last executing test programs: 2.878180634s ago: executing program 0 (id=1261): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x10}}, 0x0) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{}, @hci_rp_role_discovery={{0x1}, {0x0, 0xc9, 0x1}}}}, 0x4a) 2.134287097s ago: executing program 0 (id=1274): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r1 = socket$rxrpc(0x21, 0x2, 0x2) r2 = accept4(r1, 0x0, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r3 = io_uring_setup(0x62b5, &(0x7f00000000c0)={0x0, 0x86df, 0x8, 0x1, 0x3ab}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0xa, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000040)={0x0, 0x40}, &(0x7f0000000140)=0x8) syz_emit_ethernet(0x46, &(0x7f0000000200)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 1.833009896s ago: executing program 0 (id=1276): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r2], &(0x7f0000000040)='GPL\x00', 0x75, 0x0, 0x0, 0x41100, 0x0, '\x00', r2, 0xf}, 0x94) accept(r1, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) (async) close(r0) (async) socket$inet6_mptcp(0xa, 0x1, 0x106) (async) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c) (async) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r2], &(0x7f0000000040)='GPL\x00', 0x75, 0x0, 0x0, 0x41100, 0x0, '\x00', r2, 0xf}, 0x94) (async) accept(r1, 0x0, 0x0) (async) 1.791118531s ago: executing program 0 (id=1280): syz_usb_connect(0x1, 0x3d, &(0x7f0000001840)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0xffff, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40894}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x55}, 0x4000) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x7, @loopback, 0x800000}, 0x1c) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = fsopen(&(0x7f0000000000)='omfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\bb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xd7\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) syslog(0x9, &(0x7f0000000100)=""/172, 0xac) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r6, &(0x7f0000000000)=[{&(0x7f0000000200)="e5000a03d847879268683cf525db15416a954cb1d7e22717396355a22ca2a25b914f8bf220d27f18a620c5d9c70716b98d2b7f5d069ee36231bd5567ec77bc0e087bdd9a6c16a09b5d65a0cdcf67b76659", 0x51}], 0x1) 1.787974138s ago: executing program 2 (id=1282): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x10}}, 0x0) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{}, @hci_rp_role_discovery={{0x1}, {0x0, 0xc9, 0x1}}}}, 0x4a) 1.27005472s ago: executing program 3 (id=1290): r0 = socket$nl_route(0x10, 0x3, 0x0) capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000040)) r1 = socket$inet6(0xa, 0x802, 0x0) setsockopt$sock_int(r1, 0x1, 0xc, &(0x7f0000000000)=0x4806, 0x4) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x1, 0xfffffffe, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x3438a}, [@IFLA_GSO_MAX_SIZE={0x8, 0x29, 0xd13d}, @IFLA_IFNAME={0x14, 0x3, 'batadv_slave_0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x884}, 0x4004004) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000000c0)={r2, 0x800, {0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a7ddf8a69ea917ded5ba193b3e7772fd29f35239d2", "530bf65043114b2e53000006000000000010e200", [0x1000000000]}}) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) chown(&(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffff) r4 = dup(r3) write$UHID_INPUT(r4, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38) socket$inet6(0xa, 0x80000, 0x2) socket$nl_route(0x10, 0x3, 0x0) (async) capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000040)) (async) socket$inet6(0xa, 0x802, 0x0) (async) setsockopt$sock_int(r1, 0x1, 0xc, &(0x7f0000000000)=0x4806, 0x4) (async) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x1, 0xfffffffe, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x3438a}, [@IFLA_GSO_MAX_SIZE={0x8, 0x29, 0xd13d}, @IFLA_IFNAME={0x14, 0x3, 'batadv_slave_0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x884}, 0x4004004) (async) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) (async) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) (async) syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42) (async) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000000c0)={r2, 0x800, {0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a7ddf8a69ea917ded5ba193b3e7772fd29f35239d2", "530bf65043114b2e53000006000000000010e200", [0x1000000000]}}) (async) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) (async) chown(&(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffff) (async) dup(r3) (async) write$UHID_INPUT(r4, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38) (async) socket$inet6(0xa, 0x80000, 0x2) (async) 1.035528779s ago: executing program 3 (id=1294): syz_80211_inject_frame(&(0x7f0000000180), 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f00000001c0)=@mgmt_frame=@auth={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x6}, @device_a, @broadcast, @initial, {0xe, 0x10}, @value=@ver_80211n={0x0, 0x9, 0x3, 0x2, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, 0x0, 0x38, @val={0x10, 0x1, 0xa5}, [{0xdd, 0x3a, "e1a06376e48c675fb1eeeb36b5c32db58be66e0ff4ca99a9191937103543f3b63f963b7699e712d014ee665c9e36bf0fd16466e74bda190f6554"}, {0xdd, 0xec, "1648b5607aca7973d7945f19cc02f6974874ec66c6cc95d4b9fcfec2d86cf074fa15c8a262c69269131de1ca7ad640c5772fd9056db5f7735953b5dd9d6b7c4fe489289c3c5500c263c788eddb6eae6478e9b0ac1442a7bdadf2b9592d0d1b5ceb44c812da6d4e57a51de968c87336bbfb38e1d36190e674576ceb745ed1dc5466b45b3cc420f0abe80907ccc0802701e46347267aea147c8c57f842480d9d83172f06cbe5d7315e5fb91c857eab0e14cb069ac5f8e6d15c522112e5e42e20808bad89ed0549387ec5be3472e84609999fd8ce0731747449cb7fcf925434132b80b5687fe5b62179ff2f3b8a"}, {0xdd, 0x88, "0f2a6e54b41746d73c541e832be5071605ce78efcf40cccdc76780985c2e5ded37a03b29a36da4c82340d813ab56aef47c3af88a526ad1643d0145d4a3d652b9a2690c07ebf9cf487c8124c6d619551e3b3168e06eeec93f203c86404dc6d3da80591944286efe2a6a777173e955c98aa2a72b8c7501656c06c77d3593726d01031b7331ef9bb36e"}, {0xdd, 0x12, "d7bdd2e7316ae5950b764e622b1e87f451bb"}, {0xdd, 0x28, "c27c0bbe48b1377e2f8f04e40b7423389ffa0aaf9363bbb4bf76c7d5a9392c11ea90e778b275ac69"}, {0xdd, 0x7d, "f1af8c561581c9796ac6433458ce0f8e6017b8852d9f6472d638cfaf96beb570407e869bba0e8c15cdec6f6d68f755607318c447d9bd0fcf0c55b856781c4892b7636527b1906b0c3d10f47f92a0d04baee7fc59c4c5226225e4e3f75b37f43d8cda28c8214621881cc906e488558ba08a01978c64b8a9ef8371c079c5"}, {0xdd, 0x38, "5feedae688fc96204c9d276f692f8e5238b43d75f355fa413945d5d515193a4cec95005c84f0c90f79bff2e77102ffd68a3fec4c61d21793"}]}, 0x2d0) 947.866999ms ago: executing program 2 (id=1295): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r1 = socket$rxrpc(0x21, 0x2, 0x2) accept4(r1, 0x0, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = io_uring_setup(0x62b5, &(0x7f00000000c0)={0x0, 0x86df, 0x8, 0x1, 0x3ab}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0xa, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) syz_emit_ethernet(0x46, &(0x7f0000000200)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 877.201576ms ago: executing program 2 (id=1296): write$selinux_load(0xffffffffffffffff, &(0x7f0000000000)={0xf97cff8c, 0x8, 'SE Linux', "d82b7b48d35107970181af678af2f3d4531e748c18068a844f1db0d6c0ecee237782c177c9afdc357845691a8e3509c356a040b762323df3c473dd2b5cfdfb6a11c0f2627aee54729616ca3a899ee52d1966c98f82a780ed405ad1f9d3d9c2f3172a61c52b9c88b92bde26d6a96648df87754e06f644f65ac675f4b5e667e61cae8bb80a15f42a5b3e90774900e4fc75f743dfedfefaaa2af8b8de595cdf108244338d64f639a9446f9647d2ee25dbb84d519206e163128aa61df095d10093f75c3b0da563cf82174da27f136bcd37c887b256931c47313245cced63490d2afa72771fe45b"}, 0xf5) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x2, r0, 0x1}) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r2, 0x4018aee2, &(0x7f0000000180)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000140)=0x16}) syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x103080) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f0000000240)=@attr_pvtime_ipa={0x0, 0x1, 0x1, 0x10001}) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r1, 0x4018aee2, &(0x7f00000002c0)=@attr_set_pmu={0x0, 0x1, 0x1, &(0x7f0000000280)=0x5}) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$MEDIA_IOC_DEVICE_INFO(r2, 0xc1007c00, &(0x7f0000000300)) tee(r3, r3, 0x9, 0x4) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000400), 0x40000, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_REPLACE_IOAS(r4, 0x3ba0, &(0x7f0000000440)={0x48, 0xb, r2}) ioctl$DMA_BUF_SET_NAME_A(r2, 0x40046201, &(0x7f00000004c0)='!\x00') syz_clone(0x100000, &(0x7f0000000500)="91504ec1da2bf19664756f3159b2e35fc28a9661e37e05db932f68b6659d43ca474ada2cdb7c0688e04992f40e320f31511fa26009079840409d6a540b1f6385cd63ab405c82d3a96799a8c7b8f78d7084d41cb998950c5ab0ebf30a194e2c7683ed9102a84911d2d535f5e9bc146bd4625cd6d6c232f9ad812942a83be9aa4ff04f45a5ee048c769853dcc5d9320ec4cbce61418515aecfe4d9766ddc47a5dd98d455cadbdfb01f4c16ae4b27cd9c3b40", 0xb1, &(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640)="4bd02295f6ae380e26a8f0b78ae3bd4d4830c33c65c9da9494adc2e43a07deefc5fa37188163f25e785d7c0142087b34aa4ea7abc9") ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000680)=0x2) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f00000006c0)=0x80a0000) setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f0000000700)=0x5, 0x4) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) read$FUSE(r2, &(0x7f0000000800)={0x2020, 0x0, 0x0, 0x0}, 0x2020) mount$fuse(0x0, &(0x7f0000000740)='./file0\x00', &(0x7f0000000780), 0x10, &(0x7f0000002840)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x68d}}], [{@fsname={'fsname', 0x3d, '/dev/snd/seq\x00'}}]}}) getsockname$packet(r2, &(0x7f0000002900)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000002940)=0x14) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000002980)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r2, 0x4008ae73, &(0x7f00000029c0)={0x2, 0x81}) r7 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000002a00), 0x2, 0x0) close_range(r7, r3, 0x2) timer_create(0x5, &(0x7f0000002b40)={0x0, 0x2e, 0x0, @thr={&(0x7f0000002a40)="ab9343de4627c28c0407c3bfd30ecf5a140385ce2234b9a2b61d72273e938add79c2cefaa124b562dcad9107edb852a553930f9a71795cce54a4bf191cd7cc226a93f796ec9278f70f99af702f656c1e6d72fc3543e74411a9d66c68599c745c1a19142de922fb7b5ee79e346ec6e656f82539f9be59375dc0ed8095675c8465292331c910ac232deacd053f16a00c737b8bc05bb55aac2021e9234ffa9b3ae1f6", &(0x7f0000002b00)="16bd45c1a822f62d36e5219a04894c7f2a24adbbc70a94e72818a772bb9ac1ed7744bdc27752cea25df63b828a46f1e033f9591dc2ffd38a43793c"}}, &(0x7f0000002b80)=0x0) timer_delete(r8) 876.886942ms ago: executing program 2 (id=1297): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async) r1 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042) write$UHID_INPUT(r1, &(0x7f0000000640)={0x8, {"179c4f014d5876c3e4fa4858113c67be813637500fce388e37e40fe6caf6a8ab9fc1cea8e2fcd16a3b5acde00efe8a7d7b70a535ae5f340be5bf60748b0ac30b62af7dcf60cf8d3fcfb114b6d1f9fb8b1e8aef18382d4a02753336ab7502c9892b8fdf9aec72a2039b9a51cb0ac50a9405849e2c0dfb2f2789ae9e51b59c4d4e72ecf4591d8f01a127d5395f0d99eebddea945b4297ab24a98c891f789a65c73dad8fb44eb39bf16cb1d5f31fee042b96cd65871557a30c4bedf9a3ba6c17e29554530fda4058f25b48059b02f084faa4f91e4cf0191b80074786b4d3756059d420a1f86271ea5ccc3269f6b353502fc804d94c5b3fb23156bee74a71add4880bb19133c11acee211a9f1668bf4f3934ae9be20fef0d13239d0a4c70d90c08b8b02c4f0f3b778f86322f80151ea4226fef27ca2be21fdcf48a48167fc9ac0c3b2402be32aba0d9846b4183c00de6a70c2e15f62ac166d5573d29d23d00d26af731345a5ccf20eea009e405decb055845a56d8ab1ce9b5382325993ce12d444a2acbbdc15af24765fc618af889171d224c7b5ebdc2477d6ed6d85fd9c01f79b0e5a4e1517f6eff2ec1f19b19936b084828249285813f082416ee19a66fca34b6dd41833445edfb9ffc8b39a1e47aba48692f26d7f85f1d37097a51907670c421287cba70f3f0c72d30ace0060c846f509f7fae8b552a9a7f2e8a2b484c45b70fccaf9246249c06a56dbb11029ea821b67fde0dbe1a04a4af06a414265f6890229ef46488a78cf689ba3f72ec5067eeaf62e3a6a793a9c1a0cfe27f9ce9fc9e9a86111657662996240821f476be942664ef82489944847478d1ea7741ddfe0c9bea87e1743823729ba528682e47a6891ec2e6985692b07af258418cbcfd473b1f80673156dae9f058edcff3aa2cc9c52c01352f18a74e32f5c1f268c3a92557c35d344844bacb2b7a59f813bce96fc83ba984a664d4440f2671f56c4279b003ab01262e415cab5f41ddbc0aca42b073751f27344403f8e0742ad67054fba95f91773864b8b0e8693fb46d00426a055c921bbcd7fd18af2570a9b9cc58a0724bad0e2f33fd4ee12bf721047d3b3650714ddd2226b7adc7a85293576edb7eb68ab71ac2ede80e72f70fe70c4f2716d453451bad3164a1c31d0dd140e44661c0b1c2d004dc09298df68dd329d922e04a2c569f6f5d6187286aecd2ff7c6614932c321680c609b403769612c340f346d1914775a8b8e0651965bc7c59ef65bf0822042187d78c0e0ba8ee255052eea74f7e3a01fd09ff78d8a9390d7f37f034ed9d876c3d1849c2b4e689b9da3e69a213a61ab4ac96e45b28209f5cf71bf3ca100f4b5eef2a7356e32e1fb4c2434902cf445df1d9d13b2b01d3726766f8ebf7970a9e40cce88f364b6edcd5b5def96c08dbac0cc5f627002e4730180436c061e3c64246fd1e576c17cde76244d35fb3a8ca73d1a0a4b53c470532d53aaaed056b174e9f50666ca5996794edcd095356290ef3d6319ad6372bba007a389cb597db057bb1d62e355568e05dbac146f0cad11141427e903133b3fd25180e6225789749e8f631b5820d9dddd8a7f3f21b1e46599c10244ee00e58a27d4a26e9a05bd6f4203bea31607d6b932febef464fcdada794e7c82f7b25cfac68c094ed4cdb35da044b184460191efcb16af1f5e6945b527d09b4c66cde472db864212c0c67aeaf90a29610df17ddb3c5c7b515539a433ec221e735cd23d1d58661418f40903ddec4b53330ac152b6ac1426b0115a5bcb31bc36fd59fdd694120cf4e79882ec3dc28d0551aa0f22ba8a1282bc120202a1f6fd6fd61e29b7b3e3fdcde974d1fc753cb99ffe1f1608b88e2fed004fdad78e02675c3946a65861d827b5e21f50ca5ca762c3afa5bce905b7e6d7a8b06cae47d213899c346d47ad99a177719f763168e1f70767bdf226fab1e299549a875e9e5171b1cf95359a5e0613016cf70c198fd645efe0c4d6305589989894e0084bf1c1fdd7d4ed3238a797460d035b8007f6077a9c3d158f92c5d8f9299c7dd86f78c79739889db98840bdfa0d7681a79b09d78fddfbe7a6044ed308bb51462ee08f625396b7685e87d9a302fa71ac45bcc47504a097343c8cccffad6b42026801e77e0b1bf22a974ce5468307a5b35f333341f48ebb9a844b3f2fb0b0da82b9bd4ee80d5774975c912caf598442f8b403f756e5f0160c8d5c98af30220179a1c541545957b3b1d03440df049f7bbfc84a81720f35e42dab5c462e3485a579e0dd851d74c2261fa7a05d06382a43aecfa9136b41e46e13f5ea2524beeead6dda02d9a6fc0253ba82627928058c4724f039d38847771899efcb14ace3e396a15a9d08cc3a5f9d443691d05d2d2164ee5db8a2adde60ba2943c13e83435b7c0f08911c0b2f639f5050ce641658e04bf3074d0e082bb292a8769666cb3c3a2e27650c34cad9d3cbfccd312b2376775557049e229320f7acbf3f18b9d761f65e6e86203513f18798499137535809fc3f10b5c6a22b309062f4bc8717fcf6a3660ff9155b04dc41f4887ff726c571c270a1fca4b658126e65651438cd882aabd97b9de7ef1975594ce849abb5fec448170b7d7eb18ca78c61750486e05405b5b0d61b937b3da90d8ee104406f53221b1e28651da01222c56c3542622a7089f43d45b1709f10db170398caa9cd23f1a7637e694f3e9345fa226ac33af1a91505db21fc7e3c3ae480bebff250a43c62c503e66cb6456b90ea04592e3c48b734d5d2d09da58bb5377b942871f15bdffbb5faf34171731413972191764b8046afac7ad352a69f7fb9fa48c743d59c79cca8313b41f4e37ababa98a22d23bac3bb0b575da2f65f206bf5e4dff7e6af00e56451df767d28b0af2f9c27dc570f4c81a57918802e8d3965b92d1b7dfc4412096d240daa03ecebe2d8299a8dcdcb2f80c3099f818c070aeecad7c3ededdcd0839c581f37615cf4ba0c8d887415aa636a064a800c64fdbda79ab7f9c1e9cd645cab68100a4fd570cc65a7132c43701f03fd9ed7e5b306ad6a975cc9c66e1184f4cbedf148a8c78500f12390f56259fe46f3200444aba398eaf9acf29e041af64891c5a36c7df04c70c9ae6a1c387fd8c1083ee3c4f1d4b92db609acf98b4280e17784a179b011cd99a58e8a12961519cda823d4f61b176f166652a3f4f07385d3f7d16a0c262ee6f7d29437925782805c63498cd849c11ed957fece33fd80e7e51ff9b51645a43d80251e28a03569f35b62745a70938958144f80ecf6406d672ccd9981658e36b9ebf761a4b1e3c7804c38958a1adfcdc5beaed5f6ccb8f041a6d61b0d3da42027019b8916dba7c53dc6e20bdf3f6d754e7c52551fbfc76eb460aa170047ae8f2e4d0a8e7480d9e5c408c2ba62266554b2b1c0ee270a5308e2e2749e9a7c9c0c181ccffc710294f73c30ce478bd938c23cde4cd96d3baa611d465efe9d83f5374b254b6eb0797f581fabf968e036e8ba9a59feaab2aa8b8ca2f4df30a4016503f67e9aec4b0e24fccc751fbd361219c0ece49d3e5833dfba07c131278d2434ae5d6a38d116dee699898aae19cde949601267b59286883694e5455f4ab5431eb45108ddb02c0a7cb4b4bcb8ef975ba2fadbb8144d9019fc1565a95655b6cce4a79cef35e1f63777871d14a7a0eb27040ef0b334bea57a4e5c94287e73d67efd59877f5750021a867cac4dfe34be049cc48b1ce67a81fd8ba7aaa218c1815c681d257d187a3276cf14ef5adac2972fd4e8f4e77b250b70c4ebef312cd065651250368bda5b7bf4d68289a5eb13202783a7fbe2f493ea5fde647ad988ed7eec362d7c486cd54e83e60ecc2491de0b0180b2dfe5dd44309a46e3b5cb130a732f0b5886ff0112d7f51aab8f9f92b7165807126e8edb64b2ba20a9f197631106dfd99ec1dd082d33bb8cde00fae1356b38c7cd9856172a6f1af8dce21a4f51854ad995d0db151faebf070e55ed84430fa717d7e108118aa9b84dfd962c415969476c6f9481479e5f272f16e30dcd2a4bd1e354bd0342d9d6e7abfc5a15e511ad1155ea05c3476b51fdfcceb8f8720a4c1f401c32de7e2584009a6d62cb47b44b03a8da44b13b0e1bb7677f030d17733214e6c03174fd057173e33641bdf35b2826668dd4eb491fd7ee38443827c7b6ea4432d70fe460d12733e517295fc1f950c447aba9966c0a6f91241c2b5de4672dec6284a9cf9e8b9416f19a6e763b9225ba91ae00e97351c40a800aeb77857630d883be0a47ed281d2bfefc8d033e2c34b2641f2f3e8a4c6647b15dd9bfdfeeea3fa1157d0db77669de1da9245ff97fb8617013f3e4c5c7a4ee721787db8330886d0574efcf86c7ca3a4baa02351d284474aa0e567cf45d99ceb51972b5ea776c8208585431bfa0d23fe136d714355a4e807f41bff5d458b7bc813487082eb2faf6726851ba55cdf38791e1141843284e6ad49124108eab3000b54f2a1abbde0fedfe839359ffcc2718cccc285962cd3f16bb82af6756f43de8fa014ae85ddf822c34574108aaee9a254acc6db79b9d35e89eba57663463ebadb0926528947ffdec88d3c88f11ed07fa39cfbe441e66c4950a8702c249d001642ae1f54839d3c1faa285967b0e7fc289f66f3c1847eadb4229ba49e5a2681df3ae87a279175f54b75a600223d175ab45ac2c3762ad5eda206c1e5ee9e205fa4fece9cdb63d048139134ff8d029f661ead227e29be6f65f94c68c74f0e25ebce4e5da4a94ed33804b87199c31e0a717b977a6b1d5c6f0574521c9365c5ff35b5e1ee231b949a193164e1898d6204372af99634fd75ab4fdd48c434467da038dfb96e7ce985b52cf6542b69a369b38647dfe4b7c6b7425267c5c9305daf85ff3572eafdaf583ae9f226b7986f2402ddbe9e5551630fa0bf0d717391a8973fceb96f403c5e0c2e7bd7604d199d58cb963861b125eacdddf83a5c7cd84049d2ca46e793cddd6b7507aaa563cfbffc8ba43e59a6b9ee8a362f928887671df9ae66dfacd2e9603cf322f0e1a399ea9b6ca9c030bd7e7647267239b6303f76e2d4006d061d8891cc9db4a3da516eefc74771becea5b60094863bf12e813386c22ed00e1f5be9f681116cfe352d0d36219ff89bae173de89c121e6e56bb657277d47efc817516591c3b12ff95b9ed7edd3c8d1790842412b380202032941fc5d9ec432e5c7203fd207e32102497b13ca2ea43ed8a5991cecc19fc77a7398328e9334061997700166e3e0a72ed4b0c5c47aca9fd48d05c40f50d22f1f642a6e5a4af8ea5d1d6c5e45e2f402634069f3705767847c78081b08081052920829e22881bcba19d6452d198beccc81295a2683d0c545713ba2953fa4f667362d06a352f406a33ee7e553fcc7268e2d7fc97e1ccd340bb8c73ae631a1051acdc872a0d30da2774d9570007be36f54ac6f2b93085c353b3fa0201ca7828e7154c4a7d837cd76db45cddfa39adc095d61987e8f47ebe476f75132d7e653ec59f99d9bb576ca36f3374284ecf5e816d940456dd9299c298c9bf54eb313ef9ed29c17b987baf2ce18be63d6f87f2fb93b16522211255400af050caabc26c96777e88ebd6cf529eb8924b2ef2e0a2042ea4e9410ca1236aaee7ebf4946c8573a26c9f80a0d24b7d629bdb7bfbe0db1e3e97d37fc018f9ebca783c06c43b9f9dfc98ea684d0cd74e4631a6347a0775ad8759448a25f7d60e53ab86452b1a13fb16928142f341ee3c31c7320159819ee4319d2afb3f8e47fd0ef8893fe154d08b8fea6669a52f2", 0x1000}}, 0x1006) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) dup(r3) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r6, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r5]) (async) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x4048aecb, &(0x7f0000000100)) (async) setsockopt$netrom_NETROM_N2(r0, 0x103, 0x3, &(0x7f0000000040)=0x1, 0x4) r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r7, 0x10c, 0x4, &(0x7f0000000300), &(0x7f00000002c0)=0x4) (async) r8 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0) ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f0000000140)={'fl512\x00', [0x9e1, 0x2166, 0x0, 0x100000, 0x88d7, 0x8f, 0x1, 0x10, 0x1002, 0xffffffff, 0x200, 0x8, 0x344, 0x1, 0x7, 0x1, 0x8, 0x3, 0x9, 0xe, 0x100, 0x3, 0x7, 0xa, 0x5, 0x1, 0xb0c4, 0x7df, 0x8, 0x400007, 0x1]}) (async) socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x28}}, 0x0) (async) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) r11 = openat$comedi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/comedi4\x00', 0x300, 0x0) ioctl$COMEDI_CANCEL(r11, 0x6407) (async) sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYRESHEX=r11], 0x7c}}, 0x4000010) (async) sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a98000000060a0b040000000000000000020000006c000480680001800a000100696e6e65720000005800028008000240000000840800034000000007080004400000000f0800014000000000340005800c0001007061796c6f61641024000280080004400000001c08000340000000b9080001400000000a08000240000000000900010073797a30000000000900020073797a326ec1ae5e011409c512e0f27f7243fe2bea80cdf00892898282a0bef94913de89"], 0xc0}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async) setsockopt$ax25_SO_BINDTODEVICE(r9, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)) (async) r12 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r12, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) 669.283408ms ago: executing program 0 (id=1298): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) (async) memfd_secret(0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r1, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = socket$kcm(0x29, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, &(0x7f0000000040)=0xfffffffe, 0x43) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) (async, rerun: 32) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x7, 0x0, 'queue1\x00'}) (async, rerun: 32) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x12400, 0x0) read$char_usb(r3, &(0x7f0000000080)=""/160, 0xa0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 64) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) (rerun: 64) close(r4) (async, rerun: 32) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 32) r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) (async) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, r6, 0x26}, 0x10) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20) sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) socket$inet(0x2, 0x4000000000000001, 0x0) (rerun: 32) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) (async) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) r8 = syz_open_dev$audion(&(0x7f0000000300), 0xff, 0x4000) r9 = syz_io_uring_setup(0x5fce, &(0x7f0000000940)={0x0, 0x3ea0, 0x4001, 0x2, 0x17, 0x0, r8}, &(0x7f00000002c0), &(0x7f0000000340)) openat$cgroup_int(r3, &(0x7f0000000380)='memory.swap.high\x00', 0x2, 0x0) (async) io_uring_register$IORING_REGISTER_PBUF_RING(r9, 0x16, &(0x7f0000000900)={&(0x7f0000003000)={[{0x0, 0x0, 0x1}]}, 0x1, 0x2}, 0x1) 448.601345ms ago: executing program 0 (id=1299): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000340)=ANY=[@ANYBLOB="05000000000000e672000040"]) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) r4 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0xfffffffe) r5 = socket$rds(0x15, 0x5, 0x0) bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r5, &(0x7f0000000000)={&(0x7f0000000200)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@zcopy_cookie={0x18, 0x114, 0xc, 0xffffffff}], 0x18}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) 445.454242ms ago: executing program 3 (id=1300): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="016f08000100000000005084d473ed57ca640000dd9c5a20407a42a2ffffac1462526459d74d8da33be9224d6a3844a03fce46f86e55f888f3bdb66047a2359cee87cf0c99c8b4a682859d702bf63fb6e82ed9a155fe2638d571e569d9e480d4d8da6a30209f8b7ca8526f6a11bbbea6701fd96fcc7b7f3e91d628709710b03fb229267199958241628717796b64ff17b926606acb77240041fa35ed07f110f7171af9721fbbed298f", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ba0003009078001b09c400050200000000000000000002d58838068b91000000"], 0x4e) sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001a80)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000810}, 0x24048005) recvmmsg(r3, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000540)=""/68, 0x44}], 0x1}, 0x7}], 0x1, 0x2000, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x840) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f00000002c0)={&(0x7f0000000040), 0xc, &(0x7f00000001c0)={&(0x7f0000000400)={0x64, r4, 0x300, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x80000000}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x1) 432.752129ms ago: executing program 2 (id=1301): r0 = socket$qrtr(0x2a, 0x2, 0x0) sendmsg$qrtr(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="91f271c3dde7e1b07231801aa75a63065e0744dcc59de422b037d74f61666b3e9366e416529a987bbc90dfdaf4c126b1b09fe572b021e98955aad2240eee727dfa74af0eefb59e31b5c7f707bdf45b2ccaec753bc0c0be2dcf0de867f5e8154943e1d7b8c32dd6c8d72ec67b3d7f9c5872475a4cd08981d88e2115c3298213", 0x7f}], 0x1, &(0x7f00000000c0)=[{0xe0, 0x119, 0xfd, "649a4413788ecbd9cb09783fe815f84afd467fe9ca2db883e87e56e9b0692fea8929f4310179c898fcf08efe8b05952174924eb9b4e040923f618620cf2fa31e1a3dd57cdd31536754ff0d9716ddf74ff990e1cbe24f6610be069a20b1ecbeafa8ec4c4495f3de28f41c2850e381986dbff2b29f06166d5dc3d98e1d581b784daf66d79a929be1ecf00cb748f55df1cb18370e692e9bc3920fb026f55e81a5ff9407d5a0988ee8e523c5e26c9610b890e34160e918984c972352cb411f7db4a060a453ae6ece7ebff5a9e7e46ae7721e"}, {0x18, 0x84, 0x8, "ef9e2e"}], 0xf8, 0xc000}, 0x38) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_VDPA_GET_VRING_NUM(r1, 0x8002af76, &(0x7f0000000240)) ioctl$VHOST_VDPA_GET_CONFIG_SIZE(r1, 0x8004af79, &(0x7f0000000280)) r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000400)={&(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0], 0x2, 0x3, 0x8, 0x3}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000540)={&(0x7f0000000440)=[0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x3, 0x7, 0x5, 0x6}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000680)={&(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x4, 0x3, 0xa, 0x5}) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000700)={0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000780)={&(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000800)={&(0x7f00000006c0)=[r3, r5, 0x0, r7], 0x4, r8, r9, 0xc, 0xc09, 0xffffffff, 0x1, {0xc, 0xe, 0x2, 0xda98, 0x1, 0x1, 0x5, 0x5, 0x6, 0xfff, 0x8b, 0xef9d, 0x3, 0x8, "91d3ce3e9d1ff297c5724bb55f6f67db67fe1141d6245d8bc96f079616a824c0"}}) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000880)={0x9d, 0x200, 0xfff, 0x8, 0x0, 0x7}) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a00)='./cgroup.net/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000009c0)={@cgroup=r10, 0x13, 0x1, 0x7, &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, &(0x7f0000000900)=[0x0], &(0x7f0000000940)=[0x0, 0x0], &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) r12 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000a40), 0x880, 0x0) ioctl$vim2m_VIDIOC_QUERYCAP(r12, 0x80685600, &(0x7f0000000a80)) r13 = openat$null(0xffffffffffffff9c, &(0x7f0000000b00), 0x428000, 0x0) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b80), r12) sendmsg$NL80211_CMD_NEW_STATION(r13, &(0x7f0000001c40)={&(0x7f0000000b40), 0xc, &(0x7f0000001c00)={&(0x7f0000000bc0)={0x1040, r14, 0x100, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x9}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x3}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x5}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x1004, 0xac, "f84f99a2797ba13cd9cdeb52d25018cda0aa50a861a1338c01a008a17723c76ea8f0f8b064b0c55e5fc1d1ae0868d5c37d3bc7d3afcebd14c25bdcf8c6c6a3fd313de57b6893e09eb3f5002abc0708fe358d3c3973ba6406a92ebe963e248224fb025f33359ed40ebb1fd0863aa04816e32a50f1112d7e10650c8b5663d1fbc50b0f785770d73d66bad8537cc3f2ade96d234664419f8b9b23448b39ba88330f8f81d1d8ace882e51f4aa7c9fc4dcb62d946cc755362e4880bb6658f786d38bdd3b734c70cbfd047315baddc32bc50a65401bdacaf417e9d1f302ec81560c0e808448885550116d1b0ca73ef4028c2aab172815ef1ed0c6ac1a565855b2ce065fe7c9155c3350434c0dad8ef66202d7a8ecab29f7d88694b2123b88f10c501f8b001eb637374be7c84e28cdada09f695ad450fea4829231114bf3139896f67e7045360255e793ec4abd90301b8ed19f301cce1bf841684c76640e5e3ac7aef226b9d8ef554676f6cebf8daa03e2f17d3bb0713618bc47fd6eac04055f216ab65de33558b6c2dbe5379d4834f0ac2d3d263e4ae30a2e196be3ff3b74c5f18e8eb1d2b88bf7084e398cebd64e07a35eaa367dfd69c99933db3e601a044b13f3df8413bb2a5dfbb17a81fbba39baa88b5f3c0c18f0547c6169279f8912688660867e6f45965fba14c7b62388418b550b3215110d112230cf1b962776ac643940437e2d0d7bd4bbb15de1276f7a0fb610e07483098261c5c86a8bfda8ab158b75e00841c8962e9ed8b351efb89cc83b13a4b475153de16469e4923409d07cb6bb642b09c490677738a7748ba2b58e95a3557c55e6193ec18dd705e52a1d11ad89511439b6e5a3b25525d955193b833c44890cdbb45f09688f4700df49951c4059ebfc3b4b777125123de98bc6e48bec8d928a1a506055a2a4181ae56cc4915aebf050f496016c3837f4ab4401d745368171e785a65fb79d48b8cc78d54a204fd59e5a6c6130c3b6da1f9d2b788dbe5fa552123912cc4d25ecb7db5aa11066ca54ec103381900dc842cd16acd755418354f768a2d599b05873c6fbfed713ea1e95f42a323e97efaa6f210040a4066130ff7de7dae452b1f3043209577066f0d331ee1bf7df8a4e5eca3b7036cb6bd6da85db30141c838a4678aab654cc49f2d439a4390d0d7a9df2c174e139630dd308d1667b532fb3af484dd4b1dae3f8685c9bf33d356b325c8f14d9e4b374107f2485223dcf63aebe3a47173814ee1a37d35bdf891b91eb9645505785299ce735abb9a4b05d39e00a03562379dcaf5f8b825b0de7b02ca657e99efed5ab15785362fa2c1d1f109e42c474ae68a9a24c9ee438b82bb064fba62e8417784a12e92d21cd015edb9279ed0ba448bb9120c7af290603354791d99f191b2455139f91cc94078b1a5b168bce173436cc42119d56c01206da112ecca20e8200b2d23ceec738b8cc7227abf82113859d811a44ef2a55108391a305325e637d963db3813b0f8c327dfa34e823f6afc7e1cb094923f24751044a85aa7c4daf0e3ede4ea6579efe065ec5462e2fbb5d1e67ac57d5c747135c4f8378def46f60962f0c2144e3ae793d108646b7dcf814f990c78d6e89abf5149d640665823d96fd98f6f0b1a6455b881044ae59735ff029e28b9efa19adf10fd4be84fda16732bacabf1c823df52ed7c753cdd95b77d5c0a4e3ffb83725ecc41e55c3f4c440a7ea5e0381e52588d37d3593e00f6e64256594e6b1ef3f29870dc94c9a43139f0f399dc48275aca43ccb801d95b7e78c43312609b1e820fca884588fb06c72c3f61bdf7ace1956d3e841f99c8070e669fab75e79881c6d2eacd71338d3586fbf0b2312c909a8033ecfb722bca47f52684b2b48e0ded3f7f5646852b17bd4e5fc497cde8e925e9ab7474ec9b7201f6ac4b1660a3db552806624f22080f3de0dda1a7e1ea8406e47084691342a67db80f773a2af867c8845c6e057591855d1063bc25069d792f9356431d044a18089ffc8b641a3fdc33aa47a8f0fc11d5218e76621651b2bfeaccd227f578b37ee38ace9a5177c959304ea8a912214fccef035da8cbfb5585810375bab0f01ddb962a2fe87bf2272e19c2cf8d4a2f65125dba5b3b47cface83a924ead33bce16868a5d26e522a37a73d2012eff3aa3403a4c0fd11b3216d12f2a4b93f6d49167904eaf4748a474791d1ab84b0c906da9f17c1704fe023fa89c61498efbae25eedb5d456b5343eea3e9c1473c34c2ec7a4e8e1e7b736f706c7070909c0cef82add807930d20804910a03fb56ac95e18dad5ecb16956c218dc7a9429c92ef174482cfc0f116fb80f38fd3f88ac28ca22e73faa39f46509d06317a787c2096e519df089d7b5f3b42b7320c6fb7cc5361ada5c0cd79ed6f51fe2942ad9a280ddc5073b71d4447489117301c5e3e07ecedb0406e2a80d7fd4139dda76b363c7a1b85bb49bf85ad42d7732c6e1bc3c60487308434ba039ec20b6132487d18880e4f7a4aa992b95eda70899b8ad4715fab7fa431427f18fd1bfd1c00cb1c73006c68e611995b3e5a1b026069956402868053a655c548f4721a6a8066e32938bb832244db96fe03c7a82f8f197db9ad09cb4fab031eefc44a4e1187129967583f7c4e08222360a51bca9693254a16d4910557f331a5acb8928fffb1739f7039dacb2eaa95bcc56bc20b54ba0f8d7c2c690323a47a08cab0a44727108d1006e48535b86d7569212752fbdfabf371facec2a5c1fcd72e6762122d232bdd1cb7e32bb8eed3af9b6d188f4d122d5452480fea4a16ec8e5395beeb2933151d148de3a71a2f942df97da1bb01f6a9016204d93cb20ba0e3cbac7caab3e051a3bfc45fe0cb4e9f3923314667b901e794dd9026088420249cd920f4d0b08d3073685cfc67d75efd88bb101a6974e4574c4f74c58521bc35d615f70409557187e26c0b1fb3769e2f3d80f531706441989928b3b683ebe835a195f2394b975418c9accb66e0c5adb714a8f05e177586b8c432ac574beab052ace22072593c37a985c9045542db1cd0f71b992143dad791821e242002e1a6cec1562c154ce506dd8123266be74c62105a4e5f7fe4e23266ada283ca31b4fc5d555650d85d4a01a7b2fd7abb9dbad09e7c505e396a17bf2d2fd87364790d469c327ab20285b1dad9d696efdbff018f98bb4f44abba6c1cc2e8169f4f6f4a49a28fd099c4f2590727237ade247021cbeba880460cb7ec6b135d127690b34278f45f069c1eb5b9b72b294177b834e5d593dcb91e683d61c7bd4cd1a764e854879e6bb23ce818abaec2ffb885b040a1a7777e969aa446e1c89df6fe30d2233aa72263f78493f37bc673e117403bc5d26533de344e5114bc20f0a39e1d2a11606adef993c1ee7915928684e1a5acc3b4d1c1eb08217b8e5b9ca03feacc8ad69581729640100c3bad5a3d75ab57dfa425268165bf59f4bd7b741f5b3ad12f3736f8662f4913aacef569450015fac2467fbc1f81b6fc6ba2f4dd26f1c9d20bc1f4ae01442909f0c96ac932cda0114e30a7b7db58f8e6740ed96cea6753c359df22a60aa185ffe9f3e17da9d2effb248428b7be0cb0f8ebbfd105fb981e48a1c9311da31910e25939da18482f15f6a248a116278fcd1f2b6cc7e60c7e725162034ad164e771780a917177e5d2d9b44f7e17e9b598e954f8ea0e54b0240391c1624c418a432b12445827326c5dba5d109d72dae145953dec4df5635b50713d48c0e6f7010dff281e01a1ec9359009a8402705df2990aad2b625e6cded5f8a72bce7fe9a8d6e20d2ad0ffe37e0d4a0a7f0174c4bef28b7180707c46f3652962daca8d5bc71757f9a58b12943ecc26a1b2f5e4ee0c0e1fa72a2054ae2e77ac6c45acf6d16902a22855a7da9d63f0f61f14e7ddc4a61cdd4b4ccaa0fb4b51f1c0142fd6757931850d325a14b7ed0e8dbfaaa5413300590105e4cb25482a4b56ba2cd880860c155c895536c178b8f812d9e65c99d09af378494d71f8084721a2796faf8f3e49a241cfa4dd47a1bda36d4d516393e38cb32c1d3276ae335ffc71282499c8ba788631ad4651f135782a032802e22e37ea0b8a37ca31c33a907fd34b105316663ae7e1b4f3a504218d9cc82a712e9579d3ba2b676680c95e3865006482d98a0ec9a5d6f2c5d611206c975aa8e8cc75f7683e7186530b999dd97c3d1c2eb9a99628b6761f65fc36f0270aa56528ad30c13afb66a90e62ab0338dcea51b3125fc2e79fd00d213fb2da32101d592ff97eb8bc72231db7b1447add4dbc81f5a9694f5be62de986fa24dd71f7a9d1653a5558db398b7acbaecf341228dfbdf6e19da7624a6cabd4d9356a483f451800ac95a007c311c82c4a13e76a82ca1e9ada0a9b14c4fd6912b73a2bd6e732f1aa17676a974189b6de7e4931081066c62c730a9d8412b2151013f357064ff795ad4d5086c6297e1d6d1857edce9673a5f13400d251faeee471a5490b69a5767693b2693ef607070d20bb8c119fffee2a2dbcfff961453235f9d7f7af31121a50e39ac33fa6b3facedcd42ac1456f291c0b340e003b9451b5de7b3d05fa93da4ebaa0948adbbdf4626c5a6091419948ee250ea531cf392485aaaf4e3f5d38766f532370515cf24dfb707fac91b02bb84928afe3268f9f7f4dedb794c38727583c826a6e2842e658ae5a034018439a5a849cf3961d7032333105dd420d0038ca91b2dbcfa9b682f197cb298864e2f5ac8bc5f77dfea2aaec676f06e776d860a1df06789eb1b7f20f4a33b3b3867cc8a84720808de09b1d4ebb10f335373f96d0106c6ea70bf6851896e1355c1ea35d09246e2ed35d9c23b2d4532e900fe6e17059018b049bc5c9443b5569ad912c0c1fe62522f1b2e137d7acea675c49b40d4d3f8ec19f8cad8d6264aca70b57aba23b3fe9ab553cc5d8614120ce09a3eb49972bfe3a6bf90cc5cc1be6a2b5ce85cedeeaa1d107ce72bc71e708717bed2e09c3ba1cbb8878ecfaa18b05740e87a45e9cf948dd323af732e413d281a018280bd3a0159ea64b640026d35886546e40c44486f62c0096deb906bdaa91f36723e9008231ccb4d019d6dc4193b1e17aeaeb897ea3119db749879012d77d04bb75004edb8543b03a71c5c7a318b480c5c494e297886fc8f997e5dc96445890247d26990e8276d9681a27971969e02847601e53c6f2091609556331ec7017a0a45ee9760ad003cedb21adebde1e6716fb91b0ff0b330c26195fc33257f2909484795ffdc9fd8d8d88f36aeeb52a3498645a1ad479b3985e239e5fa273789fff12a7a338e88c3a321c6544f5ce5977bbd8395eee895ffe0cbdf4faaa3dc030ae1f73fb44729c0b10fdd579c991a294821bec1d34f1761cb5e9be1e309a62fc233f9abeae80940c1dd9edf101c1e7fd42e6885127dfd4249ee1e0b6b6054e968c4f011a13ff278ab6db54d21b72170a2335016bd82591d6fe83093e5b87f0e2f03eb3615adda21463faa997820192830fb4e62d49778a686a3fdaf012b45aad7708ec1dd16401f6970ae0ef93369a8571d4bfd7aa35011894499b4d589df7acee29802aaf05a1c1b3cc8b47fafc15f97b83990a743b014e0270850d155be506ddee5c33900583d2bdde0c6f0e660aa516114c21a71e4a8a6e28a54226ffa95f6bd7fa2a2b40e85aa455a9b6f683a8d4bea26fb0c7a6166098ce40181849fcea86a1b9aab7f0146499d286383600a76ec1db2b93e16a958ebdf135ac25b4f9ffde3729395dc3b215a862762183dd426d54cfe2d5fd982cea48e3b1"}]}, 0x1040}, 0x1, 0x0, 0x0, 0x20008011}, 0x2004004) close_range(r2, r13, 0x0) r15 = syz_open_dev$dri(&(0x7f0000001c80), 0x100000000, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r15, 0xc06864ce, &(0x7f0000001cc0)={r6, 0x10001, 0x84, 0x5, 0x1, [], [0x3, 0x3, 0x6, 0x7fffffff], [0x9, 0xa, 0x7ff, 0x7fffffff], [0x1, 0x80000000, 0xf, 0x7]}) r16 = openat(r12, &(0x7f0000001d40)='./file0\x00', 0x0, 0x8) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001d80)={0x0, 0x0, r16}) readv(r11, &(0x7f0000001f80)=[{&(0x7f0000001dc0)=""/210, 0xd2}, {&(0x7f0000001ec0)=""/173, 0xad}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_MODE_DIRTYFB(r15, 0xc01864b1, &(0x7f0000002000)={r4, 0x2, 0x6, 0x4, &(0x7f0000001fc0)=[{0x4, 0xfffd, 0x2, 0x4}, {0x3, 0x9, 0x4, 0x3b4}, {0x8, 0x7, 0xfff8, 0x10}, {0x2, 0x0, 0x8, 0x90}]}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000002040)={0x0, 0x0, r15}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r12, 0xc00c642d, &(0x7f0000002080)={r17}) 336.795779ms ago: executing program 2 (id=1302): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x7, @empty}, @ib={0x1b, 0x0, 0x0, {"3d0300"}, 0x0, 0xfffffffffffffffc, 0x6}}}, 0x118) (async) r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x40000) ioctl$SG_IO(r2, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffb, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)="8f7d0a01007d", 0x0, 0x10, 0x1001a, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x5409, 0x0) (async) ptrace(0x10, 0x0) (async) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYRESOCT=r1], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096331306c83f0b53743ff62a9000070900be00830000000057a90dc0f60b00000400"], 0x0}, 0x0) (async) r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0xfffffffffffffff7, 0x121400) ioctl$EVIOCGKEYCODE_V2(r4, 0x80284504, &(0x7f0000000100)=""/101) (async) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0x17) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r5}, 0x4) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018200000", @ANYRES32=r5, @ANYBLOB="0000000000000000890000000000000095"], &(0x7f0000000d40)='syzkaller\x00'}, 0x94) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="d8000000180081064e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e120800060000000401a800080008000c4003000000206010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) 207.744848ms ago: executing program 3 (id=1303): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x10}}, 0x0) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{}, @hci_rp_role_discovery={{0x1}, {0x0, 0xc9, 0x1}}}}, 0x4a) 207.294281ms ago: executing program 1 (id=1304): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r1 = socket$rxrpc(0x21, 0x2, 0x2) accept4(r1, 0x0, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = io_uring_setup(0x62b5, &(0x7f00000000c0)={0x0, 0x86df, 0x8, 0x1, 0x3ab}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0xa, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) syz_emit_ethernet(0x46, &(0x7f0000000200)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 86.168834ms ago: executing program 1 (id=1305): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000f00)=ANY=[@ANYBLOB="8500000008000000350000000000000085000000050000009500000000000000fed023000000c71adb30be7d75fa1f32f08a23ce3220b0cc9505d72768b8242dd90d17e4c52505756ca2b009546a0900000000000000d3df2bd87184446d165ae3939bbca322a415a98c8801000000000000800859362ed862b3c47fa8ce7c69adfd2f16af3a00000000000000000000009a317aa34f0c50f99eedac26048ab915e1be5aa845be00de14683ee4e859d65564a9c79d20e5a011e966388cd0bb39f45d6c508b8a0f7f2d48be0e2a8137c6741775428abf2ddfd2a473f5b271701e22f8cb42198906e1107fa780c435083cac323838727a606495803509f84729f3e8a2fbfb995f99b82df3b363a9cf6ba87fdfbf5a3dd0dde49b4193520e5e946687634c04000000000000bfbcd911eba0dee5e5ce6434f86fe82ee02f0e8e3173a97d85e232e584ace13387693614f3a7ef88709f4d552c7b3a7903e14dc418e58f3e98933b2c93fae25ec2dd190231e2531e1ffeff33676a4383a918cba3ad8318ea29f164563a42cdb596f255a251add2d2ae2fac0a0e7428e4bf07fc884be5721bdffe58c6a4b57014ce976ce8b9cddfa50175c53253d7659f0e88913d4fa7f37feb40337fada4363c0698510730725e23bdad60ceaeecfeeccc397565f204b82d6d4458d77a1b4abeadf350c21027d314237a9d448b82827ff3f29cc9b46c8fcfbb30d1fc18707c252b596cdbf4e77836adc1f59f9d1280333d135fdcdcee8eb817388666e02ff1b148b6bc3c283e71c0ad9c683c6bb6fea2d2d54af3ad488f0cc2e54a70c19ceac518adbe917652c34019d7478c716ab23d4a863b4dcd08d89f6cec674e9fd379d71e06357d207984e885ace8a0dbaffef403aff01d5f2f0e644b61cd8bd72a59f2d7cf67815aeb8761412d68c40dbed08b7eeda96b3856a519a71b83c19b2e8f88d92b66abec165663819a87e7cd8c082cb011051789c283eecfe08f0799f6c7023353b6d3af7177d6b56549616bfede82c598301c98b0420b1784b53238b39c0db1da864e593d45fd297e4d34e749bc737e0bcf36fd955a40124c00d40c3f21d26e6e276152412b4ef3f52dc416bb2d7463a93ee6c0b20c5749a44677a3c3a7aa9a47c7cd7bb52fbb2c8d63166f4ad1038f33258736b2224a66726f1fd4dce0eb6043a55fbdd341baba95cc5838a860068e0f3e73d992403455b03b25bd5414628d7325a6b25986666b336851d9c623c405bf608d4bd9347c83cb693aebab072be479705b0c6c9bb9728d131f8320b966898de1a16407692b57b6f7333eac0d2ed0a7a4457d9c70089fcf9aa553929a65777f3bbf6d0bdc6a11371a138c6d4b0fefc655716e4486f5c7a88e80b2fb0efb579333bef98ded75abfb982b1fb92f003a6aefb8bf25eacb848d8ed1c1162d000000000000000000000000e87dffd60f123527781805434d210bb72ac2c097c45b27dde4980bc85b43614d266a9d403c320f80646c7df8bdd1cf380000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/148, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff79}, 0x16) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x83, 0x0, &(0x7f0000000e40)="04d31fcd275bfc58188e699fa7c9aa904991771e83b702f3717cf38ed0e92e83ae490758991fa1174a75fa8c45db732026d3de611ffbd09b683e2f08812d695dd9b87f08711c02bb5d2cbac05022bee8aee5339fb6eba21e534e43b9960f470bf9c075368c6a7ee0b6ef641feb6967490ae07547819adcf47330679551ae2bd7009b31", 0x0, 0x375, 0x0, 0x1b, 0x4b, &(0x7f0000000000), &(0x7f0000000e00)="2fda8e7aa8d9cecae13bcbb35230d1cf1f1b23e33fcbd1aa1bea454b04650cecef80daa9a0a349a8e46d661af6e7ee8cdb5e97e738fe54"}, 0x50) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r1) sendmsg$NLBL_MGMT_C_LISTALL(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, r2, 0xb03, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20040880) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@private1, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@dev}}, &(0x7f0000000440)=0xe8) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000480)={[{@verity_require, 0x3a}], [{@rootcontext={'rootcontext', 0x3d, 'root'}}, {@subj_type={'subj_type', 0x3d, '\x00'}}, {@uid_lt={'uid<', r3}}], 0x2f}) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6, 0x7}}, './file0\x00'}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x280}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=@ipv6_getaddrlabel={0x30, 0x4a, 0x1, 0x70bd2a, 0x25dfdbfd, {0xa, 0x0, 0x41, 0x0, r5, 0x7}, [@IFAL_ADDRESS={0x14, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x30}, 0x1, 0x0, 0x0, 0x24004000}, 0x0) 85.949255ms ago: executing program 1 (id=1306): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='vnet_rx_stopped_ack\x00', r2}, 0x18) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$FS_IOC_GETFSSYSFSPATH(r0, 0x80811501, &(0x7f0000000580)={0x80}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc018937e, &(0x7f0000000100)={{0x1, 0x1, 0x18, r4, {0x2}}, './file0\x00'}) memfd_secret(0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x3080000, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRES32=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 80.574415ms ago: executing program 1 (id=1307): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='nr_inodes=2']) (async) r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x1, {{0x42, 0x3}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) sendmsg$tipc(r1, &(0x7f0000000140)={0x0, 0x20d302, 0x0}, 0x0) (async) setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000000), 0x4) (async) r2 = dup3(r0, r1, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, 0x0, 0x0) (async) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) openat$dir(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x414301, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) (async) r4 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x50, 0x24, 0xf0b, 0x0, 0x25dfdbfc, {0x60, 0x0, 0x0, r5, {0x0, 0x6}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x1c, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0xf3c4}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x2}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x21, 0xb, 0x6}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x0) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0xfffffffe}, 0x94) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r6, 0x0, 0x9}, 0x18) r8 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r7}, 0x8) close(r8) (async) sendmsg$kcm(r8, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)="d8001c00180081064e81f782db44fd56170d12a0b9b545c7", 0x18}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x7, 0x15, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000feffffff000000000000000070620800f0ffffff18100000", @ANYRES32, @ANYBLOB="0000000000000000181b0000", @ANYRES32=r4, @ANYBLOB="00000000000000001842000004000000000000000000000018160000", @ANYRES32=r2, @ANYBLOB="0000000000000000181100006f7e8f13e01d878a792075d2faec", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000000850000008600000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0xffff, 0x0, 0x0, 0x41100, 0x2, '\x00', r5, @fallback=0x28, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x1, 0xd, 0xe, 0x80}, 0x10, 0x0, 0xffffffffffffffff, 0x5, &(0x7f0000000440)=[r4, r2, r8, 0xffffffffffffffff], &(0x7f0000000480)=[{0x3, 0x1, 0x2, 0x4}, {0x2, 0x2, 0xc, 0x8}, {0x3, 0x3, 0x4, 0x8}, {0x1, 0x1, 0x10}, {0x4, 0x2, 0x3, 0x3}], 0x10, 0xfffffff7}, 0x94) (async) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, r3, {0x4}}, './file0\x00'}) faccessat(r9, &(0x7f00000000c0)='./file0\x00', 0xe8) ioctl$TIOCGPGRP(r4, 0x80186803, &(0x7f0000000100)) (async) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='highspeed\x00', 0xa) (async) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4a23, 0x4, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x300, 0x10040, 0x0, 0x54}, 0x9c) 8.096452ms ago: executing program 1 (id=1308): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000000c0)={0xc, r1}) ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r0, 0x3b70, &(0x7f0000000140)={0x25}) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x60a895249110b501}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket(0x10, 0x6, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'wg2\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048050}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x18000000000002a0, 0x2f9, 0x6488, &(0x7f0000000040)="b90103600040f000009e0ff008001fffffe100004000632f77fb430500017f020001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28) tee(r3, r4, 0x5, 0x8) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x50000) 658.622µs ago: executing program 3 (id=1309): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff}, 0x80) r3 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0x0) pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@updsa={0x104, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in=@empty, 0x4d4, 0x3c}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0xa, 0x2}, [@coaddr={0x14, 0xe, @in6=@private2}]}, 0x104}}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22}, 0x48) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043e0d05c9"], 0x10) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r6 = creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11ff0) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000000)={'\x00', 0x8, 0x4, 0x80400, 0x2004, 0x7fc}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{r5}, &(0x7f0000000900), &(0x7f0000000940)=r6}, 0x20) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xd, 0x1, 0x4, 0x1, 0x0, r5}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r7, &(0x7f00000001c0), &(0x7f0000000280)=@udp6=r5}, 0x20) r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x4, [@var={0xa, 0x0, 0x0, 0xe, 0x1}]}, {0x0, [0x61, 0x5f]}}, &(0x7f0000000100)=""/118, 0x2c, 0x76, 0x1, 0x3}, 0x28) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x4af4, 0x0}, 0x8) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x3, 0x5, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, [@map_fd={0x18, 0x8}]}, &(0x7f0000000480)='GPL\x00', 0x0, 0x65, &(0x7f00000004c0)=""/101, 0x41100, 0x8, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000580)={0x1, 0x9, 0x2, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x1, &(0x7f00000005c0)=[0xffffffffffffffff], &(0x7f0000000600)=[{0x1, 0x3, 0x3, 0x9}], 0x10, 0x7}, 0x94) r11 = syz_open_procfs(0x0, &(0x7f0000000140)='cgroup\x00') preadv(r11, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/128, 0x80}], 0x1, 0x131, 0x0) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000700)={0x8001, r0, 'id1\x00'}) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xe71b, 0x0, 0x0, 0x0, 0xfffffffc}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x72, 0x0, 0x0, 0x0, 0x7}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ldst={0x0, 0x1, 0x0, 0x1, 0x0, 0x30, 0xfffffffffffffff0}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x7be7, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, @fallback=0x4, r8, 0x8, &(0x7f0000000200)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x4, 0x2, 0xfffff701, 0xa6a0}, 0x10, r9, r10, 0x8, &(0x7f0000000780)=[r0, r11, r12], &(0x7f00000007c0)=[{0x4, 0x1, 0x4, 0x1}, {0x5, 0x5, 0x9, 0x9}, {0x1, 0x3, 0x0, 0x2}, {0x1, 0x3, 0xb, 0x2}, {0x1, 0x3, 0xc, 0xb}, {0x4, 0x3, 0x2, 0x9}, {0x5, 0x5, 0x4, 0x6}, {0x3, 0x3, 0xa, 0xb}], 0x10, 0x3}, 0x94) 340.953µs ago: executing program 3 (id=1310): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x20000) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000600)={r3, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]}) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r6) sendmsg$NL80211_CMD_SET_KEY(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="09002abd7000feffff000000000000000000", @ANYRES32=r7, @ANYBLOB="080037000000000004002800"], 0x28}, 0x1, 0x0, 0x0, 0x44010}, 0x8d0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000018c0)={0x18, 0x5, &(0x7f0000000380)=ANY=[], 0x0, 0x20006, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000380)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_clone(0x29ffb34bcac50146, &(0x7f0000000500)="b2eb9a477ebac682e3a9e3e59748ef0ac296e1818611fd8956a79ce905d160cfccfc4310f371eb38c2db573deedd295594ee3614dfcee6f54cf0e12f68c2ba6db67327a681c8da436b88fbec72aa9de3e23d6eea6b18e1bd24391e5c4288cfbd41246f79d119b50bc71d4057e8438832ddd49502125d27c00a24161539efeb9dac19d0755171f16d4cb002218f3709e94a896becbcedb9208f3842898603a42f45dda1300855ce91614f1b413d125d1288e92ef7096de8160013f03dbfbd99ae493834828479a57448456e08fbf7edf096f363a507cd5460f35562c91cf4909b45b155d3c8e9841ac932817ecc84a4a4d705d66c21ae8e20e4951d72c8ec", 0xfe, &(0x7f0000000240), &(0x7f00000002c0), &(0x7f00000008c0)="fd5b80311b5cba0b7f06b23c3c5d7a92b999e17e6248a43edbf9543c275d98757a38bd35e51071e25974aec8905afebd0dbdc926248d41f41302743815e2a244fdca72439c2f21ccd40aefad26349c1fd047558929a53a764fa23055ccf884ac30edaa67b57b796a0ba6fc479075df2933786e43794c43c5e6aba04a56389680c407af5ae682cb01421421d63299091d2714a853204b0951c35fc165cbbc61f0055bb89d261694be44bee004a01cd170c98bf16dec150ec80cfd15ac3f9edc8f00f2c9c4e5ee375eb621c2a07659a95bb7bcf5555cf11f4acdb54d444d275ed66b82e26beac39c998820d296ed2d4487f63b9ceff3b10e2460d73ade8fdebfa3d3eac8a41d89662486f2804a9949ffeafa4613fe758e9d0a2fed1a55ddd4ce305225423766f27bd46e07319c0725a11b57ac6455fdb9a86c5c32825048b786be5a09815d309fe1677d9a2978825b54f0be74fabcdac2576dfdcc2dee6011cee49e8a0ed86dd3891f0d98923b1862da053242ea34be5c17636fdc06cc138db8f01da464a70554a381b3c4d5f6de456eaa5f92eda5a6d764fa6905cf8e8ca6c0af9ef0efebbea946f6c46dfda548092a4c5c1e3d75c26034f100cc8d9e45c58b4a42e240fc34095566b0508647891434dea25d1a8ace09054c97a60d5f4c8f291eac28ad62a10df341d905be368ed7934b93583c02fa220625208cc502dccbce74904c092e5043cc506173344d67780cb6ad41d3dea4307aa4e4438c2e94d17d816f74ec8746bafda60627db0aecd13874381f79a32bbb5544f06397cce1b97a75e341307f1f2f3b2638e0d727284d8df2e00897a141c6bd54306910dc75245c524c3ea6161994cdd674af096a4bdaa4877e7f0970211111651862d4b998b1d8543eef78d0452f3f70d71ea59726124bc5ade6ca88354749b68428fdead9818a6c75d2d689d4c8a3390458b3f5c229c590f7f4791891f81f9698f5c3c99dccb55b3a0786f2f13bca4097fc141e1325efbec3b025ba4978cf3c11519adc802094f8e652b7000d9a0a4861b97c3ff956ad5132557cceadaa5eb6a19b6a8af3f0c899a64bf662198fe14ae40190651ead3b980081b9f5435f0bd94e772074eb43080ca87605b8cddc8e31c6a6e302873d2d353d64c949786605cb5b536b29324aa8a3f61a8b6366c755dd65c3f985f9264070b0803124302e549cfd73bf6605e7f161dda8adb42ba7eb4346b0b3a925740f5698603d1ba5b69ffdc48e04e73e1a0af6adc0b76f629ce67f6c4afedcde3acc2f01a345758aed9c9ca3596fee4facd1a5cf2e43fb2817afc651aea07f452e7148e0708fb04c2c35a00632471307900d631b05cce6eb1b182c2e2a30db2c77d2e79d243c444f089f3a1d9dc828accb150c6227582b0fecfa8200e6487922eecaf48bd3f85dd87194734d304709e6b9054b4121403b77f4a023249e40b2931e3c25b8e3c1b9c24e80e11772a0d62baaf87d7a417deeff98c5bc2ad5bfaa881f21ab69c201d4c1d22826d8d3063092b15cd95eebc76a566ca7dfd01a8af901c6953bfc331d85866ced766a2ac6d650c89ad0bdbaae8168fd7eb50f32c026df119e9ea3b08651e5a64ccf86d2de487ba3f67ecb85e783d6a35ca624a099f0b8768e42162664e22bb7e0d7e20416e09558b0af71322264a5c514d47d7b81973cdd9fb1ae67d084c1e56bdf2f618a16a3a280be878787a8451a03a94f0f9c92edab188be22575edf8fd80318f03e4c88c04cc10d715f581748e797658c335ef3bf791c3f32db08e7258a37eabfdd121faac5a40c6615dcc257bab99cc00250a33ab4afd40bb3ad134968b3918e867de7f4879762c3fd5b2f58d8e17de2c91b3fb1a69bc2ea0fbc667cfd5d70dc4b23fca1d1807fd20c30e6ecc1b89df5413ff863f028f2edaba7515b423497a3aa47deac9603c86f396361467b7d278fb8fe4848c619a5177b0f1e173d7cd2c2fa7ac6ae81e4615a968532e73d813766ad56586a8d834e394ce60eadc6eb8f990cacc3b6019855da189caaa8095459adc891006d6c96130a2565292f96212483ce1867e2e3f7c5a5b1cfc2cac29b28fe30bb08bb3f8191ec4a32c5ee517c73854f6dbadf8a2c54c9994d88ade7dec7b8edfc2025934cdb31c8a7f6e102b1dd0c8b1849b0c9c60f13628d9a5211ef42c4b7c174f6cf43bb05512a9f85b1bb1cb14142c9a400f66020ca226ec4cc3b96449c493565130169b688424ba94c8abb5a7543d7e1127cce487cc0ab36151d5be553ed42d9411a4dbf57e9b7f033f68ba275efab98c8a44b16f16326ab6d848e7bbed379b27ee191f47ac59849549cf4418d1bb8f7c0adcdccf65b08aa72f01a2ecd930cc8c938709167d2a26569ab0e77d9b6716e2823620abff24cd91bb3ed2848acb93d09b16b97a27103697f7ff7060b3dad9a1a7871bde24be4f11ae71450963c1981ccde22de0ad01a2797cb0856d2b86538231c49e064879cfbb8b3c68d244ae513c3bb9ecb07cbf8f6bb560f0916e751bb309a5ffd6802f4583e5a898515fee613bbe4bc7c2bbe9bf11004e56b76220b9d02a7cc337fd58c4fc046bc068a701d8b3ccf28b78fa9a236c7d52bc481151982262072c91e9f8b3340a216fea968f3510d41af995153f6357dffdd39077388088d5d80639c2a4172b9d0c69df3191a50489cbffec404ac9f5eff0304f996c80159e1b58f5f9a1e613ac27fbd5cbcdd5f839397dd796cd7f5f7f3dc5542ba44de49391a8cd25ecf641e07a04fa7c22a61972b111da2014d9f1db367976017494f30c22094fb13c78ee696ffbff4537663a3cf9fecccf053226dedba1ecb5cea9b663e38b9634db757a8cf21a5ad2b12f2cb615586d6632563d7485cc329e800f6bc1985a767a264025b1503d7aa2744ce514394756281328a7952de579d8de1ca0b718a6e4bee895e8c38f316167edd3b2e9484166645c3ddbc33dc0b74354fa7b78188b20508479a059f8e09c0b14aaccef1523b6105809de51dbe9216f329cd270c551216eba61824b0c494fa7c7a475c4852d18e3bbff33dc69207e0cccd1b56a8cd7a2122d968caf5339f4e3f0beb12c3984dc1ab435aebf62ce4f134adefcc51dc049e24a2ed1343e93032859395f886f862669a5f036aa9aa163f435ae315e2420280d8bcbb139c2f166ae9d9b830d2c69b5a835d1c1bdae88ccbad5b4711618c8647d5aac622780c77b1d815a3d3d6dfa09c05a320f2a736fb6c2e994b163d7c0589234c4117c460956fd3251ab817a138286b1be382421b1f0547c16f36d30176b157824d719da36493b70fbe982e4f954e56061129849fd5de7bb6f0576884e8ae03418c9182c0f05669590353464c908e0dfef2f014a8a4f1227c7b371efeba4e656dbee87e92d480fd06d5b1d38870c0a2dcc61d0a2c3ab706097cef187bd2b70a7b7049e9dd1c780e57f9ea7f604d23c359914df6c9b4b457b1220b958cb6ed5cde840cf2e4d65df485bb217beb2d58845a10ece07ce0a3ca9e10e378fa849cb80d08d43147ad3f49a3938fc5e106172d680baa26a118bd32fb3399e652163568f497ee8b884549a90ceedaa93ef5f31fcb92c9fedd5f31f6b66eecee63a1ff5b79c13892f6eecd86803076375b2e16d6b259f47f5bd0bcb92265dcd8bcac4befea028a81f21f628bbb652ec6bfce771479e02b3bac7ec17e5275fcd0e7a2e305adbee05b3a4d00f17e8261bcff5b5bc36718c4ee45fae85750052ce8fda442f2104a07f3ec42dc45e0ddcedb94514b70ffe711c6d6305262b712574c41c46f5a01590f102032b994412811733ed2288ae827b415e54141c7a60f8b633165556b6d6f30dc008a760f0470236dd0edbc7deac3a1bb84fbc977c1acb7868df2190e9c7ed1a175775d2e11ea59465a78b04cab3acf66392869fc650a4c5d400228e0962300edb5ff47b91e1df7323423b178c3e08e0b708979f788d930a6addd1a95fcded6a33f1fd4c58caef5d550ca3c4e6ee46ad2b926322879a612b849dbf6c381d5e62395c6ca96616338a364073fa90bf5dd630ecdccbdc2ccd6ab5cf79421ea9c6837b35e56e712265ccc7173b8962690661746966b9a3c94bfddb2788e98148edd3583b5de0d62082cce11161f6ed5929c1302e18a9da517a0c05255a8cdbe6174c53b69e762115f40a6e1802a657b2aed9ef5febe7094a890a65bdce56a0779ba75064bba9acb0955c803bf73546e5d73d970f1bce28a4b8f12281f532a2cd342448015e8d05d837040075ea4e5c4b988fdec2c8d669af102d51911833bbce5149c72b126c1e64f79acaa63d58281e429caa27a5708eb19a373e91170900cc0e362d1ce8e0fa2ba451bd3f65174b6d9cf5383e2da62e66027e069ed7249473315a28fe87fe5bbf96bf3be61095edf3bfc974c42f9b5ca0b499ac999702430ea8165b85866c99c9d6615a140176fb4a49b4586e5450d45ff04b07e60df32575f335d06141cfbdaa2cc0afbd94f40e218fe3906407ef0634ee0d97a6d05f96160149e32756d4602d3ee508ed96a22bde9ad2143fcd839d81e203859c495c8245b7617dbf6f02cf306558001a7a04c72dc68006fee931aafe7e2437c46a183ae7651502c5d37adb049171373639043014e9a1874e288afe2a4cfc21466a8b64ec3d9a920a5c0ce9ebc7431a7319c7b63710b09edc478ccc161b2ab11ffdf32f1b2b02a5518795b791e777461a58f6b63be8c786eab465fac6a40c31ded04fde3888b34dae100ec5d4fa672692a3a2d7416995edaf9d4d4e00856bbf5d7419f81d019b286940c07c3c14d8dbe8b123414cef5f1ff224fff92dd4403e2cbe6144e9b57da556baac1ac3bd4658abaaf3e16c231ec83383c8691fd5b15e6f29cc116d83c93ffc0d6e0539be244e0aa0601ff4ed3236bff332002e97f3b5822fb54cf1621507f9ad3fa6034daa1bc025abc688a72ccbe47812cb1b2d417f8804fb4cb5001fbb63dfbf522dcb5f3698ba587263a996441b6eaecc5610969691c315eb48603c5726c449a0f334bb1423edc23e12c62cfa7ef1655772f52c01e9caba3f51de60145a86f43c62739b65a95444d90759c311c020af396f830af93b4dfbc3ea5f30c9e477b93d32cba4811c2d2c9b76c7667615847abed5014cf83fc55e71298a31c1ff1bbcb1459b4f12fcb59c373abaacc3cdd9cf7217735269f3f1b2ef50821d7c07d31e2b9e7e9280a44309cee0deedbbd3fce9131d42c3e42fcf3f6713c64c1d4f31df8800de10976e0417c0d136f88d6e986a0ebad36bbee50ce46fc70a48b8bc2b8dfcd68ff107b7f82aff96a5ba835c49819f974e559028b44b21babe778e0db336bdf8dcddfe147c121ddc989083c353e6f3403a630606f8516e73ad8cbd9aefcfdb0a3c18832d34eef4851a747b25aa62ca83f6b9575d806f07f67444eb6980c195bccbf5477bed92e706d1e55ffe8b31f3bb86ab60d0c18e2b3e1d5b88e53bfcb3cbe1ba40323f7d0fac8be77ff16f76e48a2eecebeca89119d8115a70d3226e6585181cc012067b9681d9290e088ce8d3cd6f4d6e0ff0e5b8633d5ffd4a6390605a8fb96dc1e9a8edd7170807306dcee5cfaab07050f4224157942c9ccbe2c1bd0d84685687d2a680d1a8b4fbba9c7fdf0d6b9e6e0b88fd35c16d5f61ce2f15a62392ae5370084e305e262a3bdcbc25bad117ce1dc6183c13b4134b103e0964455ddda6003b1c96b745d886ab11d61c5593a93a4c28e18d80a1a6d88d9131591fb264886da76717455ba6e34bb0cdeffd73fdf29b") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='pmap_register\x00', r9, 0x0, 0x2}, 0x18) r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x8001}, 0x40) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r4, 0x0, 0x0, r5], [0x2b8]}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000280)={&(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r12, 0xc0205647, &(0x7f0000000280)={0xf020000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x98f909, 0x3, '\x00', @string=0x0}}) r13 = syz_genetlink_get_family_id$devlink(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x54, r13, 0x1, 0x0, 0x0, {0x22}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc}, {0xc}}]}, 0x54}}, 0x0) r14 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r14, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r14, &(0x7f00000003c0)={0x15, 0x110, 0xfa00, {r15, 0x6, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x1686, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x22}}}, @ib={0x1b, 0x0, 0x0, {"7d0300"}, 0x3}}}, 0x118) r16 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r16) r17 = socket$inet6(0xa, 0x5, 0x0) listen(r17, 0x1001) 0s ago: executing program 1 (id=1311): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@private2, @in=@multicast2, 0x0, 0x20, 0x1, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x400000000, 0x8, 0x0, 0x7fffffffffffffff, 0x0, 0xffffffff}, {0x0, 0x0, 0x1}, 0x0, 0x4}, {{@in=@private=0xa010101, 0xffffffff, 0x62}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x3507, 0x0, 0x3, 0x0, 0xfffffffe, 0x4000000}}, 0xe8) (async) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@private2, @in=@multicast2, 0x0, 0x20, 0x1, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x400000000, 0x8, 0x0, 0x7fffffffffffffff, 0x0, 0xffffffff}, {0x0, 0x0, 0x1}, 0x0, 0x4}, {{@in=@private=0xa010101, 0xffffffff, 0x62}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x3507, 0x0, 0x3, 0x0, 0xfffffffe, 0x4000000}}, 0xe8) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8d}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x2, 0x0, @ioapic={0xeeee0000, 0x20008, 0xba2, 0x8c5f, 0x0, [{0x46, 0x3, 0x1}, {0x2, 0x29, 0x6, '\x00', 0xf8}, {0x60, 0x3, 0x0, '\x00', 0xbd}, {0x7, 0x4, 0x9, '\x00', 0xd}, {0x5, 0x4, 0x4, '\x00', 0x5}, {0x3, 0x40, 0x71, '\x00', 0x2}, {0x7, 0xf, 0xfd, '\x00', 0xf9}, {0x7, 0xc5, 0x1, '\x00', 0x5}, {0x7, 0xfb, 0x7, '\x00', 0x2}, {0xfe, 0x1, 0x6, '\x00', 0x4}, {0x1, 0x4e, 0x0, '\x00', 0x2}, {0x9, 0x30, 0x5, '\x00', 0x3}, {0xfa, 0x0, 0x8, '\x00', 0x7}, {0x80, 0x2, 0x80, '\x00', 0x4}, {0x1, 0x8, 0x3, '\x00', 0x6}, {0x7, 0xf1, 0x8, '\x00', 0x4}, {0x2, 0x7, 0x8, '\x00', 0x3}, {0x4, 0x6, 0x9, '\x00', 0x48}, {0x90, 0x0, 0x81, '\x00', 0x26}, {0xa, 0xff, 0x5}, {0x0, 0x4, 0x3, '\x00', 0x6a}, {0x7, 0x35, 0x7a, '\x00', 0x7}, {0x4, 0x7, 0x5, '\x00', 0xf}, {0x8, 0x2, 0x62, '\x00', 0x2}]}}) setuid(0xee00) (async) setuid(0xee00) syz_emit_ethernet(0xbe, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0xa010102, @local}, {0x0, 0x4e32, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "0000000000000000000000f5ffb61f322ea67189c800", '\x00', '\x00', {'\x00', "000000000000000000009b7e00"}}}}}}}, 0x0) kernel console output (not intermixed with test programs): ash_mac_create+0x3d7/0x1000 [ 94.541192][ T7595] ? hash_mac_create+0x3d7/0x1000 [ 94.541206][ T7595] hash_mac_create+0x3d7/0x1000 [ 94.541220][ T7595] ? __nla_parse+0x40/0x60 [ 94.541230][ T7595] ? __pfx_hash_mac_create+0x10/0x10 [ 94.541246][ T7595] ip_set_create+0x7e4/0x14d0 [ 94.541262][ T7595] ? __pfx_ip_set_create+0x10/0x10 [ 94.541285][ T7595] ? find_held_lock+0x2b/0x80 [ 94.541303][ T7595] nfnetlink_rcv_msg+0x9fc/0x1200 [ 94.541319][ T7595] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 94.541333][ T7595] ? __lock_acquire+0x622/0x1c90 [ 94.541354][ T7595] ? avc_has_perm_noaudit+0x149/0x3b0 [ 94.541369][ T7595] netlink_rcv_skb+0x158/0x420 [ 94.541379][ T7595] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 94.541392][ T7595] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 94.541408][ T7595] ? ns_capable+0xd7/0x110 [ 94.541422][ T7595] nfnetlink_rcv+0x1b3/0x430 [ 94.541433][ T7595] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 94.541444][ T7595] ? netlink_deliver_tap+0x1ae/0xd30 [ 94.541463][ T7595] netlink_unicast+0x53a/0x7f0 [ 94.541474][ T7595] ? __pfx_netlink_unicast+0x10/0x10 [ 94.541488][ T7595] netlink_sendmsg+0x8d1/0xdd0 [ 94.541499][ T7595] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.541514][ T7595] ____sys_sendmsg+0xa95/0xc70 [ 94.541525][ T7595] ? copy_msghdr_from_user+0x10a/0x160 [ 94.541539][ T7595] ? __pfx_____sys_sendmsg+0x10/0x10 [ 94.541552][ T7595] ? __pfx_futex_wake_mark+0x10/0x10 [ 94.541565][ T7595] ___sys_sendmsg+0x134/0x1d0 [ 94.541580][ T7595] ? __pfx____sys_sendmsg+0x10/0x10 [ 94.541593][ T7595] ? __lock_acquire+0x622/0x1c90 [ 94.541618][ T7595] __sys_sendmsg+0x16d/0x220 [ 94.541632][ T7595] ? __pfx___sys_sendmsg+0x10/0x10 [ 94.541646][ T7595] ? __x64_sys_futex+0x1e0/0x4c0 [ 94.541665][ T7595] ? fput+0x70/0xf0 [ 94.541676][ T7595] do_syscall_64+0xcd/0x4c0 [ 94.541692][ T7595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.541703][ T7595] RIP: 0033:0x7f0f3138e929 [ 94.541711][ T7595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.541721][ T7595] RSP: 002b:00007f0f3222f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.541731][ T7595] RAX: ffffffffffffffda RBX: 00007f0f315b5fa0 RCX: 00007f0f3138e929 [ 94.541737][ T7595] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000082 [ 94.541743][ T7595] RBP: 00007f0f31410b39 R08: 0000000000000000 R09: 0000000000000000 [ 94.541749][ T7595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.541755][ T7595] R13: 0000000000000000 R14: 00007f0f315b5fa0 R15: 00007ffea55a3048 [ 94.541767][ T7595] [ 94.541771][ T7595] Mem-Info: [ 94.570889][ T6744] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 94.571937][ T7595] active_anon:9867 inactive_anon:0 isolated_anon:0 [ 94.571937][ T7595] active_file:15858 inactive_file:40594 isolated_file:0 [ 94.571937][ T7595] unevictable:1768 dirty:159 writeback:0 [ 94.571937][ T7595] slab_reclaimable:8251 slab_unreclaimable:69118 [ 94.571937][ T7595] mapped:25044 shmem:2398 pagetables:1350 [ 94.571937][ T7595] sec_pagetables:300 bounce:0 [ 94.571937][ T7595] kernel_misc_reclaimable:0 [ 94.571937][ T7595] free:447983 free_pcp:24960 free_cma:0 [ 94.675589][ T7595] Node 0 active_anon:39468kB inactive_anon:0kB active_file:63432kB inactive_file:162172kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:100224kB dirty:636kB writeback:0kB shmem:6056kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13008kB pagetables:5208kB sec_pagetables:1200kB all_unreclaimable? no Balloon:0kB [ 94.688162][ T7595] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:112kB pagetables:200kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 94.699028][ T7595] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 94.708923][ T7595] lowmem_reserve[]: 0 1234 1234 1234 1234 [ 94.710771][ T7595] Node 0 DMA32 free:167396kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39468kB inactive_anon:0kB active_file:63432kB inactive_file:162172kB unevictable:3536kB writepending:636kB present:2080628kB managed:1264188kB mlocked:0kB bounce:0kB free_pcp:82756kB local_pcp:7368kB free_cma:0kB [ 94.720668][ T7595] lowmem_reserve[]: 0 0 0 0 0 [ 94.722268][ T7595] Node 1 Normal free:1609424kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781956kB mlocked:0kB bounce:0kB free_pcp:16944kB local_pcp:3400kB free_cma:0kB [ 94.733039][ T7595] lowmem_reserve[]: 0 0 0 0 0 [ 94.734716][ T7595] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 94.738875][ T7595] Node 0 DMA32: 313*4kB (UME) 474*8kB (UME) 251*16kB (UME) 920*32kB [ 94.739007][ T6744] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.742203][ T6744] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.742241][ T6744] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 94.742260][ T6744] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.744382][ T6744] usb 8-1: config 0 descriptor?? [ 94.745786][ T7595] (UME) 441*64kB (UME) 122*128kB (UME) 38*256kB (UME) 15*512kB (UME) 2*1024kB (UM) 2*2048kB (M) 15*4096kB (UM) = 167332kB [ 94.761298][ T7595] Node 1 Normal: 3*4kB (UE) 13*8kB (UME) 24*16kB (UME) 26*32kB (UME) 19*64kB (UME) 10*128kB (UME) 2*256kB (UE) 5*512kB (UME) 3*1024kB (UE) 1*2048kB (M) 390*4096kB (M) = 1609460kB [ 94.767031][ T7595] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 94.769995][ T7595] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 94.772957][ T7595] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 94.775890][ T7595] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 94.778735][ T7595] 58846 total pagecache pages [ 94.780220][ T7595] 0 pages in swap cache [ 94.781856][ T7595] Free swap = 124996kB [ 94.783255][ T7595] Total swap = 124996kB [ 94.784574][ T7595] 1048443 pages RAM [ 94.785792][ T7595] 0 pages HighMem/MovableOnly [ 94.787263][ T7595] 283067 pages reserved [ 94.788599][ T7595] 0 pages cma reserved [ 94.969735][ T7618] FAULT_INJECTION: forcing a failure. [ 94.969735][ T7618] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.974602][ T7618] CPU: 0 UID: 0 PID: 7618 Comm: syz.0.523 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 94.974627][ T7618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.974637][ T7618] Call Trace: [ 94.974644][ T7618] [ 94.974651][ T7618] dump_stack_lvl+0x16c/0x1f0 [ 94.974681][ T7618] should_fail_ex+0x512/0x640 [ 94.974708][ T7618] _copy_from_iter+0x29f/0x16f0 [ 94.974738][ T7618] ? __pfx__copy_from_iter+0x10/0x10 [ 94.974767][ T7618] ? __pfx___might_resched+0x10/0x10 [ 94.974797][ T7618] file_tty_write.constprop.0+0x488/0x9b0 [ 94.974830][ T7618] vfs_write+0x6c7/0x1150 [ 94.974855][ T7618] ? __pfx_tty_write+0x10/0x10 [ 94.974881][ T7618] ? __pfx_vfs_write+0x10/0x10 [ 94.974900][ T7618] ? find_held_lock+0x2b/0x80 [ 94.974938][ T7618] ksys_write+0x12a/0x250 [ 94.974960][ T7618] ? __pfx_ksys_write+0x10/0x10 [ 94.974989][ T7618] do_syscall_64+0xcd/0x4c0 [ 94.975016][ T7618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.975034][ T7618] RIP: 0033:0x7f0f3138e929 [ 94.975048][ T7618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.975065][ T7618] RSP: 002b:00007f0f3222f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 94.975082][ T7618] RAX: ffffffffffffffda RBX: 00007f0f315b5fa0 RCX: 00007f0f3138e929 [ 94.975093][ T7618] RDX: 0000000000001006 RSI: 0000200000002080 RDI: 0000000000000004 [ 94.975104][ T7618] RBP: 00007f0f3222f090 R08: 0000000000000000 R09: 0000000000000000 [ 94.975114][ T7618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 94.975124][ T7618] R13: 0000000000000000 R14: 00007f0f315b5fa0 R15: 00007ffea55a3048 [ 94.975148][ T7618] [ 95.033337][ T5310] Bluetooth: hci2: unexpected cc 0x0809 length: 68 > 4 [ 95.033358][ T5310] Bluetooth: hci2: unexpected event for opcode 0x0809 [ 95.158618][ T6744] usbhid 8-1:0.0: can't add hid device: -71 [ 95.160558][ T6744] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 95.169104][ T6744] usb 8-1: USB disconnect, device number 13 [ 95.196251][ T7626] sp0: Synchronizing with TNC [ 95.530930][ T6032] usb 7-1: new full-speed USB device number 11 using dummy_hcd [ 95.670971][ T6033] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 95.693033][ T6032] usb 7-1: config index 0 descriptor too short (expected 31, got 27) [ 95.695571][ T6032] usb 7-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0 [ 95.698614][ T6032] usb 7-1: config 1 interface 0 has no altsetting 0 [ 95.702702][ T6032] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 95.705474][ T6032] usb 7-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 95.707971][ T6032] usb 7-1: Product: syz [ 95.709284][ T6032] usb 7-1: Manufacturer: syz [ 95.710758][ T6032] usb 7-1: SerialNumber: syz [ 95.843604][ T6033] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.847316][ T6033] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.850509][ T6033] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 95.854848][ T6033] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 95.857767][ T6033] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.862909][ T6033] usb 5-1: config 0 descriptor?? [ 96.126483][ T7629] sp0: Synchronizing with TNC [ 96.272340][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.275334][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.278399][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.281550][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.284521][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.287590][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.290626][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.293774][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.296857][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.299886][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.303092][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.305962][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.308435][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.311215][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.314264][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.317245][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.319695][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.322285][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.324624][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.326938][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.329237][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.331938][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.334253][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.336558][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.338829][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.342120][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.344488][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.346986][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.350073][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.353224][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.356254][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.359269][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.362408][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.365422][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.368473][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.371585][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.374596][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.377683][ T6033] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 96.385876][ T6033] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 96.531806][ T7633] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 96.537251][ T836] usb 5-1: USB disconnect, device number 9 [ 96.617774][ T40] kauditd_printk_skb: 123 callbacks suppressed [ 96.617784][ T40] audit: type=1400 audit(1752162114.007:5532): avc: denied { setopt } for pid=7645 comm="syz.3.533" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 96.704881][ T6032] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 96.709454][ T6032] usb 7-1: USB disconnect, device number 11 [ 96.714734][ T6032] usblp0: removed [ 96.980183][ T5310] Bluetooth: hci0: unexpected cc 0x0809 length: 68 > 4 [ 96.982507][ T6033] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 96.985054][ T5310] Bluetooth: hci0: unexpected event for opcode 0x0809 [ 97.069608][ T40] audit: type=1400 audit(1752162114.457:5533): avc: denied { prog_run } for pid=7667 comm="syz.0.542" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 97.100887][ T34] usb 6-1: new full-speed USB device number 15 using dummy_hcd [ 97.105427][ T40] audit: type=1400 audit(1752162114.497:5534): avc: denied { bind } for pid=7669 comm="syz.0.543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 97.112527][ T40] audit: type=1400 audit(1752162114.497:5535): avc: denied { name_bind } for pid=7669 comm="syz.0.543" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 97.112552][ T40] audit: type=1400 audit(1752162114.497:5536): avc: denied { node_bind } for pid=7669 comm="syz.0.543" saddr=fe80::4 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 97.145187][ T6033] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.145205][ T6033] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.152261][ T6033] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 97.152273][ T6033] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.153795][ T6033] usb 8-1: config 0 descriptor?? [ 97.239968][ T40] audit: type=1400 audit(1752162114.627:5537): avc: denied { getattr } for pid=7674 comm="syz.0.544" name="[io_uring]" dev="anon_inodefs" ino=17408 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 97.249577][ T40] audit: type=1400 audit(1752162114.627:5538): avc: denied { read } for pid=7674 comm="syz.0.544" dev="nsfs" ino=4026533162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 97.252111][ T34] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 97.257478][ T40] audit: type=1400 audit(1752162114.637:5539): avc: denied { open } for pid=7674 comm="syz.0.544" path="net:[4026533162]" dev="nsfs" ino=4026533162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 97.260381][ T34] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 97.271951][ T34] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 97.274651][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.439376][ T40] audit: type=1400 audit(1752162114.827:5540): avc: denied { ioctl } for pid=7680 comm="syz.0.547" path="mnt:[4026533022]" dev="nsfs" ino=4026533022 ioctlcmd=0x940c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 97.480872][ T34] usb 6-1: usb_control_msg returned -32 [ 97.482647][ T34] usbtmc 6-1:16.0: can't read capabilities [ 97.568171][ T6033] usbhid 8-1:0.0: can't add hid device: -71 [ 97.570295][ T6033] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 97.575552][ T6033] usb 8-1: USB disconnect, device number 14 [ 97.736776][ T40] audit: type=1400 audit(1752162115.127:5541): avc: denied { bind } for pid=7686 comm="syz.2.548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 97.832465][ T7690] netlink: 8 bytes leftover after parsing attributes in process `syz.1.541'. [ 97.835796][ T7690] netlink: 8 bytes leftover after parsing attributes in process `syz.1.541'. [ 97.841183][ T7690] usbtmc 6-1:16.0: usbtmc_ioctl_request failed -32 [ 97.913451][ T7690] netlink: 64 bytes leftover after parsing attributes in process `syz.1.541'. [ 98.054109][ T6015] usb 6-1: USB disconnect, device number 15 [ 98.246125][ T5310] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 98.612818][ T5310] Bluetooth: hci1: unexpected cc 0x0809 length: 68 > 4 [ 98.615435][ T5310] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 99.140099][ T7732] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.142925][ T7732] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.502424][ T7756] raw_sendmsg: syz.0.571 forgot to set AF_INET. Fix it! [ 100.150890][ T6744] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 100.212412][ T5310] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 100.214718][ T5310] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 100.332085][ T6744] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 100.335599][ T6744] usb 7-1: config 0 interface 0 has no altsetting 0 [ 100.339464][ T6744] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 100.342431][ T6744] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 100.345110][ T6744] usb 7-1: Product: syz [ 100.346531][ T6744] usb 7-1: Manufacturer: syz [ 100.348071][ T6744] usb 7-1: SerialNumber: syz [ 100.351573][ T6744] usb 7-1: config 0 descriptor?? [ 100.356327][ T6744] usb 7-1: selecting invalid altsetting 0 [ 100.359609][ T5310] Bluetooth: hci2: Ignoring connect complete event for invalid link type [ 100.566259][ T6744] usb 7-1: USB disconnect, device number 12 [ 100.717146][ T7812] tty tty21: ldisc open failed (-12), clearing slot 20 [ 101.085033][ T7826] netlink: 8 bytes leftover after parsing attributes in process `syz.1.591'. [ 101.119896][ T7831] tls_set_device_offload: netdev not found [ 101.124260][ T7830] netlink: 16 bytes leftover after parsing attributes in process `syz.1.593'. [ 101.179070][ T7836] input: syz0 as /devices/virtual/input/input18 [ 101.243716][ T7840] SELinux: policydb magic number 0x27cff8c does not match expected magic number 0xf97cff8c [ 101.246726][ T7840] SELinux: failed to load policy [ 101.426349][ T7848] bridge_slave_0: left allmulticast mode [ 101.428180][ T7848] bridge_slave_0: left promiscuous mode [ 101.430057][ T7848] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.457388][ T7848] bridge_slave_1: left allmulticast mode [ 101.460393][ T7848] bridge_slave_1: left promiscuous mode [ 101.462977][ T7848] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.471505][ T7848] bond0: (slave bond_slave_0): Releasing backup interface [ 101.477964][ T7848] bond0: (slave bond_slave_1): Releasing backup interface [ 101.486719][ T7848] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.489967][ T7848] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 101.496029][ T7848] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.498693][ T7848] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.512140][ T7848] bond1: (slave geneve3): Releasing active interface [ 101.554348][ T5310] Bluetooth: hci2: unexpected cc 0x0809 length: 68 > 4 [ 101.556481][ T5310] Bluetooth: hci2: unexpected event for opcode 0x0809 [ 101.648242][ T7858] netlink: 776 bytes leftover after parsing attributes in process `syz.0.603'. [ 101.733624][ T7864] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7864 comm=syz.0.604 [ 101.748829][ T40] kauditd_printk_skb: 69 callbacks suppressed [ 101.748839][ T40] audit: type=1400 audit(1752162119.137:5611): avc: denied { lock } for pid=7862 comm="syz.0.604" path="socket:[19576]" dev="sockfs" ino=19576 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 101.764947][ T40] audit: type=1400 audit(1752162119.157:5612): avc: denied { read } for pid=7855 comm="syz.2.602" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 101.819441][ T7865] syz.2.602: attempt to access beyond end of device [ 101.819441][ T7865] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0 [ 101.824264][ T7865] syz.2.602: attempt to access beyond end of device [ 101.824264][ T7865] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0 [ 101.828243][ T7865] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 101.832312][ T7865] syz.2.602: attempt to access beyond end of device [ 101.832312][ T7865] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0 [ 101.837194][ T7865] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 101.841899][ T7865] syz.2.602: attempt to access beyond end of device [ 101.841899][ T7865] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 101.846030][ T7865] syz.2.602: attempt to access beyond end of device [ 101.846030][ T7865] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 101.850364][ T7865] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 101.854591][ T7865] syz.2.602: attempt to access beyond end of device [ 101.854591][ T7865] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 101.859941][ T7865] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 101.864455][ T7865] syz.2.602: attempt to access beyond end of device [ 101.864455][ T7865] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 101.869998][ T7865] syz.2.602: attempt to access beyond end of device [ 101.869998][ T7865] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 101.879534][ T7865] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 101.883613][ T7865] syz.2.602: attempt to access beyond end of device [ 101.883613][ T7865] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 101.890027][ T7865] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 101.894557][ T7865] syz.2.602: attempt to access beyond end of device [ 101.894557][ T7865] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 101.894753][ T7865] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 101.894961][ T7865] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 101.895030][ T7865] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 101.901608][ T40] audit: type=1400 audit(1752162119.287:5613): avc: denied { mount } for pid=7855 comm="syz.2.602" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 102.057487][ T40] audit: type=1400 audit(1752162119.447:5614): avc: denied { create } for pid=7876 comm="syz.3.607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 102.063712][ T40] audit: type=1400 audit(1752162119.447:5615): avc: denied { create } for pid=7876 comm="syz.3.607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 102.069566][ T40] audit: type=1400 audit(1752162119.447:5616): avc: denied { bind } for pid=7876 comm="syz.3.607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 102.076959][ T40] audit: type=1400 audit(1752162119.447:5617): avc: denied { setopt } for pid=7876 comm="syz.3.607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 102.084008][ T40] audit: type=1400 audit(1752162119.447:5618): avc: denied { getopt } for pid=7876 comm="syz.3.607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 102.479020][ T40] audit: type=1400 audit(1752162119.867:5619): avc: denied { connect } for pid=7892 comm="syz.1.609" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 102.528776][ T40] audit: type=1400 audit(1752162119.917:5620): avc: denied { getopt } for pid=7892 comm="syz.1.609" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 102.550228][ T7898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.947811][ T7913] netlink: 4 bytes leftover after parsing attributes in process `syz.3.617'. [ 103.007133][ T7912] /dev/sr0: Can't open blockdev [ 103.021332][ T7913] team0: Port device team_slave_0 removed [ 103.132153][ T7914] /dev/sr0: Can't open blockdev [ 103.132307][ T6744] hid (null): global environment stack underflow [ 103.138938][ T6744] hid-generic 0001:5FAF:0005.0006: global environment stack underflow [ 103.141790][ T6744] hid-generic 0001:5FAF:0005.0006: item 0 4 1 11 parsing failed [ 103.145068][ T6744] hid-generic 0001:5FAF:0005.0006: probe with driver hid-generic failed with error -22 [ 103.160666][ T7920] netlink: 'syz.2.619': attribute type 2 has an invalid length. [ 103.163330][ T7920] netlink: 46 bytes leftover after parsing attributes in process `syz.2.619'. [ 103.220901][ T6032] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 103.381112][ T6032] usb 5-1: Using ep0 maxpacket: 16 [ 103.386173][ T6032] usb 5-1: config index 0 descriptor too short (expected 8469, got 68) [ 103.388774][ T6032] usb 5-1: config 244 has too many interfaces: 151, using maximum allowed: 32 [ 103.391758][ T6032] usb 5-1: config 244 has an invalid descriptor of length 103, skipping remainder of the config [ 103.394957][ T6032] usb 5-1: config 244 has 0 interfaces, different from the descriptor's value: 151 [ 103.398807][ T6032] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 103.402216][ T6032] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 103.404707][ T6032] usb 5-1: SerialNumber: syz [ 103.562315][ T7939] geneve4: entered promiscuous mode [ 103.595724][ T7941] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 103.623526][ T7943] comedi comedi3: comedi_config --init_data is deprecated [ 103.694806][ T6032] usb 5-1: USB disconnect, device number 10 [ 104.110965][ T6015] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 104.229864][ T5952] Bluetooth: hci1: Malformed LE Event: 0x1b [ 104.241103][ T6032] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 104.272657][ T6015] usb 6-1: config 0 has an invalid descriptor of length 45, skipping remainder of the config [ 104.275801][ T6015] usb 6-1: config 0 has no interfaces? [ 104.277972][ T6015] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 104.281961][ T6015] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.285683][ T6015] usb 6-1: config 0 descriptor?? [ 104.290990][ T837] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 104.390908][ T6032] usb 7-1: Using ep0 maxpacket: 8 [ 104.394827][ T6032] usb 7-1: config 13 has an invalid interface number: 50 but max is 3 [ 104.397434][ T6032] usb 7-1: config 13 has an invalid interface number: 173 but max is 3 [ 104.400800][ T6032] usb 7-1: config 13 has an invalid interface number: 14 but max is 3 [ 104.403534][ T6032] usb 7-1: config 13 contains an unexpected descriptor of type 0x1, skipping [ 104.406330][ T6032] usb 7-1: config 13 contains an unexpected descriptor of type 0x2, skipping [ 104.409104][ T6032] usb 7-1: config 13 contains an unexpected descriptor of type 0x2, skipping [ 104.412500][ T6032] usb 7-1: config 13 has an invalid interface number: 251 but max is 3 [ 104.415520][ T6032] usb 7-1: config 13 has an invalid interface number: 52 but max is 3 [ 104.418071][ T6032] usb 7-1: config 13 has 5 interfaces, different from the descriptor's value: 4 [ 104.420995][ T837] usb 8-1: device descriptor read/64, error -71 [ 104.423293][ T6032] usb 7-1: config 13 has no interface number 0 [ 104.425540][ T6032] usb 7-1: config 13 has no interface number 1 [ 104.427950][ T6032] usb 7-1: config 13 has no interface number 2 [ 104.430518][ T6032] usb 7-1: config 13 has no interface number 3 [ 104.432579][ T6032] usb 7-1: config 13 has no interface number 4 [ 104.434542][ T6032] usb 7-1: config 13 interface 173 altsetting 127 has a duplicate endpoint with address 0x1, skipping [ 104.438065][ T6032] usb 7-1: config 13 interface 173 altsetting 127 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 104.442414][ T6032] usb 7-1: config 13 interface 173 altsetting 127 has a duplicate endpoint with address 0x1, skipping [ 104.445767][ T6032] usb 7-1: config 13 interface 173 altsetting 127 has an invalid descriptor for endpoint zero, skipping [ 104.449218][ T6032] usb 7-1: config 13 interface 173 altsetting 127 has a duplicate endpoint with address 0x1, skipping [ 104.453280][ T6032] usb 7-1: config 13 interface 14 altsetting 6 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 104.456967][ T6032] usb 7-1: config 13 interface 14 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 104.460371][ T6032] usb 7-1: config 13 interface 14 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 104.463801][ T6032] usb 7-1: config 13 interface 14 altsetting 6 has a duplicate endpoint with address 0x8, skipping [ 104.467707][ T6032] usb 7-1: config 13 interface 14 altsetting 6 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 104.471390][ T6032] usb 7-1: config 13 interface 14 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 104.474707][ T6032] usb 7-1: config 13 interface 251 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 104.478278][ T6032] usb 7-1: config 13 interface 251 altsetting 0 has a duplicate endpoint with address 0x1, skipping [ 104.482342][ T6032] usb 7-1: config 13 interface 251 altsetting 0 endpoint 0x6 has an invalid bInterval 62, changing to 7 [ 104.485766][ T6032] usb 7-1: config 13 interface 251 altsetting 0 has a duplicate endpoint with address 0xD, skipping [ 104.489094][ T6032] usb 7-1: config 13 interface 251 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 9 [ 104.494255][ T6032] usb 7-1: config 13 interface 52 altsetting 231 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 104.494281][ T6032] usb 7-1: config 13 interface 52 altsetting 231 has a duplicate endpoint with address 0x8, skipping [ 104.494298][ T6032] usb 7-1: config 13 interface 52 altsetting 231 has an invalid descriptor for endpoint zero, skipping [ 104.494315][ T6032] usb 7-1: config 13 interface 52 altsetting 231 has 4 endpoint descriptors, different from the interface descriptor's value: 28 [ 104.494335][ T6032] usb 7-1: config 13 interface 50 has no altsetting 0 [ 104.494349][ T6032] usb 7-1: config 13 interface 173 has no altsetting 0 [ 104.494363][ T6032] usb 7-1: config 13 interface 14 has no altsetting 0 [ 104.494378][ T6032] usb 7-1: config 13 interface 52 has no altsetting 0 [ 104.501374][ T5952] Bluetooth: hci3: command 0x0c1a tx timeout [ 104.504734][ T6032] usb 7-1: New USB device found, idVendor=1e2d, idProduct=0083, bcdDevice=7f.df [ 104.528771][ T6015] usb 6-1: string descriptor 0 read error: -71 [ 104.530917][ T6032] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.533615][ T6015] usb 6-1: USB disconnect, device number 16 [ 104.534620][ T6032] usb 7-1: Product: Ñ [ 104.538038][ T6032] usb 7-1: Manufacturer: ᢂ꟫꿼墸ꖣ⊩è¸ì‰Šã¿µî®¨èžŸï—½è˜¦ã³•æŠå„¿å‰¨ì¡œëšã„æŠæ˜„墀á…í–䂊憅왃ãµî­ã¬±ï££ì¡£ã¯Ã•蕇呰å¥ìœä¼”鸦汣ëƒë’…᳈賫旡♹屸錸㨀ℵ哷慌ë¦à¢Œç½Ÿæˆ”è€äŒ²è’£á–¹â«‡êƒ‹í‚ºïˆäš²ä¦‹Ö䘊겷㳵櫷﬙ᤕä–á©î’°ïŽåˆ°ê™—晧饵豮ᑟ톜׆煉௛ՙ⎧èšâžŒã»¼ã»îƒ±ï‘®ãˆ¯ìµ ä£ˆî‚섈希⿩äˆç†è¦¼ì¬‹ì•ž [ 104.549010][ T6032] usb 7-1: SerialNumber: syz [ 104.660911][ T837] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 104.756157][ T6032] option 7-1:13.50: GSM modem (1-port) converter detected [ 104.763523][ T6032] option 7-1:13.14: GSM modem (1-port) converter detected [ 104.785603][ T6032] usb 7-1: USB disconnect, device number 13 [ 104.789103][ T6032] option 7-1:13.50: device disconnected [ 104.794617][ T6032] option 7-1:13.14: device disconnected [ 104.801941][ T837] usb 8-1: device descriptor read/64, error -71 [ 104.859503][ T7997] ubi31: attaching mtd0 [ 104.864357][ T7997] ubi31: scanning is finished [ 104.866373][ T7997] ubi31: empty MTD device detected [ 104.921162][ T837] usb usb8-port1: attempt power cycle [ 104.938721][ T7997] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 104.942222][ T7997] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 104.944623][ T7997] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 104.946910][ T7997] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 104.949919][ T7997] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 104.952288][ T7997] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 104.954865][ T7997] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1933530289 [ 104.958034][ T7997] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 104.962794][ T7998] ubi31: background thread "ubi_bgt31d" started, PID 7998 [ 105.055960][ T8000] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 105.058413][ T8000] IPv6: NLM_F_CREATE should be set when creating new route [ 105.084343][ T8002] block device autoloading is deprecated and will be removed. [ 105.092304][ T6032] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 105.200199][ T8008] fuse: Bad value for 'fd' [ 105.242182][ T6032] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 105.249082][ T6032] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 105.254838][ T6032] usb 7-1: New USB device found, idVendor=0499, idProduct=5ae2, bcdDevice= 9.0f [ 105.258116][ T6032] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=7 [ 105.260661][ T6032] usb 7-1: Product: syz [ 105.262150][ T6032] usb 7-1: Manufacturer: syz [ 105.263703][ T6032] usb 7-1: SerialNumber: syz [ 105.266899][ T6032] usb 7-1: config 0 descriptor?? [ 105.280889][ T837] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 105.301325][ T837] usb 8-1: device descriptor read/8, error -71 [ 105.540956][ T837] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 105.561468][ T837] usb 8-1: device descriptor read/8, error -71 [ 105.672115][ T837] usb usb8-port1: unable to enumerate USB device [ 105.706818][ T6032] usb 7-1: USB disconnect, device number 14 [ 105.713706][ T5956] udevd[5956]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 106.095445][ T8025] ISOFS: Unable to identify CD-ROM format. [ 106.128529][ T8032] netlink: 12 bytes leftover after parsing attributes in process `syz.2.657'. [ 106.139031][ T8032] Bluetooth: MGMT ver 1.23 [ 106.440230][ T8048] efs: device does not support 512 byte blocks [ 106.443003][ T8048] device does not support 512 byte blocks [ 106.443003][ T8048] [ 106.591046][ T5310] Bluetooth: hci3: command 0x0c1a tx timeout [ 106.805747][ T40] kauditd_printk_skb: 33 callbacks suppressed [ 106.805759][ T40] audit: type=1400 audit(1752162124.197:5654): avc: denied { read write } for pid=8058 comm="syz.2.665" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 106.815350][ T40] audit: type=1400 audit(1752162124.197:5655): avc: denied { open } for pid=8058 comm="syz.2.665" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 106.822579][ T40] audit: type=1400 audit(1752162124.207:5656): avc: denied { create } for pid=8058 comm="syz.2.665" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 107.008358][ T40] audit: type=1400 audit(1752162124.397:5657): avc: denied { read } for pid=8072 comm="syz.1.669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 107.118538][ T8084] fuse: Unknown parameter 'r ' [ 107.123943][ T40] audit: type=1400 audit(1752162124.517:5658): avc: denied { map } for pid=8083 comm="syz.0.670" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 107.215074][ T8095] No source specified [ 107.216548][ T8095] netlink: 88 bytes leftover after parsing attributes in process `syz.1.669'. [ 107.220486][ T40] audit: type=1400 audit(1752162124.607:5659): avc: denied { read } for pid=8072 comm="syz.1.669" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 107.271036][ T837] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 107.459004][ T837] usb 7-1: Using ep0 maxpacket: 32 [ 107.462170][ T837] usb 7-1: config index 0 descriptor too short (expected 50356, got 796) [ 107.465505][ T837] usb 7-1: config 41 has too many interfaces: 195, using maximum allowed: 32 [ 107.468993][ T837] usb 7-1: config 41 has an invalid descriptor of length 0, skipping remainder of the config [ 107.473502][ T837] usb 7-1: config 41 has 0 interfaces, different from the descriptor's value: 195 [ 107.479128][ T837] usb 7-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 107.483163][ T837] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.486407][ T837] usb 7-1: Product: syz [ 107.488109][ T837] usb 7-1: Manufacturer: syz [ 107.490024][ T837] usb 7-1: SerialNumber: syz [ 107.496189][ T8106] xt_connbytes: Forcing CT accounting to be enabled [ 107.498801][ T8106] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 107.631970][ T40] audit: type=1400 audit(1752162125.027:5660): avc: denied { setopt } for pid=8107 comm="syz.3.676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 107.708667][ T40] audit: type=1400 audit(1752162125.097:5661): avc: denied { setopt } for pid=8070 comm="syz.2.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 107.727042][ T837] usb 7-1: USB disconnect, device number 15 [ 107.898220][ T40] audit: type=1400 audit(1752162125.287:5662): avc: denied { create } for pid=8112 comm="syz.0.677" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 107.912745][ T40] audit: type=1400 audit(1752162125.307:5663): avc: denied { read } for pid=8112 comm="syz.0.677" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 108.011349][ T8124] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.016278][ T8124] bond0: (slave rose0): Enslaving as an active interface with an up link [ 108.034525][ T8124] vxfs: WRONG superblock magic 00000000 at 1 [ 108.037104][ T8124] vxfs: WRONG superblock magic 00000000 at 8 [ 108.039049][ T8124] vxfs: can't find superblock. [ 108.200987][ T6015] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 108.330887][ T6015] usb 8-1: device descriptor read/64, error -71 [ 108.528635][ T8168] erofs (device nbd0): cannot find valid erofs superblock [ 108.571005][ T6015] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 108.671699][ T5310] Bluetooth: hci3: command 0x0c1a tx timeout [ 108.701064][ T6015] usb 8-1: device descriptor read/64, error -71 [ 108.814072][ T6015] usb usb8-port1: attempt power cycle [ 108.953924][ T8179] netlink: 128 bytes leftover after parsing attributes in process `syz.1.694'. [ 109.060009][ T8184] netlink: 40 bytes leftover after parsing attributes in process `syz.2.695'. [ 109.089561][ T8191] netlink: 40 bytes leftover after parsing attributes in process `syz.2.695'. [ 109.116759][ T8194] bio_check_eod: 2 callbacks suppressed [ 109.116770][ T8194] syz.2.697: attempt to access beyond end of device [ 109.116770][ T8194] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 109.122730][ T8194] exFAT-fs (nbd2): unable to read boot sector [ 109.124659][ T8194] exFAT-fs (nbd2): failed to read boot sector [ 109.126513][ T8194] exFAT-fs (nbd2): failed to recognize exfat type [ 109.166346][ T6015] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 109.180607][ T8204] netlink: 4 bytes leftover after parsing attributes in process `syz.1.700'. [ 109.196181][ T6015] usb 8-1: device descriptor read/8, error -71 [ 109.261906][ T8211] sp0: Synchronizing with TNC [ 109.430956][ T6015] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 109.451487][ T6015] usb 8-1: device descriptor read/8, error -71 [ 109.518043][ T5310] Bluetooth: hci2: unexpected cc 0x0809 length: 68 > 4 [ 109.521186][ T5310] Bluetooth: hci2: unexpected event for opcode 0x0809 [ 109.571110][ T6015] usb usb8-port1: unable to enumerate USB device [ 110.214908][ T8227] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=8227 comm=syz.2.708 [ 110.249715][ T8232] fuse: Unknown parameter 'rootmod\;Ê×A' [ 110.283318][ T8235] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 110.293910][ T8235] CIFS mount error: No usable UNC path provided in device string! [ 110.293910][ T8235] [ 110.298199][ T8235] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 110.490770][ T8244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pid=8244 comm=syz.0.715 [ 110.521008][ T8246] netlink: 'syz.0.716': attribute type 1 has an invalid length. [ 110.567998][ T8246] netlink: 'syz.0.716': attribute type 1 has an invalid length. [ 110.595275][ T8254] geneve1: entered allmulticast mode [ 110.602772][ T8254] pim6reg: entered allmulticast mode [ 110.608922][ T8254] binder: 8253:8254 ioctl c0306201 2000000003c0 returned -14 [ 110.791676][ T5310] Bluetooth: hci1: unexpected cc 0x0809 length: 68 > 4 [ 110.793891][ T5310] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 110.892194][ T8267] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 110.895024][ T8267] comedi comedi0: Minor 14 could not be opened [ 110.901615][ T8272] netlink: 152 bytes leftover after parsing attributes in process `syz.0.722'. [ 110.904762][ T8272] tipc: Started in network mode [ 110.906404][ T8272] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711 [ 110.921456][ T8272] tipc: Enabled bearer , priority 10 [ 111.012744][ T8280] netlink: 'syz.3.724': attribute type 9 has an invalid length. [ 111.015256][ T8280] netlink: 32 bytes leftover after parsing attributes in process `syz.3.724'. [ 111.018834][ T8280] netlink: 32 bytes leftover after parsing attributes in process `syz.3.724'. [ 111.241732][ T8289] netlink: 20 bytes leftover after parsing attributes in process `syz.3.727'. [ 111.710946][ T6015] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 111.808920][ T8304] netlink: 'syz.0.733': attribute type 1 has an invalid length. [ 111.822854][ T40] kauditd_printk_skb: 29 callbacks suppressed [ 111.822865][ T40] audit: type=1400 audit(1752162129.217:5693): avc: denied { bind } for pid=8303 comm="syz.0.733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 111.823314][ T8304] netlink: 44 bytes leftover after parsing attributes in process `syz.0.733'. [ 111.823358][ T8306] netlink: 44 bytes leftover after parsing attributes in process `syz.0.733'. [ 111.851578][ T6015] usb 7-1: device descriptor read/64, error -71 [ 111.866921][ T40] audit: type=1400 audit(1752162129.257:5694): avc: denied { mount } for pid=8307 comm="syz.0.734" name="/" dev="hugetlbfs" ino=27685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 112.011943][ T836] tipc: Node number set to 4269801514 [ 112.017012][ T5310] Bluetooth: hci1: unexpected cc 0x0809 length: 68 > 4 [ 112.019259][ T5310] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 112.101029][ T6015] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 112.201847][ T8326] geneve2: entered promiscuous mode [ 112.203530][ T8326] geneve2: entered allmulticast mode [ 112.231078][ T6015] usb 7-1: device descriptor read/64, error -71 [ 112.265598][ T8332] netlink: ct family unspecified [ 112.278524][ T8332] openvswitch: netlink: Actions may not be safe on all matching packets [ 112.288289][ T40] audit: type=1400 audit(1752162129.677:5695): avc: denied { create } for pid=8331 comm="syz.1.742" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 112.288844][ T8332] Invalid source name [ 112.296002][ T8332] UBIFS error (pid: 8332): cannot open "./file0", error -22 [ 112.298563][ T40] audit: type=1400 audit(1752162129.677:5696): avc: denied { mounton } for pid=8331 comm="syz.1.742" path="/193/file0" dev="tmpfs" ino=1039 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 112.341165][ T6015] usb usb7-port1: attempt power cycle [ 112.364129][ T5310] Bluetooth: hci1: unexpected cc 0x0809 length: 68 > 4 [ 112.366322][ T5310] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 112.381232][ T40] audit: type=1400 audit(1752162129.767:5697): avc: denied { accept } for pid=8339 comm="syz.3.745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 112.396028][ T40] audit: type=1400 audit(1752162129.787:5698): avc: denied { append } for pid=8345 comm="syz.0.747" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 112.401335][ T8341] sp0: Synchronizing with TNC [ 112.404045][ T8346] loop6: detected capacity change from 0 to 524287487 [ 112.409959][ T5956] Buffer I/O error on dev loop6, logical block 0, async page read [ 112.413786][ T5956] Buffer I/O error on dev loop6, logical block 0, async page read [ 112.416367][ T5956] Buffer I/O error on dev loop6, logical block 0, async page read [ 112.419051][ T5956] Buffer I/O error on dev loop6, logical block 0, async page read [ 112.421981][ T5956] Buffer I/O error on dev loop6, logical block 0, async page read [ 112.424595][ T5956] Buffer I/O error on dev loop6, logical block 0, async page read [ 112.427085][ T5956] Buffer I/O error on dev loop6, logical block 0, async page read [ 112.429750][ T5956] Buffer I/O error on dev loop6, logical block 0, async page read [ 112.433455][ T40] audit: type=1400 audit(1752162129.827:5699): avc: denied { write } for pid=8347 comm="syz.1.748" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 112.440532][ T5956] ldm_validate_partition_table(): Disk read failed. [ 112.442874][ T5956] Buffer I/O error on dev loop6, logical block 0, async page read [ 112.445393][ T5956] Buffer I/O error on dev loop6, logical block 0, async page read [ 112.447983][ T5956] Dev loop6: unable to read RDB block 0 [ 112.449988][ T5956] loop6: unable to read partition table [ 112.455005][ T8346] ldm_validate_partition_table(): Disk read failed. [ 112.457232][ T8346] Dev loop6: unable to read RDB block 0 [ 112.457750][ T8348] netlink: 'syz.1.748': attribute type 19 has an invalid length. [ 112.462851][ T8346] loop6: unable to read partition table [ 112.464986][ T8346] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 112.480705][ T5360] udevd[5360]: worker [5956] terminated by signal 33 (Unknown signal 33) [ 112.484681][ T5360] udevd[5360]: worker [5956] failed while handling '/devices/virtual/block/loop6' [ 112.541946][ T8349] loop6: detected capacity change from 524287487 to 524288 [ 112.680941][ T6015] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 112.712308][ T6015] usb 7-1: device descriptor read/8, error -71 [ 112.769476][ T40] audit: type=1400 audit(1752162130.157:5700): avc: denied { read } for pid=8368 comm="syz.1.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 112.961667][ T6015] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 112.983067][ T6015] usb 7-1: device descriptor read/8, error -71 [ 113.091885][ T6015] usb usb7-port1: unable to enumerate USB device [ 113.171253][ T8395] bridge_slave_0: entered promiscuous mode [ 113.173121][ T8395] bridge_slave_0: entered allmulticast mode [ 113.195952][ T5310] Bluetooth: unknown link type 191 [ 113.197675][ T5310] Bluetooth: hci3: connection err: -111 [ 113.265924][ T8406] netlink: 'syz.1.767': attribute type 10 has an invalid length. [ 113.292908][ T40] audit: type=1400 audit(1752162130.687:5701): avc: denied { map } for pid=8407 comm="syz.0.766" path="socket:[30493]" dev="sockfs" ino=30493 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 113.317145][ T8408] JFS: discard option not supported on device [ 113.322958][ T5310] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 113.325448][ T40] audit: type=1400 audit(1752162130.707:5702): avc: denied { mounton } for pid=8407 comm="syz.0.766" path="/200/bus" dev="tmpfs" ino=1055 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 113.325578][ T8408] syz.0.766: attempt to access beyond end of device [ 113.325578][ T8408] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 113.349071][ T8408] syz.0.766: attempt to access beyond end of device [ 113.349071][ T8408] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 113.353396][ T8408] Mount JFS Failure: -5 [ 113.358309][ T8410] Malformed UNC in devname [ 113.358309][ T8410] [ 113.372837][ T8410] CIFS: VFS: Malformed UNC in devname [ 113.413598][ T8404] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 113.427950][ T8404] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.438078][ T8404] bond0 (unregistering): Released all slaves [ 113.475708][ T8406] team0: Port device wlan1 added [ 114.551604][ T8435] sp0: Synchronizing with TNC [ 114.592286][ T8439] fuse: Unknown parameter 'smackfsdef' [ 114.595104][ T8439] blktrace: Concurrent blktraces are not allowed on loop4 [ 115.800389][ T8456] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 116.067339][ T8471] SELinux: syz.0.784 (8471) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 116.742312][ T8480] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 117.013808][ T8482] kvm: pic: non byte write [ 117.075077][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 117.075107][ T40] audit: type=1400 audit(1752162134.467:5707): avc: denied { write } for pid=8481 comm="syz.0.789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 117.095034][ T40] audit: type=1400 audit(1752162134.467:5708): avc: denied { getopt } for pid=8481 comm="syz.0.789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 117.674922][ T8487] tipc: Started in network mode [ 117.676607][ T8487] tipc: Node identity 069f0e134782, cluster identity 4711 [ 117.678900][ T8487] tipc: Enabled bearer , priority 0 [ 117.687416][ T8487] syzkaller0: entered promiscuous mode [ 117.689152][ T8487] syzkaller0: entered allmulticast mode [ 117.690556][ T40] audit: type=1400 audit(1752162135.077:5709): avc: denied { create } for pid=8485 comm="syz.2.790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 117.716748][ T8487] tipc: Resetting bearer [ 117.722469][ T40] audit: type=1400 audit(1752162135.117:5710): avc: denied { setopt } for pid=8485 comm="syz.2.790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 117.735492][ T8486] tipc: Resetting bearer [ 117.773169][ T8486] tipc: Disabling bearer [ 118.036155][ T40] audit: type=1400 audit(1752162135.417:5711): avc: denied { bind } for pid=8494 comm="syz.2.794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 118.060889][ T40] audit: type=1400 audit(1752162135.427:5712): avc: denied { listen } for pid=8494 comm="syz.2.794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 118.423680][ T8498] __nla_validate_parse: 8 callbacks suppressed [ 118.423692][ T8498] netlink: 36 bytes leftover after parsing attributes in process `syz.2.795'. [ 118.572605][ T8504] No source specified [ 119.116388][ T40] audit: type=1400 audit(1752162136.507:5713): avc: denied { unmount } for pid=5960 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 119.200008][ T40] audit: type=1400 audit(1752162136.587:5714): avc: denied { create } for pid=8511 comm="syz.3.799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 119.207434][ T40] audit: type=1400 audit(1752162136.597:5715): avc: denied { write } for pid=8511 comm="syz.3.799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 119.215885][ T5952] Bluetooth: hci3: unexpected event for opcode 0x041b [ 119.536569][ T40] audit: type=1400 audit(1752162136.927:5716): avc: denied { map } for pid=8527 comm="syz.2.804" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 119.547105][ T8531] netlink: 16 bytes leftover after parsing attributes in process `syz.2.804'. [ 119.865832][ T5952] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 120.214766][ T8539] netlink: 12 bytes leftover after parsing attributes in process `syz.1.806'. [ 120.263438][ T8541] ubi: mtd0 is already attached to ubi31 [ 120.296368][ T8546] bridge_slave_0: entered promiscuous mode [ 120.491834][ T8557] netlink: 16 bytes leftover after parsing attributes in process `syz.2.811'. [ 120.561154][ T8562] fuse: Unknown parameter 'rootmod00000000000020000' [ 120.572108][ T8560] netlink: 'syz.3.814': attribute type 2 has an invalid length. [ 120.574513][ T8560] netlink: 244 bytes leftover after parsing attributes in process `syz.3.814'. [ 120.871230][ T8574] netlink: 'syz.1.815': attribute type 20 has an invalid length. [ 120.963926][ T8577] netlink: 'syz.3.819': attribute type 1 has an invalid length. [ 121.003549][ T8577] netlink: 'syz.3.819': attribute type 1 has an invalid length. [ 121.005971][ T8577] netlink: 228 bytes leftover after parsing attributes in process `syz.3.819'. [ 122.110928][ T836] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 122.280935][ T836] usb 7-1: Using ep0 maxpacket: 8 [ 122.284551][ T836] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 122.287833][ T836] usb 7-1: config 0 has no interface number 0 [ 122.290319][ T836] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 122.294771][ T836] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 122.299450][ T836] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 122.303731][ T836] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 122.307797][ T836] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 122.321000][ T836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.326046][ T836] usb 7-1: config 0 descriptor?? [ 122.340930][ T836] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 122.619004][ T8605] netlink: 'syz.2.826': attribute type 2 has an invalid length. [ 122.623301][ T8605] netlink: 12 bytes leftover after parsing attributes in process `syz.2.826'. [ 122.637667][ T8608] netlink: 'syz.0.827': attribute type 1 has an invalid length. [ 122.640212][ T8608] netlink: 'syz.0.827': attribute type 2 has an invalid length. [ 122.756142][ T8615] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 123.132820][ T40] kauditd_printk_skb: 6 callbacks suppressed [ 123.132830][ T40] audit: type=1400 audit(1752162140.527:5723): avc: denied { getopt } for pid=8618 comm="syz.0.829" lport=74 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 123.863951][ T8634] overlay: Unknown parameter 'fowner>00000000000000000000' [ 124.021352][ T5952] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 124.023566][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 124.287404][ T34] usb 7-1: USB disconnect, device number 20 [ 124.328915][ T34] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 124.587085][ T40] audit: type=1326 audit(1752162141.977:5724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8638 comm="syz.0.836" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0f3138e929 code=0x0 [ 124.646927][ T8643] netlink: 132 bytes leftover after parsing attributes in process `syz.3.835'. [ 124.819056][ T8655] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 124.824491][ T40] audit: type=1400 audit(1752162142.207:5725): avc: denied { ioctl } for pid=8654 comm="syz.3.840" path="/dev/sg0" dev="devtmpfs" ino=721 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 124.919729][ T40] audit: type=1400 audit(1752162142.307:5726): avc: denied { map } for pid=8656 comm="syz.2.842" path="pipe:[45337]" dev="pipefs" ino=45337 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 124.929115][ T8660] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 124.936980][ T40] audit: type=1400 audit(1752162142.317:5727): avc: denied { execute } for pid=8656 comm="syz.2.842" path="pipe:[45337]" dev="pipefs" ino=45337 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 125.111076][ T34] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 125.262045][ T40] audit: type=1400 audit(1752162142.657:5728): avc: denied { mount } for pid=8667 comm="syz.2.845" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 125.275725][ T34] usb 8-1: config 1 interface 0 altsetting 128 endpoint 0x81 has invalid maxpacket 1536, setting to 1024 [ 125.279358][ T34] usb 8-1: config 1 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 24, changing to 8 [ 125.286113][ T5952] Bluetooth: hci1: unexpected cc 0x0809 length: 68 > 4 [ 125.288279][ T5952] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 125.291509][ T34] usb 8-1: config 1 interface 0 has no altsetting 0 [ 125.297922][ T34] usb 8-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 125.300754][ T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.304837][ T34] usb 8-1: Product: à ¾ [ 125.306171][ T34] usb 8-1: Manufacturer: 㬛ᙠ쩪è—硕ꑰ⦔⪢徎瓓㺾㿂컗㾽Ꚕï‡îª€â‡í«áª•Ü켼匶ᓚ퇑濧á…舃ಿꦅ䋎ǃ黠껞曽䖎焷䄚ࠠê˜î“腀酒洞䜣븲ꊷ嫽ﰌï™ìˆ¬âŽ—ï–´ì¬‹ç„…â‹¦äœ¹è¬Œí†’î¦âƒ†ê‡µç¥á¾Žé©¨æ˜åŽšã²‘à³”çµ†à­‡ä ¶æ°¼ë¦§Ù›á¬¦â¢ƒë¸—ï“™æ‡„ï‰ºî·•á»ªá¬‘å’ƒ [ 125.324040][ T34] usb 8-1: SerialNumber: à ” [ 125.330081][ T8655] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 125.656181][ T34] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/input/input19 [ 125.849569][ T34] usb 8-1: USB disconnect, device number 23 [ 125.857037][ C3] pxrc 8-1:1.0: pxrc_usb_irq - usb_submit_urb failed with result: -19 [ 126.192295][ T8674] netlink: 8 bytes leftover after parsing attributes in process `syz.2.846'. [ 126.598681][ T40] audit: type=1400 audit(1752162143.977:5729): avc: denied { audit_write } for pid=8683 comm="syz.3.849" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 126.608204][ T8689] overlayfs: conflicting lowerdir path [ 126.858766][ T40] audit: type=1400 audit(1752162144.247:5730): avc: denied { unmount } for pid=5946 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 127.095920][ T40] audit: type=1400 audit(1752162144.487:5731): avc: denied { watch } for pid=8704 comm="syz.2.855" path="/216" dev="tmpfs" ino=1159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 127.120906][ T40] audit: type=1400 audit(1752162144.497:5732): avc: denied { watch_sb } for pid=8704 comm="syz.2.855" path="/216" dev="tmpfs" ino=1159 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 127.751465][ T8708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.856'. [ 127.754121][ T8708] netlink: 12 bytes leftover after parsing attributes in process `syz.2.856'. [ 127.756975][ T8708] netlink: 20 bytes leftover after parsing attributes in process `syz.2.856'. [ 128.000416][ T8714] xt_hashlimit: invalid interval [ 128.555613][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 128.555624][ T40] audit: type=1400 audit(1752162145.947:5735): avc: denied { setopt } for pid=8729 comm="syz.1.862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 128.763763][ T5952] Bluetooth: hci0: unexpected cc 0x0809 length: 68 > 4 [ 128.765940][ T5952] Bluetooth: hci0: unexpected event for opcode 0x0809 [ 128.904768][ T8741] /dev/sr0: Can't open blockdev [ 128.938931][ T40] audit: type=1804 audit(1752162146.327:5736): pid=8744 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.866" name="/newroot/230/file0" dev="tmpfs" ino=1236 res=1 errno=0 [ 128.939424][ T8744] ref_ctr increment failed for inode: 0x4d4 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888025023200 [ 129.002495][ T8743] uprobe: syz.1.866:8743 failed to unregister, leaking uprobe [ 129.081335][ T40] audit: type=1804 audit(1752162146.477:5737): pid=8749 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.868" name="/newroot/231/file0" dev="tmpfs" ino=1242 res=1 errno=0 [ 129.088092][ T40] audit: type=1800 audit(1752162146.477:5738): pid=8749 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.868" name="file0" dev="tmpfs" ino=1242 res=0 errno=0 [ 129.140938][ T8754] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8754 comm=syz.3.867 [ 129.146184][ T8754] netlink: 8 bytes leftover after parsing attributes in process `syz.3.867'. [ 129.149111][ T8754] netlink: 12 bytes leftover after parsing attributes in process `syz.3.867'. [ 129.241625][ T40] audit: type=1400 audit(1752162146.637:5739): avc: denied { getopt } for pid=8760 comm="syz.2.872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 129.283854][ T8766] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 129.394344][ T40] audit: type=1400 audit(1752162146.787:5740): avc: denied { mount } for pid=8773 comm="syz.2.877" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 129.457471][ T8783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.880'. [ 129.475099][ T8783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.880'. [ 129.584814][ T8796] netlink: 'syz.0.884': attribute type 1 has an invalid length. [ 129.587220][ T8796] netlink: 44 bytes leftover after parsing attributes in process `syz.0.884'. [ 129.621846][ T5952] Bluetooth: hci2: unexpected cc 0x0809 length: 68 > 4 [ 129.624949][ T5952] Bluetooth: hci2: unexpected event for opcode 0x0809 [ 129.777048][ T40] audit: type=1400 audit(1752162147.167:5741): avc: denied { ioctl } for pid=8805 comm="syz.3.888" path="/dev/fuse" dev="devtmpfs" ino=105 ioctlcmd=0x9423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 129.840938][ T6032] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 129.880927][ T6015] usb 5-1: new low-speed USB device number 11 using dummy_hcd [ 130.002066][ T6032] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.005301][ T6032] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 130.008126][ T6032] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 130.011069][ T6032] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.015180][ T6032] usb 7-1: config 0 descriptor?? [ 130.042255][ T6015] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 130.044869][ T6015] usb 5-1: config 0 has no interface number 0 [ 130.046924][ T6015] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 130.050796][ T6015] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 130.054251][ T6015] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 130.057202][ T6015] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.061620][ T6015] usb 5-1: config 0 descriptor?? [ 130.063759][ T8804] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 130.071277][ T6015] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 130.267281][ T8809] affs: No valid root block on device nullb0 [ 130.314596][ T6032] usb 5-1: USB disconnect, device number 11 [ 130.314653][ C1] iowarrior 5-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 130.493684][ T40] audit: type=1400 audit(1752162147.887:5742): avc: denied { add_name } for pid=8821 comm="syz.1.893" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 130.500999][ T40] audit: type=1400 audit(1752162147.887:5743): avc: denied { create } for pid=8821 comm="syz.1.893" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 130.508122][ T40] audit: type=1400 audit(1752162147.887:5744): avc: denied { associate } for pid=8821 comm="syz.1.893" name="net_prio.prioidx" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 130.568206][ T8824] smc: net device bond0 applied user defined pnetid SYZ0 [ 130.604129][ T8830] PM: Enabling pm_trace changes system date and time during resume. [ 130.604129][ T8830] PM: Correct system time has to be restored manually after resume. [ 130.832869][ T5952] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 130.835063][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 130.994725][ T8854] netlink: 8 bytes leftover after parsing attributes in process `syz.0.902'. [ 131.000963][ T8854] netlink: 24 bytes leftover after parsing attributes in process `syz.0.902'. [ 131.017123][ T8856] netlink: 'syz.1.903': attribute type 4 has an invalid length. [ 131.062622][ T8859] netlink: 132 bytes leftover after parsing attributes in process `syz.1.905'. [ 131.514928][ T8883] FAULT_INJECTION: forcing a failure. [ 131.514928][ T8883] name failslab, interval 1, probability 0, space 0, times 0 [ 131.518775][ T8883] CPU: 1 UID: 0 PID: 8883 Comm: syz.1.911 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 131.518790][ T8883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 131.518796][ T8883] Call Trace: [ 131.518800][ T8883] [ 131.518804][ T8883] dump_stack_lvl+0x16c/0x1f0 [ 131.518838][ T8883] should_fail_ex+0x512/0x640 [ 131.518856][ T8883] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 131.518872][ T8883] should_failslab+0xc2/0x120 [ 131.518887][ T8883] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 131.518900][ T8883] ? copy_process+0x4b6/0x7650 [ 131.518915][ T8883] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.518929][ T8883] copy_process+0x4b6/0x7650 [ 131.518948][ T8883] ? __pfx_copy_process+0x10/0x10 [ 131.518983][ T8883] kernel_clone+0xfc/0x960 [ 131.518999][ T8883] ? __pfx_kernel_clone+0x10/0x10 [ 131.519018][ T8883] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 131.519034][ T8883] __do_sys_clone+0xce/0x120 [ 131.519049][ T8883] ? __pfx___do_sys_clone+0x10/0x10 [ 131.519069][ T8883] ? ksys_write+0x1ac/0x250 [ 131.519081][ T8883] ? __pfx_ksys_write+0x10/0x10 [ 131.519098][ T8883] do_syscall_64+0xcd/0x4c0 [ 131.519114][ T8883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.519124][ T8883] RIP: 0033:0x7fdc09b8e929 [ 131.519132][ T8883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.519142][ T8883] RSP: 002b:00007fdc0a9f3fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 131.519156][ T8883] RAX: ffffffffffffffda RBX: 00007fdc09db5fa0 RCX: 00007fdc09b8e929 [ 131.519162][ T8883] RDX: 0000200000000040 RSI: 0000000000000000 RDI: 0000000000001000 [ 131.519168][ T8883] RBP: 00007fdc0a9f4090 R08: 0000000000000000 R09: 0000000000000000 [ 131.519174][ T8883] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 131.519180][ T8883] R13: 0000000000000000 R14: 00007fdc09db5fa0 R15: 00007ffe97712c18 [ 131.519192][ T8883] [ 131.752933][ T8902] xt_ecn: cannot match TCP bits for non-tcp packets [ 132.125200][ T5952] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 132.127364][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 132.507307][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.509382][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.602774][ T61] usb 7-1: USB disconnect, device number 21 [ 132.628549][ T8915] trusted_key: encrypted_key: master key parameter 'exryptfsuser:new' is invalid [ 132.947098][ T8949] netlink: 20 bytes leftover after parsing attributes in process `syz.3.931'. [ 132.947776][ T8946] netlink: 'syz.1.930': attribute type 1 has an invalid length. [ 132.963438][ T8946] 8021q: adding VLAN 0 to HW filter on device bond1 [ 132.974727][ T8946] 8021q: adding VLAN 0 to HW filter on device bond1 [ 132.977037][ T8946] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address [ 132.981464][ T8946] bond1: (slave vxcan1): Error -95 calling set_mac_address [ 133.035340][ T8947] gretap1: entered promiscuous mode [ 133.039070][ T8947] bond1: (slave gretap1): making interface the new active one [ 133.043816][ T8947] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 133.052632][ T8951] bond1: (slave vlan0): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 133.209800][ T5952] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 133.212835][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 133.250593][ T8971] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 133.717005][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 133.717016][ T40] audit: type=1400 audit(1752162151.107:5753): avc: denied { create } for pid=8985 comm="syz.2.943" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 133.775427][ T8991] netlink: 8 bytes leftover after parsing attributes in process `syz.2.944'. [ 134.061326][ T40] audit: type=1400 audit(1752162151.457:5754): avc: denied { read } for pid=8997 comm="syz.3.947" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 134.067680][ T9000] block nbd3: NBD_DISCONNECT [ 134.071588][ T40] audit: type=1400 audit(1752162151.457:5755): avc: denied { write } for pid=8997 comm="syz.3.947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 134.075634][ T9000] block nbd3: Send disconnect failed -22 [ 134.080883][ T6015] usb 7-1: new low-speed USB device number 22 using dummy_hcd [ 134.082615][ T8972] TCP: out of memory -- consider tuning tcp_mem [ 134.209566][ T8997] block nbd3: Disconnected due to user request. [ 134.212267][ T8997] block nbd3: shutting down sockets [ 134.261874][ T6015] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 134.264387][ T6015] usb 7-1: config 0 has no interface number 0 [ 134.266345][ T6015] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 134.269720][ T6015] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 134.274911][ T6015] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 134.277757][ T6015] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.281884][ T6015] usb 7-1: config 0 descriptor?? [ 134.283901][ T8995] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 134.293707][ T6015] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 134.352308][ T40] audit: type=1400 audit(1752162151.747:5756): avc: denied { accept } for pid=9003 comm="syz.1.949" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 134.397088][ T40] audit: type=1400 audit(1752162151.787:5757): avc: denied { remount } for pid=9009 comm="syz.0.951" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 134.409967][ T40] audit: type=1400 audit(1752162151.797:5758): avc: denied { remount } for pid=9003 comm="syz.1.949" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 134.490637][ T837] usb 7-1: USB disconnect, device number 22 [ 134.731893][ T5952] Bluetooth: hci1: unexpected cc 0x0809 length: 68 > 4 [ 134.734164][ T5952] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 135.018834][ T9030] netlink: 32 bytes leftover after parsing attributes in process `syz.2.956'. [ 135.022579][ T9030] netlink: 32 bytes leftover after parsing attributes in process `syz.2.956'. [ 135.025674][ T9030] netlink: 32 bytes leftover after parsing attributes in process `syz.2.956'. [ 135.028671][ T9030] netlink: 32 bytes leftover after parsing attributes in process `syz.2.956'. [ 135.031854][ T9030] netlink: 32 bytes leftover after parsing attributes in process `syz.2.956'. [ 135.067000][ T40] audit: type=1400 audit(1752162152.457:5759): avc: denied { append } for pid=9033 comm="syz.2.957" name="hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 135.075075][ T40] audit: type=1400 audit(1752162152.457:5760): avc: denied { map } for pid=9033 comm="syz.2.957" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 135.087242][ T40] audit: type=1400 audit(1752162152.457:5761): avc: denied { execute } for pid=9033 comm="syz.2.957" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 135.132079][ T40] audit: type=1400 audit(1752162152.527:5762): avc: denied { append } for pid=9040 comm="syz.3.960" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 135.172398][ T9044] bridge2: entered promiscuous mode [ 135.291179][ T9060] cgroup2: Unknown parameter 'euid' [ 135.653246][ T9079] /dev/sr0: Can't open blockdev [ 135.731086][ T6032] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 135.771937][ T9079] /dev/sr0: Can't open blockdev [ 135.853319][ T9079] /dev/sr0: Can't open blockdev [ 135.861013][ T6032] usb 5-1: device descriptor read/64, error -71 [ 135.889589][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 135.892015][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 135.981997][ T9079] /dev/sr0: Can't open blockdev [ 136.091817][ T9079] /dev/sr0: Can't open blockdev [ 136.120897][ T6032] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 136.182207][ T9079] /dev/sr0: Can't open blockdev [ 136.251070][ T6032] usb 5-1: device descriptor read/64, error -71 [ 136.304558][ T9079] /dev/sr0: Can't open blockdev [ 136.361468][ T6032] usb usb5-port1: attempt power cycle [ 136.423413][ T9079] /dev/sr0: Can't open blockdev [ 136.676907][ T5952] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 136.679653][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 136.700998][ T6032] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 136.731401][ T6032] usb 5-1: device descriptor read/8, error -71 [ 136.871760][ T9126] __nla_validate_parse: 31 callbacks suppressed [ 136.871774][ T9126] netlink: 40 bytes leftover after parsing attributes in process `syz.2.983'. [ 136.906726][ T9129] netlink: 8 bytes leftover after parsing attributes in process `syz.1.985'. [ 136.909837][ T9129] netlink: 12 bytes leftover after parsing attributes in process `syz.1.985'. [ 136.972607][ T6032] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 136.988725][ T9136] netlink: 8 bytes leftover after parsing attributes in process `syz.2.987'. [ 136.991479][ T6032] usb 5-1: device descriptor read/8, error -71 [ 137.111040][ T6032] usb usb5-port1: unable to enumerate USB device [ 137.163532][ T9140] netlink: 12 bytes leftover after parsing attributes in process `syz.2.988'. [ 137.167122][ T9140] bond0: entered promiscuous mode [ 137.589812][ T9165] netlink: 4 bytes leftover after parsing attributes in process `syz.1.996'. [ 137.773905][ T9177] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1000'. [ 137.853037][ T5952] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 137.855486][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 138.072941][ T9207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1001'. [ 138.075862][ T9207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1001'. [ 138.159088][ T9216] A: renamed from wg1 (while UP) [ 138.756503][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 138.756514][ T40] audit: type=1400 audit(1752162156.147:5773): avc: denied { listen } for pid=9232 comm="syz.2.1013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 138.771272][ T40] audit: type=1400 audit(1752162156.157:5774): avc: denied { accept } for pid=9232 comm="syz.2.1013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 138.905161][ T9248] comedi comedi0: multiq3: I/O port conflict (0x3f,16) [ 138.921038][ T837] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 138.981805][ T1025] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 139.089021][ T837] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 139.100976][ T837] usb 5-1: config 0 interface 0 has no altsetting 0 [ 139.105216][ T837] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 139.109059][ T837] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 139.120906][ T837] usb 5-1: Product: syz [ 139.122691][ T837] usb 5-1: Manufacturer: syz [ 139.124628][ T837] usb 5-1: SerialNumber: syz [ 139.127392][ T837] usb 5-1: config 0 descriptor?? [ 139.131923][ T837] usb 5-1: selecting invalid altsetting 0 [ 139.141085][ T1025] usb 6-1: Using ep0 maxpacket: 8 [ 139.144214][ T1025] usb 6-1: config 0 interface 0 has no altsetting 0 [ 139.146294][ T1025] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 139.149104][ T1025] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.160674][ T1025] usb 6-1: config 0 descriptor?? [ 139.175466][ T5952] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 139.177626][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 139.331518][ T40] audit: type=1400 audit(1752162156.727:5775): avc: denied { ioctl } for pid=9223 comm="syz.0.1008" path="socket:[63412]" dev="sockfs" ino=63412 ioctlcmd=0x89f7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 139.494643][ T837] usb 5-1: USB disconnect, device number 16 [ 139.595472][ T1025] mcp2221 0003:04D8:00DD.0007: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 139.766749][ T9259] gfs2: gfs2 mount does not exist [ 139.766835][ T9261] gfs2: gfs2 mount does not exist [ 139.826730][ T9240] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.829715][ T9240] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.835457][ T9264] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.838266][ T9264] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.853927][ T9268] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 139.855556][ T5962] usb 6-1: USB disconnect, device number 17 [ 139.857610][ T9268] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 139.930426][ T40] audit: type=1400 audit(1752162157.317:5776): avc: denied { getopt } for pid=9262 comm="syz.2.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 140.037046][ T9286] fuse: Bad value for 'user_id' [ 140.038641][ T9286] fuse: Bad value for 'user_id' [ 140.084783][ T9289] netlink: 160 bytes leftover after parsing attributes in process `syz.0.1026'. [ 140.179950][ T9298] FAULT_INJECTION: forcing a failure. [ 140.179950][ T9298] name failslab, interval 1, probability 0, space 0, times 0 [ 140.207611][ T9298] CPU: 2 UID: 0 PID: 9298 Comm: syz.3.1030 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 140.207629][ T9298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 140.207636][ T9298] Call Trace: [ 140.207640][ T9298] [ 140.207644][ T9298] dump_stack_lvl+0x16c/0x1f0 [ 140.207663][ T9298] should_fail_ex+0x512/0x640 [ 140.207677][ T9298] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 140.207693][ T9298] should_failslab+0xc2/0x120 [ 140.207708][ T9298] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 140.207721][ T9298] ? rcu_is_watching+0x12/0xc0 [ 140.207735][ T9298] ? get_random_u64+0x57c/0x7d0 [ 140.207745][ T9298] ? prepare_creds+0x2c/0x7d0 [ 140.207757][ T9298] prepare_creds+0x2c/0x7d0 [ 140.207768][ T9298] copy_creds+0xa7/0xa50 [ 140.207781][ T9298] copy_process+0xff6/0x7650 [ 140.207801][ T9298] ? __pfx_copy_process+0x10/0x10 [ 140.207821][ T9298] kernel_clone+0xfc/0x960 [ 140.207836][ T9298] ? __pfx_kernel_clone+0x10/0x10 [ 140.207855][ T9298] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 140.207871][ T9298] __do_sys_clone+0xce/0x120 [ 140.207885][ T9298] ? __pfx___do_sys_clone+0x10/0x10 [ 140.207904][ T9298] ? ksys_write+0x1ac/0x250 [ 140.207918][ T9298] ? __pfx_ksys_write+0x10/0x10 [ 140.207949][ T9298] do_syscall_64+0xcd/0x4c0 [ 140.207965][ T9298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.207976][ T9298] RIP: 0033:0x7f760538e929 [ 140.207985][ T9298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.207995][ T9298] RSP: 002b:00007f7606259fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 140.208005][ T9298] RAX: ffffffffffffffda RBX: 00007f76055b5fa0 RCX: 00007f760538e929 [ 140.208011][ T9298] RDX: 0000200000000040 RSI: 0000000000000000 RDI: 0000000000001000 [ 140.208017][ T9298] RBP: 00007f760625a090 R08: 0000000000000000 R09: 0000000000000000 [ 140.208023][ T9298] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 140.208028][ T9298] R13: 0000000000000000 R14: 00007f76055b5fa0 R15: 00007ffefaaf49f8 [ 140.208041][ T9298] [ 140.329367][ T40] audit: type=1400 audit(1752162157.717:5777): avc: denied { ioctl } for pid=9300 comm="syz.3.1031" path="socket:[66511]" dev="sockfs" ino=66511 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 140.339468][ T40] audit: type=1400 audit(1752162157.727:5778): avc: denied { write } for pid=9300 comm="syz.3.1031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 140.375518][ T5952] Bluetooth: hci1: unexpected cc 0x0809 length: 68 > 4 [ 140.378238][ T5952] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 140.769544][ T40] audit: type=1400 audit(1752162158.157:5779): avc: denied { name_connect } for pid=9313 comm="syz.2.1034" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 140.782172][ T9314] netlink: 'syz.2.1034': attribute type 2 has an invalid length. [ 140.785403][ T9314] netlink: 'syz.2.1034': attribute type 1 has an invalid length. [ 140.832155][ T9316] Cannot find add_set index 0 as target [ 140.890550][ T9321] warning: `syz.2.1037' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 140.908909][ T9321] input input23: cannot allocate more than FF_MAX_EFFECTS effects [ 140.953921][ T9328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 140.956844][ T9328] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 140.958673][ T9326] FAULT_INJECTION: forcing a failure. [ 140.958673][ T9326] name failslab, interval 1, probability 0, space 0, times 0 [ 140.971985][ T9326] CPU: 2 UID: 0 PID: 9326 Comm: syz.2.1039 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 140.972002][ T9326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 140.972008][ T9326] Call Trace: [ 140.972012][ T9326] [ 140.972016][ T9326] dump_stack_lvl+0x16c/0x1f0 [ 140.972036][ T9326] should_fail_ex+0x512/0x640 [ 140.972049][ T9326] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 140.972065][ T9326] should_failslab+0xc2/0x120 [ 140.972094][ T9326] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 140.972107][ T9326] ? find_held_lock+0x2b/0x80 [ 140.972120][ T9326] ? vm_area_dup+0x27/0x8d0 [ 140.972131][ T9326] ? dup_mmap+0x5cb/0x21d0 [ 140.972143][ T9326] vm_area_dup+0x27/0x8d0 [ 140.972155][ T9326] dup_mmap+0x877/0x21d0 [ 140.972171][ T9326] ? __pfx_dup_mmap+0x10/0x10 [ 140.972191][ T9326] copy_process+0x4081/0x7650 [ 140.972212][ T9326] ? __pfx_copy_process+0x10/0x10 [ 140.972233][ T9326] kernel_clone+0xfc/0x960 [ 140.972247][ T9326] ? __pfx_kernel_clone+0x10/0x10 [ 140.972267][ T9326] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 140.972284][ T9326] __do_sys_clone+0xce/0x120 [ 140.972297][ T9326] ? __pfx___do_sys_clone+0x10/0x10 [ 140.972317][ T9326] ? ksys_write+0x1ac/0x250 [ 140.972330][ T9326] ? __pfx_ksys_write+0x10/0x10 [ 140.972347][ T9326] do_syscall_64+0xcd/0x4c0 [ 140.972363][ T9326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.972373][ T9326] RIP: 0033:0x7fd4e378e929 [ 140.972382][ T9326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.972400][ T9326] RSP: 002b:00007fd4e45e5fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 140.972410][ T9326] RAX: ffffffffffffffda RBX: 00007fd4e39b5fa0 RCX: 00007fd4e378e929 [ 140.972416][ T9326] RDX: 0000200000000040 RSI: 0000000000000000 RDI: 0000000000001000 [ 140.972422][ T9326] RBP: 00007fd4e45e6090 R08: 0000000000000000 R09: 0000000000000000 [ 140.972428][ T9326] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 140.972433][ T9326] R13: 0000000000000000 R14: 00007fd4e39b5fa0 R15: 00007ffedb991898 [ 140.972447][ T9326] [ 141.066237][ T9333] can0: slcan on ttyS3. [ 141.068532][ T40] audit: type=1400 audit(1752162158.457:5780): avc: denied { shutdown } for pid=9332 comm="syz.2.1042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 141.078563][ T40] audit: type=1400 audit(1752162158.467:5781): avc: denied { read } for pid=9332 comm="syz.2.1042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 141.095767][ T40] audit: type=1400 audit(1752162158.477:5782): avc: denied { read } for pid=9332 comm="syz.2.1042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 141.143361][ T9335] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 141.183591][ T9333] can0 (unregistered): slcan off ttyS3. [ 141.211100][ T5962] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 141.230071][ T9350] x_tables: duplicate underflow at hook 1 [ 141.354551][ T9349] could not allocate digest TFM handle cryptd(blake2b-160) [ 141.383922][ T5962] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 141.387449][ T5962] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.390175][ T5962] usb 6-1: Product: syz [ 141.392195][ T5962] usb 6-1: Manufacturer: syz [ 141.393952][ T5962] usb 6-1: SerialNumber: syz [ 141.407546][ T5962] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 141.438624][ T6015] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 141.661244][ T5962] usb 6-1: USB disconnect, device number 18 [ 141.704961][ T9373] FAULT_INJECTION: forcing a failure. [ 141.704961][ T9373] name failslab, interval 1, probability 0, space 0, times 0 [ 141.708864][ T9373] CPU: 2 UID: 0 PID: 9373 Comm: syz.3.1050 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 141.708879][ T9373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 141.708885][ T9373] Call Trace: [ 141.708889][ T9373] [ 141.708893][ T9373] dump_stack_lvl+0x16c/0x1f0 [ 141.708911][ T9373] should_fail_ex+0x512/0x640 [ 141.708925][ T9373] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 141.708941][ T9373] should_failslab+0xc2/0x120 [ 141.708956][ T9373] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 141.708969][ T9373] ? find_held_lock+0x2b/0x80 [ 141.708981][ T9373] ? vm_area_dup+0x27/0x8d0 [ 141.708994][ T9373] ? dup_mmap+0x5cb/0x21d0 [ 141.709007][ T9373] vm_area_dup+0x27/0x8d0 [ 141.709020][ T9373] dup_mmap+0x877/0x21d0 [ 141.709035][ T9373] ? __pfx_dup_mmap+0x10/0x10 [ 141.709055][ T9373] copy_process+0x4081/0x7650 [ 141.709075][ T9373] ? __pfx_copy_process+0x10/0x10 [ 141.709096][ T9373] kernel_clone+0xfc/0x960 [ 141.709111][ T9373] ? __pfx_kernel_clone+0x10/0x10 [ 141.709130][ T9373] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 141.709147][ T9373] __do_sys_clone+0xce/0x120 [ 141.709161][ T9373] ? __pfx___do_sys_clone+0x10/0x10 [ 141.709181][ T9373] ? ksys_write+0x1ac/0x250 [ 141.709193][ T9373] ? __pfx_ksys_write+0x10/0x10 [ 141.709210][ T9373] do_syscall_64+0xcd/0x4c0 [ 141.709226][ T9373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.709236][ T9373] RIP: 0033:0x7f760538e929 [ 141.709244][ T9373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.709254][ T9373] RSP: 002b:00007f7606259fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 141.709264][ T9373] RAX: ffffffffffffffda RBX: 00007f76055b5fa0 RCX: 00007f760538e929 [ 141.709270][ T9373] RDX: 0000200000000040 RSI: 0000000000000000 RDI: 0000000000001000 [ 141.709276][ T9373] RBP: 00007f760625a090 R08: 0000000000000000 R09: 0000000000000000 [ 141.709282][ T9373] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 141.709287][ T9373] R13: 0000000000000000 R14: 00007f76055b5fa0 R15: 00007ffefaaf49f8 [ 141.709301][ T9373] [ 141.753570][ T9375] xfrm1: entered allmulticast mode [ 141.915972][ T9389] netlink: 'syz.2.1056': attribute type 1 has an invalid length. [ 141.919196][ T9389] __nla_validate_parse: 2 callbacks suppressed [ 141.919205][ T9389] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1056'. [ 142.086008][ T9397] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1058'. [ 142.088939][ T9397] netlink: 'syz.3.1058': attribute type 7 has an invalid length. [ 142.092117][ T9397] netlink: 'syz.3.1058': attribute type 8 has an invalid length. [ 142.094518][ T9397] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1058'. [ 142.104023][ T9406] ALSA: seq fatal error: cannot create timer (-22) [ 142.147456][ T9411] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 142.170682][ T9414] bridge3: entered allmulticast mode [ 142.225218][ T9422] bond2: entered promiscuous mode [ 142.227059][ T9422] 8021q: adding VLAN 0 to HW filter on device bond2 [ 142.234255][ T9427] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 142.237062][ T9427] macvtap1: entered allmulticast mode [ 142.238798][ T9427] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 142.244960][ T9427] batman_adv: batadv0: Adding interface: macvtap1 [ 142.247093][ T9427] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.255411][ T9427] batman_adv: batadv0: Interface activated: macvtap1 [ 142.300126][ T9432] binder: BINDER_SET_CONTEXT_MGR already set [ 142.302361][ T9432] binder: 9431:9432 ioctl 4018620d 200000000100 returned -16 [ 142.396409][ T9461] binder: 9457:9461 ioctl 4010640d 2000000000c0 returned -22 [ 142.398541][ T9440] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1070'. [ 142.403690][ T9441] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1070'. [ 142.511184][ T6015] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 142.514325][ T6015] ath9k_htc: Failed to initialize the device [ 142.517381][ T5962] usb 6-1: ath9k_htc: USB layer deinitialized [ 142.809755][ T9498] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1087'. [ 142.830975][ T5962] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 142.837978][ T9500] loop6: detected capacity change from 0 to 524287487 [ 142.842478][ T9500] buffer_io_error: 22 callbacks suppressed [ 142.842489][ T9500] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.846883][ T9500] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.849353][ T9500] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.853350][ T9500] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.856604][ T9500] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.859088][ T9500] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.863303][ T9500] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.867663][ T9500] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.870168][ T9500] ldm_validate_partition_table(): Disk read failed. [ 142.872471][ T9500] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.874968][ T9500] Buffer I/O error on dev loop6, logical block 0, async page read [ 142.877461][ T9500] Dev loop6: unable to read RDB block 0 [ 142.879474][ T9500] loop6: unable to read partition table [ 142.881439][ T9500] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 142.886874][ T9500] ldm_validate_partition_table(): Disk read failed. [ 142.888946][ T9500] Dev loop6: unable to read RDB block 0 [ 142.891389][ T9500] loop6: unable to read partition table [ 142.985321][ T5962] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 142.988165][ T5962] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.990647][ T5962] usb 6-1: Product: syz [ 142.997037][ T5962] usb 6-1: Manufacturer: syz [ 142.998521][ T5962] usb 6-1: SerialNumber: syz [ 143.004319][ T5962] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 143.019787][ T5321] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 143.025148][ T5952] Bluetooth: hci1: unexpected event for opcode 0x0c7a [ 143.064314][ T9515] nvme_fabrics: missing parameter 'transport=%s' [ 143.067070][ T9515] nvme_fabrics: missing parameter 'nqn=%s' [ 143.302032][ T9522] /dev/sr0: Can't open blockdev [ 144.101027][ T5321] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 144.103368][ T5321] ath9k_htc: Failed to initialize the device [ 144.126517][ T5321] usb 6-1: ath9k_htc: USB layer deinitialized [ 144.847856][ T9548] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=106 sclass=netlink_xfrm_socket pid=9548 comm=syz.0.1102 [ 144.854670][ T9548] fuse: Bad value for 'user_id' [ 144.856208][ T9548] fuse: Bad value for 'user_id' [ 144.982518][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 144.982529][ T40] audit: type=1400 audit(1752162162.377:5797): avc: denied { name_connect } for pid=9552 comm="syz.0.1104" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 145.414699][ T40] audit: type=1400 audit(1752162162.807:5798): avc: denied { write } for pid=9563 comm="syz.3.1108" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 145.414825][ T9564] random: crng reseeded on system resumption [ 145.421793][ T40] audit: type=1400 audit(1752162162.807:5799): avc: denied { open } for pid=9563 comm="syz.3.1108" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 145.436384][ T40] audit: type=1400 audit(1752162162.827:5800): avc: denied { ioctl } for pid=9563 comm="syz.3.1108" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x330e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 145.498521][ T1025] usb 6-1: USB disconnect, device number 19 [ 145.548807][ T9578] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1112'. [ 145.553574][ T9578] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1112'. [ 145.575303][ T9580] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1113'. [ 145.578137][ T9583] Cannot find del_set index 85 as target [ 145.581459][ T40] audit: type=1400 audit(1752162162.967:5801): avc: denied { ioctl } for pid=9581 comm="syz.0.1114" path="socket:[77380]" dev="sockfs" ino=77380 ioctlcmd=0x8941 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 145.590403][ T9583] Cannot find del_set index 85 as target [ 145.617769][ T9589] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9589 comm=syz.0.1116 [ 146.051212][ T9618] random: crng reseeded on system resumption [ 146.058216][ T40] audit: type=1400 audit(1752162163.447:5802): avc: denied { append } for pid=9617 comm="syz.0.1125" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 146.062798][ T9618] NILFS (nullb0): couldn't find nilfs on the device [ 146.083921][ T9620] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1126'. [ 146.095928][ T9620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.099459][ T9620] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.311007][ T1025] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 146.321460][ T837] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 146.341430][ T40] audit: type=1400 audit(1752162163.737:5803): avc: denied { unmount } for pid=5960 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 146.428942][ T40] audit: type=1400 audit(1752162163.817:5804): avc: denied { mounton } for pid=9625 comm="syz.3.1128" path="/269/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 146.480983][ T837] usb 6-1: Using ep0 maxpacket: 16 [ 146.485882][ T837] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.490278][ T837] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.494855][ T837] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 146.499969][ T837] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 146.503010][ T1025] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 146.506119][ T1025] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 146.508894][ T837] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.512975][ T837] usb 6-1: config 0 descriptor?? [ 146.516034][ T1025] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 146.518913][ T1025] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.523396][ T1025] usb 5-1: Product: syz [ 146.524788][ T1025] usb 5-1: Manufacturer: syz [ 146.526330][ T1025] usb 5-1: SerialNumber: syz [ 146.542362][ T9629] 9p: Unknown Cache mode or invalid value fs [ 146.725789][ T837] HID 045e:07da: Invalid code 65791 type 1 [ 146.733055][ T1025] cdc_ncm 5-1:1.0: skipping garbage [ 146.734731][ T1025] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 146.736879][ T1025] cdc_ncm 5-1:1.0: bind() failure [ 146.745016][ T837] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:045E:07DA.0008/input/input25 [ 146.754335][ T1025] usb 5-1: USB disconnect, device number 17 [ 146.761614][ T837] microsoft 0003:045E:07DA.0008: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 147.346116][ T9635] __nla_validate_parse: 1 callbacks suppressed [ 147.346126][ T9635] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1130'. [ 147.373260][ T9637] tmpfs: Bad value for 'mpol' [ 147.562212][ T40] audit: type=1400 audit(1752162164.947:5805): avc: denied { accept } for pid=9658 comm="syz.3.1137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 147.638710][ T9662] netlink: 'syz.3.1137': attribute type 21 has an invalid length. [ 147.647775][ T9662] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1137'. [ 147.652132][ T9662] netlink: 'syz.3.1137': attribute type 4 has an invalid length. [ 147.654466][ T9662] netlink: 'syz.3.1137': attribute type 5 has an invalid length. [ 147.656833][ T9662] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1137'. [ 147.811534][ T9668] input: syz0 as /devices/virtual/input/input26 [ 147.906973][ T9677] @: renamed from vlan0 (while UP) [ 147.971592][ T40] audit: type=1400 audit(1752162165.367:5806): avc: denied { write } for pid=9673 comm="syz.0.1141" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 148.355163][ T9706] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 148.409267][ T9706] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 148.427272][ T9715] ÿÿ: renamed from bond_slave_0 (while UP) [ 148.474344][ T9706] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 148.639138][ T9735] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1161'. [ 148.669919][ T1025] usb 6-1: USB disconnect, device number 20 [ 148.802566][ T5952] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 148.804824][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 149.043890][ T9748] pim6reg9: entered allmulticast mode [ 149.280896][ T1025] usb 5-1: new low-speed USB device number 18 using dummy_hcd [ 149.432670][ T1025] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 149.435892][ T1025] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 149.438661][ T1025] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 149.443744][ T1025] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 149.447145][ T1025] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 149.450462][ T1025] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 149.453568][ T1025] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.462102][ T9748] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 149.466336][ T1025] hub 5-1:1.0: bad descriptor, ignoring hub [ 149.468242][ T1025] hub 5-1:1.0: probe with driver hub failed with error -5 [ 149.472137][ T1025] cdc_wdm 5-1:1.0: skipping garbage [ 149.474585][ T1025] cdc_wdm 5-1:1.0: skipping garbage [ 149.478286][ T1025] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 149.480198][ T1025] cdc_wdm 5-1:1.0: Unknown control protocol [ 149.650600][ T9778] netlink: 'syz.2.1171': attribute type 1 has an invalid length. [ 149.654034][ T9778] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1171'. [ 149.791740][ T836] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 149.885138][ T5952] Bluetooth: hci0: unexpected cc 0x0809 length: 68 > 4 [ 149.887327][ T5952] Bluetooth: hci0: unexpected event for opcode 0x0809 [ 149.965281][ T836] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 149.968187][ T836] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.970755][ T836] usb 6-1: Product: syz [ 149.972412][ T836] usb 6-1: Manufacturer: syz [ 149.973964][ T836] usb 6-1: SerialNumber: syz [ 149.997029][ T836] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 150.023171][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 150.023181][ T40] audit: type=1400 audit(1752162167.417:5815): avc: denied { setopt } for pid=9792 comm="syz.3.1176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 150.029009][ T7649] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 150.039439][ T9793] kvm: user requested TSC rate below hardware speed [ 150.232078][ T9748] usb 5-1: reset low-speed USB device number 18 using dummy_hcd [ 150.325348][ T9803] kvm: kvm [9802]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 150.533655][ T9748] usb 5-1: device firmware changed [ 150.536052][ T6032] usb 5-1: USB disconnect, device number 18 [ 150.540146][ T9748] cdc_wdm 5-1:1.0: Error autopm - -16 [ 150.660731][ T9814] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1340 [ 150.680930][ T6032] usb 5-1: new low-speed USB device number 19 using dummy_hcd [ 150.810725][ T9822] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1183'. [ 150.846558][ T6032] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 150.849881][ T6032] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 150.853516][ T6032] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 150.858517][ T6032] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 150.878926][ T6032] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.885771][ T9781] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 150.909084][ T6032] hub 5-1:1.0: bad descriptor, ignoring hub [ 150.911768][ T6032] hub 5-1:1.0: probe with driver hub failed with error -5 [ 150.914566][ T6032] cdc_wdm 5-1:1.0: skipping garbage [ 150.916331][ T6032] cdc_wdm 5-1:1.0: skipping garbage [ 150.918088][ T6032] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 151.031601][ T40] audit: type=1400 audit(1752162168.417:5816): avc: denied { mount } for pid=9827 comm="syz.2.1184" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 151.061037][ T7649] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 151.064495][ T7649] ath9k_htc: Failed to initialize the device [ 151.081677][ T40] audit: type=1400 audit(1752162168.477:5817): avc: denied { unmount } for pid=5946 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 151.097888][ T7649] usb 6-1: ath9k_htc: USB layer deinitialized [ 151.221055][ T6015] usb 5-1: USB disconnect, device number 19 [ 151.279885][ T9845] netlink: 'syz.3.1187': attribute type 10 has an invalid length. [ 151.282723][ T9845] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1187'. [ 151.285956][ T9845] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 151.288319][ T9845] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 151.291719][ T9845] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 151.349052][ T5952] Bluetooth: hci0: unexpected cc 0x0809 length: 68 > 4 [ 151.352065][ T5952] Bluetooth: hci0: unexpected event for opcode 0x0809 [ 151.568683][ T40] audit: type=1800 audit(1752162168.957:5818): pid=9865 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1196" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 151.659198][ T9876] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1200'. [ 151.700927][ T6033] usb 7-1: new full-speed USB device number 23 using dummy_hcd [ 151.797965][ T5952] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 151.800447][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 151.873150][ T6033] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 151.877398][ T6033] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 151.881474][ T6033] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 151.885912][ T9891] openvswitch: netlink: IPv6 tunnel dst address is zero [ 151.887378][ T6033] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 151.892400][ T6033] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 151.892412][ T6033] usb 7-1: SerialNumber: syz [ 151.894638][ T9861] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 151.904219][ T6033] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22 [ 152.036869][ T40] audit: type=1400 audit(1752162169.427:5819): avc: denied { ioctl } for pid=9898 comm="syz.0.1207" path="socket:[89515]" dev="sockfs" ino=89515 ioctlcmd=0x4944 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 152.060771][ T9899] can0: slcan on ttyS3. [ 152.110706][ T40] audit: type=1400 audit(1752162169.497:5820): avc: denied { create } for pid=9860 comm="syz.2.1195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 152.122920][ T9899] can0 (unregistered): slcan off ttyS3. [ 152.170119][ T9906] Bluetooth: hci4: Frame reassembly failed (-90) [ 152.173455][ T59] Bluetooth: hci4: Frame reassembly failed (-84) [ 152.176512][ T59] Bluetooth: hci4: Frame reassembly failed (-84) [ 152.183544][ T9906] netlink: 'syz.0.1210': attribute type 1 has an invalid length. [ 152.196732][ T9906] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1210'. [ 152.202242][ T9906] macvlan0: entered promiscuous mode [ 152.203782][ T9906] macvlan0: entered allmulticast mode [ 152.205722][ T9906] bond3: entered promiscuous mode [ 152.207639][ T9906] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 152.211869][ T9906] bond3: left promiscuous mode [ 152.411232][ T40] audit: type=1400 audit(1752162169.807:5821): avc: denied { listen } for pid=9909 comm="syz.3.1211" lport=54526 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 152.424016][ T40] audit: type=1400 audit(1752162169.817:5822): avc: denied { accept } for pid=9909 comm="syz.3.1211" lport=54526 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 152.432777][ T40] audit: type=1400 audit(1752162169.817:5823): avc: denied { setopt } for pid=9909 comm="syz.3.1211" lport=54526 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 152.559385][ T7649] usb 6-1: USB disconnect, device number 21 [ 152.611705][ T5954] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 152.614806][ T5954] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 152.650695][ T6033] usb 7-1: USB disconnect, device number 23 [ 152.765309][ T9932] program syz.1.1219 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 152.914348][ T9945] 9pnet_fd: Insufficient options for proto=fd [ 153.065049][ T40] audit: type=1400 audit(1752162170.457:5824): avc: denied { getopt } for pid=9957 comm="syz.2.1225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 153.307678][ T9962] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 153.312005][ T9962] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.515948][ T9962] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 153.520345][ T9962] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.615509][ T9962] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 153.618723][ T9962] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.722497][ T9962] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 153.726112][ T9962] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.821768][ T5954] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 153.824055][ T5954] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 153.844143][ T9962] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 153.847539][ T9962] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.854943][ T9962] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 153.857526][ T9962] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.865708][ T9962] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 153.868883][ T9962] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.871524][ T5954] Bluetooth: hci2: unexpected event for opcode 0x204e [ 153.879695][ T9962] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 153.882417][ T9962] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.913052][ T5954] Bluetooth: hci2: unexpected event for opcode 0x204e [ 154.181162][ T5952] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 154.182851][ T5954] Bluetooth: hci4: command 0x1003 tx timeout [ 154.198344][ T9991] ptrace attach of "/syz-executor exec"[9992] was attempted by "/syz-executor exec"[9991] [ 154.233684][ T9994] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1236'. [ 154.236549][ T9994] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1236'. [ 154.281415][ T6033] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 154.435883][ T6033] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 154.441919][ T6033] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 154.444910][ T6033] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.458939][ T6033] usb 7-1: config 0 descriptor?? [ 154.463666][ T6033] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 154.477668][ T9994] syz.0.1236 (9994): drop_caches: 2 [ 154.780799][T10025] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1241'. [ 154.856741][T10025] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 154.862428][T10025] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1241'. [ 155.517822][ T5952] Bluetooth: hci2: unexpected cc 0x0809 length: 68 > 4 [ 155.520628][ T5952] Bluetooth: hci2: unexpected event for opcode 0x0809 [ 156.239834][ T5952] Bluetooth: hci1: SCO packet for unknown connection handle 201 [ 156.366490][T10083] ªªªªªª: renamed from lo (while UP) [ 156.524778][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 156.524787][ T40] audit: type=1400 audit(1752162173.917:5827): avc: denied { ioctl } for pid=10090 comm="syz.0.1254" path="socket:[97077]" dev="sockfs" ino=97077 ioctlcmd=0x891c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 156.742295][T10104] 8021q: adding VLAN 0 to HW filter on device bond4 [ 156.789505][T10107] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1260'. [ 156.792512][T10107] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1260'. [ 156.795309][T10107] netlink: 'syz.0.1260': attribute type 12 has an invalid length. [ 157.061649][ T837] usb 7-1: USB disconnect, device number 24 [ 157.075449][ T5952] Bluetooth: hci1: unexpected cc 0x0809 length: 68 > 4 [ 157.077670][ T5952] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 157.242482][T10126] netpci0: tun_chr_ioctl cmd 1074025672 [ 157.244364][T10126] netpci0: ignored: set checksum disabled [ 157.391886][T10134] binder: BINDER_SET_CONTEXT_MGR already set [ 157.393818][T10134] binder: 10133:10134 ioctl 4018620d 200000000040 returned -16 [ 157.396458][T10134] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 157.453348][T10138] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1268'. [ 157.771888][T10157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1273'. [ 157.812561][T10161] netlink: 'syz.3.1275': attribute type 2 has an invalid length. [ 157.815052][T10161] netlink: 46 bytes leftover after parsing attributes in process `syz.3.1275'. [ 157.849496][T10170] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1278'. [ 157.852972][T10170] fuse: Bad value for 'group_id' [ 157.854581][T10170] fuse: Bad value for 'group_id' [ 157.910057][ T40] audit: type=1400 audit(1752162175.297:5828): avc: denied { rename } for pid=10174 comm="syz.3.1279" name="file1" dev="overlay" ino=1829 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 157.930977][ T40] audit: type=1400 audit(1752162175.307:5829): avc: denied { setattr } for pid=10174 comm="syz.3.1279" name="#1e" dev="tmpfs" ino=1830 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 158.039332][T10187] bridge4: entered promiscuous mode [ 158.172614][ T5952] Bluetooth: hci0: unexpected cc 0x0809 length: 68 > 4 [ 158.175040][ T5952] Bluetooth: hci0: unexpected event for opcode 0x0809 [ 158.185697][ T1330] usb 5-1: new low-speed USB device number 20 using dummy_hcd [ 158.385924][ T1330] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 158.388497][ T1330] usb 5-1: config 0 has no interface number 0 [ 158.390388][ T1330] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 158.393826][ T1330] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 158.397345][ T1330] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 158.403105][ T1330] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 158.406498][ T1330] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 158.410015][ T1330] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 158.414090][ T1330] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 158.416868][ T1330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.421356][ T1330] usb 5-1: config 0 descriptor?? [ 158.423395][T10181] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 158.425704][T10181] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 158.452250][ T1330] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 158.682347][T10223] loop6: detected capacity change from 0 to 524287999 [ 158.704963][T10224] ldusb 5-1:0.55: Write buffer overflow, 1 bytes dropped [ 158.717735][ T1330] usb 5-1: USB disconnect, device number 20 [ 158.721764][ T1330] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 158.741639][ T6046] buffer_io_error: 23 callbacks suppressed [ 158.741650][ T6046] Buffer I/O error on dev loop6, logical block 65535999, async page read [ 158.752824][T10226] binder: 10225:10226 ioctl 4018620d 0 returned -22 [ 158.856382][ T40] audit: type=1326 audit(1752162176.247:5830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10236 comm="syz.1.1293" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdc09b8e929 code=0x0 [ 158.909472][T10239] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.914867][T10239] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 159.059031][ T40] audit: type=1400 audit(1752162176.447:5831): avc: denied { read write } for pid=10246 comm="syz.2.1297" name="mouse0" dev="devtmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 159.067624][ T40] audit: type=1400 audit(1752162176.457:5832): avc: denied { open } for pid=10246 comm="syz.2.1297" path="/dev/input/mouse0" dev="devtmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 159.099502][ T40] audit: type=1400 audit(1752162176.487:5833): avc: denied { setopt } for pid=10246 comm="syz.2.1297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 159.113285][ T40] audit: type=1400 audit(1752162176.497:5834): avc: denied { ioctl } for pid=10246 comm="syz.2.1297" path="socket:[101388]" dev="sockfs" ino=101388 ioctlcmd=0x7201 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 159.510082][ T40] audit: type=1400 audit(1752162176.897:5835): avc: denied { write } for pid=10262 comm="syz.2.1301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 159.518680][ T40] audit: type=1400 audit(1752162176.907:5836): avc: denied { ioctl } for pid=10258 comm="syz.3.1300" path="socket:[101581]" dev="sockfs" ino=101581 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 159.762826][T10276] overlay: Bad value for 'verity' [ 159.818780][ T5952] Bluetooth: hci3: unexpected cc 0x0809 length: 68 > 4 [ 159.828453][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 159.831255][ T7649] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 159.943946][T10289] kvm: Disabled LAPIC found during irq injection [ 159.971357][ T7649] usb 7-1: device descriptor read/64, error -71 [ 159.979734][T10292] ------------[ cut here ]------------ [ 159.981621][T10292] WARNING: CPU: 0 PID: 10292 at drivers/gpu/drm/drm_gem.c:286 drm_gem_object_handle_put_unlocked+0x284/0x310 [ 159.985228][T10292] Modules linked in: [ 159.986651][T10292] CPU: 0 UID: 0 PID: 10292 Comm: syz.3.1310 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 159.991895][T10292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 159.995199][T10292] RIP: 0010:drm_gem_object_handle_put_unlocked+0x284/0x310 [ 159.997636][T10292] Code: 03 0f b6 04 02 84 c0 74 0c 3c 03 7f 08 4c 89 f7 e8 41 95 ab fc c7 83 20 01 00 00 00 00 00 00 e9 b2 fe ff ff e8 9d b8 44 fc 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 8c b8 44 fc e8 87 b8 44 fc be [ 160.003755][T10292] RSP: 0018:ffffc90006677bb0 EFLAGS: 00010293 [ 160.005650][T10292] RAX: 0000000000000000 RBX: ffff888026b08000 RCX: ffffffff85773c63 [ 160.008118][T10292] RDX: ffff888024da4880 RSI: ffffffff85773e73 RDI: 0000000000000005 [ 160.010734][T10292] RBP: ffff888026b08004 R08: 0000000000000005 R09: 0000000000000000 [ 160.013239][T10292] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888026afa000 [ 160.015715][T10292] R13: ffff888026b08008 R14: 0000000000000000 R15: 0000000000000001 [ 160.018147][T10292] FS: 000055556481a500(0000) GS:ffff8880d6716000(0000) knlGS:0000000000000000 [ 160.021110][T10292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 160.023281][T10292] CR2: 000000110c3346b8 CR3: 0000000062c09000 CR4: 0000000000352ef0 [ 160.025744][T10292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 160.028215][T10292] DR3: 00000000000032e7 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 160.030668][T10292] Call Trace: [ 160.031778][T10292] [ 160.032818][T10292] ? __pfx_virtio_gpu_gem_object_close+0x10/0x10 [ 160.034841][T10292] drm_gem_object_release_handle+0x9a/0xc0 [ 160.036763][T10292] ? __pfx_drm_gem_object_release_handle+0x10/0x10 [ 160.038799][T10292] idr_for_each+0x143/0x270 [ 160.040309][T10292] ? __pfx_idr_for_each+0x10/0x10 [ 160.041950][T10292] drm_gem_release+0x27/0x40 [ 160.043413][T10292] drm_file_free.part.0+0x671/0xbf0 [ 160.045021][T10292] drm_close_helper.isra.0+0x186/0x1f0 [ 160.046783][T10292] drm_release+0x1ab/0x360 [ 160.048269][T10292] ? __pfx_drm_release+0x10/0x10 [ 160.049824][T10292] __fput+0x402/0xb70 [ 160.051142][T10292] task_work_run+0x14d/0x240 [ 160.052562][T10292] ? __pfx_task_work_run+0x10/0x10 [ 160.054161][T10292] ? __pfx___do_sys_close_range+0x10/0x10 [ 160.055949][T10292] exit_to_user_mode_loop+0xeb/0x110 [ 160.057596][T10292] do_syscall_64+0x3f6/0x4c0 [ 160.059160][T10292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.061100][T10292] RIP: 0033:0x7f760538e929 [ 160.062500][T10292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.068398][T10292] RSP: 002b:00007ffefaaf4b58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 160.071151][T10292] RAX: 0000000000000000 RBX: 0000000000027053 RCX: 00007f760538e929 [ 160.073581][T10292] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 160.076022][T10292] RBP: 00007f76055b7ba0 R08: 0000000000000001 R09: 0000001efaaf4e4f [ 160.078454][T10292] R10: 00007f7605200000 R11: 0000000000000246 R12: 00007f76055b5fac [ 160.080997][T10292] R13: 00007f76055b5fa0 R14: ffffffffffffffff R15: 00007ffefaaf4c70 [ 160.083546][T10292] [ 160.084528][T10292] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 160.086779][T10292] CPU: 0 UID: 0 PID: 10292 Comm: syz.3.1310 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 160.090516][T10292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 160.093803][T10292] Call Trace: [ 160.094960][T10292] [ 160.095899][T10292] dump_stack_lvl+0x3d/0x1f0 [ 160.097358][T10292] panic+0x71c/0x800 [ 160.098633][T10292] ? __pfx_panic+0x10/0x10 [ 160.100068][T10292] ? show_trace_log_lvl+0x29b/0x3e0 [ 160.101690][T10292] ? check_panic_on_warn+0x1f/0xb0 [ 160.103386][T10292] ? drm_gem_object_handle_put_unlocked+0x284/0x310 [ 160.105418][T10292] check_panic_on_warn+0xab/0xb0 [ 160.107112][T10292] __warn+0xf6/0x3c0 [ 160.108355][T10292] ? drm_gem_object_handle_put_unlocked+0x284/0x310 [ 160.110414][T10292] report_bug+0x3c3/0x580 [ 160.111775][T10292] ? drm_gem_object_handle_put_unlocked+0x284/0x310 [ 160.113805][T10292] handle_bug+0x184/0x210 [ 160.115170][T10292] exc_invalid_op+0x17/0x50 [ 160.116594][T10292] asm_exc_invalid_op+0x1a/0x20 [ 160.118112][T10292] RIP: 0010:drm_gem_object_handle_put_unlocked+0x284/0x310 [ 160.120461][T10292] Code: 03 0f b6 04 02 84 c0 74 0c 3c 03 7f 08 4c 89 f7 e8 41 95 ab fc c7 83 20 01 00 00 00 00 00 00 e9 b2 fe ff ff e8 9d b8 44 fc 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 8c b8 44 fc e8 87 b8 44 fc be [ 160.126365][T10292] RSP: 0018:ffffc90006677bb0 EFLAGS: 00010293 [ 160.128276][T10292] RAX: 0000000000000000 RBX: ffff888026b08000 RCX: ffffffff85773c63 [ 160.130915][T10292] RDX: ffff888024da4880 RSI: ffffffff85773e73 RDI: 0000000000000005 [ 160.133362][T10292] RBP: ffff888026b08004 R08: 0000000000000005 R09: 0000000000000000 [ 160.135829][T10292] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888026afa000 [ 160.138355][T10292] R13: ffff888026b08008 R14: 0000000000000000 R15: 0000000000000001 [ 160.140817][T10292] ? drm_gem_object_handle_put_unlocked+0x73/0x310 [ 160.142901][T10292] ? drm_gem_object_handle_put_unlocked+0x283/0x310 [ 160.144990][T10292] ? __pfx_virtio_gpu_gem_object_close+0x10/0x10 [ 160.146973][T10292] drm_gem_object_release_handle+0x9a/0xc0 [ 160.148810][T10292] ? __pfx_drm_gem_object_release_handle+0x10/0x10 [ 160.150887][T10292] idr_for_each+0x143/0x270 [ 160.152321][T10292] ? __pfx_idr_for_each+0x10/0x10 [ 160.153939][T10292] drm_gem_release+0x27/0x40 [ 160.155513][T10292] drm_file_free.part.0+0x671/0xbf0 [ 160.157126][T10292] drm_close_helper.isra.0+0x186/0x1f0 [ 160.158827][T10292] drm_release+0x1ab/0x360 [ 160.160275][T10292] ? __pfx_drm_release+0x10/0x10 [ 160.161822][T10292] __fput+0x402/0xb70 [ 160.163077][T10292] task_work_run+0x14d/0x240 [ 160.164526][T10292] ? __pfx_task_work_run+0x10/0x10 [ 160.166124][T10292] ? __pfx___do_sys_close_range+0x10/0x10 [ 160.167987][T10292] exit_to_user_mode_loop+0xeb/0x110 [ 160.169660][T10292] do_syscall_64+0x3f6/0x4c0 [ 160.171126][T10292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.172960][T10292] RIP: 0033:0x7f760538e929 [ 160.174360][T10292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.180442][T10292] RSP: 002b:00007ffefaaf4b58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 160.183030][T10292] RAX: 0000000000000000 RBX: 0000000000027053 RCX: 00007f760538e929 [ 160.185476][T10292] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 160.187936][T10292] RBP: 00007f76055b7ba0 R08: 0000000000000001 R09: 0000001efaaf4e4f [ 160.190434][T10292] R10: 00007f7605200000 R11: 0000000000000246 R12: 00007f76055b5fac [ 160.193001][T10292] R13: 00007f76055b5fa0 R14: ffffffffffffffff R15: 00007ffefaaf4c70 [ 160.195455][T10292] [ 160.197117][T10292] Kernel Offset: disabled [ 160.198481][T10292] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:42:57 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855bc395 RDI=ffffffff9b0c42a0 RBP=ffffffff9b0c4260 RSP=ffffc90006677520 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b0c4260 R15=ffffffff855bc330 RIP=ffffffff855bc3bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055556481a500 ffffffff 00c00000 GS =0000 ffff8880d6716000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c3346b8 CR3=0000000062c09000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000000032e7 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000ffffff80 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000306f69 6461722f7665642f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000134c4a 4742510c5546470c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000001d RBX=dffffc0000000000 RCX=0000000000000001 RDX=ffffffff8956434a RSI=0000000000000022 RDI=ffffc9000069ff30 RBP=0000000000000001 RSP=ffffc9000069fdc0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000000082820 R13=0000000000082820 R14=ffffc9000069fe48 R15=0000000000000001 RIP=ffffffff81a79402 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fc05433f300 ffffffff 00c00000 GS =0000 ffff8880d6816000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffea55a2a40 CR3=0000000034207000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=3a810b1eb6134bdc DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000010000000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a 0000002c00000012 0004000000080024 0000000000280030 ZMM18=dbeb0f9c4da49e44 2bf393f1048f99ba dbeb0f9c4da49e44 2bf393f1048f99ba dbeb0f9c4da49e44 2bf393f1048f99ba dbeb0f9c4da49e44 2bf393f1048f99ba ZMM19=9806000000000000 0000000000000089 9806000000000000 0000000000000088 9806000000000000 0000000000000087 9806000000000000 0000000000000086 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=4d455fd24d455fd2 4d455fd24d455fd2 4d455fd24d455fd2 4d455fd24d455fd2 4d455fd24d455fd2 4d455fd24d455fd2 4d455fd24d455fd2 4d455fd24d455fd2 ZMM22=fed8c623fed8c623 fed8c623fed8c623 fed8c623fed8c623 fed8c623fed8c623 fed8c623fed8c623 fed8c623fed8c623 fed8c623fed8c623 fed8c623fed8c623 ZMM23=b1d634f8b1d634f8 b1d634f8b1d634f8 b1d634f8b1d634f8 b1d634f8b1d634f8 b1d634f8b1d634f8 b1d634f8b1d634f8 b1d634f8b1d634f8 b1d634f8b1d634f8 ZMM24=048f99ba048f99ba 048f99ba048f99ba 048f99ba048f99ba 048f99ba048f99ba 048f99ba048f99ba 048f99ba048f99ba 048f99ba048f99ba 048f99ba048f99ba ZMM25=2bf393f12bf393f1 2bf393f12bf393f1 2bf393f12bf393f1 2bf393f12bf393f1 2bf393f12bf393f1 2bf393f12bf393f1 2bf393f12bf393f1 2bf393f12bf393f1 ZMM26=4da49e444da49e44 4da49e444da49e44 4da49e444da49e44 4da49e444da49e44 4da49e444da49e44 4da49e444da49e44 4da49e444da49e44 4da49e444da49e44 ZMM27=dbeb0f9cdbeb0f9c dbeb0f9cdbeb0f9c dbeb0f9cdbeb0f9c dbeb0f9cdbeb0f9c dbeb0f9cdbeb0f9c dbeb0f9cdbeb0f9c dbeb0f9cdbeb0f9c dbeb0f9cdbeb0f9c ZMM28=000000900000008f 0000008e0000008d 0000008c0000008b 0000008a00000089 0000008800000087 0000008600000085 0000008400000083 0000008200000081 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=9806000098060000 9806000098060000 9806000098060000 9806000098060000 9806000098060000 9806000098060000 9806000098060000 9806000098060000 info registers vcpu 2 CPU#2 RAX=00000000001ef575 RBX=0000000000000002 RCX=ffffffff8b882c79 RDX=0000000000000000 RSI=ffffffff8de32516 RDI=ffffffff8c158f60 RBP=ffffed1003c53910 RSP=ffffc90000187df8 R8 =0000000000000001 R9 =ffffed100d4c6645 R10=ffff88806a63322b R11=0000000000000001 R12=0000000000000002 R13=ffff88801e29c880 R14=ffffffff90a97f50 R15=0000000000000000 RIP=ffffffff8b8817df RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6916000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055556481a808 CR3=00000000522f7000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000010000 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffefaaf4d80 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7605411c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000022000 RBX=000000000000000a RCX=0000000000020000 RDX=0000000000022007 RSI=0000000000000001 RDI=0000000000000007 RBP=ffff888029658000 RSP=ffffc900006f7c58 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000190 R11=0000000000000001 R12=ffff888029658af0 R13=ffff888029658c80 R14=0000000000000000 R15=ffffffff8e5c4e80 RIP=ffffffff81986b4c RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a16000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f76060e56c0 CR3=000000004f909000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000010000 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffea55a33d0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f31411b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f31411b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f31411b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f31411b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f31411bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f31411c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000