm="syz.2.892" name="file0" dev="9p" ino=36575188 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 121.182510][ T40] audit: type=1400 audit(1736077488.127:658): avc: denied { open } for pid=9321 comm="syz.2.892" path="/241/file0/file0" dev="9p" ino=36575188 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 121.189070][ T40] audit: type=1400 audit(1736077488.127:659): avc: denied { write } for pid=9321 comm="syz.2.892" name="file0" dev="9p" ino=36575188 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 121.273236][ T9331] netlink: 8 bytes leftover after parsing attributes in process `syz.3.896'. [ 121.276771][ T9331] netlink: 4 bytes leftover after parsing attributes in process `syz.3.896'. [ 121.280370][ T9331] netlink: 'syz.3.896': attribute type 11 has an invalid length. [ 121.479119][ T40] audit: type=1400 audit(1736077488.417:660): avc: denied { setattr } for pid=9342 comm="syz.3.900" name="/" dev="9p" ino=36575044 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 121.506034][ T9345] No such timeout policy "syz1" [ 121.533259][ T40] audit: type=1400 audit(1736077488.464:661): avc: denied { accept } for pid=9346 comm="syz.2.903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 121.596935][ T9355] ieee802154 phy1 wpan1: encryption failed: -22 [ 121.599496][ T9355] ieee802154 phy1 wpan1: encryption failed: -22 [ 121.662771][ T9370] netlink: 56 bytes leftover after parsing attributes in process `syz.4.908'. [ 121.704105][ T9374] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 121.711548][ T9374] CIFS mount error: No usable UNC path provided in device string! [ 121.711548][ T9374] [ 121.714308][ T9374] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 121.802456][ T9387] ufs: You didn't specify the type of your ufs filesystem [ 121.802456][ T9387] [ 121.802456][ T9387] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 121.802456][ T9387] [ 121.802456][ T9387] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 121.811678][ T9387] ufs: ufstype=old is supported read-only [ 121.814264][ T9387] ufs: ufs_fill_super(): bad magic number [ 121.866234][ T9392] netlink: 272 bytes leftover after parsing attributes in process `syz.4.914'. [ 122.003572][ T9402] netlink: 20 bytes leftover after parsing attributes in process `syz.4.918'. [ 122.008027][ T30] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 122.057917][ T9408] Bluetooth: MGMT ver 1.23 [ 122.138508][ T9417] binder: BINDER_SET_CONTEXT_MGR already set [ 122.141314][ T9417] binder: 9415:9417 ioctl 4018620d 20000100 returned -16 [ 122.147384][ T9418] binder_alloc: binder_alloc_mmap_handler: 9415 20ffd000-20ffe000 already mapped failed -16 [ 122.160089][ T9417] binder: BINDER_SET_CONTEXT_MGR already set [ 122.161752][ T9417] binder: 9415:9417 ioctl 4018620d 200001c0 returned -16 [ 122.169781][ T30] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 122.173358][ T30] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 122.176648][ T30] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 122.179736][ T30] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 122.183364][ T30] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 122.185912][ T30] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.190951][ T30] usb 7-1: config 0 descriptor?? [ 122.506498][ T30] usbhid 7-1:0.0: can't add hid device: -71 [ 122.508353][ T30] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 122.512426][ T30] usb 7-1: USB disconnect, device number 6 [ 122.535361][ T9438] netlink: 'syz.2.928': attribute type 1 has an invalid length. [ 122.679092][ T9443] 9pnet_fd: p9_fd_create_unix (9443): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 122.689229][ T9443] netlink: 20 bytes leftover after parsing attributes in process `syz.2.930'. [ 123.222286][ T9458] 9pnet_virtio: no channels available for device syz [ 123.771440][ T9499] hfsplus: unable to find HFS+ superblock [ 123.937331][ T9516] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 123.939262][ T9516] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 123.942912][ T9516] vhci_hcd vhci_hcd.0: Device attached [ 123.945731][ T9517] vhci_hcd: connection closed [ 123.947913][ T6273] vhci_hcd: stop threads [ 123.950659][ T6273] vhci_hcd: release socket [ 123.951997][ T6273] vhci_hcd: disconnect device [ 124.021574][ T9521] xfrm1: entered promiscuous mode [ 124.023126][ T9521] xfrm1: entered allmulticast mode [ 124.213640][ T9547] nd_bus ndbus0: __nd_ioctl:bus unknown input size cmd: cmd_call field: 1 [ 124.620487][ T9565] netlink: 'syz.1.967': attribute type 13 has an invalid length. [ 124.622782][ T9565] netlink: 'syz.1.967': attribute type 11 has an invalid length. [ 124.659616][ T9567] bond1: entered promiscuous mode [ 124.661144][ T9567] bond1: entered allmulticast mode [ 124.662797][ T9567] 8021q: adding VLAN 0 to HW filter on device bond1 [ 124.970608][ T9577] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 125.106512][ T9591] netlink: 'syz.4.976': attribute type 18 has an invalid length. [ 125.117376][ T9591] netlink: 'syz.4.976': attribute type 18 has an invalid length. [ 125.252520][ T9609] nbd: illegal input index -1996488704 [ 125.431234][ T9] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 125.623281][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 125.628254][ T9] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 125.630662][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 125.633720][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 125.639601][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 125.642464][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 125.649594][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 125.654486][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.860855][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 125.860866][ T40] audit: type=1400 audit(1736077492.514:673): avc: denied { execute } for pid=9632 comm="syz-executor" name="syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 125.878514][ T40] audit: type=1400 audit(1736077492.514:674): avc: denied { execute_no_trans } for pid=9632 comm="syz-executor" path="/syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 125.880259][ T9] usb 6-1: usb_control_msg returned -32 [ 125.892467][ T9] usbtmc 6-1:16.0: can't read capabilities [ 125.969236][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 125.974494][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 125.978522][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 125.981819][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 125.984334][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 125.989326][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 126.140760][ T9646] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 126.144937][ T9645] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 126.215295][ T9652] SELinux: Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped). [ 126.227571][ T40] audit: type=1400 audit(1736077492.860:675): avc: denied { relabelto } for pid=9648 comm="syz.2.988" name="cgroup.procs" dev="cgroup" ino=178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:semanage_exec_t:s0" [ 126.230064][ T9652] bridge: RTM_NEWNEIGH with invalid ether address [ 126.236914][ T40] audit: type=1400 audit(1736077492.860:676): avc: denied { associate } for pid=9648 comm="syz.2.988" name="cgroup.procs" dev="cgroup" ino=178 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 srawcon="system_u:object_r:semanage_exec_t:s0" [ 126.245874][ T40] audit: type=1326 audit(1736077492.870:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9648 comm="syz.2.988" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f39c4d85d29 code=0x0 [ 126.263998][ T9656] usbtmc 6-1:16.0: INITIATE_CLEAR returned 0 [ 126.289142][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 126.293156][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 126.297612][ T9659] __nla_validate_parse: 12 callbacks suppressed [ 126.297625][ T9659] netlink: 28 bytes leftover after parsing attributes in process `syz.3.991'. [ 126.300358][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 126.315769][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 126.325523][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 126.329433][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 126.478197][ T5977] usb 6-1: USB disconnect, device number 14 [ 126.524990][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 126.529801][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 126.533653][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 126.536307][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 126.539115][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 126.542258][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 126.660676][ T9689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.995'. [ 126.661249][ T9690] netlink: 4 bytes leftover after parsing attributes in process `syz.3.995'. [ 126.737569][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 126.741942][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 126.747045][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 126.750147][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 126.752573][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 126.755099][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 126.795874][ T9696] fuse: Bad value for 'group_id' [ 126.799555][ T9696] fuse: Bad value for 'group_id' [ 127.290338][ T9702] tmpfs: Unknown parameter 'gid”Æ' [ 127.291559][ T40] audit: type=1400 audit(1736077493.861:678): avc: denied { getopt } for pid=9700 comm="syz.3.1000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 127.298719][ T40] audit: type=1400 audit(1736077493.861:679): avc: denied { map } for pid=9701 comm="syz.1.998" path="socket:[31368]" dev="sockfs" ino=31368 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 127.390148][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 127.395365][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 127.398614][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 127.401435][ T9718] fuse: Unknown parameter '0x0000000000000017000000000000000000000270x000000000000000b' [ 127.402889][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 127.409282][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 127.411538][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 128.141754][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 128.147144][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 128.150709][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 128.157811][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 128.161172][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 128.164805][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 128.411860][ T5977] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 128.572331][ T5977] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 128.575231][ T5977] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 128.577811][ T5977] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 128.581007][ T5977] usb 6-1: config 0 interface 0 has no altsetting 0 [ 128.584154][ T5977] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 128.587447][ T5977] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 128.591597][ T5977] usb 6-1: config 0 interface 0 has no altsetting 0 [ 128.595261][ T5977] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 128.598631][ T5977] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 128.602741][ T5977] usb 6-1: config 0 interface 0 has no altsetting 0 [ 128.606177][ T5977] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 128.609457][ T5977] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 128.613408][ T5977] usb 6-1: config 0 interface 0 has no altsetting 0 [ 128.617159][ T5977] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 128.620523][ T5977] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 128.624612][ T5977] usb 6-1: config 0 interface 0 has no altsetting 0 [ 128.628252][ T5977] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 128.631496][ T5977] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 128.635662][ T5977] usb 6-1: config 0 interface 0 has no altsetting 0 [ 128.639036][ T5977] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 128.642361][ T5977] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 128.646541][ T5977] usb 6-1: config 0 interface 0 has no altsetting 0 [ 128.650037][ T5977] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 128.652629][ T5977] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 128.656688][ T5977] usb 6-1: config 0 interface 0 has no altsetting 0 [ 128.661024][ T5977] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 128.664468][ T5977] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 128.667534][ T5977] usb 6-1: Product: syz [ 128.669230][ T5977] usb 6-1: Manufacturer: syz [ 128.670996][ T5977] usb 6-1: SerialNumber: syz [ 128.674856][ T5977] usb 6-1: config 0 descriptor?? [ 128.680786][ T5977] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 128.896910][ T832] usb 6-1: USB disconnect, device number 15 [ 128.899926][ T832] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 129.040889][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 129.043958][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 129.046665][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 129.049336][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 129.051736][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 129.054322][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 129.950976][ T40] audit: type=1326 audit(1736077496.340:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9761 comm="syz.1.1017" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ca9785d29 code=0x0 [ 129.960773][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 129.966641][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 129.970341][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 129.975728][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 129.978455][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 129.981320][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 131.009434][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 131.014569][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 131.014614][ T9775] 9pnet_fd: Insufficient options for proto=fd [ 131.017275][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 131.024050][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 131.027200][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 131.031569][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 131.051814][ T40] audit: type=1326 audit(1736077497.369:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9777 comm="syz.1.1020" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ca9785d29 code=0x0 [ 131.081401][ T9780] netlink: 'syz.1.1021': attribute type 39 has an invalid length. [ 132.190730][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 132.194521][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 132.198165][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 132.201671][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 132.204446][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 132.206892][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 133.375097][ T9789] binder: 9788:9789 ioctl 400c620e 20000140 returned -22 [ 133.388547][ T40] audit: type=1400 audit(1736077499.558:682): avc: denied { rmdir } for pid=9791 comm="syz.3.1025" name="file2" dev="9p" ino=36702035 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 133.417862][ T9795] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1027'. [ 133.421852][ T9795] tmpfs: Unknown parameter 'grpquota_blocÉœÈÕŽ' [ 133.423683][ T40] audit: type=1400 audit(1736077499.586:683): avc: denied { mounton } for pid=9794 comm="syz.2.1027" path="/269/file0" dev="tmpfs" ino=1482 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 133.430120][ T40] audit: type=1326 audit(1736077499.586:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1027" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39c4d85d29 code=0x7ffc0000 [ 133.437148][ T40] audit: type=1326 audit(1736077499.586:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1027" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39c4d85d29 code=0x7ffc0000 [ 133.443433][ T40] audit: type=1326 audit(1736077499.586:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1027" exe="/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f39c4d85d29 code=0x7ffc0000 [ 133.450697][ T40] audit: type=1326 audit(1736077499.605:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1027" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39c4d85d29 code=0x7ffc0000 [ 133.457793][ T40] audit: type=1326 audit(1736077499.605:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1027" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39c4d85d29 code=0x7ffc0000 [ 133.464362][ T40] audit: type=1326 audit(1736077499.605:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1027" exe="/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f39c4d85d29 code=0x7ffc0000 [ 133.471584][ T40] audit: type=1326 audit(1736077499.605:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9801 comm="syz.2.1027" exe="/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f39c4db85e5 code=0x7ffc0000 [ 133.478002][ T40] audit: type=1400 audit(1736077499.642:691): avc: denied { create } for pid=9802 comm="syz.1.1029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 133.510973][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 133.516587][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 133.527613][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 133.532631][ T9808] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1028'. [ 133.534608][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 133.538800][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 133.541979][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 133.556329][ T9818] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1031'. [ 134.884409][ T9828] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1035'. [ 134.924650][ T9836] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 134.927720][ T9836] IPv6: NLM_F_CREATE should be set when creating new route [ 134.933323][ T9839] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1038'. [ 134.937110][ T9839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1038'. [ 135.027486][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 135.038447][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 135.061683][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 135.076667][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 135.079199][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 135.081372][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 136.506962][ T9864] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 136.542156][ T9869] 9pnet_virtio: no channels available for device syz [ 136.615254][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 136.619685][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 136.624005][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 136.627051][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 136.629663][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 136.633044][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 138.263777][ T9907] vxfs: WRONG superblock magic 00000000 at 1 [ 138.267289][ T9907] vxfs: WRONG superblock magic 00000000 at 8 [ 138.272709][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.280976][ T9907] vxfs: can't find superblock. [ 138.281878][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 138.290172][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 138.294027][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 138.297577][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 138.303513][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 138.305687][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 138.359103][ T9907] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 139.907816][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 139.907831][ T40] audit: type=1400 audit(1736077505.657:700): avc: denied { ioctl } for pid=9926 comm="syz.1.1065" path="/dev/usbmon0" dev="devtmpfs" ino=737 ioctlcmd=0x9206 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 139.925786][ T40] audit: type=1326 audit(1736077505.666:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9926 comm="syz.1.1065" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca9785d29 code=0x7ffc0000 [ 139.928550][ T9930] team0: entered allmulticast mode [ 139.934623][ T40] audit: type=1326 audit(1736077505.666:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9926 comm="syz.1.1065" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca9785d29 code=0x7ffc0000 [ 139.936574][ T9930] team_slave_0: entered allmulticast mode [ 139.936592][ T9930] team_slave_1: entered allmulticast mode [ 139.951413][ T40] audit: type=1326 audit(1736077505.675:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9926 comm="syz.1.1065" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ca9785d29 code=0x7ffc0000 [ 139.960169][ T40] audit: type=1326 audit(1736077505.675:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9926 comm="syz.1.1065" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca9785d29 code=0x7ffc0000 [ 139.969749][ T40] audit: type=1326 audit(1736077505.675:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9926 comm="syz.1.1065" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca9785d29 code=0x7ffc0000 [ 139.976099][ T9940] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1070'. [ 139.977782][ T40] audit: type=1400 audit(1736077505.713:706): avc: denied { append } for pid=9936 comm="syz.3.1068" name="mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 139.981539][ T9940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1070'. [ 139.987959][ T40] audit: type=1400 audit(1736077505.713:707): avc: denied { ioctl } for pid=9936 comm="syz.3.1068" path="/dev/input/mice" dev="devtmpfs" ino=939 ioctlcmd=0x5394 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 139.994016][ T5978] IPVS: starting estimator thread 0... [ 140.012535][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 140.017216][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 140.019835][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 140.025159][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 140.029314][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 140.033605][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 140.057056][ T9954] No control pipe specified [ 140.120533][ T9941] IPVS: using max 44 ests per chain, 105600 per kthread [ 141.875213][ T9972] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9972 comm=syz.1.1080 [ 141.880430][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 141.883509][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 141.886177][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 141.889287][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 141.891795][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 141.894845][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 141.924302][ T9972] xt_cgroup: invalid path, errno=-2 [ 143.720819][ T40] audit: type=1400 audit(1736077509.230:708): avc: denied { setopt } for pid=9985 comm="syz.2.1084" lport=51800 faddr=::ffff:172.30.0.3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 143.722217][ T9986] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1084'. [ 143.770285][ T40] audit: type=1400 audit(1736077509.267:709): avc: denied { write } for pid=9983 comm="syz.1.1083" name="usbmon7" dev="devtmpfs" ino=759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 143.772605][ T9988] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 143.781453][ T9988] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 143.808737][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 143.812686][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 143.817235][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 143.819667][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 143.821900][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 143.824014][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 145.747961][T10000] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1086'. [ 145.791193][T10005] netlink: 'syz.2.1090': attribute type 10 has an invalid length. [ 145.796339][T10005] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.796564][T10007] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1091'. [ 145.800621][T10005] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.810508][T10005] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.813387][T10005] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.816529][T10005] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.819377][T10005] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.824317][T10005] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 145.830820][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 145.835915][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 145.839238][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 145.840467][ T40] audit: type=1400 audit(1736077511.213:710): avc: denied { bind } for pid=10014 comm="syz.1.1093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 145.851172][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 145.851316][T10019] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1094'. [ 145.852180][ T40] audit: type=1400 audit(1736077511.222:711): avc: denied { listen } for pid=10014 comm="syz.1.1093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 145.854370][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 145.867990][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 145.884658][ T40] audit: type=1400 audit(1736077511.250:712): avc: denied { execmod } for pid=10023 comm="syz.2.1095" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=31659 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 145.924015][T10031] ieee802154 phy1 wpan1: encryption failed: -22 [ 145.936819][T10028] nvme_fabrics: missing parameter 'transport=%s' [ 145.939427][T10028] nvme_fabrics: missing parameter 'nqn=%s' [ 145.950777][ T40] audit: type=1400 audit(1736077511.307:713): avc: denied { getopt } for pid=10027 comm="syz.1.1096" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 146.053879][T10027] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 146.111447][T10036] 9pnet_virtio: no channels available for device ./file0 [ 147.836486][ C2] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.839300][ C2] bridge0: topology change detected, propagating [ 147.843913][ C2] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.846467][ C2] bridge0: topology change detected, propagating [ 147.928404][T10042] syz.1.1099[10042] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.928477][T10042] syz.1.1099[10042] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.933558][T10042] syz.1.1099[10042] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.975215][T10039] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 148.043755][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 148.048826][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 148.071734][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 148.085285][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 148.088562][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 148.091518][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 148.169677][T10056] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1103'. [ 148.200688][T10060] sctp: [Deprecated]: syz.3.1104 (pid 10060) Use of struct sctp_assoc_value in delayed_ack socket option. [ 148.200688][T10060] Use struct sctp_sack_info instead [ 150.288228][ T40] audit: type=1400 audit(1736077515.366:714): avc: denied { transfer } for pid=10064 comm="syz.1.1106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 150.385633][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 150.391148][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 150.396960][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 150.400388][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 150.405619][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 150.408389][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 150.436674][T10091] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1115'. [ 152.657427][ T40] audit: type=1400 audit(1736077517.583:715): avc: denied { lock } for pid=10094 comm="syz.3.1118" path="socket:[32389]" dev="sockfs" ino=32389 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 152.755747][T10100] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1118'. [ 152.760419][T10096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1118'. [ 152.791884][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 152.797658][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 152.802594][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 152.808550][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 152.811150][ T5943] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 152.813359][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 152.825219][T10106] usb usb3: usbfs: process 10106 (syz.2.1119) did not claim interface 0 before use SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/rfkill failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: repeatedly failed to execute the program proc=5 req=986 state=3 status=67 (errno 9: Bad file descriptor) [ 153.069276][ T5978] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 157.922739][ T40] audit: type=1400 audit(1736077522.513:716): avc: denied { write } for pid=5333 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 157.930963][ T40] audit: type=1400 audit(1736077522.513:717): avc: denied { remove_name } for pid=5333 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 157.939664][ T40] audit: type=1400 audit(1736077522.513:718): avc: denied { add_name } for pid=5333 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 VM DIAGNOSIS: 11:45:24 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffffea0000d8fd80 RCX=ffffffff81d47410 RDX=ffff888030ebc880 RSI=0000000000000000 RDI=0000000000000001 RBP=1ffff92000985efe RSP=ffffc90004c2f7e0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000003 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=ffffc90004c2fcc8 RIP=ffffffff819a16d2 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f088f6a7d60 CR3=000000000df7e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=00000000000000ff Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f088eb4b6a3 00007f088eb4b6a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc5f3a8570 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555567d99eda 0000555567d99df0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555567d244a8 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555567d2e138 0000555567d2dff0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0340808080100008 80808080808085e4 100001f380040100 0002080608014580 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0108100004800402 0800000800010000 0008060a0156e404 0800048003408080 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8010000880808080 808085e4100001f3 8004010000020806 0801458022080001 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f3f00300080001f3 e00300100001f3d0 0303ffffffff0401 f3c00305e2100001 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f3b00301e6800401 f3a00300080001f3 900303ffffffff04 01f3800338100000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000001408ad RBX=0000000000000001 RCX=ffffffff8b29d759 RDX=0000000000000000 RSI=ffffffff8b6cd9e0 RDI=ffffffff8bd1ede0 RBP=ffffed10039dd910 RSP=ffffc90000187e08 R8 =0000000000000001 R9 =ffffed100d4e6fed R10=ffff88806a737f6b R11=0000000000000000 R12=0000000000000001 R13=ffff88801ceec880 R14=ffffffff905f3950 R15=0000000000000000 RIP=ffffffff8b29eb3f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000558b00a88908 CR3=00000000346ee000 CR4=00352ef0 DR0=0000000000000000 DR1=00000000fec00000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008000 Opmask01=0000000000000000 Opmask02=00000000fffc0000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd7647b0e0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802a9a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802aa7 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802aa1 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802ab5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802b3b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802c19 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000012a919 RBX=0000000000000002 RCX=ffffffff8b29d759 RDX=0000000000000000 RSI=ffffffff8b6cd9e0 RDI=ffffffff8bd1ede0 RBP=ffffed1003a50000 RSP=ffffc90000197e08 R8 =0000000000000001 R9 =ffffed100d506fed R10=ffff88806a837f6b R11=0000000000000000 R12=0000000000000002 R13=ffff88801d280000 R14=ffffffff905f3950 R15=0000000000000000 RIP=ffffffff8b29eb3f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000200002c0 CR3=0000000050252000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffff800 Opmask01=0000000000000000 Opmask02=00000000fffc0000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8caa58ef70 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802a9a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802aa7 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802aa1 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802ab5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802b3b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ca9802c19 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000312e63 64755f796d6d7564 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000f3a29 RBX=0000000000000003 RCX=ffffffff8b29d759 RDX=0000000000000000 RSI=ffffffff8b6cd9e0 RDI=ffffffff8bd1ede0 RBP=ffffed1003a50488 RSP=ffffc900001a7e08 R8 =0000000000000001 R9 =ffffed100d526fed R10=ffff88806a937f6b R11=0000000000000000 R12=0000000000000003 R13=ffff88801d282440 R14=ffffffff905f3950 R15=0000000000000000 RIP=ffffffff8b29eb3f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f9b31b77bac CR3=000000002f686000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc02d905f0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39c4e02a9a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39c4e02aa7 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39c4e02aa1 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39c4e02ab5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39c4e02b3b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39c4e02c19 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000090 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000090 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000