last executing test programs: 18.860195709s ago: executing program 3 (id=902): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$ax25_int(r0, 0x101, 0x7, &(0x7f0000000200)=0x641, 0x4) setsockopt$ax25_int(r0, 0x101, 0x1, &(0x7f0000000080)=0x4, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000, &(0x7f0000000040)='\x00\x00\x00\x00\x02') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, &(0x7f0000000000)='\x00\x02\x00\x00\x00') r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f00000002c0)={@val={0xa}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x16, 0x4, 0x0, 0x0, 0x70, 0x0, 0x6000, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x17, 0xf9, [@loopback, @private, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}, @lsrr={0x83, 0x7, 0x0, [@empty]}, @lsrr={0x83, 0x1f, 0x0, [@empty, @rand_addr, @private, @empty, @rand_addr, @remote, @multicast1]}, @timestamp={0x44, 0x4}]}}, {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x82) 18.598671117s ago: executing program 3 (id=904): r0 = getpid() bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c00)=@bpf_tracing={0x1a, 0xd, &(0x7f0000000640)=ANY=[@ANYBLOB="b7080000000000447b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40007040010fd619f8a00f0ffffffb7020000080000001823000087fdb9a08a13942be31c0000000000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000"], &(0x7f0000000140)='GPL\x00', 0x25e9, 0x0, 0x0, 0x41100, 0x62, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0xb, 0xb43e, 0x8428}, 0x10, 0x2e70c, 0xffffffffffffffff, 0x3, &(0x7f00000007c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000800)=[{0x4, 0x1, 0x9, 0x3}, {0x3, 0x1, 0x9, 0xc}, {0x4, 0x4, 0xd, 0x2}], 0x10, 0x8000}, 0x90) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c00000000000000000f883816814100000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b0000000000e000000200000000001c000000000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800"/28, @ANYRES32, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000340), 0x0, 0x0) getpid() syz_pidfd_open(0x0, 0x0) ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, &(0x7f0000000240)) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_pidfd_open(r0, 0x0) ioctl$HCIINQUIRY(r2, 0x400448cb, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) prctl$PR_SET_IO_FLUSHER(0x34, 0x2) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000280)=0x7fff) syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000380)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000004c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r4, 0x3, r3, 0x5}) r5 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e24, 0x56, @rand_addr=' \x01\x00', 0x1}, 0x1c) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030029000b12d25a80648c2594f90124fc60100c020000040000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 9.638225767s ago: executing program 2 (id=937): r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) read$msr(r0, &(0x7f0000000200)=""/133, 0x85) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x100, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r2, 0x80845663, 0x0) openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FAT_IOCTL_GET_VOLUME_ID(r3, 0x80047213, &(0x7f0000000040)) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x18}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xa) sendmsg$nl_route_sched(r4, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r6}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r3, 0xc01864b0, &(0x7f0000000000)) r7 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r7, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) pread64(r8, &(0x7f0000000100)=""/246, 0xf6, 0x0) setsockopt$sock_attach_bpf(r1, 0x88, 0x67, &(0x7f00000002c0), 0x4) 8.099980786s ago: executing program 2 (id=942): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, 0x0, 0x0, 0x3, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = epoll_create1(0x0) r2 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000001c0)={0x40002004}) ppoll(&(0x7f0000000200)=[{r2, 0x1}, {r1}], 0x2, 0x0, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) r4 = userfaultfd(0x801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) r5 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r5, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c00000014000100000000000000000002000000", @ANYRES32, @ANYBLOB="1400030076657468315f746f5fb0e7e13ed58465"], 0x2c}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, 0x0, 0x4008084) r8 = socket(0x10, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x2c}}, 0x0) ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) 7.864885923s ago: executing program 2 (id=944): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) syz_usb_connect(0x1, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a86200000904000002ca744d07090503020000ff99090805848f"], &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000080)={0x5}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000180)={0x5, 0x5825}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) mount$overlay(0x0, &(0x7f00000000c0)='./file0/../file0/file0\x00', &(0x7f0000000180), 0x108004, &(0x7f0000000280)={[{@nfs_export_off}, {@xino_auto}, {@index_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_auto}, {@xino_auto}, {@default_permissions}], [{@fsmagic}, {@fowner_eq={'fowner', 0x3d, r1}}, {@euid_eq={'euid', 0x3d, r1}}, {@fsmagic={'fsmagic', 0x3d, 0x6}}, {@fowner_eq={'fowner', 0x3d, r1}}]}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@private0, @in=@empty, 0x4e24, 0x6, 0x0, 0x7, 0x2, 0x80, 0x20, 0x4, 0x0, r1}, {0x8, 0x5, 0x8, 0x5, 0xdd, 0x1, 0x3, 0x7fff}, {0x36a6, 0x4, 0x8, 0x2}, 0x10, 0x6e6bc0, 0x1, 0x1}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1d}, 0x4d4, 0x32}, 0x2, @in6=@private2, 0x0, 0x3, 0x1, 0x6, 0x1, 0x4, 0xca2}}, 0xe8) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r4 = syz_open_dev$dri(&(0x7f0000000340), 0x5, 0x408041) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[0x0, 0x0], 0x2}) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r4, 0xc01064c7, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000000280)=[0x0]}) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_GET_MAP(r3, 0xc0286404, &(0x7f0000000080)={&(0x7f00001da000/0x2000)=nil}) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x401c5820, &(0x7f0000000180)) r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000040)={r5, r5, r5}, &(0x7f00000001c0)=""/126, 0x7e, &(0x7f0000000240)={&(0x7f0000000140)={'poly1305-simd\x00'}}) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) 5.756638625s ago: executing program 3 (id=940): socket$alg(0x26, 0x5, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) accept$alg(r1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4affeeaf541d002007000000", @ANYRES32=r2, @ANYBLOB="000000001000000024001a80080002802d00ff0008000200", @ANYRES16=r3, @ANYRES32=r3], 0x44}}, 0x0) 5.660760409s ago: executing program 2 (id=950): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x82, 0x0) io_setup(0xff, &(0x7f0000000080)=0x0) io_submit(r1, 0x7, &(0x7f0000000040)=[&(0x7f0000000000)={0x2, 0x960010, 0x0, 0x0, 0x0, r0, &(0x7f00000001c0)="10000040030000000000000000000000b22025285db74192e7576d9062ec6e2fe8ffff3ff248691861d03a71091d334252afb1af5b8f0474c2ed58338226131291198f3d70dcf797ac42d0eeed042c06b56b89f02f92b12ebe4c45948a362a76def2f4955f100a13131f474b140942110257e173cea102775e1b3873ebf98dac6421f6d449544114b8ce29f4b48d1738b5be127afce74b41c9ef761c96f24c9d3c130e1a6c2eb5b3f12eb6a1f5051594545cbb895e65d83c08d2d6cd56694e5a6c00f54aceaf498f57b2a56634a23ae7", 0xffffff15, 0x0, 0x0, 0x2}]) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00000000000000000000030000000800018004b140d150000280"], 0x30}}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5800000000020000000000000000000000000000100001800c000280050900000000000030"], 0x58}}, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d8240000280001000200000800000000"], 0x24d8}], 0x1}, 0x0) 5.64688112s ago: executing program 3 (id=951): socket(0x0, 0x0, 0x0) socket(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair(0x0, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000600)=r0, 0x4) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00) close(r2) 5.451497777s ago: executing program 2 (id=952): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x10, 0x4, 0x8, 0x7, 0x0, 0x1}, 0x48) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async) mount$nfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0200612c6e746578742c00a7e10ec013c826813f8e57a55dfedd4628ce950cc4f46fe1041a221fc36be3a7b835ccad8f9656c36109b979e1df00bf040864110a52e6724793d808045a6ae276d1c022a94b4f5a7cd844de858ca97285be22e79945eccfc03b67288441cb0aa6c32849b8aecd50b708f53a0b8d638810904ce1a26e72f9711a9447d85e1a6d2822171374add396ce57a334dd2c6e23e509a657bdc06474a6c822f820fa9c7889bebcadde81624b30ee2b9a1a9554ee53c43390392fc53e20841ecd466ed666839336a03521b15a9dff036241f9a9"]) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000240)=0x5, &(0x7f0000000200)=r1}, 0x20) 5.375081983s ago: executing program 3 (id=954): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000001380)=0x0) read$FUSE(0xffffffffffffffff, &(0x7f000000e400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001480)=[{{&(0x7f0000000640)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000700)=[{&(0x7f0000000800)="c06bdace4eebe9f33b870939df33595c33c55149ff6f5f622621561ebbb48a6b54e9f0e2ffbb4630807d8b2f8dcbdad7e168ac7530f267d35d34a7315c0e62800cddca54a3b670a96a48425a4f0624621b6472d3e33e638fa59363106a912ca813215f65367bbc81d46ea564e29ef177ad29d0c4b32700b74ec106783da699f50af4b08dd1d4197a937c63e29806d9817d72fc38f9786faf5578cf76144a126b7d7413f812c73c77cc809a1105ccefc1308c37694f2a113f48bdec83c1458a8f60da4f742d6d5de48c3414564276207fa19bc33cadbc61393a7a1d887847ec6b23ff65", 0xe3}, {&(0x7f0000000540)="e0a2903067d65ce06fef445d3f3e0d57f7c87c144ffb4f713d426b1ff1692c271091e52e0a3aa79de3de32ed4e75606496fefd58be", 0x35}, {&(0x7f00000006c0)}], 0x3, 0x0, 0x0, 0x1}}, {{&(0x7f0000000900)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000f00)=[{&(0x7f0000000a40)="12d81b6410405a5e90e3b2cce282f2420815eed351816a09517a07cf890d0d66142334ee28c0f091e7abf664d93155d2bdfc6a611277ded6ac6246be1011c84e50c06b5c6dab79ce97a03bda7b92d15ddf8713ea72b7a6c9066bb7b1db5dd36fef21a7be377fff443eee7c993a44b823aa42d0210248a003d82af698f13740c3ad51cec446d20e3d456f407d29baa5d5ed4a24e24f96e4e1e7bc677560ff4b2a5c30", 0xa2}, {&(0x7f0000000740)="68c5b250c2ac5988e08f53b8fbacffc9dd035d0dc2eceb6bd83aaf", 0x1b}, {&(0x7f0000000b00)="d4706d6f280e7cfc9f506669b686f4e256a61c6b985cda0e4eeda57427cd58224e8af6768a9b4caf291b2aec571e5678ec2224546de28561f8cc4561ffd01c78778e0bbcb30f8b12866e68d7f2f83193cfee7b94444f73e26e13120270cd38a3baad2962d3b6c6abfa365c6b410e457f4250a9cccd5c3c4eacd4839c9e14184b718574924249804684219fb65bb2602bfc8816bf9b2dfdd7b697fc664003446ab2dcea65d099ca1edfb192ab9576675e4e572d8af4f4cbbf51b3b4d735868ddbd7fb84c6130011236f08a18db992246618d6b15083513d8108b9a0862570ff50f1d111c6", 0xe4}, {&(0x7f0000000c80)="0c9287a0470917dff1011babc9a001c4f019b76c6cc4670f3d2320487e9f204a70a84ca513b4cca6da2bc0db906e8d70df317ff3f6991e5d51c3c59660c8d89be86646b6218977c8a8948bcd62967b0479", 0x51}, {&(0x7f0000000d00)="101b6158fd16cf005642bb57e6c68fcb43babdefa9a98436378b632d23f3cc481f8015b5298f5e19db0bb0b90bd09f44203272746dc4926eda2cb21438b55680895333300fc0d752b084e0691fa0d24d4a7f36594dfafa7331d456608f4b36f242c934cdc43b3ce375507ee0cab939893e6f55f117bb3346f4b64ba19aa8edbff9bfb8aa55870e47be719fea30998209869431f1eeed4ed95b727546d03480d0efdd79fe81d4c4507fe7238d", 0xac}, {&(0x7f0000000dc0)="8afe66ad84eac3a878dbcddcd003e8f05b10372abe9e29801bef088e7e5e2a5d6f9016073730406bc04c57c917e261e08c69c0069b6a21fece19d6deceed08eb24c9e4e4423fa159aa7848854010486591e17db9325ac3fd507fb258285e01b7c9ffc8160e58c7f3d35e6304a742519ec97a611ca2c31917f35f45075fcc735a35fea574f80bcfabc9b138e6bf08f875136ced8b95c3f8bb08f9", 0x9a}, {&(0x7f0000000e80)="3d53e043d7a7a9ac1c31e42bbf93094162ebe6334c1b9bafd0dc06b627405f69e6feb30ee43bfbc79cb3b7d027c4c3604edecc3bfa0ca7f8abc4e49619aa7df79bd0045800080538eda630db151badee97041d1ea89bac7d627461e11ba4f2bbcb", 0x61}, {&(0x7f0000000980)="2ca13ea4fa0aea83ebade5fa44aff901ca01aa1736c6ad0e497498fbb0b57b9bf0869e890cf5560b10e3d44ecf11de34a516a4e20f2bc5", 0x37}], 0x8, &(0x7f00000013c0)=ANY=[@ANYBLOB="20000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000005000000000100000002000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x98, 0x40}}], 0x2, 0x80) openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) waitid(0x1, r2, &(0x7f0000000380), 0x4, 0x0) accept4$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000040)=0x1c, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x6, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000400000000000000000062000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x33}, 0x90) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0) connect$inet(r3, &(0x7f0000003580)={0x2, 0x4e22, @dev}, 0x10) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}}, 0x0) fsopen(&(0x7f0000000040)='sockfs\x00', 0x0) gettid() bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x6, 0xfff, 0x7}, 0x48) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYRESDEC=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet_udplite(0x2, 0x2, 0x88) 5.374794252s ago: executing program 2 (id=955): ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)=0x3) syz_io_uring_setup(0x400024fc, &(0x7f0000000400)={0x0, 0xda58, 0x400}, 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) syz_open_dev$video(&(0x7f00000000c0), 0x9, 0x0) r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f0000000080)={0x1, 0x1, @stop_pts=0x81}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x40048d1}, 0x0) pselect6(0xffffffffffffff7f, &(0x7f0000000300)={0xfc, 0x7fffffffffffffff, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) clock_gettime(0x2, &(0x7f0000000280)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000340)={0x0}) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000a40)=@raw={'raw\x00', 0x8, 0x3, 0x300, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x230, 0xffffffff, 0xffffffff, 0x230, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x118, 0x140, 0x0, {}, [@common=@dst={{0x48}}, @common=@inet=@tos={{0x28}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x360) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000100)={r3}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000200)={0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000611040000000000095000000009ce57a7ef22ce2622c152fa0f4000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000180)={r5, 0x3, r2, 0x6}) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001, 0x2}, 0x8) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000002c0)={0x0, 0xfffffffc, 0x18}, 0xc) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={@loopback={0xfec0ffffffffffff, 0x3fc}}) r6 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r6, 0x8922, &(0x7f0000002780)={'batadv0\x00'}) mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='qnx6\x00', 0x4, 0x0) 5.222570117s ago: executing program 3 (id=956): r0 = getpid() bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c00)=@bpf_tracing={0x1a, 0xd, &(0x7f0000000640)=ANY=[@ANYBLOB="b7080000000000447b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40007040010fd619f8a00f0ffffffb7020000080000001823000087fdb9a08a13942be31c0000000000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000"], &(0x7f0000000140)='GPL\x00', 0x25e9, 0x0, 0x0, 0x41100, 0x62, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0xb, 0xb43e, 0x8428}, 0x10, 0x2e70c, 0xffffffffffffffff, 0x3, &(0x7f00000007c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000800)=[{0x4, 0x1, 0x9, 0x3}, {0x3, 0x1, 0x9, 0xc}, {0x4, 0x4, 0xd, 0x2}], 0x10, 0x8000}, 0x90) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c00000000000000000f883816814100000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b0000000000e000000200000000001c000000000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800"/28, @ANYRES32, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000340), 0x0, 0x0) getpid() syz_pidfd_open(0x0, 0x0) ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, &(0x7f0000000240)) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_pidfd_open(r0, 0x0) ioctl$HCIINQUIRY(r2, 0x400448cb, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) prctl$PR_SET_IO_FLUSHER(0x34, 0x2) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000280)=0x7fff) syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000380)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f0000000180)={r4}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000004c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r5, 0x3, r3, 0x5}) r6 = socket$inet6(0xa, 0x3, 0x0) connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e24, 0x56, @rand_addr=' \x01\x00', 0x1}, 0x1c) r7 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030029000b12d25a80648c2594f90124fc60100c020000040000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 2.499860706s ago: executing program 0 (id=962): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)) socket$rds(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a85321, &(0x7f0000000140)={{}, 'port1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}) syz_open_dev$tty20(0xc, 0x4, 0x1) socket$alg(0x26, 0x5, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet(0x2, 0x0, 0x0) r0 = syz_io_uring_setup(0x6d72, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000300)=0x0) r3 = socket$packet(0x11, 0x2, 0x300) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 2.389929625s ago: executing program 0 (id=963): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0xa, 0x2, 0x73) syz_usbip_server_init(0x4) syz_usbip_server_init(0x1) syz_usbip_server_init(0x0) socket$kcm(0x10, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="030000007a49a0c3cea2061d54bdda6945279e97db97ecdd4cf730cd6e3b2381efda2ed25503138247dc075c67e67df90a7917d7f3c227ef326ba670e90b0268adeb0a3d122336e24245139669464b467ac749210f7aec229e920b480547a44323b29d231b508a047d327109bed7c1d9b8bd63d9f50288f04981e18d7cc55cd05790a19f8704921806a9671e6c0ed8d15ed7bbb72772181ecaa9ec770c38a08fc5e1df8c926f76c1a544d382a287fe849dfeadb0d08f14e57b0698c7f3520a070d29806c44d1e0ad6180764f95c7"], 0x4) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="0444a8ddb497288c09965f72ab6aa6809d9e759b4522f7de77f1d6e2736fe0caa8cd5a12cdfcdda836b1655bc600"/59, @ANYRES16=r1, @ANYBLOB="010000000000fedbdf256600000008000300", @ANYRES32=r2, @ANYBLOB="080026008f0900000800b70000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40040}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$xdp(0x2c, 0x3, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000001080)=ANY=[@ANYBLOB="240000002400010000000000000000000000000006660400000000000600030000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x20040011) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000002c0)={0x0, 0x10000}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5409, 0x0) timer_create(0x0, &(0x7f0000000440)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)) r4 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) listen(r6, 0x0) accept4(r6, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'netpci0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 1.379990416s ago: executing program 0 (id=964): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000082295d0490218dcc3b0efea9f5ae49e26e939cc40586c61051f5f96b10cd4798037a2e9aeb9416794a8924961ef4664f1291a67857a0d529ce9e1a47fab0b81968e8fb662fa704c15d119c125af24ef53404bfeffa3e96f38525e9a2cc89b8d967f695b581e0702a3d9e87e542b5d7534984f43e645f4a5bbb43494cde104e7081094f251ef5b0d"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x1f4, 0xd, 0x0, &(0x7f0000000100)="ff412f66b0833efc88ca968781", 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50) 1.372410269s ago: executing program 0 (id=965): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_DAT_CACHE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="05030000000000000000070000002632b6a40af5c19168a292c13996c2678bd2d9622f41aadceb90fa165a3a565525a08f3fcac458059d7aff34594bf2dc621f4e2484904add41f816e85a9bc2406f288a910f10c81f79a8ba9a0202174b357528581e560512c2b4a21540d49a2e4dc6b54a5589cbf0a7023812626c5d5dc4ffd14e3b755dd24620e4642f1603949869411337cabf9d3c4ab1745a9c7a25412d"], 0x14}}, 0x0) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r8 = accept4(r7, 0x0, 0x0, 0x0) recvmmsg(r8, &(0x7f0000002ac0)=[{{0x0, 0x0, &(0x7f0000002940)=[{&(0x7f0000001600)=""/137, 0x89}], 0x1}}], 0x40000a4, 0x0, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) socket$inet6(0xa, 0x40000080806, 0x0) sendmmsg$inet(r6, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1}}], 0xfffffdef, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000002c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000dfff00"}}) r10 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r10, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) 981.783475ms ago: executing program 1 (id=966): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xaece, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) (async) r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x200000, 0x1, 0x10}, 0x18) mknodat$null(r3, &(0x7f00000000c0)='./file0\x00', 0x8, 0x103) 799.39688ms ago: executing program 1 (id=967): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{0x0}], 0x1, 0x3, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = epoll_create1(0x0) r2 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000001c0)={0x40002004}) ppoll(&(0x7f0000000200)=[{r2, 0x1}, {r1}], 0x2, 0x0, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) r4 = userfaultfd(0x801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) r5 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r5, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c00000014000100000000000000000002000000", @ANYRES32, @ANYBLOB="1400030076657468315f746f5fb0e7e13ed58465"], 0x2c}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, 0x0, 0x4008084) r8 = socket(0x10, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x2c}}, 0x0) ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) 667.98835ms ago: executing program 1 (id=968): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) symlink(0x0, 0x0) r1 = open(0x0, 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a81, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) pwritev(0xffffffffffffffff, &(0x7f0000000880)=[{&(0x7f00000010c0)="aabf", 0x7ffff}], 0x1, 0x0, 0x0) ioctl$TCFLSH(r0, 0x540b, 0x1) 606.577086ms ago: executing program 1 (id=969): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_clone(0x0, &(0x7f000000a640), 0x0, 0x0, 0x0, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0x8000f28, 0x0) vmsplice(r4, &(0x7f0000000940)=[{&(0x7f0000000640)='\x00', 0x1}], 0x1, 0x0) ioctl$sock_inet_sctp_SIOCINQ(r4, 0x541b, 0x0) write(r2, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x1) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) ioctl$TCSETS(r5, 0x89f2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "bb5dee00000000785fda3200"}) sendmsg$IPSET_CMD_TYPE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000000d060104000000000000000000ae2fd524643a7ba2f974d113e264fc45b9c170ed7ff980aff4338f8affc2c53845f66018c408681e471e07b1bdd5b86331494d26e32f70c4f225af368fd90342a092cc3b74ee5d8da6b3a4a2edf40dcc6c296d972db46df836d392b129975ef066f87b78ffb3b67b3defa5cf6bf1ac62a658175ee1e74feaa0db1de7a047dea939bc37ae1c3a73b18313db2875276b0d62a4f34b8b8604b4e5fa8c1939d2aa6ea7c6dc7f5b732e8e45adaef7ceb0740696f83841cf7700725bb527ac92924aacb12773b43c921c"], 0x14}}, 0x0) 269.972393ms ago: executing program 1 (id=970): socket(0x0, 0x0, 0x0) socket(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000600)=r0, 0x4) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00) close(r2) 197.720875ms ago: executing program 0 (id=971): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)) socket$rds(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a85321, &(0x7f0000000140)={{}, 'port1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}) syz_open_dev$tty20(0xc, 0x4, 0x1) socket$alg(0x26, 0x5, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet(0x2, 0x0, 0x0) r0 = syz_io_uring_setup(0x6d72, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000300)=0x0) r3 = socket$packet(0x11, 0x2, 0x300) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 69.652041ms ago: executing program 1 (id=972): openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0}) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) r4 = dup(r2) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) 0s ago: executing program 0 (id=973): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0xa, 0x2, 0x73) syz_usbip_server_init(0x4) syz_usbip_server_init(0x1) syz_usbip_server_init(0x0) socket$kcm(0x10, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="030000007a49a0c3cea2061d54bdda6945279e97db97ecdd4cf730cd6e3b2381efda2ed25503138247dc075c67e67df90a7917d7f3c227ef326ba670e90b0268adeb0a3d122336e24245139669464b467ac749210f7aec229e920b480547a44323b29d231b508a047d327109bed7c1d9b8bd63d9f50288f04981e18d7cc55cd05790a19f8704921806a9671e6c0ed8d15ed7bbb72772181ecaa9ec770c38a08fc5e1df8c926f76c1a544d382a287fe849dfeadb0d08f14e57b0698c7f3520a070d29806c44d1e0ad6180764f95c7"], 0x4) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="0444a8ddb497288c09965f72ab6aa6809d9e759b4522f7de77f1d6e2736fe0caa8cd5a12cdfcdda836b1655bc600"/59, @ANYRES16=r1, @ANYBLOB="010000000000fedbdf256600000008000300", @ANYRES32=r2, @ANYBLOB="080026008f0900000800b70000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40040}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$xdp(0x2c, 0x3, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000001080)=ANY=[@ANYBLOB="240000002400010000000000000000000000000006660400000000000600030000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x20040011) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000002c0)={0x0, 0x10000}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5409, 0x0) timer_create(0x0, &(0x7f0000000440)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)) r4 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) listen(r6, 0x0) accept4(r6, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'netpci0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) kernel console output (not intermixed with test programs): 47][ T7397] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.517921][ T7397] bridge_slave_1: entered allmulticast mode [ 156.522768][ T7397] bridge_slave_1: entered promiscuous mode [ 156.608778][ T7397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.616781][ T7397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.673342][ T5340] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 156.674244][ T5335] Bluetooth: hci0: command 0x1003 tx timeout [ 156.707738][ T7397] team0: Port device team_slave_0 added [ 156.716170][ T7397] team0: Port device team_slave_1 added [ 156.907789][ T7397] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.911012][ T7397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.933093][ T7397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.941619][ T7397] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.948957][ T7397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.962111][ T7397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.030229][ T5340] Bluetooth: Unexpected continuation frame (len 44) [ 157.075647][ T7397] hsr_slave_0: entered promiscuous mode [ 157.139586][ T7397] hsr_slave_1: entered promiscuous mode [ 157.332674][ T40] audit: type=1800 audit(1722491827.540:853): pid=7426 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.579" name="/" dev="fuse" ino=1 res=0 errno=0 [ 157.368959][ T7397] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.431963][ T7397] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.520567][ T7397] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.603560][ T7397] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.753879][ T7397] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 157.760647][ T7397] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 157.776382][ T7397] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 157.785949][ T7397] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 157.906312][ T7397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.928162][ T7397] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.937192][ T5731] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.940215][ T5731] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.963295][ T5731] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.966317][ T5731] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.104559][ T5340] Bluetooth: hci5: command tx timeout [ 158.177349][ T7397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.227591][ T7397] veth0_vlan: entered promiscuous mode [ 158.235674][ T7397] veth1_vlan: entered promiscuous mode [ 158.259767][ T7397] veth0_macvtap: entered promiscuous mode [ 158.279443][ T7397] veth1_macvtap: entered promiscuous mode [ 158.297045][ T7397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.301985][ T7397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.306805][ T7397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.311411][ T7397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.315567][ T7397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.319920][ T7397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.324290][ T7397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.328964][ T7397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.335233][ T7397] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.349578][ T7397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.354579][ T7397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.358831][ T7397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.363360][ T7397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.367700][ T7397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.371919][ T7397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.375820][ T7397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.379995][ T7397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.386766][ T7397] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.404844][ T7397] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.408559][ T7397] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.412693][ T7397] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.416149][ T7397] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.468478][ T1106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.477314][ T1106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.504014][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.507423][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.639109][ T7445] netlink: 'syz.1.574': attribute type 1 has an invalid length. [ 158.642427][ T7445] netlink: 16150 bytes leftover after parsing attributes in process `syz.1.574'. [ 160.050493][ T40] audit: type=1400 audit(1722491830.260:854): avc: denied { setopt } for pid=7454 comm="syz.2.585" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 160.183893][ T5340] Bluetooth: hci5: command tx timeout [ 160.426691][ T5340] Bluetooth: Unexpected continuation frame (len 44) [ 161.092575][ T40] audit: type=1326 audit(1722491831.300:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7477 comm="syz.0.591" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f36989773b9 code=0x0 [ 161.106947][ T7476] mmap: syz.1.590 (7476) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 161.219055][ T40] audit: type=1400 audit(1722491831.430:856): avc: denied { listen } for pid=7477 comm="syz.0.591" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 161.234527][ T40] audit: type=1400 audit(1722491831.430:857): avc: denied { accept } for pid=7477 comm="syz.0.591" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 161.263248][ T60] usb 7-1: new low-speed USB device number 10 using dummy_hcd [ 161.484517][ T60] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 161.487719][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 161.491909][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 161.503197][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 161.508121][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 161.515101][ T60] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 161.518448][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 161.522697][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 161.528142][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 161.533296][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 161.541533][ T60] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 161.544979][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 161.549184][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 161.554046][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 161.558513][ T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 161.568025][ T60] usb 7-1: string descriptor 0 read error: -22 [ 161.572126][ T60] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 161.576317][ T60] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.602214][ T60] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 162.052104][ T7480] block nbd1: shutting down sockets [ 162.291005][ T5340] Bluetooth: hci5: command tx timeout [ 162.343412][ T8] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 162.522389][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 162.523060][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 162.549147][ T8] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 162.553160][ T8] usb 5-1: config 179 has no interface number 0 [ 162.555836][ T8] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 162.560744][ T8] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 162.565631][ T8] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 162.570194][ T8] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 162.576387][ T8] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 162.581850][ T8] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 162.586904][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.613514][ T7490] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 162.665806][ T6272] usb 7-1: USB disconnect, device number 10 [ 162.886287][ T8] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:179.65/input/input23 [ 163.117755][ T7490] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.136067][ T7490] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.166421][ T5394] usb 5-1: USB disconnect, device number 13 [ 163.166545][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 163.173617][ T5394] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 163.620783][ T7514] netlink: 2060 bytes leftover after parsing attributes in process `syz.2.598'. [ 163.626497][ T7514] netlink: 'syz.2.598': attribute type 1 has an invalid length. [ 163.630112][ T7514] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.598'. [ 164.343502][ T5340] Bluetooth: hci5: command tx timeout [ 164.652774][ T7519] block nbd0: shutting down sockets [ 165.326934][ T40] audit: type=1400 audit(1722491835.540:858): avc: denied { unlink } for pid=7542 comm="syz.0.608" name="#1" dev="tmpfs" ino=819 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 165.361314][ T40] audit: type=1800 audit(1722491835.570:859): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.608" name="bus" dev="overlay" ino=821 res=0 errno=0 [ 165.810070][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 166.418909][ T1122] Bluetooth: (null): Invalid header checksum [ 166.421702][ T1122] Bluetooth: (null): Invalid header checksum [ 166.423103][ T5340] Bluetooth: hci5: command tx timeout [ 166.883315][ T57] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 166.953521][ T40] audit: type=1400 audit(1722491837.160:860): avc: denied { remount } for pid=7566 comm="syz.2.616" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 167.012147][ T7569] netlink: 'syz.2.617': attribute type 1 has an invalid length. [ 167.015738][ T7569] netlink: 9396 bytes leftover after parsing attributes in process `syz.2.617'. [ 167.063185][ T57] usb 6-1: Using ep0 maxpacket: 16 [ 167.067487][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 167.072113][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 167.076409][ T57] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 167.080091][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.085770][ T57] usb 6-1: config 0 descriptor?? [ 167.089449][ T7565] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 167.442698][ T7578] netlink: 'syz.2.619': attribute type 12 has an invalid length. [ 167.562903][ T57] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 167.572645][ T57] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 167.583026][ T57] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 167.593241][ T57] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 167.604107][ T57] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 167.630104][ T57] cp2112 0003:10C4:EA90.0008: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 167.750208][ T57] cp2112 0003:10C4:EA90.0008: Part Number: 0xE5 Device Version: 0x26 [ 168.305516][ T57] cp2112 0003:10C4:EA90.0008: error setting SMBus config [ 168.327745][ T57] cp2112 0003:10C4:EA90.0008: probe with driver cp2112 failed with error -71 [ 168.336064][ T57] usb 6-1: USB disconnect, device number 9 [ 168.344265][ T40] audit: type=1326 audit(1722491838.560:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7586 comm="syz.2.624" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f214c1773b9 code=0x0 [ 168.553373][ T7593] netlink: 8 bytes leftover after parsing attributes in process `syz.3.625'. [ 168.558027][ T7593] netlink: 8 bytes leftover after parsing attributes in process `syz.3.625'. [ 168.902874][ T7599] netlink: 'syz.1.627': attribute type 1 has an invalid length. [ 168.907235][ T7599] netlink: 9396 bytes leftover after parsing attributes in process `syz.1.627'. [ 169.088237][ T7601] netlink: 8 bytes leftover after parsing attributes in process `syz.1.628'. [ 169.092138][ T7601] netlink: 8 bytes leftover after parsing attributes in process `syz.1.628'. [ 169.382900][ T1122] Bluetooth: hci0: Frame reassembly failed (-84) [ 169.488574][ T7611] FAULT_INJECTION: forcing a failure. [ 169.488574][ T7611] name failslab, interval 1, probability 0, space 0, times 0 [ 169.503054][ T7611] CPU: 3 UID: 0 PID: 7611 Comm: syz.2.632 Not tainted 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0 [ 169.506723][ T7611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 169.511156][ T7611] Call Trace: [ 169.512618][ T7611] [ 169.514013][ T7611] dump_stack_lvl+0x16c/0x1f0 [ 169.516175][ T7611] should_fail_ex+0x497/0x5b0 [ 169.518457][ T7611] ? fs_reclaim_acquire+0xae/0x160 [ 169.520771][ T7611] should_failslab+0xc2/0x120 [ 169.522770][ T7611] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 169.525136][ T7611] ? getname_flags.part.0+0x4c/0x550 [ 169.527534][ T7611] getname_flags.part.0+0x4c/0x550 [ 169.529771][ T7611] getname_flags+0x93/0xf0 [ 169.531737][ T7611] user_path_at+0x24/0x60 [ 169.533668][ T7611] __x64_sys_mount+0x1fc/0x320 [ 169.535799][ T7611] ? __pfx___x64_sys_mount+0x10/0x10 [ 169.538019][ T7611] do_syscall_64+0xcd/0x250 [ 169.539784][ T7611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.542166][ T7611] RIP: 0033:0x7f214c1773b9 [ 169.544152][ T7611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.551776][ T7611] RSP: 002b:00007f214cff7048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 169.554867][ T7611] RAX: ffffffffffffffda RBX: 00007f214c305f80 RCX: 00007f214c1773b9 [ 169.557399][ T7611] RDX: 0000000020000480 RSI: 0000000020000040 RDI: 0000000020000440 [ 169.560228][ T7611] RBP: 00007f214cff70a0 R08: 0000000000000000 R09: 0000000000000000 [ 169.563371][ T7611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.566874][ T7611] R13: 000000000000000b R14: 00007f214c305f80 R15: 00007ffcd2eede98 [ 169.569929][ T7611] [ 169.899078][ T40] audit: type=1400 audit(1722491840.110:862): avc: denied { ioctl } for pid=7613 comm="syz.2.633" path="socket:[19395]" dev="sockfs" ino=19395 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 169.910870][ T7614] netlink: 4 bytes leftover after parsing attributes in process `syz.2.633'. [ 169.922564][ T7614] netlink: 'syz.2.633': attribute type 14 has an invalid length. [ 171.384686][ T5340] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 171.385552][ T5335] Bluetooth: hci0: command 0x1003 tx timeout [ 171.629945][ T7626] netlink: 'syz.1.636': attribute type 1 has an invalid length. [ 171.633545][ T7626] netlink: 9396 bytes leftover after parsing attributes in process `syz.1.636'. [ 171.806230][ T7630] netlink: 8 bytes leftover after parsing attributes in process `syz.1.638'. [ 171.810218][ T7630] netlink: 8 bytes leftover after parsing attributes in process `syz.1.638'. [ 171.890996][ T40] audit: type=1326 audit(1722491842.100:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7631 comm="syz.1.639" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fde9b3773b9 code=0x0 [ 172.063682][ T7637] netlink: 8 bytes leftover after parsing attributes in process `syz.0.640'. [ 172.067664][ T7637] netlink: 8 bytes leftover after parsing attributes in process `syz.0.640'. [ 172.910133][ T7650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.642'. [ 172.913911][ T7650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.642'. [ 172.926017][ T7651] netlink: 2060 bytes leftover after parsing attributes in process `syz.1.643'. [ 172.930757][ T7651] netlink: 'syz.1.643': attribute type 1 has an invalid length. [ 172.934777][ T7651] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.643'. [ 173.199652][ T7660] netlink: 'syz.2.646': attribute type 1 has an invalid length. [ 173.202805][ T7660] netlink: 9396 bytes leftover after parsing attributes in process `syz.2.646'. [ 173.463474][ T25] usb 8-1: new low-speed USB device number 9 using dummy_hcd [ 173.655103][ T10] usb 7-1: new low-speed USB device number 11 using dummy_hcd [ 173.656376][ T25] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 173.661828][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 173.669476][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 173.675073][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 173.679928][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 173.685393][ T25] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 173.688717][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 173.693107][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 173.697431][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 173.702107][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 173.711938][ T25] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 173.715120][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 173.719329][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 173.723676][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 173.728275][ T25] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 173.744137][ T25] usb 8-1: string descriptor 0 read error: -22 [ 173.746702][ T25] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 173.750354][ T25] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.766926][ T25] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 173.810599][ T7666] netlink: 8 bytes leftover after parsing attributes in process `syz.0.648'. [ 173.816190][ T7666] netlink: 8 bytes leftover after parsing attributes in process `syz.0.648'. [ 173.856026][ T10] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 173.862128][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 173.870035][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 173.876649][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 173.881385][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 173.887519][ T10] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 173.890763][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 173.898727][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 173.903017][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 173.907872][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 173.918348][ T10] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 173.921384][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 173.926560][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 173.930711][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 173.935384][ T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 173.959904][ T10] usb 7-1: string descriptor 0 read error: -22 [ 173.962835][ T10] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 173.966052][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.006586][ T10] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 174.670390][ T10] usb 8-1: USB disconnect, device number 9 [ 174.737124][ T25] usb 7-1: USB disconnect, device number 11 [ 174.951305][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 175.203124][ T7679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.651'. [ 175.464566][ T40] audit: type=1326 audit(1722491845.680:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7683 comm="syz.3.653" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb13e3773b9 code=0x0 [ 175.670921][ T7694] netlink: 'syz.2.655': attribute type 1 has an invalid length. [ 176.494404][ T40] audit: type=1800 audit(1722491846.710:865): pid=7706 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.658" name="/" dev="fuse" ino=1 res=0 errno=0 [ 176.663797][ T5331] Bluetooth: hci2: command 0x0406 tx timeout [ 176.663972][ T5327] Bluetooth: hci1: command 0x0406 tx timeout [ 176.699737][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 177.113098][ T25] usb 7-1: new low-speed USB device number 12 using dummy_hcd [ 177.296125][ T25] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 177.299584][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 177.304275][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 177.308812][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 177.313903][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 177.319565][ T25] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 177.322914][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 177.327291][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 177.331490][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 177.336973][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 177.346019][ T25] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 177.349349][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 177.354951][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 177.359253][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 177.364116][ T25] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 177.372267][ T25] usb 7-1: string descriptor 0 read error: -22 [ 177.375863][ T25] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 177.380367][ T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.391373][ T25] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 177.816688][ T25] usb 5-1: new low-speed USB device number 14 using dummy_hcd [ 178.008987][ T25] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 178.012425][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 178.018273][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 178.022568][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 178.033592][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 178.042216][ T25] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 178.045933][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 178.049908][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 178.055911][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 178.061052][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 178.068657][ T25] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 178.073238][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 178.077632][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 178.081518][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 178.086976][ T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 178.088337][ T5369] usb 7-1: USB disconnect, device number 12 [ 178.095166][ T25] usb 5-1: string descriptor 0 read error: -22 [ 178.098407][ T25] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 178.102685][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.115295][ T25] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 178.847872][ T7731] netlink: 'syz.3.665': attribute type 1 has an invalid length. [ 178.851117][ T7731] __nla_validate_parse: 2 callbacks suppressed [ 178.851129][ T7731] netlink: 9396 bytes leftover after parsing attributes in process `syz.3.665'. [ 178.978613][ T5370] usb 5-1: USB disconnect, device number 14 [ 179.738978][ T40] audit: type=1400 audit(1722491849.950:866): avc: denied { write } for pid=7742 comm="syz.1.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 179.882533][ T7750] netlink: 'syz.0.671': attribute type 1 has an invalid length. [ 179.886694][ T7750] netlink: 9396 bytes leftover after parsing attributes in process `syz.0.671'. [ 180.033218][ T25] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 180.223103][ T25] usb 6-1: Using ep0 maxpacket: 16 [ 180.235138][ T25] usb 6-1: config 0 has an invalid interface number: 31 but max is 0 [ 180.251430][ T25] usb 6-1: config 0 has no interface number 0 [ 180.256282][ T25] usb 6-1: config 0 interface 31 has no altsetting 0 [ 180.261974][ T25] usb 6-1: New USB device found, idVendor=24c6, idProduct=5696, bcdDevice=37.70 [ 180.267149][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.275143][ T25] usb 6-1: config 0 descriptor?? [ 180.537894][ T6272] usb 6-1: USB disconnect, device number 10 [ 181.394628][ T7766] netlink: 2060 bytes leftover after parsing attributes in process `syz.0.673'. [ 181.398455][ T7766] netlink: 'syz.0.673': attribute type 1 has an invalid length. [ 181.401901][ T7766] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.673'. [ 181.543549][ T7768] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32792 sclass=netlink_route_socket pid=7768 comm=syz.1.675 [ 181.559329][ T7768] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 181.581684][ T7768] batadv_slave_1: entered allmulticast mode [ 181.641248][ T7767] block nbd1: shutting down sockets [ 181.908025][ T40] audit: type=1800 audit(1722491852.120:867): pid=7773 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.676" name="/" dev="fuse" ino=1 res=0 errno=0 [ 182.593223][ T5394] usb 6-1: new low-speed USB device number 11 using dummy_hcd [ 182.787337][ T5394] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 182.790609][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 182.797109][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 182.804900][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 182.809442][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 182.816333][ T5394] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 182.820199][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 182.831540][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 182.836215][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 182.842763][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 182.851703][ T5394] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 182.857867][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 182.862800][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 182.867683][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 182.872287][ T5394] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 182.880978][ T5394] usb 6-1: string descriptor 0 read error: -22 [ 182.885389][ T5394] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 182.890899][ T5394] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.937111][ T5394] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 184.212051][ T7805] netlink: 8 bytes leftover after parsing attributes in process `syz.0.684'. [ 184.221981][ T7805] netlink: 8 bytes leftover after parsing attributes in process `syz.0.684'. [ 184.330541][ T5394] usb 6-1: USB disconnect, device number 11 [ 184.435784][ T40] audit: type=1400 audit(1722491854.640:868): avc: denied { mount } for pid=7803 comm="syz.3.685" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 184.550360][ T40] audit: type=1400 audit(1722491854.760:869): avc: denied { remount } for pid=7803 comm="syz.3.685" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 184.789131][ T7814] netlink: 'syz.2.686': attribute type 12 has an invalid length. [ 185.360215][ T7827] fuse: Bad value for 'fd' [ 185.386578][ T7827] netlink: 20 bytes leftover after parsing attributes in process `syz.1.690'. [ 185.389800][ T7827] netlink: 8 bytes leftover after parsing attributes in process `syz.1.690'. [ 185.630421][ T7836] netlink: 'syz.0.693': attribute type 1 has an invalid length. [ 185.633793][ T7836] netlink: 9396 bytes leftover after parsing attributes in process `syz.0.693'. [ 185.640290][ T7837] netlink: 2060 bytes leftover after parsing attributes in process `syz.2.691'. [ 185.644729][ T7837] netlink: 'syz.2.691': attribute type 1 has an invalid length. [ 185.649886][ T7837] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.691'. [ 186.413315][ T6272] usb 5-1: new low-speed USB device number 15 using dummy_hcd [ 186.626434][ T6272] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 186.629708][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 186.634004][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 186.638173][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 186.643318][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 186.649753][ T6272] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 186.653924][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 186.658351][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 186.662798][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 186.667837][ T25] usb 6-1: new low-speed USB device number 12 using dummy_hcd [ 186.671213][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 186.678675][ T6272] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 186.682368][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 186.687917][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 186.692323][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 186.697379][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 186.711278][ T6272] usb 5-1: string descriptor 0 read error: -22 [ 186.718450][ T6272] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 186.722548][ T6272] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.744963][ T6272] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 186.878065][ T25] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 186.881288][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 186.886129][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 186.890622][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 186.895840][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 186.903707][ T25] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 186.908003][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 186.914145][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 186.918677][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 186.924280][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 186.931840][ T25] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 186.935839][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 186.953344][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 186.958444][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 186.967526][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 186.987444][ T25] usb 6-1: string descriptor 0 read error: -22 [ 186.990480][ T25] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 187.009678][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.042592][ T25] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 187.802167][ T40] audit: type=1400 audit(1722491858.000:870): avc: denied { unmount } for pid=6267 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 187.845434][ T6272] usb 5-1: USB disconnect, device number 15 [ 187.988546][ T40] audit: type=1400 audit(1722491858.200:871): avc: denied { ioctl } for pid=7852 comm="syz.3.699" path="socket:[19699]" dev="sockfs" ino=19699 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 188.027283][ T7857] netlink: 'syz.2.701': attribute type 1 has an invalid length. [ 188.134127][ T7863] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 188.139545][ T7863] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 188.209838][ T7857] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 188.228520][ T7857] bond1 (unregistering): Released all slaves [ 188.337094][ T8] usb 6-1: USB disconnect, device number 12 [ 188.643117][ T6272] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 188.836351][ T6272] usb 7-1: Using ep0 maxpacket: 16 [ 188.845001][ T6272] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 188.849606][ T6272] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 188.863166][ T6272] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 188.866822][ T6272] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.871947][ T6272] usb 7-1: config 0 descriptor?? [ 189.082333][ T5335] Bluetooth: hci2: unexpected event for opcode 0x0c14 [ 189.169515][ T5335] Bluetooth: hci2: Malformed LE Event: 0x0b [ 189.563112][ T35] usb 6-1: new low-speed USB device number 13 using dummy_hcd [ 189.746912][ T35] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 189.750667][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 189.755410][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 189.759476][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 189.764173][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 189.769491][ T35] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 189.772741][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 189.773271][ T8] usb 5-1: new low-speed USB device number 16 using dummy_hcd [ 189.777197][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 189.785497][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 189.790127][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 189.795699][ T35] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 189.798949][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 189.803139][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 189.807449][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 189.811937][ T35] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 189.822902][ T35] usb 6-1: string descriptor 0 read error: -22 [ 189.825427][ T35] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 189.828910][ T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.840137][ T35] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 189.996456][ T8] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 189.999793][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 190.004275][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 190.009090][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 190.013691][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 190.025299][ T8] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 190.028257][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 190.032801][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 190.036966][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 190.041408][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 190.048445][ T8] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 190.051956][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 190.056307][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 190.060620][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 190.065507][ T8] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 190.078703][ T8] usb 5-1: string descriptor 0 read error: -22 [ 190.082189][ T8] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 190.093725][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.106997][ T8] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 190.863795][ T35] usb 5-1: USB disconnect, device number 16 [ 190.914764][ T5731] usb 6-1: USB disconnect, device number 13 [ 191.394033][ T6272] usbhid 7-1:0.0: can't add hid device: -71 [ 191.395376][ T7894] netlink: 2060 bytes leftover after parsing attributes in process `syz.3.709'. [ 191.396767][ T6272] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 191.400937][ T7894] netlink: 'syz.3.709': attribute type 1 has an invalid length. [ 191.411435][ T7894] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.709'. [ 191.434938][ T6272] usb 7-1: USB disconnect, device number 13 [ 191.688782][ T7901] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32792 sclass=netlink_route_socket pid=7901 comm=syz.2.710 [ 191.713216][ T7901] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 191.724525][ T7901] batadv_slave_0: entered allmulticast mode [ 191.884483][ T40] audit: type=1400 audit(1722491862.090:872): avc: denied { ioctl } for pid=7907 comm="syz.1.714" path="socket:[19835]" dev="sockfs" ino=19835 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 192.335360][ T7895] block nbd2: shutting down sockets [ 194.110551][ T7940] fuse: Bad value for 'fd' [ 194.213123][ T6272] usb 5-1: new low-speed USB device number 17 using dummy_hcd [ 194.405745][ T6272] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 194.409557][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 194.417867][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 194.422722][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 194.443038][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 194.453752][ T6272] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 194.457850][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 194.462919][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 194.467612][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 194.472257][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 194.483833][ T6272] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 194.487095][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 194.491180][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 194.497878][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 194.502857][ T6272] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 194.514696][ T6272] usb 5-1: string descriptor 0 read error: -22 [ 194.516977][ T6272] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 194.520467][ T6272] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.531837][ T6272] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 194.617905][ T40] audit: type=1400 audit(1722491864.830:873): avc: denied { bind } for pid=7950 comm="syz.2.727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 196.396895][ T6272] usb 5-1: USB disconnect, device number 17 [ 196.445679][ T7971] netlink: 'syz.3.731': attribute type 4 has an invalid length. [ 196.742119][ T7992] fuse: Bad value for 'fd' [ 196.764381][ T7992] netlink: 20 bytes leftover after parsing attributes in process `syz.2.736'. [ 196.769307][ T7992] netlink: 8 bytes leftover after parsing attributes in process `syz.2.736'. [ 197.103000][ T7995] vivid-003: disconnect [ 197.419635][ T8003] netlink: 8 bytes leftover after parsing attributes in process `syz.3.740'. [ 198.330813][ T7994] vivid-003: reconnect [ 198.579201][ T40] audit: type=1400 audit(1722491868.790:874): avc: denied { connect } for pid=8021 comm="syz.0.745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 198.704227][ T40] audit: type=1400 audit(1722491868.920:875): avc: denied { write } for pid=8021 comm="syz.0.745" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 198.707302][ T8027] netlink: 2060 bytes leftover after parsing attributes in process `syz.1.744'. [ 198.725971][ T8027] netlink: 'syz.1.744': attribute type 1 has an invalid length. [ 198.730140][ T8027] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.744'. [ 199.224013][ T5335] Bluetooth: hci5: command tx timeout [ 199.364978][ T8032] netlink: 'syz.2.747': attribute type 4 has an invalid length. [ 199.545560][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 199.867773][ T8040] netlink: 2060 bytes leftover after parsing attributes in process `syz.3.749'. [ 199.870996][ T8040] netlink: 'syz.3.749': attribute type 1 has an invalid length. [ 199.873966][ T8040] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.749'. [ 200.187714][ T1381] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.411217][ T8046] netlink: 8 bytes leftover after parsing attributes in process `syz.0.751'. [ 200.423214][ T40] audit: type=1400 audit(1722491870.620:876): avc: denied { create } for pid=8045 comm="syz.0.751" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 200.473541][ T40] audit: type=1400 audit(1722491870.620:877): avc: denied { write } for pid=8045 comm="syz.0.751" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 200.502641][ T40] audit: type=1400 audit(1722491870.710:878): avc: denied { write } for pid=4808 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 200.557027][ T40] audit: type=1400 audit(1722491870.710:879): avc: denied { remove_name } for pid=4808 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 200.603524][ T40] audit: type=1400 audit(1722491870.710:880): avc: denied { add_name } for pid=4808 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 200.745471][ T5394] usb 5-1: new low-speed USB device number 18 using dummy_hcd [ 200.925685][ T5394] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 200.929398][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 200.935283][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 200.939624][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 200.949164][ T40] audit: type=1400 audit(1722491871.160:881): avc: denied { mount } for pid=8054 comm="syz.2.754" name="/" dev="ramfs" ino=20973 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 200.953119][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 200.965158][ T5394] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 200.968491][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 200.973446][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 200.978184][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 200.984557][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 200.991204][ T5394] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 200.994796][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 200.999410][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 201.003932][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 201.004884][ T8057] overlay: ./bus is not a directory [ 201.010321][ T5394] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 201.030329][ T5394] usb 5-1: string descriptor 0 read error: -22 [ 201.033597][ T5394] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 201.037666][ T5394] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.078259][ T5394] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 202.931933][ T57] usb 5-1: USB disconnect, device number 18 [ 203.682194][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 204.019028][ T8095] netlink: zone id is out of range [ 204.025364][ T8095] netlink: zone id is out of range [ 204.055218][ T8095] netlink: set zone limit has 4 unknown bytes [ 204.680902][ T40] audit: type=1400 audit(1722491874.890:882): avc: denied { ioctl } for pid=8105 comm="syz.3.765" path="socket:[18241]" dev="sockfs" ino=18241 ioctlcmd=0x7213 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 204.754466][ T40] audit: type=1400 audit(1722491874.940:883): avc: denied { ioctl } for pid=8108 comm="syz.2.766" path="socket:[20306]" dev="sockfs" ino=20306 ioctlcmd=0x4943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 204.828714][ T8121] netlink: 2060 bytes leftover after parsing attributes in process `syz.0.767'. [ 204.832777][ T8121] netlink: 'syz.0.767': attribute type 1 has an invalid length. [ 204.837296][ T8121] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.767'. [ 206.920239][ T8137] overlayfs: missing 'lowerdir' [ 206.944430][ T40] audit: type=1400 audit(1722491877.160:884): avc: denied { module_load } for pid=8134 comm="syz.3.772" path="/116/bus/bus" dev="tmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 206.944771][ T8137] Invalid ELF header magic: != ELF [ 207.361779][ T8143] vivid-001: disconnect [ 207.433295][ T5335] Bluetooth: hci3: connection err: -111 [ 207.523801][ T8146] sp0: Synchronizing with TNC [ 207.796809][ T40] audit: type=1400 audit(1722491877.990:885): avc: denied { mounton } for pid=8150 comm="syz.2.777" path="/221/file1/file0" dev="autofs" ino=21090 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 208.193046][ T8142] vivid-001: reconnect [ 208.274939][ T8157] netlink: 2060 bytes leftover after parsing attributes in process `syz.3.779'. [ 208.280481][ T8157] netlink: 'syz.3.779': attribute type 1 has an invalid length. [ 208.285429][ T8157] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.779'. [ 210.049795][ T8184] netlink: 2060 bytes leftover after parsing attributes in process `syz.0.788'. [ 210.053891][ T8184] netlink: 'syz.0.788': attribute type 1 has an invalid length. [ 210.057228][ T8184] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.788'. [ 210.703283][ T8188] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 210.706305][ T8188] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 210.711869][ T8188] vhci_hcd vhci_hcd.0: Device attached [ 210.726915][ T8189] usbip_core: unknown command [ 210.728909][ T8189] vhci_hcd: unknown pdu 3020988904 [ 210.731093][ T8189] usbip_core: unknown command [ 210.737985][ T1122] vhci_hcd: stop threads [ 210.740232][ T1122] vhci_hcd: release socket [ 210.742814][ T1122] vhci_hcd: disconnect device [ 211.233088][ T6272] usb 6-1: new low-speed USB device number 14 using dummy_hcd [ 211.236446][ T57] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 211.416152][ T6272] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 211.419375][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 211.423111][ T57] usb 8-1: Using ep0 maxpacket: 8 [ 211.424102][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 211.433162][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 211.434660][ T57] usb 8-1: config 0 has no interfaces? [ 211.440095][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 211.446079][ T57] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 211.451369][ T57] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.455788][ T6272] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 211.460277][ T57] usb 8-1: Product: syz [ 211.461600][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 211.464954][ T57] usb 8-1: Manufacturer: syz [ 211.469731][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 211.471597][ T57] usb 8-1: SerialNumber: syz [ 211.476308][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 211.476334][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 211.481399][ T57] usb 8-1: config 0 descriptor?? [ 211.486375][ T6272] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 211.502586][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 211.508371][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 211.513696][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 211.519911][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 211.529384][ T6272] usb 6-1: string descriptor 0 read error: -22 [ 211.532044][ T6272] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 211.535616][ T6272] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.556424][ T6272] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 212.386739][ T6272] usb 6-1: USB disconnect, device number 14 [ 212.412006][ T57] usb 8-1: USB disconnect, device number 10 [ 213.343202][ T6272] usb 6-1: new low-speed USB device number 15 using dummy_hcd [ 213.495786][ T8198] block nbd0: shutting down sockets [ 213.526612][ T6272] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 213.531193][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 213.547530][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 213.551409][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 213.563198][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 213.591544][ T6272] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 213.595008][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 213.599276][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 213.604197][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 213.608696][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 213.655924][ T6272] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 213.658733][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 213.662771][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 213.670858][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 213.691827][ T6272] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 213.703164][ T6272] usb 6-1: string descriptor 0 read error: -22 [ 213.708081][ T6272] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 213.720738][ T6272] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.734847][ T6272] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 214.129849][ T8210] block nbd0: shutting down sockets [ 214.247526][ T8220] fuse: Bad value for 'fd' [ 214.279794][ T8221] netlink: 2060 bytes leftover after parsing attributes in process `syz.3.797'. [ 214.303470][ T8221] netlink: 'syz.3.797': attribute type 1 has an invalid length. [ 214.306836][ T8221] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.797'. [ 214.599614][ T6272] usb 6-1: USB disconnect, device number 15 [ 215.538550][ T8232] netlink: 2060 bytes leftover after parsing attributes in process `syz.1.800'. [ 215.544975][ T8232] netlink: 'syz.1.800': attribute type 1 has an invalid length. [ 215.548246][ T8232] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.800'. [ 216.538419][ T40] audit: type=1800 audit(1722491886.750:886): pid=8236 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.801" name="/" dev="fuse" ino=1 res=0 errno=0 [ 217.971029][ T8250] fuse: Bad value for 'fd' [ 218.184722][ T5340] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 218.190549][ T5340] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 218.194868][ T5340] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 218.199608][ T5340] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 218.203795][ T5340] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 218.207477][ T5340] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 218.343081][ T5731] usb 8-1: new low-speed USB device number 11 using dummy_hcd [ 218.483340][ T8254] chnl_net:caif_netlink_parms(): no params data found [ 218.530714][ T5731] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 218.535143][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 218.539355][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 218.549552][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 218.554449][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 218.560606][ T5731] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 218.564260][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 218.568094][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 218.572723][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 218.577270][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 218.584098][ T5731] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 218.588103][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 218.593735][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 218.597832][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 218.602585][ T5731] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 218.611550][ T5731] usb 8-1: string descriptor 0 read error: -22 [ 218.614497][ T5731] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 218.618532][ T5731] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.632567][ T5731] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 218.694097][ T1111] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.918212][ T1111] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.017868][ T8270] netlink: 2060 bytes leftover after parsing attributes in process `syz.0.810'. [ 219.022245][ T8270] netlink: 'syz.0.810': attribute type 1 has an invalid length. [ 219.031597][ T8270] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.810'. [ 219.100607][ T1111] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.206990][ T8254] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.210310][ T8254] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.214660][ T8254] bridge_slave_0: entered allmulticast mode [ 219.221685][ T8254] bridge_slave_0: entered promiscuous mode [ 219.264704][ T8254] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.268049][ T8254] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.283435][ T8254] bridge_slave_1: entered allmulticast mode [ 219.287545][ T8254] bridge_slave_1: entered promiscuous mode [ 219.298692][ T40] audit: type=1800 audit(1722491889.510:887): pid=8275 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.811" name="/" dev="fuse" ino=1 res=0 errno=0 [ 219.365516][ T1111] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.489458][ T8254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.494570][ T8264] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 219.510715][ T8254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.652630][ T8254] team0: Port device team_slave_0 added [ 219.658096][ T8254] team0: Port device team_slave_1 added [ 219.804196][ T8254] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.806839][ T8254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.843959][ T8254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.855572][ T8254] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.863130][ T8254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.874067][ T8254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.885005][ T5394] usb 8-1: USB disconnect, device number 11 [ 220.061582][ T1111] bridge_slave_1: left allmulticast mode [ 220.064804][ T1111] bridge_slave_1: left promiscuous mode [ 220.070102][ T1111] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.080388][ T1111] bridge_slave_0: left allmulticast mode [ 220.084409][ T1111] bridge_slave_0: left promiscuous mode [ 220.087386][ T1111] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.507209][ T1111] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 220.538985][ T1111] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 220.557886][ T1111] bond0 (unregistering): Released all slaves [ 220.576221][ T8254] hsr_slave_0: entered promiscuous mode [ 220.585031][ T8254] hsr_slave_1: entered promiscuous mode [ 220.592287][ T8254] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 220.596662][ T8254] Cannot create hsr debugfs directory [ 220.730586][ T8278] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 220.734452][ T8278] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 220.743215][ T8278] vhci_hcd vhci_hcd.0: Device attached [ 220.760854][ T8279] usbip_core: unknown command [ 220.763886][ T8279] vhci_hcd: unknown pdu 3020988904 [ 220.770678][ T8279] usbip_core: unknown command [ 220.781262][ T84] vhci_hcd: stop threads [ 220.783574][ T84] vhci_hcd: release socket [ 220.785567][ T84] vhci_hcd: disconnect device [ 221.233050][ T1111] hsr_slave_0: left promiscuous mode [ 221.239811][ T1111] hsr_slave_1: left promiscuous mode [ 221.245300][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.250140][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.253429][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.283147][ T831] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 221.298602][ T1111] veth1_macvtap: left promiscuous mode [ 221.301557][ T1111] veth0_macvtap: left promiscuous mode [ 221.311542][ T1111] veth1_vlan: left promiscuous mode [ 221.314595][ T1111] veth0_vlan: left promiscuous mode [ 221.483071][ T831] usb 8-1: Using ep0 maxpacket: 8 [ 221.489341][ T831] usb 8-1: config 0 has no interfaces? [ 221.499939][ T831] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 221.507702][ T831] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.511407][ T831] usb 8-1: Product: syz [ 221.513796][ T831] usb 8-1: Manufacturer: syz [ 221.516793][ T831] usb 8-1: SerialNumber: syz [ 221.521232][ T831] usb 8-1: config 0 descriptor?? [ 222.075310][ T8287] block nbd0: shutting down sockets [ 222.899429][ T1111] team0 (unregistering): Port device team_slave_1 removed [ 223.032742][ T1111] team0 (unregistering): Port device team_slave_0 removed [ 224.037950][ T5394] usb 8-1: USB disconnect, device number 12 [ 224.227843][ T40] audit: type=1400 audit(1722491894.420:888): avc: denied { write } for pid=8317 comm="syz.3.818" name="udp" dev="proc" ino=4026533816 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 224.320532][ T8254] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 224.342563][ T8254] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 224.361306][ T8254] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 224.371350][ T8254] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 224.469777][ T8254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.501297][ T8254] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.511474][ T5731] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.514930][ T5731] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.551111][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.553936][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.611094][ T8254] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.776224][ T8254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.825393][ T8254] veth0_vlan: entered promiscuous mode [ 224.836401][ T8254] veth1_vlan: entered promiscuous mode [ 224.884843][ T8254] veth0_macvtap: entered promiscuous mode [ 224.894465][ T8254] veth1_macvtap: entered promiscuous mode [ 224.909890][ T8254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.914698][ T8254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.918885][ T8254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.923663][ T8254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.928127][ T8254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.932659][ T8254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.936708][ T8254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.941382][ T8254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.943280][ T40] audit: type=1400 audit(1722491895.150:889): avc: denied { ioctl } for pid=8321 comm="syz.3.819" path="socket:[21337]" dev="sockfs" ino=21337 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 224.948608][ T8254] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.964736][ T8254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.969736][ T8254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.975890][ T8254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.980194][ T8254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.984062][ T8254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.988322][ T8254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.994283][ T8254] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.998684][ T40] audit: type=1400 audit(1722491895.210:890): avc: denied { bind } for pid=8321 comm="syz.3.819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 225.025031][ T8254] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.029331][ T8254] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.033511][ T8254] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.037539][ T8254] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.106586][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.110661][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.141142][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.173025][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.253283][ T5335] Bluetooth: hci4: ACL packet for unknown connection handle 1993 [ 225.299665][ T5731] libceph: connect (1)[c::]:6789 error -101 [ 225.303821][ T5731] libceph: mon0 (1)[c::]:6789 connect error [ 225.429313][ T40] audit: type=1800 audit(1722491895.640:891): pid=8340 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.806" name="/" dev="fuse" ino=1 res=0 errno=0 [ 225.443137][ T8331] ceph: No mds server is up or the cluster is laggy [ 225.715337][ T40] audit: type=1800 audit(1722491895.930:892): pid=8348 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.821" name="/" dev="fuse" ino=1 res=0 errno=0 [ 227.143209][ T57] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 227.179838][ T5335] Bluetooth: hci3: ACL packet for unknown connection handle 1993 [ 227.206267][ T5731] libceph: connect (1)[c::]:6789 error -101 [ 227.213416][ T5731] libceph: mon0 (1)[c::]:6789 connect error [ 227.343829][ T57] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 227.348901][ T57] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.352730][ T57] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.357602][ T57] usb 7-1: config 0 interface 0 has no altsetting 0 [ 227.365344][ T8373] ceph: No mds server is up or the cluster is laggy [ 227.371097][ T57] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.377032][ T57] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.381724][ T57] usb 7-1: config 0 interface 0 has no altsetting 0 [ 227.392682][ T57] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.404110][ T57] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.410600][ T57] usb 7-1: config 0 interface 0 has no altsetting 0 [ 227.415482][ T57] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.419932][ T57] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.431259][ T57] usb 7-1: config 0 interface 0 has no altsetting 0 [ 227.436680][ T57] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.439713][ T57] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.444780][ T57] usb 7-1: config 0 interface 0 has no altsetting 0 [ 227.449064][ T57] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.463121][ T57] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.467355][ T57] usb 7-1: config 0 interface 0 has no altsetting 0 [ 227.473631][ T57] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.477833][ T57] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.484861][ T57] usb 7-1: config 0 interface 0 has no altsetting 0 [ 227.489982][ T57] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 227.494776][ T57] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 227.499700][ T57] usb 7-1: config 0 interface 0 has no altsetting 0 [ 227.506965][ T57] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 227.510824][ T57] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 227.515143][ T57] usb 7-1: Product: syz [ 227.518404][ T57] usb 7-1: Manufacturer: syz [ 227.520447][ T57] usb 7-1: SerialNumber: syz [ 227.528031][ T57] usb 7-1: config 0 descriptor?? [ 227.537902][ T57] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 227.766822][ T40] audit: type=1400 audit(1722491897.980:893): avc: denied { create } for pid=8370 comm="syz.2.829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 227.784811][ T40] audit: type=1400 audit(1722491897.980:894): avc: denied { read } for pid=8370 comm="syz.2.829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 227.875606][ C3] usb 7-1: yurex_control_callback - control failed: -71 [ 227.879207][ T5840] usb 7-1: USB disconnect, device number 14 [ 227.883506][ T5840] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 228.391574][ T8406] netlink: 'syz.1.839': attribute type 12 has an invalid length. [ 228.393231][ T5394] usb 8-1: new low-speed USB device number 13 using dummy_hcd [ 228.590835][ T5394] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 228.594639][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 228.599013][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 228.603472][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 228.608901][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 228.614612][ T5394] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 228.618152][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 228.623796][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 228.628575][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 228.634756][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 228.641892][ T5394] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 228.645449][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 228.649995][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 228.654663][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 228.660184][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 228.668965][ T5394] usb 8-1: string descriptor 0 read error: -22 [ 228.672435][ T5394] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 228.682185][ T5394] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.698141][ T5394] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 228.754016][ T8411] vivid-000: disconnect [ 229.440855][ T5394] usb 8-1: USB disconnect, device number 13 [ 229.583346][ T8410] vivid-000: reconnect [ 229.943802][ T5840] usb 7-1: new low-speed USB device number 15 using dummy_hcd [ 230.135454][ T5840] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 230.138768][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 230.152626][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 230.164271][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 230.169108][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 230.179696][ T5840] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 230.183106][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 230.188075][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 230.204011][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 230.209119][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 230.216720][ T5840] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 230.220377][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 230.230605][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 230.235510][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 230.240292][ T5840] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 230.252436][ T5840] usb 7-1: string descriptor 0 read error: -22 [ 230.256567][ T5840] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 230.260148][ T5840] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.289554][ T5840] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 230.928089][ T25] usb 7-1: USB disconnect, device number 15 [ 231.456395][ T8448] netlink: 'syz.3.851': attribute type 12 has an invalid length. [ 231.819466][ T8453] fuse: Bad value for 'fd' [ 231.857250][ T8453] netlink: 20 bytes leftover after parsing attributes in process `syz.2.852'. [ 231.861526][ T8453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.852'. [ 232.321815][ T8456] pim6reg1: entered promiscuous mode [ 232.328621][ T8456] pim6reg1: entered allmulticast mode [ 232.686249][ T5394] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 232.691455][ T40] audit: type=1400 audit(1722491902.900:895): avc: denied { write } for pid=8461 comm="syz.0.855" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 232.796824][ T8464] netlink: zone id is out of range [ 232.801192][ T8464] netlink: zone id is out of range [ 232.816172][ T8464] netlink: set zone limit has 4 unknown bytes [ 232.889232][ T5394] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 232.900390][ T5394] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 232.910783][ T5394] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 232.937191][ T5394] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 232.941450][ T5394] usb 8-1: SerialNumber: syz [ 233.208579][ T40] audit: type=1800 audit(1722491903.420:896): pid=8479 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.858" name="/" dev="fuse" ino=1 res=0 errno=0 [ 233.232848][ T40] audit: type=1400 audit(1722491903.440:897): avc: denied { setopt } for pid=8455 comm="syz.3.853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 233.234381][ T5394] usb 8-1: 0:2 : does not exist [ 233.243562][ T5394] usb 8-1: unit 10 not found! [ 233.267324][ T5394] usb 8-1: USB disconnect, device number 14 [ 233.508758][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 234.046209][ T5394] usb 8-1: new low-speed USB device number 15 using dummy_hcd [ 234.227297][ T5394] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 234.230462][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 234.237288][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 234.242239][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 234.246960][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 234.253075][ T5394] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 234.258218][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 234.261773][ T8486] netlink: 'syz.0.861': attribute type 12 has an invalid length. [ 234.263699][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 234.271963][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 234.280334][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 234.288198][ T5394] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 234.292630][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 234.297508][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 234.302488][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 234.315741][ T5394] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 234.353404][ T5394] usb 8-1: string descriptor 0 read error: -22 [ 234.359636][ T5394] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 234.366133][ T5394] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.382664][ T5394] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 235.150225][ T833] usb 8-1: USB disconnect, device number 15 [ 236.009190][ T8503] fuse: Bad value for 'fd' [ 236.065304][ T8503] netlink: 20 bytes leftover after parsing attributes in process `syz.1.864'. [ 236.070308][ T8503] netlink: 8 bytes leftover after parsing attributes in process `syz.1.864'. [ 236.179668][ T40] audit: type=1400 audit(1722491906.390:898): avc: denied { connect } for pid=8507 comm="syz.0.867" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 236.335765][ T40] audit: type=1400 audit(1722491906.550:899): avc: denied { bind } for pid=8509 comm="syz.0.868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 237.061401][ T8525] netlink: 'syz.0.870': attribute type 12 has an invalid length. [ 237.113125][ T25] usb 6-1: new low-speed USB device number 16 using dummy_hcd [ 237.317109][ T25] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 237.321430][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 237.327528][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 237.332372][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 237.337739][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 237.345844][ T25] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 237.355592][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 237.359821][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 237.364821][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 237.370339][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 237.376454][ T25] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 237.379592][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 237.385965][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 237.390308][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 237.397126][ T25] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 237.409511][ T25] usb 6-1: string descriptor 0 read error: -22 [ 237.413872][ T25] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 237.429749][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.448074][ T25] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 238.049820][ T40] audit: type=1800 audit(1722491908.260:900): pid=8538 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.873" name="/" dev="fuse" ino=1 res=0 errno=0 [ 238.572564][ T25] usb 6-1: USB disconnect, device number 16 [ 239.051686][ T40] audit: type=1326 audit(1722491909.260:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8542 comm="syz.2.877" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4095773b9 code=0x7ffc0000 [ 239.074803][ T8545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.876'. [ 239.076391][ T40] audit: type=1326 audit(1722491909.260:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8542 comm="syz.2.877" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4095773b9 code=0x7ffc0000 [ 239.079485][ T8545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.876'. [ 239.102146][ T40] audit: type=1326 audit(1722491909.270:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8542 comm="syz.2.877" exe="/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7fb4095773b9 code=0x7ffc0000 [ 239.119727][ T40] audit: type=1326 audit(1722491909.270:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8542 comm="syz.2.877" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4095773b9 code=0x7ffc0000 [ 239.137546][ T40] audit: type=1326 audit(1722491909.270:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8542 comm="syz.2.877" exe="/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fb4095773b9 code=0x7ffc0000 [ 239.146145][ T8547] netlink: 60 bytes leftover after parsing attributes in process `syz.2.878'. [ 239.147812][ T40] audit: type=1326 audit(1722491909.270:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8542 comm="syz.2.877" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4095773b9 code=0x7ffc0000 [ 239.163126][ T40] audit: type=1326 audit(1722491909.270:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8542 comm="syz.2.877" exe="/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb4095773b9 code=0x7ffc0000 [ 239.187925][ T40] audit: type=1326 audit(1722491909.270:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8542 comm="syz.2.877" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4095773b9 code=0x7ffc0000 [ 239.199572][ T40] audit: type=1326 audit(1722491909.270:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8542 comm="syz.2.877" exe="/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fb4095773b9 code=0x7ffc0000 [ 239.402456][ T8557] FAULT_INJECTION: forcing a failure. [ 239.402456][ T8557] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.414258][ T8557] CPU: 3 UID: 0 PID: 8557 Comm: syz.1.881 Not tainted 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0 [ 239.419771][ T8557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 239.424748][ T8557] Call Trace: [ 239.426176][ T8557] [ 239.427472][ T8557] dump_stack_lvl+0x16c/0x1f0 [ 239.429708][ T8557] should_fail_ex+0x497/0x5b0 [ 239.432186][ T8557] _copy_to_user+0x30/0xc0 [ 239.434174][ T8557] simple_read_from_buffer+0xd0/0x160 [ 239.436761][ T8557] proc_fail_nth_read+0x1b0/0x290 [ 239.439188][ T8557] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 239.441723][ T8557] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 239.444282][ T8557] vfs_read+0x1d4/0xbd0 [ 239.446241][ T8557] ? selinux_socket_connect+0x6b/0x80 [ 239.448578][ T8557] ? __fdget_pos+0xeb/0x180 [ 239.450589][ T8557] ? __pfx_vfs_read+0x10/0x10 [ 239.452659][ T8557] ? __pfx___mutex_lock+0x10/0x10 [ 239.454897][ T8557] ? __fget_files+0x256/0x400 [ 239.456926][ T8557] ksys_read+0x12f/0x260 [ 239.458908][ T8557] ? __pfx_ksys_read+0x10/0x10 [ 239.460935][ T8557] do_syscall_64+0xcd/0x250 [ 239.463055][ T8557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.465733][ T8557] RIP: 0033:0x7fde9b375dfc [ 239.467900][ T8557] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 239.476477][ T8557] RSP: 002b:00007fde9c0b7040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 239.479775][ T8557] RAX: ffffffffffffffda RBX: 00007fde9b505f80 RCX: 00007fde9b375dfc [ 239.482949][ T8557] RDX: 000000000000000f RSI: 00007fde9c0b70b0 RDI: 0000000000000004 [ 239.486177][ T8557] RBP: 00007fde9c0b70a0 R08: 0000000000000000 R09: 0000000000000000 [ 239.489663][ T8557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.492307][ T8557] R13: 000000000000000b R14: 00007fde9b505f80 R15: 00007ffd3e0e7c18 [ 239.495835][ T8557] [ 240.874784][ T8584] fuse: Bad value for 'fd' [ 240.892490][ T8584] netlink: 20 bytes leftover after parsing attributes in process `syz.3.888'. [ 240.896649][ T8584] netlink: 8 bytes leftover after parsing attributes in process `syz.3.888'. [ 241.273201][ T5731] usb 5-1: new low-speed USB device number 19 using dummy_hcd [ 241.465217][ T5731] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 241.468323][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 241.472597][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 241.476856][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 241.481336][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 241.486886][ T5731] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 241.489957][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 241.494423][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 241.498544][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 241.503117][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 241.509040][ T5731] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 241.512088][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 241.516734][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 241.520853][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 241.526035][ T5731] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 241.534396][ T5731] usb 5-1: string descriptor 0 read error: -22 [ 241.537341][ T5731] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 241.541391][ T5731] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.558185][ T5731] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 241.647155][ T8593] Malformed UNC in devname [ 241.647155][ T8593] [ 241.650331][ T8593] CIFS: VFS: Malformed UNC in devname [ 242.510441][ T5731] usb 5-1: USB disconnect, device number 19 [ 242.569850][ T8610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.895'. [ 242.574156][ T8610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.895'. [ 243.104699][ T8612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 243.340853][ T8620] fuse: Bad value for 'group_id' [ 243.343422][ T8620] fuse: Bad value for 'group_id' [ 243.839805][ T40] kauditd_printk_skb: 24 callbacks suppressed [ 243.839820][ T40] audit: type=1400 audit(1722491914.050:934): avc: denied { setopt } for pid=8636 comm="syz.3.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 244.464028][ T8667] netlink: 2060 bytes leftover after parsing attributes in process `syz.3.904'. [ 244.480560][ T8667] netlink: 'syz.3.904': attribute type 1 has an invalid length. [ 244.484764][ T8667] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.904'. [ 244.610630][ T8665] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 244.769221][ T8] usb 6-1: new low-speed USB device number 17 using dummy_hcd [ 244.976503][ T8] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 244.979546][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 244.985523][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 244.990151][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 244.995226][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 245.003162][ T8] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 245.006910][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 245.010984][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 245.018668][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 245.025047][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 245.034390][ T8] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 245.037915][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 245.047152][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 245.051380][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 245.059987][ T8] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 245.076235][ T8] usb 6-1: string descriptor 0 read error: -22 [ 245.095422][ T8] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 245.100055][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.131716][ T8] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 245.327981][ T40] audit: type=1400 audit(1722491915.540:935): avc: denied { listen } for pid=8696 comm="syz.2.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 245.337025][ T40] audit: type=1400 audit(1722491915.540:936): avc: denied { accept } for pid=8696 comm="syz.2.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 245.397462][ T40] audit: type=1400 audit(1722491915.610:937): avc: denied { connect } for pid=8696 comm="syz.2.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 245.406296][ T40] audit: type=1400 audit(1722491915.610:938): avc: denied { bind } for pid=8696 comm="syz.2.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 245.418349][ T40] audit: type=1400 audit(1722491915.610:939): avc: denied { read } for pid=8696 comm="syz.2.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 245.484433][ T40] audit: type=1400 audit(1722491915.690:940): avc: denied { write } for pid=8696 comm="syz.2.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 245.823067][ T40] audit: type=1800 audit(1722491916.030:941): pid=8708 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.915" name="/" dev="fuse" ino=1 res=0 errno=0 [ 245.898518][ T25] usb 6-1: USB disconnect, device number 17 [ 246.920982][ T8725] netlink: 2060 bytes leftover after parsing attributes in process `syz.1.917'. [ 246.925064][ T8725] netlink: 'syz.1.917': attribute type 1 has an invalid length. [ 246.933158][ T8725] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.917'. [ 247.319119][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 248.075922][ T40] audit: type=1400 audit(1722491918.290:942): avc: denied { accept } for pid=8737 comm="syz.0.924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 248.393101][ T5371] usb 5-1: new low-speed USB device number 20 using dummy_hcd [ 248.502484][ T8742] kvm: emulating exchange as write [ 248.576800][ T5371] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 248.579965][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 248.584736][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 248.591075][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 248.597351][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 248.603658][ T5371] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 248.607066][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 248.611856][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 248.618033][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 248.623214][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 248.636322][ T5371] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 248.640540][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 248.646542][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 248.650790][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 248.655502][ T5371] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 248.666393][ T5371] usb 5-1: string descriptor 0 read error: -22 [ 248.669143][ T5371] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 248.675078][ T5371] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.687573][ T5371] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 249.439377][ T833] usb 5-1: USB disconnect, device number 20 [ 253.343123][ T833] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 253.523087][ T833] usb 7-1: Using ep0 maxpacket: 8 [ 253.534906][ T833] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 253.539449][ T833] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 253.544739][ T833] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 253.548889][ T833] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 253.560337][ T833] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 253.564412][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.791292][ T833] usb 7-1: GET_CAPABILITIES returned 0 [ 253.794092][ T833] usbtmc 7-1:16.0: can't read capabilities [ 254.002484][ T8772] usbtmc 7-1:16.0: send_request_dev_dep_msg_in returned -90 [ 254.014935][ T5370] usb 7-1: USB disconnect, device number 16 [ 254.110809][ T40] audit: type=1400 audit(1722491924.320:943): avc: denied { watch_reads } for pid=8777 comm="syz.0.939" path="/250" dev="tmpfs" ino=1388 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 254.259995][ T40] audit: type=1400 audit(1722491924.470:944): avc: denied { getopt } for pid=8777 comm="syz.0.939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 254.305068][ T5327] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 254.311896][ T5327] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 254.324333][ T5327] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 254.330812][ T5327] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 254.336148][ T5327] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 254.339755][ T5327] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 254.535862][ T8785] chnl_net:caif_netlink_parms(): no params data found [ 254.700469][ T8785] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.704543][ T8785] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.715112][ T8785] bridge_slave_0: entered allmulticast mode [ 254.718950][ T8785] bridge_slave_0: entered promiscuous mode [ 254.724538][ T8785] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.727854][ T8785] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.749624][ T8785] bridge_slave_1: entered allmulticast mode [ 254.753774][ T8785] bridge_slave_1: entered promiscuous mode [ 254.841888][ T8804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.943'. [ 254.848120][ T8804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.943'. [ 254.858403][ T8785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 254.865610][ T8785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 254.937093][ T8785] team0: Port device team_slave_0 added [ 254.943529][ T8785] team0: Port device team_slave_1 added [ 254.999266][ T8785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 255.002173][ T8785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 255.016118][ T8785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 255.022474][ T8785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 255.025491][ T8785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 255.039014][ T8785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 255.104699][ T833] usb 7-1: new low-speed USB device number 17 using dummy_hcd [ 255.117031][ T8785] hsr_slave_0: entered promiscuous mode [ 255.120382][ T8785] hsr_slave_1: entered promiscuous mode [ 255.123583][ T8785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 255.126662][ T8785] Cannot create hsr debugfs directory [ 255.288003][ T833] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 255.291140][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 255.301304][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 255.310190][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 255.313513][ T8785] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.315245][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 255.325303][ T833] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 255.328488][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 255.332564][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 255.336880][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 255.341535][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 255.347772][ T833] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 255.350941][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 255.355459][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 255.359564][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 255.364272][ T833] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 255.371664][ T833] usb 7-1: string descriptor 0 read error: -22 [ 255.374552][ T833] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 255.378476][ T833] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.389403][ T833] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 255.412619][ T8785] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.509547][ T8785] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.622446][ T8785] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.939240][ T8785] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 256.004176][ T8785] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 256.010634][ T8785] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 256.041514][ T8785] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 256.189762][ T8785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 256.215597][ T8785] 8021q: adding VLAN 0 to HW filter on device team0 [ 256.241893][ T6272] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.249087][ T6272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 256.265153][ T6272] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.268384][ T6272] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.279194][ T8] usb 7-1: USB disconnect, device number 17 [ 256.433149][ T5327] Bluetooth: hci2: command tx timeout [ 256.469489][ T8785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 256.516102][ T8785] veth0_vlan: entered promiscuous mode [ 256.526377][ T8785] veth1_vlan: entered promiscuous mode [ 256.557744][ T8785] veth0_macvtap: entered promiscuous mode [ 256.562211][ T8785] veth1_macvtap: entered promiscuous mode [ 256.576263][ T8785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.580604][ T8785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.587119][ T8785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.591454][ T8785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.596380][ T8785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.600717][ T8785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.604865][ T8785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.609065][ T8785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.613683][ T8785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.618046][ T8785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.623976][ T8785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 256.635813][ T8785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.639979][ T8785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.644091][ T8785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.648370][ T8785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.652315][ T8785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.657939][ T8785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.661937][ T8785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.667049][ T8785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.673002][ T8785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 256.683583][ T8785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.686443][ T8785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.689226][ T8785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.692558][ T8785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.754675][ T551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.758858][ T551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.788944][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.792222][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.248750][ T5335] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 257.262888][ T5335] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 257.269644][ T5335] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 257.290114][ T5335] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 257.314459][ T5335] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 257.318776][ T5335] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 257.402827][ T8850] netlink: 8 bytes leftover after parsing attributes in process `syz.3.954'. [ 257.407343][ T8850] netlink: 8 bytes leftover after parsing attributes in process `syz.3.954'. [ 257.553942][ T8839] chnl_net:caif_netlink_parms(): no params data found [ 257.608228][ T8857] batadv0: mtu less than device minimum [ 257.708068][ T8839] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.711285][ T8839] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.714520][ T8839] bridge_slave_0: entered allmulticast mode [ 257.723109][ T8839] bridge_slave_0: entered promiscuous mode [ 257.732473][ T8839] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.735644][ T8839] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.739538][ T8839] bridge_slave_1: entered allmulticast mode [ 257.745577][ T8839] bridge_slave_1: entered promiscuous mode [ 257.862762][ T8872] netlink: 2060 bytes leftover after parsing attributes in process `syz.3.956'. [ 257.865202][ T8839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.865431][ T8873] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.872078][ T8872] netlink: 'syz.3.956': attribute type 1 has an invalid length. [ 257.879604][ T8872] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.956'. [ 257.917251][ T8839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 258.020331][ T8839] team0: Port device team_slave_0 added [ 258.027344][ T8839] team0: Port device team_slave_1 added [ 258.116273][ T8839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 258.119261][ T8839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 258.139647][ T8839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 258.148514][ T8839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 258.151463][ T8839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 258.168277][ T8839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 258.274409][ T8839] hsr_slave_0: entered promiscuous mode [ 258.281847][ T8839] hsr_slave_1: entered promiscuous mode [ 258.293480][ T8839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 258.297150][ T8839] Cannot create hsr debugfs directory [ 258.506275][ T8839] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.513265][ T5335] Bluetooth: hci2: command tx timeout [ 258.597353][ T8839] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.852584][ T8839] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.945232][ T8839] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.132499][ T8839] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 259.138856][ T8839] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 259.156127][ T8839] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 259.192903][ T8839] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 259.287012][ T8839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.308240][ T8839] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.324188][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.327259][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 259.332000][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.344882][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.379330][ T8839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 259.385811][ T5335] Bluetooth: hci6: command tx timeout [ 259.582717][ T8839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.637194][ T8839] veth0_vlan: entered promiscuous mode [ 259.646576][ T8839] veth1_vlan: entered promiscuous mode [ 259.678034][ T8839] veth0_macvtap: entered promiscuous mode [ 259.685982][ T8839] veth1_macvtap: entered promiscuous mode [ 259.699850][ T8839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.704400][ T8839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.709065][ T8839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.717850][ T8839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.724405][ T8839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.729082][ T8839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.733758][ T8839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.738243][ T8839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.742860][ T8839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.747982][ T8839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.752191][ T8839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.756288][ T8839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.764717][ T8839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 259.777872][ T8839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 259.782372][ T8839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.787781][ T8839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 259.792604][ T8839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.796934][ T8839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 259.801569][ T8839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.807544][ T8839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 259.811966][ T8839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.816407][ T8839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 259.820977][ T8839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.827436][ T8839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 259.835319][ T8839] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.838903][ T8839] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.842245][ T8839] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.845942][ T8839] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.947186][ T551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 259.966668][ T551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.002460][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.006157][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.289871][ T8907] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 260.292742][ T8907] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 260.297186][ T8907] vhci_hcd vhci_hcd.0: Device attached [ 260.332414][ T8907] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(8) [ 260.335374][ T8907] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 260.338778][ T8907] vhci_hcd vhci_hcd.0: Device attached [ 260.344797][ T8907] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 260.353023][ T5335] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 260.423175][ T35] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 260.493924][ T5731] vhci_hcd: vhci_device speed not set [ 260.563629][ T5731] usb 13-1: new full-speed USB device number 2 using vhci_hcd [ 260.583505][ T5335] Bluetooth: hci2: command tx timeout [ 260.643132][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 260.647383][ T35] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 260.652429][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 260.657153][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 260.661467][ T35] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 260.668720][ T35] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 260.676401][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.947129][ T35] usb 6-1: GET_CAPABILITIES returned 0 [ 260.949666][ T35] usbtmc 6-1:16.0: can't read capabilities [ 261.133538][ T8910] vhci_hcd: connection closed [ 261.134557][ T8908] vhci_hcd: connection reset by peer [ 261.142003][ T1111] vhci_hcd: stop threads [ 261.144712][ T1111] vhci_hcd: release socket [ 261.148509][ T1111] vhci_hcd: disconnect device [ 261.152350][ T1111] vhci_hcd: stop threads [ 261.154130][ T1111] vhci_hcd: release socket [ 261.157135][ T8898] usbtmc 6-1:16.0: send_request_dev_dep_msg_in returned -90 [ 261.160199][ T1111] vhci_hcd: disconnect device [ 261.166087][ T25] usb 6-1: USB disconnect, device number 18 [ 261.474423][ T5335] Bluetooth: hci6: command tx timeout [ 261.642759][ T1381] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.772609][ T8924] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.634038][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 262.663290][ T5335] Bluetooth: hci2: command tx timeout [ 262.691431][ T8960] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 262.694217][ T8960] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 262.704414][ T8960] vhci_hcd vhci_hcd.0: Device attached [ 262.718589][ T8960] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(8) [ 262.721179][ T8960] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 262.724671][ T8960] vhci_hcd vhci_hcd.0: Device attached [ 262.734234][ T8960] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 262.744932][ T5335] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 262.934271][ T8650] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 262.944580][ T8722] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 262.965634][ T8863] ================================================================== [ 262.969393][ T8863] BUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x37d/0x410 [ 262.973376][ T8863] Read of size 8 at addr ffff888047242058 by task syz.3.956/8863 [ 262.978963][ T8863] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 262.980366][ T8863] CPU: 2 UID: 0 PID: 8863 Comm: syz.3.956 Not tainted 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0 [ 262.985340][ T8863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 262.990614][ T8863] Call Trace: [ 262.992241][ T8863] [ 262.993724][ T8863] dump_stack_lvl+0x116/0x1f0 [ 263.002110][ T8863] print_report+0xc3/0x620 [ 263.004090][ T8863] ? __virt_addr_valid+0x5e/0x590 [ 263.006426][ T8863] ? __phys_addr+0xc6/0x150 [ 263.008520][ T8863] kasan_report+0xd9/0x110 [ 263.010597][ T8863] ? skb_queue_purge_reason+0x37d/0x410 [ 263.019601][ T8863] ? skb_queue_purge_reason+0x37d/0x410 [ 263.022125][ T8863] skb_queue_purge_reason+0x37d/0x410 [ 263.024598][ T8863] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 263.027292][ T8863] ? lockdep_hardirqs_on+0x7c/0x110 [ 263.030893][ T8863] ? drain_workqueue+0x309/0x3d0 [ 263.033310][ T8863] ? hci_inquiry_cache_flush+0x176/0x2f0 [ 263.036552][ T8863] ? __pfx_vhci_flush+0x10/0x10 [ 263.038840][ T8863] vhci_flush+0x40/0x50 [ 263.040706][ T8863] hci_dev_reset+0x22e/0x530 [ 263.042774][ T8863] hci_sock_ioctl+0x3d2/0x880 [ 263.044993][ T8863] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 263.047470][ T8863] sock_do_ioctl+0x116/0x280 [ 263.049771][ T8863] ? __pfx_sock_do_ioctl+0x10/0x10 [ 263.052026][ T8863] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470 [ 263.055167][ T8863] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 263.058104][ T8863] sock_ioctl+0x22e/0x6c0 [ 263.059954][ T8863] ? __pfx_sock_ioctl+0x10/0x10 [ 263.062765][ T8863] ? selinux_file_ioctl+0x180/0x270 [ 263.065146][ T8863] ? selinux_file_ioctl+0xb4/0x270 [ 263.067461][ T8863] ? __pfx_sock_ioctl+0x10/0x10 [ 263.069558][ T8863] __x64_sys_ioctl+0x193/0x220 [ 263.071414][ T8863] do_syscall_64+0xcd/0x250 [ 263.073361][ T8863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.075652][ T8863] RIP: 0033:0x7fc6f69773b9 [ 263.077407][ T8863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.084837][ T8863] RSP: 002b:00007fc6f772e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 263.088081][ T8863] RAX: ffffffffffffffda RBX: 00007fc6f6b06058 RCX: 00007fc6f69773b9 [ 263.091176][ T8863] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000006 [ 263.094076][ T8863] RBP: 00007fc6f69e48e6 R08: 0000000000000000 R09: 0000000000000000 [ 263.097117][ T8863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 263.100150][ T8863] R13: 000000000000006e R14: 00007fc6f6b06058 R15: 00007ffcb68f7e08 [ 263.103183][ T8863] [ 263.104483][ T8863] [ 263.105546][ T8863] Allocated by task 8254: [ 263.107454][ T8863] kasan_save_stack+0x33/0x60 [ 263.109601][ T8863] kasan_save_track+0x14/0x30 [ 263.111795][ T8863] __kasan_kmalloc+0xaa/0xb0 [ 263.113910][ T8863] vhci_open+0x4c/0x440 [ 263.115760][ T8863] misc_open+0x3da/0x4c0 [ 263.117851][ T8863] chrdev_open+0x26d/0x6f0 [ 263.119956][ T8863] do_dentry_open+0x91f/0x15f0 [ 263.121998][ T8863] vfs_open+0x82/0x3f0 [ 263.123721][ T8863] path_openat+0x2141/0x2d20 [ 263.126083][ T8863] do_filp_open+0x1dc/0x430 [ 263.128060][ T8863] do_sys_openat2+0x17a/0x1e0 [ 263.130497][ T8863] __x64_sys_openat+0x175/0x210 [ 263.133426][ T8863] do_syscall_64+0xcd/0x250 [ 263.136770][ T8863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.139253][ T8863] [ 263.140211][ T8863] Freed by task 8454: [ 263.141799][ T8863] kasan_save_stack+0x33/0x60 [ 263.143643][ T8863] kasan_save_track+0x14/0x30 [ 263.145509][ T8863] kasan_save_free_info+0x3b/0x60 [ 263.147484][ T8863] poison_slab_object+0xf7/0x160 [ 263.149761][ T8863] __kasan_slab_free+0x32/0x50 [ 263.151944][ T8863] kfree+0x12a/0x3b0 [ 263.155395][ T8863] vhci_release+0xc4/0x100 [ 263.157823][ T8863] __fput+0x408/0xbb0 [ 263.160113][ T8863] task_work_run+0x14e/0x250 [ 263.162618][ T8863] do_exit+0xaa3/0x2bb0 [ 263.164504][ T8863] do_group_exit+0xd3/0x2a0 [ 263.166468][ T8863] get_signal+0x25fd/0x2770 [ 263.168540][ T8863] arch_do_signal_or_restart+0x90/0x7e0 [ 263.170751][ T8863] syscall_exit_to_user_mode+0x150/0x2a0 [ 263.172990][ T8863] do_syscall_64+0xda/0x250 [ 263.175017][ T8863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.177657][ T8863] [ 263.178693][ T8863] The buggy address belongs to the object at ffff888047242000 [ 263.178693][ T8863] which belongs to the cache kmalloc-1k of size 1024 [ 263.184331][ T8863] The buggy address is located 88 bytes inside of [ 263.184331][ T8863] freed 1024-byte region [ffff888047242000, ffff888047242400) [ 263.189666][ T8863] [ 263.190557][ T8863] The buggy address belongs to the physical page: [ 263.192882][ T8863] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47240 [ 263.196069][ T8863] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 263.199851][ T8863] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 263.203747][ T8863] page_type: 0xfdffffff(slab) [ 263.205679][ T8863] raw: 00fff00000000040 ffff888015842dc0 dead000000000100 dead000000000122 [ 263.209247][ T8863] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 263.212825][ T8863] head: 00fff00000000040 ffff888015842dc0 dead000000000100 dead000000000122 [ 263.216509][ T8863] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 263.220261][ T8863] head: 00fff00000000003 ffffea00011c9001 ffffffffffffffff 0000000000000000 [ 263.224176][ T8863] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 263.227669][ T8863] page dumped because: kasan: bad access detected [ 263.230429][ T8863] page_owner tracks the page as allocated [ 263.232788][ T8863] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5324, tgid 5324 (syz-executor), ts 56605215835, free_ts 0 [ 263.241470][ T8863] post_alloc_hook+0x2d1/0x350 [ 263.243603][ T8863] get_page_from_freelist+0x1351/0x2e50 [ 263.246234][ T8863] __alloc_pages_noprof+0x22b/0x2460 [ 263.248368][ T8863] alloc_slab_page+0x4e/0xf0 [ 263.250665][ T8863] new_slab+0x84/0x260 [ 263.252937][ T8863] ___slab_alloc+0xdac/0x1870 [ 263.255631][ T8863] __slab_alloc.constprop.0+0x56/0xb0 [ 263.260135][ T8863] __kmalloc_node_track_caller_noprof+0x355/0x430 [ 263.262783][ T8863] kmalloc_reserve+0xef/0x2c0 [ 263.264837][ T8863] __alloc_skb+0x164/0x380 [ 263.266666][ T8863] inet6_rt_notify+0xf0/0x2c0 [ 263.268547][ T8863] fib6_add+0x2503/0x4ba0 [ 263.270264][ T8863] ip6_route_add+0x8d/0x190 [ 263.272025][ T8863] addrconf_add_mroute+0x1de/0x350 [ 263.274200][ T8863] addrconf_add_dev+0x14e/0x1c0 [ 263.276578][ T8863] addrconf_init_auto_addrs+0x380/0x820 [ 263.279189][ T8863] page_owner free stack trace missing [ 263.281784][ T8863] [ 263.282829][ T8863] Memory state around the buggy address: [ 263.285339][ T8863] ffff888047241f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 263.288663][ T8863] ffff888047241f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 263.292187][ T8863] >ffff888047242000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 263.296050][ T8863] ^ [ 263.298898][ T8863] ffff888047242080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 263.301972][ T8863] ffff888047242100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 263.305836][ T8863] ================================================================== [ 263.338942][ T8863] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 263.342126][ T8863] CPU: 0 UID: 0 PID: 8863 Comm: syz.3.956 Not tainted 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0 [ 263.346605][ T8863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 263.351330][ T8863] Call Trace: [ 263.352781][ T8863] [ 263.354064][ T8863] dump_stack_lvl+0x3d/0x1f0 [ 263.355980][ T8863] panic+0x6f5/0x7a0 [ 263.357701][ T8863] ? __pfx_panic+0x10/0x10 [ 263.359670][ T8863] ? irqentry_exit+0x3b/0x90 [ 263.362050][ T8863] ? lockdep_hardirqs_on+0x7c/0x110 [ 263.364475][ T8863] ? preempt_schedule_thunk+0x1a/0x30 [ 263.366986][ T8863] ? preempt_schedule_common+0x44/0xc0 [ 263.369468][ T8863] check_panic_on_warn+0xab/0xb0 [ 263.371661][ T8863] end_report+0x117/0x180 [ 263.373551][ T8863] kasan_report+0xe9/0x110 [ 263.375536][ T8863] ? skb_queue_purge_reason+0x37d/0x410 [ 263.378078][ T8863] ? skb_queue_purge_reason+0x37d/0x410 [ 263.380406][ T8863] skb_queue_purge_reason+0x37d/0x410 [ 263.382524][ T8863] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 263.385634][ T8863] ? lockdep_hardirqs_on+0x7c/0x110 [ 263.387823][ T8863] ? drain_workqueue+0x309/0x3d0 [ 263.389917][ T8863] ? hci_inquiry_cache_flush+0x176/0x2f0 [ 263.392587][ T8863] ? __pfx_vhci_flush+0x10/0x10 [ 263.394706][ T8863] vhci_flush+0x40/0x50 [ 263.396490][ T8863] hci_dev_reset+0x22e/0x530 [ 263.398601][ T8863] hci_sock_ioctl+0x3d2/0x880 [ 263.400959][ T8863] ? __pfx_hci_sock_ioctl+0x10/0x10 [ 263.403179][ T8863] sock_do_ioctl+0x116/0x280 [ 263.405239][ T8863] ? __pfx_sock_do_ioctl+0x10/0x10 [ 263.407514][ T8863] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470 [ 263.410600][ T8863] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 263.413585][ T8863] sock_ioctl+0x22e/0x6c0 [ 263.415485][ T8863] ? __pfx_sock_ioctl+0x10/0x10 [ 263.417616][ T8863] ? selinux_file_ioctl+0x180/0x270 [ 263.420216][ T8863] ? selinux_file_ioctl+0xb4/0x270 [ 263.422509][ T8863] ? __pfx_sock_ioctl+0x10/0x10 [ 263.424613][ T8863] __x64_sys_ioctl+0x193/0x220 [ 263.426654][ T8863] do_syscall_64+0xcd/0x250 [ 263.428585][ T8863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.431167][ T8863] RIP: 0033:0x7fc6f69773b9 [ 263.433046][ T8863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.441275][ T8863] RSP: 002b:00007fc6f772e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 263.445083][ T8863] RAX: ffffffffffffffda RBX: 00007fc6f6b06058 RCX: 00007fc6f69773b9 [ 263.448399][ T8863] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000006 [ 263.451599][ T8863] RBP: 00007fc6f69e48e6 R08: 0000000000000000 R09: 0000000000000000 [ 263.455037][ T8863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 263.457945][ T8863] R13: 000000000000006e R14: 00007fc6f6b06058 R15: 00007ffcb68f7e08 [ 263.460851][ T8863] [ 263.462487][ T8863] Kernel Offset: disabled [ 263.464108][ T8863] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:58:53 Registers: info registers vcpu 0 CPU#0 RAX=ffffffff81f1ba34 RBX=0000000000000000 RCX=1ffff11004b7ca7a RDX=1ffff11004b7ca7c RSI=0000000000000021 RDI=ffff888025be53e0 RBP=0000000000000000 RSP=ffffc90003777358 R8 =0000000000000000 R9 =0000000000000000 R10=000000000000000f R11=0000000000000002 R12=ffffffff8ddb53a0 R13=ffff888025be53d8 R14=0000000000000021 R15=ffff888025be4880 RIP=ffffffff81682723 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020446000 CR3=0000000057658000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6002d5488 00007fe6002d5480 00007fe6002d5478 00007fe6002d5450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe600e3d100 00007fe6002d5440 00007fe6002d0004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6002d5498 00007fe6002d5490 00007fe6002d5488 00007fe6002d5480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000060 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffffffff9462b510 RBX=ffffed100385d5e3 RCX=0000000000000000 RDX=fffffbfff28c50d9 RSI=0000000000000004 RDI=ffffffff9462b5d4 RBP=0000000000000036 RSP=ffffc900032875e8 R8 =0000000000000000 R9 =fffffbfff28c50d8 R10=ffffffff946286c7 R11=0000000000000002 R12=dffffc0000000000 R13=0000000000000002 R14=0000000000000002 R15=ffff88801c2ea440 RIP=ffffffff81682a78 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fff39da8e20 CR3=00000000213be000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=00000000000000ff Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdcdced56a3 00007fdcdced56a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff39dab020 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555571efb354 0000555571efb350 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555571ef84a0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555571efd61a 0000555571efd3e0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555571f085c4 0000555571f085c0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555571efa900 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff0405800303 ffffffff0404f003 00080004e8030108 0004e00300080004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100100003ffffff ff04221000060101 e202a01000038004 0a10000601029600 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0800059803000800 05900303ffffffff 0405800303ffffff ff0404f003000800 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 04e80301080004e0 0300080004d80300 080004d00303ffff ffff0404c0030008 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0004b80300080004 b00303ffffffff04 04a0030008000498 0301080004900300 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000000007a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fe2745 RDI=ffffffff9519a720 RBP=ffffffff9519a6e0 RSP=ffffc900036b7580 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=000000000000007a R14=ffffffff84fe26e0 R15=0000000000000000 RIP=ffffffff84fe276f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fc6f772e6c0 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002046e000 CR3=00000000489fc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc26772650 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6001e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000060 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000060 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=1ffff1100bb50718 RBX=0000000000000116 RCX=ffffffff81d4bf56 RDX=0000000000000000 RSI=0000000000000000 RDI=0000000000000007 RBP=ffffea0000ad0280 RSP=ffffc900036975f8 R8 =0000000000000004 R9 =00000000000001fd R10=0000000000000116 R11=0000000000000000 R12=0000000000000000 R13=dffffc0000000000 R14=ffff88805da83000 R15=00007fde9aa0e000 RIP=ffffffff818a7470 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020526000 CR3=0000000057658000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=000000000200c0d0 Opmask01=0000000000000000 Opmask02=000000007fffffff Opmask03=2040000404420020 Opmask04=00000000ffffffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f9f93c5f00 000055f9f93b6720 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a0ba364e4663d226 7373268fd5d0b52c ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737371d2 7373737373737373 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6764610032706f6f 6c2f6b636f6c6200 44455a494c414954 494e495f43455355 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f306963682f6874 6f6f7465756c622f 6c6175747269762f 736563697665642f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d3c9453d3510a155 000055fca6a5ec83 00000000000000a1 0000000000306963 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 302e36313a312d36 0000000000000021 0000000000302e36 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1e029f2280 000055f9f9416e20 00000000000101c1 0000003177617264 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 264c383a3a264f38 3a3a264e383a3a26 49383a3a2648383a 3a2633383a3a2632 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020