last executing test programs: 6.889649653s ago: executing program 1 (id=1979): inotify_init1(0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x8, 0x141341) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f00000004c0)={0x2, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0}) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) open(0x0, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmsg$alg(r4, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=[@op={0x10}], 0x10}, 0x0) unshare(0x22020400) socket$inet6(0xa, 0x2, 0x40000002) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) pselect6(0x40, &(0x7f0000000580)={0xc, 0x1, 0xc000000000000, 0x5, 0x6, 0x9}, &(0x7f00000005c0)={0xdd15, 0x1, 0x100000001, 0x0, 0xc, 0x6, 0x4, 0x7}, &(0x7f0000000600)={0x2, 0x19a, 0x7, 0x80000000, 0x2, 0x1000, 0x5, 0x5}, &(0x7f0000000640), &(0x7f00000006c0)={&(0x7f0000000680)={[0xfdc]}, 0x8}) setsockopt$TIPC_SRC_DROPPABLE(r5, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4) sendmmsg$inet(r5, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48) bpf$BPF_GET_PROG_INFO(0x15, &(0x7f0000000080)={r6, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffda6, 0x22, 0x8, 0x0, 0x0}}, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) 5.890101452s ago: executing program 1 (id=1983): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x1) ioperm(0x0, 0x0, 0x1) r1 = getpid() syz_pidfd_open(0x0, 0x0) r2 = open(&(0x7f0000000140)='.\x00', 0x0, 0x0) r3 = dup2(r2, r2) openat$cgroup_int(r3, 0x0, 0x657, 0xfeffffff) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, &(0x7f0000000180)) sendmsg$nl_route(r2, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=@RTM_NEWMDB={0x58, 0x54, 0x4, 0x70bd2d, 0x25dfdbff, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x0, 0x2, {@in6_addr=@rand_addr=' \x01\x00', 0x105ba}}}, @MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x5, 0x0, {@in6_addr=@rand_addr=' \x01\x00', 0x8edd}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x84) syz_io_uring_setup(0x67fd, &(0x7f0000000100), 0x0, 0x0) io_uring_setup(0x4d63, &(0x7f0000000080)) r5 = socket(0x1f, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='tlb_flush\x00'}, 0xa) r6 = getpid() process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) chdir(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c1000003e0007012ebd700004101c000100000004000002041001"], 0x101c}}, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) recvmmsg(r7, &(0x7f0000005340)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000006c0)=""/209, 0xd1}, {&(0x7f00000007c0)=""/169, 0xa9}, {&(0x7f0000000880)=""/240, 0xf0}, {0x0}, {&(0x7f0000000400)=""/65, 0x41}], 0x5}, 0xffff}, {{&(0x7f0000000a80)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000002d80)=[{&(0x7f00000005c0)=""/22, 0x16}, {&(0x7f0000000b00)=""/4096, 0x1000}, {&(0x7f0000001b00)=""/8, 0x8}, {&(0x7f0000001b40)=""/186, 0xba}, {&(0x7f0000001c00)=""/148, 0x94}, {&(0x7f0000001cc0)=""/175, 0xaf}, {&(0x7f0000001d80)=""/4096, 0x1000}], 0x7, &(0x7f0000002e00)=""/27, 0x1b}, 0x8}, {{&(0x7f0000002e40)=@alg, 0x80, &(0x7f0000003040)=[{&(0x7f0000002ec0)=""/250, 0xfa}], 0x1, &(0x7f0000003080)=""/3, 0x3}, 0x3}, {{&(0x7f00000030c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f00000036c0)=[{&(0x7f0000003140)=""/94, 0x5e}, {&(0x7f00000031c0)=""/45, 0x2d}, {&(0x7f0000003200)=""/201, 0xc9}, {&(0x7f0000003300)=""/198, 0xc6}, {&(0x7f0000003400)=""/226, 0xe2}, {&(0x7f0000003500)=""/97, 0x61}, {&(0x7f0000003580)=""/96, 0x60}, {&(0x7f0000003600)=""/135, 0x87}], 0x8, &(0x7f0000003740)=""/184, 0xb8}, 0xffffffff}, {{0x0, 0x0, &(0x7f0000003880)=[{&(0x7f0000003800)=""/73, 0x49}], 0x1}, 0xff}, {{&(0x7f00000038c0)=@ax25={{0x3, @netrom}, [@netrom, @netrom, @default, @bcast, @bcast, @default, @remote, @bcast]}, 0x80, &(0x7f0000005780)=[{&(0x7f0000003940)=""/165, 0xa5}, {&(0x7f0000003a00)=""/152, 0x98}, {&(0x7f0000003ac0)=""/154, 0x9a}, {&(0x7f0000003b80)=""/250, 0xfa}, {&(0x7f0000003c80)=""/4096, 0x1000}, {&(0x7f0000004c80)=""/39, 0x27}, {&(0x7f0000000540)=""/17, 0x11}, {&(0x7f0000006240)=""/4096, 0x1000}, {&(0x7f0000002fc0)=""/27, 0x1b}, {&(0x7f0000005600)=""/136, 0x88}, {&(0x7f00000056c0)=""/141, 0x8d}], 0xb, &(0x7f0000004d40)=""/217, 0xd9}, 0x9}, {{&(0x7f0000004e40)=@ethernet, 0x80, &(0x7f0000005200)=[{&(0x7f0000004ec0)=""/245, 0xf5}, {&(0x7f0000004fc0)=""/192, 0xc0}, {&(0x7f0000005080)=""/80, 0x50}, {&(0x7f0000004cc0)=""/88, 0x58}, {&(0x7f0000005180)=""/23, 0x17}, {&(0x7f00000051c0)=""/16, 0x10}], 0x6, &(0x7f0000005280)=""/150, 0x96}, 0x2}], 0x7, 0x0, &(0x7f0000005540)) 4.320622659s ago: executing program 3 (id=1988): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x0, 0x0, 0x0) 4.073048263s ago: executing program 1 (id=1990): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040), 0x10}, 0x90) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448de, 0x0) r2 = fsopen(&(0x7f0000000000)='selinuxfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f0000000040)='dirsync\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x98, r4, 0x5, 0x1000000, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x51, 0xe, {{{}, {}, @device_a, @device_b}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @val={0x5, 0x3}, @val={0x25, 0x3}, @val={0x2a, 0x1}, @void, @val={0x2d, 0x1a}, @void, @void, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x6}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x20d}]]}, 0x98}}, 0x0) 3.99967448s ago: executing program 1 (id=1992): r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x541c, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) ppoll(0x0, 0x0, &(0x7f0000000240), 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r3) getgroups(0x7, &(0x7f0000000280)=[r3, r3, r3, 0x0, r3, 0xffffffffffffffff, r3]) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000ac0)) syz_usb_control_io(r5, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_SREG={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) syz_usb_control_io$hid(r5, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00220f0000000bf896e404096592"], 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) r7 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) setrlimit(0x0, 0x0) ioctl$HIDIOCGUSAGE(r7, 0x501c4814, &(0x7f00000000c0)={0x2, 0xffffffff, 0x0, 0x0, 0x4e496f8}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000780), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01000000000000000000100000001800018014000200776c616e3000000000000000000000000800080000260000080009"], 0x3c}}, 0x0) setregid(r3, r4) getgroups(0x1, &(0x7f0000000180)=[0x0]) syz_usb_connect$uac1(0x3, 0x10d, &(0x7f0000000dc0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfb, 0x3, 0x1, 0xfd, 0x10, 0xd0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0x80}, [@mixer_unit={0x9, 0x24, 0x4, 0x5, 0x8, "84d6d545"}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x306, 0x6, 0x5, 0x8}, @output_terminal={0x9, 0x24, 0x3, 0x3, 0x306, 0x6, 0x2, 0x1}, @processing_unit={0xb, 0x24, 0x7, 0x3, 0x0, 0x81, "4e4c79c6"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0xc, 0x3, 0x1}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0xfc, 0x2, 0xcb, 0x10, "00335ec3ce"}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x1, 0x9, 0x2, "925766"}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x6, 0x1, 0x0, 0x0, "d1a46c"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x9, 0x1, 0x7, 0x6, "", "eadb"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x8, 0x4, 0x21, 0x7, 'ue'}]}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x5d, 0xe, 0x5, {0x7, 0x25, 0x1, 0x3, 0x16, 0x3}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x5, 0x1, 0x28, 0xd9, "11ace26f95ed"}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0xc, 0xfd, 0xc, "06"}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x80, 0x3, 0x8, 0x5, 'gw?'}, @as_header={0x7, 0x24, 0x1, 0x5, 0xe, 0x2}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x5, 0x1, 0x0, 0x78, "9cd53fe2c5"}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x8, 0xd9, 0x70, {0x7, 0x25, 0x1, 0x80, 0x3c}}}}}}}]}}, &(0x7f0000000d00)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x201, 0x6, 0x1, 0x5, 0xff, 0x9}, 0x27, &(0x7f0000000300)={0x5, 0xf, 0x27, 0x2, [@ssp_cap={0x18, 0x10, 0xa, 0x12, 0x3, 0x8000, 0xf, 0x6, [0x3f0f, 0x7f8000, 0xffc03f]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x1b, 0x0, 0x80}]}, 0xa, [{0xc9, &(0x7f0000000700)=@string={0xc9, 0x3, "bcdc9fc037503f8550fc2a4874e4a8203e2729cb5dc83c33870ead0f9f0f7813e71eb1e4199c62d291798d4ce2fc496d5cee2ec1f6244bfef7bb28408d9b983f572cb4d967b63041a3f1987e8f135f39cfb645d001217c7e737aefed14fc2e407e0d2efe00d7a8eaadbb0e554a4407fc1040159d046b1aa4c42b48f490baf24ce023e6c89f8b01aa6f819dc639527af6fc4cc05f69e54425af73d0627aedecf0dc7848cfdfd4bdb7c0fe9cc1a2a5ce7bbcf98bc85462e4c143a76b861f1b9df80a32c97c11af09"}}, {0xd8, &(0x7f0000000800)=@string={0xd8, 0x3, "9b0b8c664bf26a24b4471538a892ed1a75d43b5aca224f9bcaa0595cb54f27487cb777b395af607db406818d96f929640df0ccbbf23a6d51b42de7f3effc50ebb70a22ee65e6a6de92063e6b84f41a9a2a84b280c32494e5a1e7ff905f71832a3d41bfadb22818ed2281f956900f4d78c3601ed496f80463cec05282b2cc20049826ca5fe21d0ab50d336117382ddb7bf7c7e025c1ecbc51d2c4add91dc5a5209cdc140b5c781221aab27227deeb2f7b95078e0363895da4eccc5d0835f15df79f38f3dcf743eb7669b3b6def19fc3375f305f7662f8"}}, {0xac, &(0x7f0000000900)=@string={0xac, 0x3, "26eb6f626ca4d3cf4dfa47a9d0fcdcdbe66dca273009cdd41c1a97f643efc3efe43b2046b9ab3f302faeb619c824bbea2d07d8d843d47cfad151c6f09907fec7888882dd23740e4a59e34e6e949c91a5ac576bbb41487b3cc56940fcff54352bb72677acd3865e92c17683755438d15871d61463b785bac5554a540adcd42cc4f5820649701e3b7370039d15017c9bfd10f9e5aea30b7b70bb5b8d67b91f0fc514abe7b9dbe34cdff7a9"}}, {0x87, &(0x7f00000009c0)=@string={0x87, 0x3, "5fc4fdfb7039a3e814863b82de42054db8b11363765060a0e71f4cebb71a190ff834e7cbd4452f15effc2a0d5c2cbd0c8504a16b371177df74ebf2924a54c837cb55c35e32eb9238784b09ab1c532c9af559d0891d524abf6a2e2ca8c96c2a77be99a1da5d7668d3144e5a2845aaa8a5c788a17c1f717510c9e55d2f35fbaf0a68b30f8315"}}, {0x4e, &(0x7f0000000500)=@string={0x4e, 0x3, "52957eb854266659aea59e11964f72f61e12265a7e4c2476fc59e5571061fe27d12c1d4e68594866abf42c5de716f7f9bff508506139f66f5e92feccee24579cf44000870342fe38d45c04fe"}}, {0xa2, &(0x7f0000000b40)=@string={0xa2, 0x3, "b479be23e9646d886f20bf455a953d935239dfa1d6f8b260202e2a5b832e056abb0a1cbfa09c5c0dd54cc6cbb007d23116335ebc04a44fc14ee72744c5d7796de260704944b83da62dfea1d41220ab43e1d15901189f57a66af51286efc2a12543fa7fadb7621514eee3fb7195b40be3f6f618151bb97d22e463ca115d975b6814612a868eb12e86ab05151a2be52b1ae9f99c31d850db5e46faf9527dde71c7"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x457}}, {0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x807}}, {0x52, &(0x7f0000000c00)=@string={0x52, 0x3, "d321c70d129da56d7bb50f677b83533e0be76b0a0457f972ddfe42f5c5d5ef891b2199a4730fe55fc5892bdfaef86e7bfc1a2a433fb630d225362abb331191b539f813501d3290a44ca90c1e5305520d"}}, {0x5f, &(0x7f0000000c80)=@string={0x5f, 0x3, "0610ac9fd87bbee272d8374d81bdea72ecef659294cd8fb3798c02e6d5704782501e1c6176a69849984666ba5f52eb57c3d4baa8d3255d717e55a76b6c2f15757b6425066ce10a1b21ce78be349c0e3a3a43f09d1cdc4783234958e24d"}}]}) 3.390821046s ago: executing program 3 (id=1994): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x1000000}, [@IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10}]}]}]}, 0x38}}, 0x0) 3.330622095s ago: executing program 3 (id=1995): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)}, 0x0) write$binfmt_script(r1, &(0x7f0000000600), 0xfec8) recvmmsg(r1, &(0x7f0000007480)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000440)=""/96, 0x60}, {&(0x7f00000004c0)=""/158, 0x9e}, {&(0x7f0000000680)=""/215, 0xd7}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/205, 0xcd}, {&(0x7f0000000200)=""/29, 0x1d}, {&(0x7f0000000880)=""/131, 0x83}], 0x7}}, {{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f0000000380)=""/25, 0x19}, {&(0x7f0000001a40)=""/116, 0x74}, {&(0x7f0000001ac0)=""/181, 0xb5}], 0x3}}, {{0x0, 0x0, &(0x7f0000003fc0)=[{&(0x7f0000002c40)=""/90, 0x5a}, {&(0x7f0000003cc0)=""/140, 0x8c}, {&(0x7f0000003ec0)=""/163, 0xa3}], 0x3}}, {{0x0, 0x0, &(0x7f0000004480)=[{&(0x7f0000004180)=""/65, 0x41}, {&(0x7f0000004200)=""/94, 0x5e}, {&(0x7f0000004280)=""/84, 0x54}, {&(0x7f0000004300)=""/179, 0xb3}, {&(0x7f00000043c0)=""/191, 0xbf}], 0x5}}, {{0x0, 0x0, &(0x7f0000005640)=[{&(0x7f0000005580)=""/187, 0xbb}], 0x1}}, {{0x0, 0x0, &(0x7f0000005880)=[{&(0x7f0000005800)=""/97, 0x61}], 0x1}}, {{0x0, 0x0, &(0x7f00000077c0)=[{&(0x7f0000005a00)=""/181, 0xb5}, {&(0x7f0000005ac0)=""/137, 0x89}, {&(0x7f0000005b80)=""/102, 0x66}, {&(0x7f0000005c00)=""/228, 0xe4}, {0x0}, {&(0x7f0000003e40)=""/67, 0x43}], 0x6}}, {{0x0, 0x0, &(0x7f00000071c0)=[{&(0x7f0000005ec0)=""/126, 0x7e}, {&(0x7f0000005f40)=""/132, 0x84}, {&(0x7f0000006000)=""/200, 0xc8}, {&(0x7f0000006100)=""/4096, 0x1000}], 0x4}}], 0x8, 0x0, 0x0) 3.330236533s ago: executing program 0 (id=1996): syz_open_dev$dri(0x0, 0x3400, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) syz_emit_ethernet(0x86, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) socket$rxrpc(0x21, 0x2, 0x0) bind$rxrpc(0xffffffffffffffff, 0x0, 0x0) sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) r0 = socket(0x10, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) write(r0, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000003c0000000000000008000f0001000000", 0x24) r4 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r4, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) 3.270490121s ago: executing program 3 (id=1997): r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x541c, &(0x7f0000000040)) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000240), 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r3) getgroups(0x7, &(0x7f0000000280)=[r3, r3, r3, 0x0, r3, 0xffffffffffffffff, r3]) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000ac0)) syz_usb_control_io(r5, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_SREG={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) syz_usb_control_io$hid(r5, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00220f0000000bf896e404096592"], 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) r7 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) setrlimit(0x0, 0x0) ioctl$HIDIOCGUSAGE(r7, 0x501c4814, &(0x7f00000000c0)={0x2, 0xffffffff, 0x0, 0x0, 0x4e496f8}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000780), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01000000000000000000100000001800018014000200776c616e3000000000000000000000000800080000260000080009"], 0x3c}}, 0x0) setregid(r3, r4) getgroups(0x1, &(0x7f0000000180)=[0x0]) syz_usb_connect$uac1(0x3, 0x10d, &(0x7f0000000dc0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfb, 0x3, 0x1, 0xfd, 0x10, 0xd0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0x80}, [@mixer_unit={0x9, 0x24, 0x4, 0x5, 0x8, "84d6d545"}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x306, 0x6, 0x5, 0x8}, @output_terminal={0x9, 0x24, 0x3, 0x3, 0x306, 0x6, 0x2, 0x1}, @processing_unit={0xb, 0x24, 0x7, 0x3, 0x0, 0x81, "4e4c79c6"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0xc, 0x3, 0x1}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0xfc, 0x2, 0xcb, 0x10, "00335ec3ce"}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x1, 0x9, 0x2, "925766"}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x6, 0x1, 0x1c, 0x5, "d1a46c"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x9, 0x1, 0x7, 0x6, "", "eadb"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x8, 0x4, 0x21, 0x7, 'ue'}]}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x5d, 0xe, 0x5, {0x7, 0x25, 0x1, 0x3, 0x16, 0x3}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x5, 0x1, 0x28, 0xd9, "11ace26f95ed"}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0xc, 0x0, 0xc, "06"}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x80, 0x3, 0x8, 0x5, 'gw?'}, @as_header={0x7, 0x24, 0x1, 0x5, 0xe, 0x2}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x5, 0x1, 0x0, 0x78, "9cd53fe2c5"}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x8, 0xd9, 0x70, {0x7, 0x25, 0x1, 0x80, 0x3c}}}}}}}]}}, &(0x7f0000000d00)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x201, 0x6, 0x1, 0x5, 0xff, 0x9}, 0x27, &(0x7f0000000300)={0x5, 0xf, 0x27, 0x2, [@ssp_cap={0x18, 0x10, 0xa, 0x12, 0x3, 0x8000, 0xf, 0x6, [0x3f0f, 0x7f8000, 0xffc03f]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x1b, 0x5, 0x80}]}, 0xa, [{0xc9, &(0x7f0000000700)=@string={0xc9, 0x3, "bcdc9fc037503f8550fc2a4874e4a8203e2729cb5dc83c33870ead0f9f0f7813e71eb1e4199c62d291798d4ce2fc496d5cee2ec1f6244bfef7bb28408d9b983f572cb4d967b63041a3f1987e8f135f39cfb645d001217c7e737aefed14fc2e407e0d2efe00d7a8eaadbb0e554a4407fc1040159d046b1aa4c42b48f490baf24ce023e6c89f8b01aa6f819dc639527af6fc4cc05f69e54425af73d0627aedecf0dc7848cfdfd4bdb7c0fe9cc1a2a5ce7bbcf98bc85462e4c143a76b861f1b9df80a32c97c11af09"}}, {0xd8, &(0x7f0000000800)=@string={0xd8, 0x3, "9b0b8c664bf26a24b4471538a892ed1a75d43b5aca224f9bcaa0595cb54f27487cb777b395af607db406818d96f929640df0ccbbf23a6d51b42de7f3effc50ebb70a22ee65e6a6de92063e6b84f41a9a2a84b280c32494e5a1e7ff905f71832a3d41bfadb22818ed2281f956900f4d78c3601ed496f80463cec05282b2cc20049826ca5fe21d0ab50d336117382ddb7bf7c7e025c1ecbc51d2c4add91dc5a5209cdc140b5c781221aab27227deeb2f7b95078e0363895da4eccc5d0835f15df79f38f3dcf743eb7669b3b6def19fc3375f305f7662f8"}}, {0xac, &(0x7f0000000900)=@string={0xac, 0x3, "26eb6f626ca4d3cf4dfa47a9d0fcdcdbe66dca273009cdd41c1a97f643efc3efe43b2046b9ab3f302faeb619c824bbea2d07d8d843d47cfad151c6f09907fec7888882dd23740e4a59e34e6e949c91a5ac576bbb41487b3cc56940fcff54352bb72677acd3865e92c17683755438d15871d61463b785bac5554a540adcd42cc4f5820649701e3b7370039d15017c9bfd10f9e5aea30b7b70bb5b8d67b91f0fc514abe7b9dbe34cdff7a9"}}, {0x87, &(0x7f00000009c0)=@string={0x87, 0x3, "5fc4fdfb7039a3e814863b82de42054db8b11363765060a0e71f4cebb71a190ff834e7cbd4452f15effc2a0d5c2cbd0c8504a16b371177df74ebf2924a54c837cb55c35e32eb9238784b09ab1c532c9af559d0891d524abf6a2e2ca8c96c2a77be99a1da5d7668d3144e5a2845aaa8a5c788a17c1f717510c9e55d2f35fbaf0a68b30f8315"}}, {0x4e, &(0x7f0000000500)=@string={0x4e, 0x3, "52957eb854266659aea59e11964f72f61e12265a7e4c2476fc59e5571061fe27d12c1d4e68594866abf42c5de716f7f9bff508506139f66f5e92feccee24579cf44000870342fe38d45c04fe"}}, {0xa2, &(0x7f0000000b40)=@string={0xa2, 0x3, "b479be23e9646d886f20bf455a953d935239dfa1d6f8b260202e2a5b832e056abb0a1cbfa09c5c0dd54cc6cbb007d23116335ebc04a44fc14ee72744c5d7796de260704944b83da62dfea1d41220ab43e1d15901189f57a66af51286efc2a12543fa7fadb7621514eee3fb7195b40be3f6f618151bb97d22e463ca115d975b6814612a868eb12e86ab05151a2be52b1ae9f99c31d850db5e46faf9527dde71c7"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x457}}, {0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x807}}, {0x52, &(0x7f0000000c00)=@string={0x52, 0x3, "d321c70d129da56d7bb50f677b83533e0be76b0a0457f972ddfe42f5c5d5ef891b2199a4730fe55fc5892bdfaef86e7bfc1a2a433fb630d225362abb331191b539f813501d3290a44ca90c1e5305520d"}}, {0x5f, &(0x7f0000000c80)=@string={0x5f, 0x3, "0610ac9fd87bbee272d8374d81bdea72ecef659294cd8fb3798c02e6d5704782501e1c6176a69849984666ba5f52eb57c3d4baa8d3255d717e55a76b6c2f15757b6425066ce10a1b21ce78be349c0e3a3a43f09d1cdc4783234958e24d"}}]}) 3.17059414s ago: executing program 0 (id=1998): creat(&(0x7f0000002440)='./file0\x00', 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xe}, {}, {0x0, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001a00599c6d0e000091d028ef80"], 0xfe33) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000600)={0x23e0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x48) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000080)={0x19, 0x0, 0x0}) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x90) r8 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) fsmount(r8, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r7, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r5, 0x0, 0xffffffffffffffff}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00'}, 0x10) ioctl$IOMMU_TEST_OP_ACCESS_RW(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x8, r9, 0x0, 0x0, 0x1, &(0x7f0000000100)='>', 0x1}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/13, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000200)={&(0x7f0000000040)="c0b5dc73102f17b2626d01ebb7cf3aa1dc5f43e27f51a2cdd667a33b02a9730a66906e9634f788e55bb7ae0f8622077a27c6c507b4c0018f44182d90a6f4a3a7763364c51e26b3fda95df20bf9c083d6c4577eac500871cc1bd0263b0bec52c558336c723f00f1f551", &(0x7f00000000c0)=""/32, &(0x7f0000000100)='V>N', &(0x7f0000000140)="e7a74ff215ab3beee7434adb4bc8d0222ca3109ddeea8182c526abba226a8096f684ec0aff6b3586c155649b295d9f0efa743b2944b93155e36fc6071e32a6481effe5bdebf56744183d4ded9a9bdf085097d8714c8cf876d2880056c865d7467536bcae8b75f0d58018e4596fb2c1fee862734b44b6a58a4a0611b79cc4b252567e878a76ab88f7f9aebecdb743", 0x1, r2}, 0x38) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f00000003c0)={0x0, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x40}}, 0x10) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, 0x0) open$dir(&(0x7f0000000040)='./file1\x00', 0x8000, 0xc1) 3.099821673s ago: executing program 0 (id=1999): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x1) ioperm(0x0, 0x0, 0x1) r1 = getpid() syz_pidfd_open(0x0, 0x0) r2 = open(&(0x7f0000000140)='.\x00', 0x0, 0x0) r3 = dup2(r2, r2) openat$cgroup_int(r3, 0x0, 0x657, 0xfeffffff) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, &(0x7f0000000180)) sendmsg$nl_route(r2, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=@RTM_NEWMDB={0x58, 0x54, 0x4, 0x70bd2d, 0x25dfdbff, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x0, 0x2, {@in6_addr=@rand_addr=' \x01\x00', 0x105ba}}}, @MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x5, 0x0, {@in6_addr=@rand_addr=' \x01\x00', 0x8edd}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x84) syz_io_uring_setup(0x67fd, &(0x7f0000000100), 0x0, 0x0) io_uring_setup(0x4d63, &(0x7f0000000080)) r5 = socket(0x1f, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='tlb_flush\x00'}, 0xa) r6 = getpid() process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) chdir(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c1000003e0007012ebd700004101c000100000004000002041001"], 0x101c}}, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) recvmmsg(r7, &(0x7f0000005340)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000006c0)=""/209, 0xd1}, {&(0x7f00000007c0)=""/169, 0xa9}, {&(0x7f0000000880)=""/240, 0xf0}, {0x0}, {&(0x7f0000000400)=""/65, 0x41}], 0x5}, 0xffff}, {{&(0x7f0000000a80)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000002d80)=[{&(0x7f00000005c0)=""/22, 0x16}, {&(0x7f0000000b00)=""/4096, 0x1000}, {&(0x7f0000001b00)=""/8, 0x8}, {&(0x7f0000001b40)=""/186, 0xba}, {&(0x7f0000001c00)=""/148, 0x94}, {&(0x7f0000001cc0)=""/175, 0xaf}, {&(0x7f0000001d80)=""/4096, 0x1000}], 0x7, &(0x7f0000002e00)=""/27, 0x1b}, 0x8}, {{&(0x7f0000002e40)=@alg, 0x80, &(0x7f0000003040)=[{&(0x7f0000002ec0)=""/250, 0xfa}], 0x1, &(0x7f0000003080)=""/3, 0x3}, 0x3}, {{&(0x7f00000030c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f00000036c0)=[{&(0x7f0000003140)=""/94, 0x5e}, {&(0x7f00000031c0)=""/45, 0x2d}, {&(0x7f0000003200)=""/201, 0xc9}, {&(0x7f0000003300)=""/198, 0xc6}, {&(0x7f0000003400)=""/226, 0xe2}, {&(0x7f0000003500)=""/97, 0x61}, {&(0x7f0000003580)=""/96, 0x60}, {&(0x7f0000003600)=""/135, 0x87}], 0x8, &(0x7f0000003740)=""/184, 0xb8}, 0xffffffff}, {{0x0, 0x0, &(0x7f0000003880)=[{&(0x7f0000003800)=""/73, 0x49}], 0x1}, 0xff}, {{&(0x7f00000038c0)=@ax25={{0x3, @netrom}, [@netrom, @netrom, @default, @bcast, @bcast, @default, @remote, @bcast]}, 0x80, &(0x7f0000005780)=[{&(0x7f0000003940)=""/165, 0xa5}, {&(0x7f0000003a00)=""/152, 0x98}, {&(0x7f0000003ac0)=""/154, 0x9a}, {&(0x7f0000003b80)=""/250, 0xfa}, {&(0x7f0000003c80)=""/4096, 0x1000}, {&(0x7f0000004c80)=""/39, 0x27}, {&(0x7f0000000540)=""/17, 0x11}, {&(0x7f0000006240)=""/4096, 0x1000}, {&(0x7f0000002fc0)=""/27, 0x1b}, {&(0x7f0000005600)=""/136, 0x88}, {&(0x7f00000056c0)=""/141, 0x8d}], 0xb, &(0x7f0000004d40)=""/217, 0xd9}, 0x9}, {{&(0x7f0000004e40)=@ethernet, 0x80, &(0x7f0000005200)=[{&(0x7f0000004ec0)=""/245, 0xf5}, {&(0x7f0000004fc0)=""/192, 0xc0}, {&(0x7f0000005080)=""/80, 0x50}, {&(0x7f0000004cc0)=""/88, 0x58}, {&(0x7f0000005180)=""/23, 0x17}, {&(0x7f00000051c0)=""/16, 0x10}], 0x6, &(0x7f0000005280)=""/150, 0x96}, 0x2}], 0x7, 0x0, &(0x7f0000005540)) 2.580682776s ago: executing program 2 (id=2002): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x0, 0x0, 0x0) 1.892358842s ago: executing program 0 (id=2003): inotify_init1(0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x8, 0x141341) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f00000004c0)={0x2, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0}) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) open(0x0, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmsg$alg(r4, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=[@op={0x10}], 0x10}, 0x0) unshare(0x22020400) socket$inet6(0xa, 0x2, 0x40000002) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) pselect6(0x40, &(0x7f0000000580)={0xc, 0x1, 0xc000000000000, 0x5, 0x6, 0x9}, &(0x7f00000005c0)={0xdd15, 0x1, 0x100000001, 0x0, 0xc, 0x6, 0x4, 0x7}, &(0x7f0000000600)={0x2, 0x19a, 0x7, 0x80000000, 0x2, 0x1000, 0x5, 0x5}, &(0x7f0000000640), &(0x7f00000006c0)={&(0x7f0000000680)={[0xfdc]}, 0x8}) setsockopt$TIPC_SRC_DROPPABLE(r5, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4) sendmmsg$inet(r5, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.580164091s ago: executing program 2 (id=2004): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @local, 0x168}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xc92) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000001c0)=""/156, 0x9c}], 0x1}}], 0x1, 0x40000062, 0x0) sendto$inet6(r1, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0xffffffffffff519a) preadv(r2, &(0x7f00000007c0)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x201, 0x0) r3 = socket$inet(0x2, 0x3, 0x8) setsockopt$MRT_DEL_MFC(r3, 0x0, 0x32, 0x0, 0x0) fanotify_init(0x0, 0x0) lsetxattr$security_capability(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0xa, 0x4010, 0xffffffffffffffff, 0x9ab17000) ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0185647, &(0x7f0000000280)={0x0, 0x7ff, 0x7, r2, 0x0, 0x0}) write$FUSE_WRITE(r2, &(0x7f0000000340)={0xfffffffffffffded, 0xfffffffffffffff5, 0x0, {0x8000}}, 0xffffffffffffff0a) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r4, 0x0) getsockopt$inet_mptcp_buf(r4, 0x11c, 0x2, &(0x7f00000000c0)=""/210, &(0x7f00000001c0)=0x18) r5 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0xffffffffffffffff, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000300)=0xe8000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000280)={@local}) io_setup(0x1, &(0x7f00000005c0)) 1.060427381s ago: executing program 2 (id=2005): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f0000000600), 0xfec8) recvmmsg(r1, &(0x7f0000007480)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000440)=""/96, 0x60}, {&(0x7f00000004c0)=""/158, 0x9e}, {&(0x7f0000000680)=""/215, 0xd7}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/205, 0xcd}, {&(0x7f0000000200)=""/29, 0x1d}, {&(0x7f0000000880)=""/131, 0x83}], 0x7}}, {{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f0000000380)=""/25, 0x19}, {&(0x7f0000001a40)=""/116, 0x74}, {&(0x7f0000001ac0)=""/181, 0xb5}], 0x3}}, {{0x0, 0x0, &(0x7f0000003fc0)=[{&(0x7f0000002c40)=""/90, 0x5a}, {&(0x7f0000003cc0)=""/140, 0x8c}, {&(0x7f0000003ec0)=""/163, 0xa3}], 0x3}}, {{0x0, 0x0, &(0x7f0000004480)=[{&(0x7f0000004180)=""/65, 0x41}, {&(0x7f0000004200)=""/94, 0x5e}, {&(0x7f0000004280)=""/84, 0x54}, {&(0x7f0000004300)=""/179, 0xb3}, {&(0x7f00000043c0)=""/191, 0xbf}], 0x5}}, {{0x0, 0x0, &(0x7f0000005640)=[{&(0x7f0000005580)=""/187, 0xbb}], 0x1}}, {{0x0, 0x0, &(0x7f0000005880)=[{&(0x7f0000005800)=""/97, 0x61}], 0x1}}, {{0x0, 0x0, &(0x7f00000077c0)=[{&(0x7f0000005a00)=""/181, 0xb5}, {&(0x7f0000005ac0)=""/137, 0x89}, {&(0x7f0000005b80)=""/102, 0x66}, {&(0x7f0000005c00)=""/228, 0xe4}, {0x0}, {&(0x7f0000003e40)=""/67, 0x43}], 0x6}}, {{0x0, 0x0, &(0x7f00000071c0)=[{&(0x7f0000005ec0)=""/126, 0x7e}, {&(0x7f0000005f40)=""/132, 0x84}, {&(0x7f0000006000)=""/200, 0xc8}, {&(0x7f0000006100)=""/4096, 0x1000}], 0x4}}], 0x8, 0x0, 0x0) 1.044867681s ago: executing program 2 (id=2006): syz_open_dev$dri(0x0, 0x3400, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) syz_emit_ethernet(0x86, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) socket$rxrpc(0x21, 0x2, 0x0) bind$rxrpc(0xffffffffffffffff, 0x0, 0x0) sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) r0 = socket(0x10, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) write(r0, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000003c0000000000000008000f0001000000", 0x24) r4 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r4, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) 918.191239ms ago: executing program 1 (id=2007): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYRESDEC], 0xfffffdef}}, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x0, 0x0, 0x0) 888.331183ms ago: executing program 2 (id=2008): futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) socket$inet6(0xa, 0x0, 0x0) r0 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0) writev(r0, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) sendmsg$key(r1, 0x0, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={0x0}, 0x1, 0x0, 0x0, 0x4040004}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043e110b0700ffffffffffff00ffffff14000001b9bcb0710452166112b69ee7b0488764e8f32716e4485aea592c2a3246f5c23207ad3fab0168d8bf5f6997a3ca39ea4468b5930e949cacd99100cf99d02b0e816d4eb4eaee4811"], 0xfc) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = epoll_create1(0x80000) epoll_pwait2(r2, &(0x7f0000000200)=[{}, {}, {}, {}, {}], 0x5, &(0x7f0000000240), &(0x7f00000002c0)={[0x2]}, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = dup(0xffffffffffffffff) mq_timedsend(r4, &(0x7f0000000140)="94b8337456a55cafbbfa0abff7e1b3f21a169bc49f3cef4d7ed7c54a617cae7798a5e1063d58dcad58970f2ee22e9332b49d7c1d4da8afac0a269b44d72f799b5c9589d31b6d81e423340e48933fdb5cc19907cffd4423619fd34a815441", 0x5e, 0xea800, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000380)={'wlan1\x00'}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) 879.882175ms ago: executing program 0 (id=2009): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_int(r0, 0x88000000, 0x13, &(0x7f0000000140), 0x4) 790.674797ms ago: executing program 0 (id=2010): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x1a1281) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2) socket$netlink(0x10, 0x3, 0x2) r3 = epoll_create(0x1ff) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xb, 0x0, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x19, 0x14, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r0, @ANYRESHEX=r1, @ANYBLOB="000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffd5a2893a63fdc6f6ffffb703000008000000b704000000000000850000000100"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f0000000180), &(0x7f0000000340)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r5) open(&(0x7f00000002c0)='./cgroup/file0\x00', 0x20200, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) creat(&(0x7f0000000080)='./cgroup/file0\x00', 0x0) pselect6(0x40, &(0x7f00000000c0)={0xdea, 0x804, 0xfffffffffffffffb, 0x0, 0xffffffffffffffff, 0x3, 0x4, 0xfffffffffffffffc}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000080)) shutdown(r2, 0x1) ioctl$USBDEVFS_FREE_STREAMS(r1, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"]) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r1, 0x80005520, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000200)=[{0x24}, {0x6, 0x0, 0x0, 0x7ffffdbd}]}) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0x20}, {0x6, 0x0, 0x0, 0xfffffff9}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x2, &(0x7f0000000040)=[{0x3c, 0x0, 0xb, 0xfffffffd}, {0x6, 0x0, 0x0, 0x7ffffff8}]}) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa05884625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdc000000108dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399eb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc429000000006c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf74568788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedf84bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225f02000000973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d916441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3576], &(0x7f0000000380)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x4577, 0x8, 0x0, 0xfffffffc}, 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r6}, 0x10) r7 = socket$netlink(0x10, 0x3, 0x0) writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000040)="3900000013001118680907070000000f0000ff3f04000000170a001700000000040014001000030001302564aa58b9a64411f6bbf44dc48f57", 0xff4d}], 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x2c}, {0x80}, {0x6, 0x0, 0x0, 0x7ffffffb}]}) 246.335104ms ago: executing program 3 (id=2011): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000007480)=[{{0x0, 0x0, &(0x7f0000000580)}}], 0x1, 0x0, 0x0) 182.534235ms ago: executing program 3 (id=2012): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4008032, 0xffffffffffffffff, 0x0) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x0, 0x0, 0x0) 543.356µs ago: executing program 1 (id=2013): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_tcp_buf(r0, 0x6, 0x1a, 0x0, &(0x7f0000000100)) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000040)=0x9, 0x4) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bind$inet(r1, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10) sendto$inet(r1, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000a40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000e40)={r3, 0x4, 0x2}) ioctl$BTRFS_IOC_DEV_REPLACE(r2, 0xca289435, &(0x7f00000004c0)={0x1, 0x6, @start={r3, 0x1, "d09e19d9fa22b8d1f9fe8d7cb1bb8aab2b9687a7f20429dcbbf39bc169d7aaf07d76bd757f539f94047ce01b9bdd1d81796c4ba9003a6151d63e89f8c537ac90c58b9661883b5aadba8d48442e1b70c5dbbb47a4ed50d8507482a80571ef0ad0585cd1961fd16974a1aa87eaf3707c2a7a5d7453a36a37bd7cea4e89103917d873526f9d13c418f54f71d7c9acad5a7360a604013ab0b40f31e026d1b0569f570a823700118f7afdd89196e59e6957148e8089ecb505206a5ededd845f4d2cd731df1e8c0613afe930fb4aa08cb524697dd775ab8e25dadd78da8adee3a240919ea56b879d23ac6f6569a0000b2cffcb0b84874875d14e2a0e047c87f1c9f5743ae20c049bd595be6259c8dffde207b567857970ac16db706ba9758aa8eae1d9c4df13236ddec7e1172d372bbbc6b17934442e776e406427382e35fa3b1f627adc173e67c0bcd4f605f59f9f64be9c9e1c6882dbed0e218d1971ca207193859ccae256b62f6ec13e48562731922203be11fcc6c29208fe82de4363da6f6678d50689927f61e539989f2fc23e112d132e85afa3757ee0bd97573f75996362b284e6fb1f914229c043147e4d1d75dd035d342f5ea2a67c1f64d5210537c9593734b40485875669eedfdf4581682165856c09af4d21d9202aa6b24c3d3716e6b69fc738f2d8bdb65451a7e6c22a2866771c21ee273648f8c571dedde00f1508dddeb9b0ad0dbe432601120a41125d21f99de09d2b770157833f24b2f152dbc5d640077272686dd1b6af84c9d4f59679a1932d65813493bc563441c51040ad8a50ea7156d57cffb1f728f613025ac2f46a705e46d9f8afd2f55c0bbbf4ce67c2b36d3c35427cfda5e01b8ba6ed7bdcfb3fb032518949bb584a7c32e41891093d138134ce724616329d02ffbe5ffeb88de8f241513393bac23710d629278875bebdd8b91c112bb1d98d77249f84a4b5d4288d3f2d9f0ce11b7935c6bd84bf0d7fae5cb905c67e7410f1c10f5d0bf8a84684b192295728f28d266ac92ecf91a1393df8bf784c60e6f1157a188916eae470591745cc392c8871c58532cdb77381c7be829f59ee38c6c3f59e0274c27f796c1c6c5e439c6213dfad84e0f08ea0608af82b7cff29328bb140b33a6f527e08ff2e53177c1e018e48ae2f8a0ea7b898d70b403898ed1f573f2bbb9de1c51b6dad555b6ff99f4a4d4ddb062d739bf424b768a5526b4b74cd449157b5d49af2b06f771af2b6a5ee92d9164cc400319666bed503904575f727823a62a96910d357bab747c56346e1867a59d53134b99b1d1a08c40a7fb8f44f8eb83c0575c98c46125cd9413bf7fe3ad366a6e9efbff5383a70f36f96e4ce7aa259c28ceeee16e1113ebf597fc858877293d00572377a5f201b8a3b25a9b80e2c26c69a8c6ce0beb467c3a862edcb41a3886cb98d23794d97f54012", "5549b5da0480eb2d508524f2b1fdfb95b5e628cbbf08ac8cd8b0a1d170e3caf2cb01be8dca6158b005e5f601daca200252b558f20078a66865be9ff68c0954dbb7e29a55154d39cf1f10f42d2e60cf35171db109987ef1da234a8c0f0c1c065e8e744fee106e86f8151e5548427ee24dcb5183b509a62676b787af7e8d651e13c049899a1599f6c81008510269127a08b37eb67b27baaabe5da7a5289e9ae046927ea350e8348f7c8f888b670be37768c744eac4f8f944304ffa7f980f83b8f5a41aeef24dd76a9bf177eba245f9dfa027c51f8ba7a47ff854f493738ecbc5de8a2474928f6470ef0747135cdc6fb8637a453cfcf0c214e29e7c8d21dfb98e9fa5ce1bad0c3d32d84d7624346eb1713f97cf7e7b97883ff9adffe1def7777c6fa6a7a73728cb0054d25c6234fac80cbd80f26c88bb99f3fae943ddb67a272b07f4682f707b16638bd9bed5e5c3c536dd4d7d68cc23cdc0ba97dd9293861c9995f90dbbb37e5bfd6a4740b7eb52a87e193d3cf830de9e0fe6830d4ad1476cb16dff0c04be245c252f75e6dbc7fbab66ad5c6e7913a8bc518e9f1c488a9b5731d148df3a545dedd5176cb30315223de52d936e84d0c48328b433f72eddd2575745ac589ca09893ecf4a0c614724eb5724bceba67b3f27e6ed159c67b7be8baf007226128c9f5b777d6b20b3c58d7d5ad4c59e4faa6c748ff8e0a100c1ddb946407f133824172ba4e5bf4fb56ce5dd7b8c8720c75059ccb326a12be6994cb5380ece2f0910a69869f210aecbf3a5dc0d004e13977aca960466075eee79e59a3801be9a6b80615287ab2af5107851967f26caa7cd5e8fe9e90b122ceffe84a20418b2602586c4c0ffb113fbccf439181b24e7b21d87bbb2ae8d61ae81127cf1d9b4a1bfcc9c392374e15cc7a0f249c686f032357fe0536cbc48aee14dc67d150871e8ff6c48f60e28c709f934976ea6b8d48eef9e9d3d34ec8f962f8c20f31299b74a1e35c953f4a7c3dd28840715cb5a42396300ea647bf09a37b5045a2d76dc9329557547c4ce9467fd9aac8e58e62c3a386d9dd50839f76d57d5834dbf3b71b40cafc34e3da56c48f179577170053fd2b4cdbf87a3bb6eb9e557493655216cc5ce361fec2dd076723e2fe60ae8dabf3a8b2017c38aee97ef3169d604d06229f5b2956cc06111a4f4ea7884ac30d1206fb6125a3a9c82a0a192e3c73e73fa707983bc62ae1263077de2747036d99bb60d85aa47eeff58c09a910209ac7bb0df058f623580146bc7fbb327d1d0bf0dbda1c3c8785855d85323858aa30894bc86f636c52c77a1c9a569e49c4f99f2c072dd59bf8c3e85c219c234d3127d09383008655aaad672fd1b80f3919e315b7b042d9b09a133b344e31ff4b1c5a88dd0d22a42f9bee32026cee7e895717414e3e1a25a10e6afd399e77e69c2135643cc0340b83"}, [0x4, 0x9, 0x6, 0x400, 0x8, 0x3, 0xfffffffffffffffe, 0x80000000, 0x8, 0x1, 0x6, 0x6, 0x10000, 0x9, 0x8, 0x81, 0x5, 0x100000000, 0x8, 0xa, 0xfffffffffffffde6, 0x4bf2, 0x9, 0x10001, 0xbe, 0x6, 0x3, 0x8, 0x341, 0x0, 0x8, 0xfffffffffffffff9, 0x0, 0x6, 0x3ce1, 0x3, 0x0, 0x40, 0x7, 0xfffffffffffffffa, 0x5, 0x8, 0x2, 0xe, 0x3, 0x5, 0x3, 0x8, 0x8, 0xb6, 0x7, 0x8, 0x2, 0x3, 0xffffffffffffffff, 0x44, 0x81, 0x67e5, 0x8001, 0x3, 0x3, 0x7fffffff, 0x5, 0x800]}) r4 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$CDROMREADAUDIO(r4, 0x530e, &(0x7f0000000080)={@msf={0x0, 0x40}, 0x2, 0x1, &(0x7f0000000040)=""/1}) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) socket(0x11, 0x2, 0x0) 0s ago: executing program 2 (id=2014): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan1\x00'}) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) epoll_create(0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x900}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x40000009, 0x0, r2}, 0x48) ioctl$F2FS_IOC_SET_PIN_FILE(r2, 0x4004f50d, &(0x7f0000000040)=0x1) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, &(0x7f00000006c0)={{0x1, 0x0, 0x80, {0x3000}}, "4714d9cc7e5c2782bf24fe8c9bc987549a1b8d30d849996c5e16b02fe56d582292696023997e1a54bbd4fd8f6ffa0837fe01e2b6617e3804bcd97cedc7707f06749557beecec59824c19d41130e021de04400566edbbb2f74667926551457cbe0e5de0fd86388554f7786b2debe82f93c2e605a26d2dedbf0bda16ae4d399ce65d39d1d42a3ae2db0b996ef2176a5776e086182dcb75e4428cd6d6dd2f2fedce1fec383ee1b332a5f66339e50a7f14a53990bac03328e33d03e1d31fd1e6fa15631799048ca226d831178cb08d126d04b1d15f9d0dcc3ac177909518c446fa1d0334ac6fcc5b86ea5343810ae3f53167c6524c084a8f7ca06c8613a2c8c0302377ffbaaf4564f0fa709e252c47472a569e19b448170f1f68b4071b2cf097b0ec5c2bb050e21e68e8766f62510f122e8965a76a19df653af0082c2726fd24d8584340e43724648602fc7bc2b704f7fd0a071c6403cced56c80d383ec381bd4026b30adf5ed51cfd7707cb8f1cab41caf86359efd2cf5301f1deeb0b92cb4d7b8dba1f5238457897bde8ede57b3a5e294381d3b2823d487abb107285a9e5a8dddcbd667417874ec109046a49940dcab2269c1142915fe455656a82bc8dffcc1b53bf87cc901857864d618d57111da4687f8d2f6fcbf2cf88608a1889b1a2dfba3075c628bc279bb05e35ec0b3a956b8cd21d5428d2b0e9bef9722f01e3f7a2cdfc4f0092e2c5b465401344d1727e6955eec11c3a350019fe5f28d7973c074e64da66f0fb35ba79b166e4ffba737c07109d152fbb6f06dedd4eba1094ad07e6faefb0549e58af35b90a429b052f7dea874e0edecb74b51977e89748e4d7785eea441fe0e8e260f47016ed0cc4d98c0812db42403bb8a76f895b8db8fa758904635c61c37d8850eaa8bdc6dc7a7a8dd4847a8f9dd6b3b67e7d539664daacebba659dd8d8919f6f96cbc7d5e584b68a0786e11dc2cd62d33945077196d09bd98a89c1847d0ec8c9e5394dded5b0a8752e60de39c4293abd06169128783ca54bb98ac6b95f039906d5aa94f9f90aa11cfa559bb78df3f3320cdd3c340bca3b69833aabbf55920a86e38fb55dab140c620c48078d0ac0c60ba9f26922e764a259787fb8065a21c6d827f22f76b487254e755316acc68d0801f43a28f67a177eb9772413d2c19e87cb8cc831923b1a78a3384ec141fc5ce9e72bd52591563dcdf0ad0dff4dc98d10d8a614e887bd742c1ea2b5885ed329fff2805c241e0839b5713df56f06f2911dd61057ffcbef090a87b78dc904ccdd5ced8bdbb0e9ee03789f662dc8ba73d4fb183d8079cf591cdfa4e8c46dba3ddc5e8cc65fd9ff13a80574cb2d39ebfd21a27fd0b14dd201b27cdca483ec1b734fde1ccad61838e9687bf5f1bc1afe8cfd6fb355c3ff7f0ef3760475fd0b996be241e28191bb067fa3f049f9d713022ca57a42f316e1a77e9fd7051ca9d7bd02e7f2efdb48f937193913d97e5f088e599ad91d92f753f67af98146c1f70ce87626139660877c480065290409a6c8dcd483b5a4b2526f1502b4ade9464a4267fb934f718a863b60931f121b71359dc1d4de219e4c6ce96a62c8bc37459ccf1c88fe8e2ad6053cbf1ef97c7b837d1b795a08e379a3e64123d87bb5bc81db0b9ec26297fcb45f12105f9d11f082a63d1da3248c92a7951d4cee1d806326b43ba686e78a158f2518c1b430943d8f2de34ea2203d52fcdc4ce5c4ed350e86a76f7a26b5c912082c3f06cd763c804000e4af98fba0c9c4879df4b264f5507a6b4cb7d53fb4ee30a95a635abadf316912d5e42b0a52d8ad4966a08b362ef8d0dbf4d6cf8e79b488fb8777781979628fde2e54cccab0d7292827cee8c1af42395c99cdb89458df34241fcc321f443ad188b06ceb102de940f4807653a182245aa45d56cfc8b5c181ef877bdf3d1e3023f20998fa061a32003fe3e774a0811e6379c2a8819aeacb90b68ed1cf042234b6fea32a3d4fd6b51c067cf0464347f2ce9929e206630ad8b4ccdcbb3b56342de194adcd3c4a2e23c4e6f14e2bd841493f43e8397a8c0cb868cc267489bc0d2e712602053496c0302977add535e14f37f2188bb777a212bdaf21fa541e795e7304f6ae620b448cd96a08f82e0fd7fef40e0905b18df4e92ba475718bf82b035c7d4225bf8cd058f16fa978b380395fc8f5d7cd13c18997183786497a4890aaf92509c6f1f7720d4966d5ce892af4f51de57bf9a1a4abe67bae4160103664b7a0ff535a25ca2847ada333a32ebfa924b937dc211c4e2df2af7bfcfbff1944eb7cfb6ea78afb4a0aa8d86296051bb7433bdafaaf0b7fecf5f57bfa76fc218879ff7e6b081c435bb77cc2e4ac09ca504be42bc3e6195051e5373c994f7d56704850989776fd65bb07bc2b23e1df70e83f7a7724fba9618cbcb8a90047846d3df3b27edd05bc189b2a59245137893d46f353ca40428a04c2c197356537ccceb25cd3b50e91e5c05b1cb6a3f145d2cfd436df4e0f9570c4a24041387c1858cc20c8819b4b27a8d5198790c1c2c160a9798e2a10b9e9aba716e6e817876a2de41576eef5d9257033fedc94f4836c0d687e9f31a19583eda7c1841676a5db9bff6674351eca2b919d4474ab034b3613752cb4310c4b0a30657e167757fe97fee99fda8dcc0dc14d26a105a0f8e29c8636473cbb57f044761974ff92a460da0f1e9419d219084f7bd630c41e1ea2c85fbed1cbb25c1738c0b09b3beba1e2b0df280f8b1c6cdc2fd2297e3a262bbc0fa21fd994a3f5f6ed45c61b7d88acb29fc01c8f18636c80bcf6af7bbebdf78ce8bc25ee5c562b418587570366bb0fb323068e5f7aa9526d6a7fd9da77de9eb2567d0f16a42a6ddef19749ca34d08280ad802804011874fcddd2bbf2c5052729ca44300d6a07c58485a135e2d1ef5de8364b1cb6a7ff5013be1d4268460f60c45da00e344c690681909c1346bb8cb5efd88a87c6f1a3274ff78e31339aee1e6ed3eb73fe5b833f237bb8868670182174d72e3f79883174310b9700bd6f8521d0b217374867d0659a2182d6bdb93c27415ce517e04161c51de13ce926be656872e9040314b1ff4d12a9f426bdab73607eb3ffc37572ca05b73d03e9f849de1f441070884cc9c3f98ef87e001c2db62227bc29e60a558f119c80e990d1c455eb43b8ba785fcbf25e1b8c3be2a5703ab76e890a449eeedac2335dc8e20e7f299fbcbced57d943a66c3887bbd0bf12b377ed2faded58663dc2e3dc5653508760f4635f1e68687e783c70a53e5e77aa6f066eae378223c0e9e4ca419e3d603bf640957173910f0a7240939ec2df03007c7597902b526a080178976650f82ffc5f7dfac2a75ebea640b3bdc0bc317175d36b37c6a00c3b7ff6ce66cc51d20d1731dbe2d580a7cda399ea5dddb2ade6a6860d8cfd962cae365ca98a0a5580b351aec0934ec563b612e2f7490b89fd6e3d340a440ee86b784ad0c979a446389b69aebf9692282b77a77e1610e7a281ff6fa0ddb643f90f63da95d1bbdb1f1f05bc2598beadf27022c5ac7f56139a5d8f6468b5c652d64f9132e4fbad97636ba7c38edd7fcd48db10504af2fbf40d631dfa200b509be4fde2f6af829c0bb1390be53e70878f4e8781fc5c33b028a272d1d9331393247bad81ccebf9f86655b91c34a2fbee2ad326de79eb2a6a5298a1a41b4ba9649bffd30bb95cdfab12779d56e19e2ecc14a041f79575e0692fb01b2cff7edf2b7bebab60d61a3c908f7baff6769cfd357bf6ad7643457b54080133a4fc7419112ef1374ecdf4aca97a201bf4f6064b6a2c0ccb79183cdd3a271d9b3c3f079e991dd68b55593a31efd83cbd985c5ca3de2f81e7c7fb8af345322acda9b48a2396c4d1a2b3a91bb021a7e860f18591708fce7a4176333f30f23db2ddd942e366f5a4c4d3b1848bca6192fdc01cf4ccda9fcb56eb019180f7a4a1be20171a240d917e90be4edb56012ffedd05adfc19651bc02431c6a5f03d7b1a0bcd67c208652cb07659dc110df9b499b9733627c576cb4e9cdb78742a06863449fa2a57eb1085f96f7114b93c1f873234a621cdbb076552f2d917b126956766e337af09598c5e7a02f8a8345858bcc08200a38cf3e23f49e3532ad8128ae2ceedf359667c0bab6dfd196d60280fbcf245616f9a3d098a85bf0141c10e874a6b59241b706b9ddb967f77d37b90d4448b1f4c979cbd0160417c9431950cf7f1ab09ae326bc893697e3bbc66bdcaf1c0960538e4da8f6df8176c9f454c94788ed355cf0678921d6e25fa2977d3ddca3a47be652f870377b5ba077ae5937cd4d5ea8f6bfe51fe10e88737cf35d15bf99cebda5989c5dabaa0b9aa0865ccf166e9d280dd754dd9d0a914cf870c5c77ab199b3a11898c5ac7131f21991f8890630d4ef748d79edd8bc8a29d2e0d5d6fd89ee9a0f0beb9346bddced57fc25fac3813959652a042d80ba34a4fd5cfc634c2a018a0ef1ced7ae11cac0183f4056708815f3253dad69f8706bbf6652015d20bf038880a27fb626b357f94dc93598b92625493e97dba43a1a58a59cbbb9ea1b99ac208b006b99f38b27bd7760d495bf903f4a74c4b167be87c4becdc6b4cd19d866d5a0025ce68fe0f602bb200ac381ef9c2caa93459f4a19bea4ebb6d3af93df2aeef49c50cc3fd4a7af17341b4b118f157e3fba536259c958b465dd41fc46bac12a827c85af4dc40696ffecabfc5a02cc6b9830d14e8707f725c5db2817c120ed132726306bd689e235546bb4c8c69e9cb7813536df3506bd8f3d21daa52f1f50a0f133ca4797c571f8d9ebf8d55147a5c0ab70be2c6c5ea6e8c235a1860db36f19a444ebaa8f3cbc77c167bc004b0ddabe507b12553a7919206dd9502fe1ca13ad2687b9f4d6bd5a2966fd94a1c58403933b261130ce764a5f1a896cf7812c596fbb5b638c2a9f39863707de13308207efab8b95f46fdb2b57480aa65a117b985f54ad83ff8ba31609f17b57ed6b46b7360b466a1da146c0d79991328bcf5113e24394472627f275aec907c7cc244a94cd20ab931aa9e93c9f1c5efd188f5a410a47a97633885dd112078f2e116b617b6c0da9390ed5e5b7c26d6bc95b0853631ff9e5e9d81e187eb11a1aa46f90ae664a038eaf5242b8e984ccd199816c6b1a830a79b56e5a80b7353d866997f28dc85750e643bb561048eeec3701a87f10054b6947de59d677f9476f2ef4b7f4aadb7ce1091288a51079b4f8872f26b1d4b18bc6f940cec66c6b32b256625660c6b9983aa07582b160d72d0a4cc4922ba41e02af26b967fe9b53a24b40842078ca85ce99cf78e4465f3436d3236b2a4d321c06d16a5344062aab3396985126d2376ecd9cf2178c6ff7528c6bf2c878ac7ecf37d88b0c80d0f9400e90df39eba1e49a528a1f4881308098026a72e1d355d07b1fcd9c458695d1a6a3ffe0e4acb8bea4b5cef91134bb5d1caee8cc4c47e9d2372b6e5a9fb8efdbe872e2682f5b4aa4801da33f7523e1ccbd6a77fdca483ecb9d5ad6545adf26ea6800c8e82cab1071e94a3d6dec0f37a3451d027f82a052b3a85ad3e685918f5cb738db98235bab3b8bad8c4a865551cd9dbf228736c5e8e1bdf2931174f9128755de20ad4ff5b55e8c42b10dd875c573eb98549cfb9175c167bacc04e80d482359a119032215e9c174c9835d4325b6957425d7fcc681e3e7d43a037569f82102c6f59e8f33b62827f06c71e3cf9dbd2f4b090ce6b842f0f5e4954546e6ee39ba10c97a00a49e0ca011fa6de9cbcb072b486a980dd6bb180b445", "b63107a06cf0a389612555db016ab6380a561b128febea64af628511df95352f8ace7d1671e1a40a9b78ea1083261c878310fa0a3820424f3eeac5e96c3b1fa65ad26577b86723fb9fe82d398cdf6797f04c86379845fb5f0ac05518c20f3b391646d08b54c9c2080fe11ce2fb6040ce56b77371f2494a4e33bbf1e4b75837612947dd08eb7d9d6f6d7744f2bb1813273b7b1fc1c12bfca3ebc60dfd196cc667c22f67ca9192ebe24ee1f4e18c8911fb04e1d811235d82abb9135ff1cde0151a7299dbfece344dcb4cb2cbf64c533160e1f08aab7bf8cbda5e59ae9a3c765b2b285fa18520d5f6f3d2909aa9e1f45bac9a84f10e72b064ea2c0422aa2b1111741ba665acd93ab1c2e4f759dc9ee1516d1e1b254a0d9f27552e35471549180fea796c00cf4bf870fcd2d3d971eaafb7aef58944a6dc300e2c946365dd8e0bd7e59593a5fbf44513e00a5c346a110d2fa7b962dbe59e60954131fcefde3565a4bf004d67f1779653462a95aba075b2a14e85cb189b7ae18e8787ac048e98e1093c5d5376faa019cb3f02dd03f3bfeb4f8a9f4612b4af6b5a41f359301a9f215ec11aaa219fce50adc754f2e4a1a1f04a875a3c63b99bb98a16e87a1b798ecbf16b14f9ad4b9fdce0b7656ccb19ca91887a708e73b7f1f7a7b929daceab1f7d6b81f10965e78e86cdcb36b44172c64c54e287809d5b0b69a5b00b2ea71555a143dc811dba8b2003e38648c91b6e4260e644d085fea70a58061ae023759c7dd538f1ef2e4895a3f69262b8b0b44ddd685408c54c61b0601964f52ce23122c63f1e2592912b503d7d3a580c5f6485846da7939508482ba475227f918a1179c4f0e8e6d9c10348d541e9f76787d8f048ec9dae161c60f6dc62fb02a8afa78a36abe12b1c03e1897c1eeb2a0071bc88b5b5698d4d585eae1be268092ac7c66f2ede91aa5c05becb1bd366f92a2093bcf906b94e0ea0e2b9e4c9afb887a90ba7b1dd2960ce2bc8b8835ec199f7045c17d9cf994723886a9f95e92b14735751827101f3b2c24e975e348e6714306ecc8ac433a5a7fc10cb27138a2ab89143b25bdf8cb41712ef4b2fedf64cf491ff0f349e679d47bd5a2fdde9a2ae9c99a7bbe94e577b58deab84cddc572453ccac1ac1efaf3519e279dac48e6fd0f1bb664af1c439937d6867d28186570d3685c68b121721ecb8aa839f9e01a267675c2f0a8f9695e2c339fbb4216555370776ea67af5a165d0602fe0b10e8fd97182cae9d210958d6171b16ebabef4d5fcdd68121913aed5ad6b461a9beb98b4b808d654f4a938c9afe21f25353f32ec372665e32d87d5d854b0d38eb5c2bb11498f619ffc8219ec6b99b759159503810da4d334a8059522baf2ce6c6439912e54945fc92f5f8e30bf79b99820bb860292ef2764a106ec18c93f8d40346c98fcf5a6e60886cab22f5c0511db09977c0527eab75e5544b29140e5375a9e6e8780d346ead799eff8fd2b1406ba6cebaca5a140965c0857bd7d2ebe7516275c483104e2d9b573a3f5b3027234861684b5b3a07a6fdd9103e191c1bfd06c2ddea2b0718652cdce1b35afd6dd5640fc0a1e428af31789d4cef7ddab24838a3be7a6c6f172bec87e48593074c354a93af067b5f4fc8e1fc7a895d619c637cc74bc554428baf07a4e7d05813ec67e0b1e73bf4e458dff1ead3b83b1f3006691df7c816ae55fd77d8f60066445e0c1080c19d15a87c1fcf0a47b4bf4cdcd6fc6b6ebb4b3bb88af5be802c3a7d48b20e6f4362853ce5ba028448ab6171594ffa479eee216a53f6b8e679eeff6be898b7a01e1a3089f97a011d82736470036033d695632778da28b71d9631758ae2391c2e2c44aa110538cbc4536e98d7f539ab0a3bb8e6decd6c5be832876e89943a7eb097032c9741bcfa251c6de4022c38ee7074f37514cb4b5859b89df2302e0a4835b0d4361f981874607a4851a1bbc70442f9624f81c257ed62eca46bd6b85ecc057f169fbf3cc345ad7793bbaceac60f0f211ed76d1bb513d2c1b41ddac90336fd4da3d38bc7513a19bb09bc10bd70077eb389a25c4087e98181699aff592bbb8b824d001d253f6427330c256c465d172069be352dd52abcf113a08bd767f3c2a75bbb1a191139ab86f86e861132a95ccc29cead06ca4b0a4d18d44660924ba24e3bccb194d0b2289164d6744a78208413cbd02fc97f1379ca3f20391e0c78f28d27cd7302c60d733876e95c24b6c8ff5fc83e29f35701cbc1bd367a90738fbcb6c39ce114d044b66b56f3130281693dc57a26d38605a24567d13e63a5534ae887e83545f4c04130aca4e1b10184a4b42e1e28e16a8e4691135f0a1b02e1276ed3fcc3bc648b271872ddc37757bd09c142ca0226ededd71b7fecd2c3e2cf3227785a7d58de13188f2410dad038d8d0c613e778aaecf0f42d1bcd15072ae62280c71f98b2528eb9253670ff434c4891cf7a06eebc184911c748acc61472a191f1c627e51d84f5b627377b7102273be3ba0e6daffda5c818de925750817379125b43081eb205e6bc36dd0554f47666fc689a17517b0691488b1e59ca1bd35689a145b1e079abe84f1ec17fff6d16f508e4604872092b8cbbcbf364b166a5d7c43743c24d7b0fae5985136c1ea8d3df6dd65aa4e506350a892b2f5a555ffc9a39095cdfabafcc0107bfc8da35af660687217eea10ae1f1d775ec7dd1a6b933aa0d3e072c839e6a3590ae581f8e2113c8d31a98be3a28ad0e60f4afa4c4c0c913cba5945f69a68aae7fc38edd1d4f01abea29c6bcf9124296c7247c1030aff43200676e81d9742046555a8641eb7c3f2ea64792a6f1a74a97b1b11dbdbd5fbab14964e90a5aef9dc8ebe3edc6773fe38b1a012e5fe52393a0889e8eb984ccc2b71e107b1413ac5f70331999c14613ee380900ecdab7af38dd03db8479f534ea22188ebe7176fa046f56fbe2b7e3761306ea90b03e60d4ed6a54032620ad6d509b7b03f1c638b1a653842c362ebc3994f339161116f54465bb8a79ee7b27e3b1e82bc12275679d6e8321a9006cfa0d81d1e4cd52c0e742fe07ad1fee91454bbdff814484c5e12752c90afd5b03a3f225c3a009b1f9cbc91e86e1bc71cfc8855a0f944f5456df773cf8651653e0e4ece76cf01347f187ca00af04fcd765076273a03458bd1b1c451655a18162973048ea4f74f249eca8825889678b5b2802199ea60be613de7d3a59bc1edf9d5533293056d566051b7939bd1f70eab10a04a42316029fb903ddd6551c92d9ac2bcd0249cf285c8805b2d2b3a251ffeafa33e47606448b0a77ffd08adb207aeb78aec9bdf719c8edaa42fb8b10d3e1c8540f1d9f32135d1f0216b0305fddcbba3643211b9c3c61eef1a09543243cb9914e35e3cabaa779a7fc4753a029296acf2dc29e538871dd364a25c0a1f7351735b21a2f661be64fdb6a6ba5d7ffe3c50fe562a4ac4c3595dbb55899f31f883148717e016e7937dc2e99bab6aea6e8287e6c4cf68c37754e9da4ca301fcfab6acbb9e0be907802be1df2fe57da7c9b8290326b77cae5b81309b80d1e1c9c422f63194073f2f77d7c1edd8b12b7f937bfaad95925e261c0a4a44df71a38bab0ce8462160c4cfbfc69c57eb1f3d83cd30fb7de4906401d4fc95cb226207d2c310ee9dcdbc1345a2686de6189e31900fcd841d66663132c5dd7220c1f3a783c8c4e3898d8697b076bf2c34889e0b47704b1a84f83f2a8a93341ad0425aa50c8fe5c853f0305e839acb775f2adf015864dd67ae752242bd3cb94445f9b8020a3f4add4c452acb07c07304ead343a2008e327df29383d2650bc967e4c3f59002c0319e5bd42c3401740376c04770efd773bbe5ff4ab02f4a79f48f323de10722920c6a3a6500eeea7f8a7b3f54228b34178bbd7b5b772808535558f0535fc6f879c8a13d58e19675c3a4ce8eadf5fe717999d33170b763792f12f75ea96999999a5b98f736ea33576a1150b73b52402add104bf795f0d693d1f446b5d38b292ed29ba74cf40cca68475fce468f73c862eada3962a15b600a94c607376e3e27c809c480043eff5091f0261b59f4668f6871c29936bc208c0407d710e3c7246f03551c5bbace3b708ab48fc458ada8ac6e3929a8852414cc5008634bd38c55992678628c0becbc82a605ec60c3420265b511ed026838e10a3ca34f4da91a8cf4b03eaab8bde36c76f49adcb9884fc6fa8edf7bd5028ee6e5f7c892f390ca9ba232a30dd0c95e865cd9c1137454a877e399b83efe46634a38750753ee1e9b5e42ff858ae6df1e52d9e76c510bfeaab0dec535c9c6f867a2a65acf205f24184d27f6f58d21ea11879ef6f7f2fb93091354071b22425cc69eadaaac53ec9c5b3d4f3be189cce9027ff756bfb2d3759a5133f3e6fb9fcd0371bb26ea77fa4f18703d8c84e10cce69e08ad7e255b3e0e899bdba44047215979c256c9c3a6afbcb97f13a755a09ba9681f04ccba32efc0305a73c335099404b333c45874a5ae6bab57a6f7f28c6754137596eb975496371bee5a9f4fc80f3711dee4884780d22b7e9852e79f5778feed09181fccf83d64726d465fb592eb1fc0df70a28b4adfce3f4d28973a8cfc533ec697fc340f21d70cbf406100abb45eba044989305586d0daa8223e4968b43702f51f9e80c3ec2613e5ed032037d7963f1b7e4b1d436cff33bb39ef6d3259b249ca41a5e45e0a69407249bb2da8c6b9b41d117eb872538751136e613865ca75db4892d34279240bfe67166c69f0527602b884bac17a226d4614aacbc8839f8af9ae67ecab806a84516e1b62657137c86cc5abae9dab45d4a81335816dcfba900caf4907eecf2a64e0cc2cf4bc0519eaa6d14c140115802882c3379d8da9d8d4c169b83a55690e95a8217654ab98a67d1a141ed35c0adb8a19887ef6e7401bef2c2afde6e9fd101884652f7f1122b34af7bd598580db34bfab62a29815714fdec6d98ac9aed0c5aa48f630cb31c2df4daff3d72e20f137e7209f16c699d16a8016e464985f4c99b6f72609410e6fec4247a6bf44836b6584f56ef9d7beac061e6dae551c16b5d8596eec9931accd6b38209936cad51d6ab42373ac8a882a4ebf2f71a922b5fdbcdb058aaef2511ccc0f1952a918023462e9f01e6f7f1ac7e23793912f49db8164dd7b3267f768381a19b55f4b69e29dd1ff56c0cd7434742240324c352ade56dbd719e894f7a5839c248ae75a0e46a884de49d47a45817aa541da2c4d4741386f354bb1f1a7578a8a0fe073c85fb9fa5a95a980f9b475687f3485c792443e9a195525f53cbf3e18a985a182e4b19d99b9d997a80c851facdc2b59fc7a03c8709b650a2f35e7a1b975f3029b31ff6f4d4c6101fffe23479916f2b346ef6e82c72853d58b3e569e99087c6efb6cbc192168085f5a1d9898876ed95b6fb68c4cc0cfe7f23bcebf7aa9cbd6fdde40e056e67407a69783d3bea9109a0ec8957ad9f6e4676363e4ad364c78f8b3690ad9884cde978327c8e85b1553cef438f139dbee5a86dfdd118fa6e26e114311ec4c9d3870a888b521d529c1ea53d3f7052fc7fd071261a07beb1d0b3dd65d53cafd9d21de2cfa7859cd5d7ff9677d1dbaac877ab473456040e435d3e0b7fa6ee70eb173a5b549e68dba2ae71573be585073e0248eabf3c4e35f35ad30dbfa31662fef747eb1785b769a8ee8a8a634fa9ac380b80e9a95c49cb88a298772fca6107b2958a91e3841bcc3917a8e476ccad587687de2e482784499bbee163116d21a4b795e4141ec447225a6ba8834976ce24"}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e22, 0xfffffffc, @private1}, 0x1c) listen(r3, 0x6acd) ppoll(&(0x7f0000000000)=[{r3, 0x1444}], 0x1, 0x0, 0x0, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @any, 0x0, 0x2}, 0xe) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000240)={0x0, 0x0}) fcntl$setown(r1, 0x8, r7) sendmsg$inet_sctp(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000380)="a17f4dc991c093214b555b0f3a7ea8b288d0437698843d648c174082ac889843ad413cc0eddda76d37a8e8c586deea37d60d048fb6ede3d6f7e4eed5987dc9600ea1c3e9ed5120b560c3379087388352cf875d", 0x53}, {&(0x7f0000000440)="5d8eeacb2c5b028e8c3a3b59c0e991d872f814a53e577ecd442e62f17247625d2dc90f9e6a6cec4c817cf032aa", 0x2d}], 0x2}, 0x0) r8 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) quotactl_fd$Q_SETINFO(r8, 0xffffffff80000600, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r8, 0x4010640d, &(0x7f00000002c0)={0x11}) socket(0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) kernel console output (not intermixed with test programs): 000:0000.003A: unknown main item tag 0x0 [ 276.888277][ T8] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0 [ 276.890814][ T8] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0 [ 276.912184][ T8] hid-generic 0000:0000:0000.003A: hidraw1: HID v0.00 Device [syz0] on syz0 [ 277.052869][ T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 277.254224][T10931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1611'. [ 277.255963][ T10] usb 5-1: config 0 has no interfaces? [ 277.260718][ T10] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 277.281121][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.298590][ T10] usb 5-1: config 0 descriptor?? [ 277.607886][ T10] usb 5-1: USB disconnect, device number 28 [ 277.779238][T10941] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1613'. [ 277.985708][T10944] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1614'. [ 278.000346][T10944] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10944 comm=syz.3.1614 [ 278.024354][T10944] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1614'. [ 278.269466][T10956] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1618'. [ 278.911814][T10977] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10977 comm=syz.1.1624 [ 279.156724][T10988] openvswitch: netlink: IP tunnel attribute has 3060 unknown bytes. [ 279.219780][ T39] audit: type=1400 audit(1722209499.905:621): avc: denied { map } for pid=10987 comm="syz.2.1628" path="socket:[36602]" dev="sockfs" ino=36602 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 280.139216][ T39] audit: type=1400 audit(1722209500.825:622): avc: denied { sqpoll } for pid=11001 comm="syz.2.1631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 280.212301][ T39] audit: type=1800 audit(1722209500.895:623): pid=11000 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.1630" name="file1" dev="overlay" ino=1740 res=0 errno=0 [ 280.385654][T11010] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11010 comm=syz.2.1633 [ 280.515115][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 280.521127][T11020] openvswitch: netlink: IP tunnel attribute has 3060 unknown bytes. [ 280.895523][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.988310][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.104698][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.181089][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.200853][ T5353] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 281.205200][ T5353] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 281.209306][ T5353] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 281.213660][ T5353] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 281.217579][ T5353] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 281.220673][ T5353] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 281.586991][T11041] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11041 comm=syz.3.1643 [ 281.970608][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 281.977605][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 281.984680][ T11] bond0 (unregistering): Released all slaves [ 281.991169][ T39] audit: type=1800 audit(1722209502.675:624): pid=11048 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.1645" name="file1" dev="overlay" ino=507 res=0 errno=0 [ 282.008307][T11036] __nla_validate_parse: 11 callbacks suppressed [ 282.008317][T11036] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1643'. [ 282.022060][T11041] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1643'. [ 282.032913][T11049] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1644'. [ 282.123814][T11058] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1647'. [ 282.127998][T11058] openvswitch: netlink: IP tunnel attribute has 3060 unknown bytes. [ 282.215335][T11028] chnl_net:caif_netlink_parms(): no params data found [ 282.655628][T11028] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.658690][T11028] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.661782][T11028] bridge_slave_0: entered allmulticast mode [ 282.678799][T11028] bridge_slave_0: entered promiscuous mode [ 282.693835][ T11] hsr_slave_0: left promiscuous mode [ 282.697786][ T11] hsr_slave_1: left promiscuous mode [ 282.737063][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 282.740241][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 282.746027][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 282.748994][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 282.798661][ T11] veth0_macvtap: left promiscuous mode [ 282.801168][ T11] veth1_vlan: left promiscuous mode [ 282.803799][ T11] veth0_vlan: left promiscuous mode [ 282.955180][ T5343] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 282.959176][ T5343] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 282.965273][ T5343] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 282.969996][ T5343] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 282.973299][ T5343] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 282.976047][ T5343] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 283.266209][ T5353] Bluetooth: hci2: command tx timeout [ 283.683550][T11086] fuse: Bad value for 'fd' [ 283.790141][T11090] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1657'. [ 283.795714][T11090] openvswitch: netlink: IP tunnel attribute has 3060 unknown bytes. [ 284.035313][ T11] team0 (unregistering): Port device team_slave_1 removed [ 284.139375][ T11] team0 (unregistering): Port device team_slave_0 removed [ 284.743281][T11028] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.746471][T11028] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.749613][T11028] bridge_slave_1: entered allmulticast mode [ 284.753984][T11028] bridge_slave_1: entered promiscuous mode [ 284.843314][T11028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.867465][T11028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.921142][T11102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1659'. [ 284.965249][T11028] team0: Port device team_slave_0 added [ 284.974687][T11028] team0: Port device team_slave_1 added [ 285.022957][ T5353] Bluetooth: hci3: command tx timeout [ 285.046032][T11028] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.046412][ T39] audit: type=1326 audit(1722209505.735:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11109 comm="syz.2.1661" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41bcb77299 code=0x7fc00000 [ 285.049047][T11028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.072085][T11028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.076973][ T39] audit: type=1326 audit(1722209505.755:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11109 comm="syz.2.1661" exe="/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f41bcb77299 code=0x7fc00000 [ 285.092393][T11028] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.095836][ T39] audit: type=1326 audit(1722209505.755:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11109 comm="syz.2.1661" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41bcb77299 code=0x7fc00000 [ 285.105762][T11028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.105780][T11028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.122971][ T39] audit: type=1326 audit(1722209505.755:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11109 comm="syz.2.1661" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41bcb77299 code=0x7fc00000 [ 285.137613][ T39] audit: type=1326 audit(1722209505.755:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11109 comm="syz.2.1661" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41bcb77299 code=0x7fc00000 [ 285.146233][ T39] audit: type=1326 audit(1722209505.755:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11109 comm="syz.2.1661" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41bcb77299 code=0x7fc00000 [ 285.154606][ T39] audit: type=1326 audit(1722209505.755:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11109 comm="syz.2.1661" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41bcb77299 code=0x7fc00000 [ 285.162278][ T39] audit: type=1326 audit(1722209505.755:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11109 comm="syz.2.1661" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41bcb77299 code=0x7fc00000 [ 285.171618][ T39] audit: type=1326 audit(1722209505.755:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11109 comm="syz.2.1661" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41bcb77299 code=0x7fc00000 [ 285.181043][ T39] audit: type=1326 audit(1722209505.755:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11109 comm="syz.2.1661" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41bcb77299 code=0x7fc00000 [ 285.225814][T11028] hsr_slave_0: entered promiscuous mode [ 285.230474][T11028] hsr_slave_1: entered promiscuous mode [ 285.235164][T11124] trusted_key: encrypted_key: insufficient parameters specified [ 285.249262][T11124] trusted_key: encrypted_key: insufficient parameters specified [ 285.334045][T11074] chnl_net:caif_netlink_parms(): no params data found [ 285.357979][ T5353] Bluetooth: hci2: command tx timeout [ 285.464633][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.533583][ T56] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 285.549574][T11074] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.552186][T11074] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.555823][T11074] bridge_slave_0: entered allmulticast mode [ 285.559037][T11074] bridge_slave_0: entered promiscuous mode [ 285.562439][T11074] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.565336][T11074] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.567807][T11074] bridge_slave_1: entered allmulticast mode [ 285.570711][T11074] bridge_slave_1: entered promiscuous mode [ 285.583129][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.645925][T11074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.663592][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.672301][T11074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 285.713015][ T56] usb 7-1: Using ep0 maxpacket: 8 [ 285.717194][ T56] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 285.719879][ T56] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 285.723604][ T56] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 285.727922][ T56] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 285.731307][ T56] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 285.736770][ T56] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 285.739825][ T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.758634][T11074] team0: Port device team_slave_0 added [ 285.763728][T11074] team0: Port device team_slave_1 added [ 285.777939][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.926079][T11074] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.928931][T11074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.940994][T11074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.947709][T11074] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.950486][T11074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.952099][ T56] usb 7-1: usb_control_msg returned -32 [ 285.961434][T11074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.966774][ T56] usbtmc 7-1:16.0: can't read capabilities [ 285.975496][ T56] usb 7-1: USB disconnect, device number 23 [ 286.053688][T11074] hsr_slave_0: entered promiscuous mode [ 286.057133][T11074] hsr_slave_1: entered promiscuous mode [ 286.060433][T11074] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 286.063770][T11074] Cannot create hsr debugfs directory [ 286.169025][ T11] bridge_slave_1: left allmulticast mode [ 286.171259][ T11] bridge_slave_1: left promiscuous mode [ 286.174092][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.179511][ T11] bridge_slave_0: left allmulticast mode [ 286.181960][ T11] bridge_slave_0: left promiscuous mode [ 286.184788][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.626125][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 286.634056][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 286.640160][ T11] bond0 (unregistering): Released all slaves [ 286.714566][T11028] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 286.766966][T11139] block nbd3: shutting down sockets [ 286.834154][T11028] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 286.842248][T11028] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 286.862055][T11028] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 287.103096][ T5353] Bluetooth: hci3: command tx timeout [ 287.153296][T11028] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.198668][T11028] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.203964][ T11] hsr_slave_0: left promiscuous mode [ 287.206438][ T11] hsr_slave_1: left promiscuous mode [ 287.208992][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.211597][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 287.215562][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 287.218109][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 287.239938][ T11] veth1_macvtap: left promiscuous mode [ 287.242537][ T11] veth0_macvtap: left promiscuous mode [ 287.246084][ T11] veth1_vlan: left promiscuous mode [ 287.247967][ T11] veth0_vlan: left promiscuous mode [ 287.432808][ T5353] Bluetooth: hci2: command tx timeout [ 288.073141][ T11] team0 (unregistering): Port device team_slave_1 removed [ 288.148703][ T11] team0 (unregistering): Port device team_slave_0 removed [ 288.798242][ T1288] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.801296][ T1288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 288.806934][ T1288] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.809967][ T1288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 288.935260][T11161] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1673'. [ 288.981663][T11028] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 289.048275][T11074] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 289.073534][T11074] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 289.090406][T11028] veth0_vlan: entered promiscuous mode [ 289.095983][T11074] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 289.111404][T11074] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 289.129582][T11028] veth1_vlan: entered promiscuous mode [ 289.154902][T11028] veth0_macvtap: entered promiscuous mode [ 289.159418][T11028] veth1_macvtap: entered promiscuous mode [ 289.192701][ T5353] Bluetooth: hci3: command tx timeout [ 289.199246][T11028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 289.205953][T11028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.210028][T11028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 289.215753][T11028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.220339][T11028] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 289.237533][T11028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 289.241000][T11028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.245068][T11028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 289.248589][T11028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.253129][T11028] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 289.274819][T11028] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.278436][T11028] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.282188][T11028] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.286741][T11028] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.323420][T11074] 8021q: adding VLAN 0 to HW filter on device bond0 [ 289.385388][T11074] 8021q: adding VLAN 0 to HW filter on device team0 [ 289.409926][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.416062][ T5343] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 289.420414][ T5343] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 289.425103][ T5343] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 289.429243][ T5343] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 289.432478][ T5343] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 289.432539][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.435550][ T5343] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 289.438123][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.456871][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.459508][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 289.499830][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.504050][ T5343] Bluetooth: hci2: command tx timeout [ 289.526088][ T832] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.528968][ T832] bridge0: port 2(bridge_slave_1) entered forwarding state [ 289.543576][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.547587][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.594361][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.664916][T11074] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 289.684025][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.700754][T11200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1641'. [ 289.845256][T11187] chnl_net:caif_netlink_parms(): no params data found [ 289.862943][T11074] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 289.913482][ T11] bridge_slave_1: left allmulticast mode [ 289.915537][ T11] bridge_slave_1: left promiscuous mode [ 289.918184][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.926036][ T11] bridge_slave_0: left allmulticast mode [ 289.928452][ T11] bridge_slave_0: left promiscuous mode [ 289.931103][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.220612][ T39] kauditd_printk_skb: 34 callbacks suppressed [ 290.220627][ T39] audit: type=1400 audit(1722209510.905:669): avc: denied { shutdown } for pid=11215 comm="syz.3.1677" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 290.304190][ T5343] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 290.365841][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 290.372935][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 290.379460][ T11] bond0 (unregistering): Released all slaves [ 290.528783][T11187] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.531779][T11187] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.535998][T11187] bridge_slave_0: entered allmulticast mode [ 290.539280][T11187] bridge_slave_0: entered promiscuous mode [ 290.581207][T11187] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.584275][T11187] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.586728][T11187] bridge_slave_1: entered allmulticast mode [ 290.589436][T11187] bridge_slave_1: entered promiscuous mode [ 290.643164][T11187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 290.704280][T11187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 290.733449][T11232] FAULT_INJECTION: forcing a failure. [ 290.733449][T11232] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 290.739236][T11232] CPU: 0 UID: 0 PID: 11232 Comm: syz.1.1678 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 290.743760][T11232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 290.748354][T11232] Call Trace: [ 290.749824][T11232] [ 290.751176][T11232] dump_stack_lvl+0x16c/0x1f0 [ 290.753381][T11232] should_fail_ex+0x497/0x5b0 [ 290.755553][T11232] ? fs_reclaim_acquire+0xae/0x160 [ 290.757919][T11232] should_fail_alloc_page+0xe7/0x130 [ 290.760344][T11232] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 290.763128][T11232] __alloc_pages_noprof+0x194/0x2460 [ 290.765667][T11232] ? __alloc_pages_noprof+0x40c/0x2460 [ 290.768098][T11232] ? hlock_class+0x4e/0x130 [ 290.770112][T11232] ? hlock_class+0x4e/0x130 [ 290.772152][T11232] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 290.774778][T11232] ? __pfx___lock_acquire+0x10/0x10 [ 290.777207][T11232] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 290.779986][T11232] ? policy_nodemask+0xea/0x4e0 [ 290.782376][T11232] alloc_pages_mpol_noprof+0x275/0x610 [ 290.784771][T11232] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 290.787448][T11232] ? do_raw_spin_lock+0x12d/0x2c0 [ 290.789431][T11232] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 290.791718][T11232] ? mark_held_locks+0x9f/0xe0 [ 290.793542][T11232] __pmd_alloc+0x3f/0x820 [ 290.795313][T11232] __handle_mm_fault+0x947/0x5660 [ 290.797093][T11232] ? __pfx_mt_find+0x10/0x10 [ 290.798921][T11232] ? __pfx_lock_release+0x10/0x10 [ 290.800765][T11232] ? __pfx___handle_mm_fault+0x10/0x10 [ 290.802968][T11232] ? no_page_table+0xc7/0x230 [ 290.804846][T11232] ? vma_pgtable_walk_end+0x3d/0x70 [ 290.806692][T11232] handle_mm_fault+0x44e/0x7b0 [ 290.808834][T11232] __get_user_pages+0x475/0x15c0 [ 290.811090][T11232] ? __pfx___get_user_pages+0x10/0x10 [ 290.813548][T11232] get_user_pages_remote+0x25e/0xb30 [ 290.815977][T11232] ? __pfx_get_user_pages_remote+0x10/0x10 [ 290.818660][T11232] ? down_read+0xc9/0x330 [ 290.820552][T11232] ? __might_fault+0x13b/0x190 [ 290.822440][T11232] get_arg_page+0x13e/0x640 [ 290.824495][T11232] ? __pfx_get_arg_page+0x10/0x10 [ 290.826774][T11232] ? __might_fault+0xe3/0x190 [ 290.828975][T11232] copy_string_kernel+0x199/0x240 [ 290.831284][T11232] ? count.constprop.0.isra.0+0xf4/0x170 [ 290.833821][T11232] do_execveat_common.isra.0+0x34e/0x630 [ 290.836068][T11232] __x64_sys_execve+0x8c/0xb0 [ 290.838118][T11232] do_syscall_64+0xcd/0x250 [ 290.839927][T11232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.842264][T11232] RIP: 0033:0x7f42ffb77299 [ 290.844355][T11232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.852782][T11232] RSP: 002b:00007f4300985048 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 290.856974][T11232] RAX: ffffffffffffffda RBX: 00007f42ffd06058 RCX: 00007f42ffb77299 [ 290.860264][T11232] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000020000280 [ 290.863035][T11232] RBP: 00007f43009850a0 R08: 0000000000000000 R09: 0000000000000000 [ 290.865847][T11232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 290.869021][T11232] R13: 000000000000006e R14: 00007f42ffd06058 R15: 00007ffcd23eb418 [ 290.872703][T11232] [ 290.935898][T11074] veth0_vlan: entered promiscuous mode [ 290.976676][T11187] team0: Port device team_slave_0 added [ 290.987307][T11187] team0: Port device team_slave_1 added [ 291.034964][ T11] hsr_slave_0: left promiscuous mode [ 291.053334][ T11] hsr_slave_1: left promiscuous mode [ 291.063427][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 291.066633][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 291.073161][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 291.082672][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 291.143800][ T11] veth1_macvtap: left promiscuous mode [ 291.146476][ T11] veth0_macvtap: left promiscuous mode [ 291.150958][ T11] veth1_vlan: left promiscuous mode [ 291.153232][ T11] veth0_vlan: left promiscuous mode [ 291.262783][ T5343] Bluetooth: hci3: command tx timeout [ 291.503267][ T5343] Bluetooth: hci1: command tx timeout [ 292.008642][T11246] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1682'. [ 292.072988][ T11] team0 (unregistering): Port device team_slave_1 removed [ 292.171257][ T11] team0 (unregistering): Port device team_slave_0 removed [ 292.758418][T11243] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1680'. [ 292.783052][T11187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 292.785819][T11187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 292.797307][T11187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 292.804973][T11187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 292.808189][T11187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 292.825979][T11187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 292.837186][T11074] veth1_vlan: entered promiscuous mode [ 292.905123][T11187] hsr_slave_0: entered promiscuous mode [ 292.908002][T11187] hsr_slave_1: entered promiscuous mode [ 292.911294][T11187] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 292.918728][T11187] Cannot create hsr debugfs directory [ 292.981432][T11258] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 292.985255][T11258] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 293.152537][T11074] veth0_macvtap: entered promiscuous mode [ 293.160249][T11074] veth1_macvtap: entered promiscuous mode [ 293.203615][T11074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.208210][T11074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.212552][T11074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.219791][T11074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.226247][T11074] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 293.265723][T11074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.269583][T11074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.274481][T11074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.278034][T11074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.282355][T11074] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 293.290338][T11074] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.294137][T11074] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.297253][T11074] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.300237][T11074] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.418876][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.422035][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.439548][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.443626][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.593455][ T5343] Bluetooth: hci1: command tx timeout [ 293.627716][T11187] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 293.644852][T11187] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 293.661550][T11187] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 293.673739][T11187] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 293.820239][T11187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 293.855781][T11187] 8021q: adding VLAN 0 to HW filter on device team0 [ 293.883831][ T5568] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.886480][ T5568] bridge0: port 1(bridge_slave_0) entered forwarding state [ 293.914900][ T5568] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.917800][ T5568] bridge0: port 2(bridge_slave_1) entered forwarding state [ 293.939853][T11295] FAULT_INJECTION: forcing a failure. [ 293.939853][T11295] name failslab, interval 1, probability 0, space 0, times 0 [ 293.950118][T11187] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 293.950173][T11295] CPU: 0 UID: 0 PID: 11295 Comm: syz.0.1687 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 293.958935][T11295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 293.963863][T11295] Call Trace: [ 293.965410][T11295] [ 293.966748][T11295] dump_stack_lvl+0x16c/0x1f0 [ 293.968888][T11295] should_fail_ex+0x497/0x5b0 [ 293.971029][T11295] ? fs_reclaim_acquire+0xae/0x160 [ 293.973325][T11295] should_failslab+0xc2/0x120 [ 293.975446][T11295] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 293.977859][T11295] ? key_alloc+0x3e3/0x13a0 [ 293.979896][T11295] key_alloc+0x3e3/0x13a0 [ 293.981866][T11295] ? __pfx_key_alloc+0x10/0x10 [ 293.983992][T11295] __key_create_or_update+0x71f/0xe10 [ 293.986346][T11295] ? __pfx___key_create_or_update+0x10/0x10 [ 293.988865][T11295] ? lookup_user_key+0x2ca/0x12f0 [ 293.991107][T11295] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 293.993884][T11295] key_create_or_update+0x42/0x60 [ 293.996031][T11295] __do_sys_add_key+0x29c/0x460 [ 293.998123][T11295] ? __pfx___do_sys_add_key+0x10/0x10 [ 294.000430][T11295] ? ksys_write+0x1ab/0x260 [ 294.002459][T11295] ? __secure_computing+0x273/0x3f0 [ 294.004859][T11295] do_syscall_64+0xcd/0x250 [ 294.007003][T11295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.009659][T11295] RIP: 0033:0x7f06dc977299 [ 294.011753][T11295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.020374][T11295] RSP: 002b:00007f06dd6cb048 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 294.024175][T11295] RAX: ffffffffffffffda RBX: 00007f06dcb05f80 RCX: 00007f06dc977299 [ 294.027718][T11295] RDX: 00000000200000c0 RSI: 0000000020000440 RDI: 0000000020000200 [ 294.031359][T11295] RBP: 00007f06dd6cb0a0 R08: fffffffffffffffd R09: 0000000000000000 [ 294.034868][T11295] R10: 000000000000014b R11: 0000000000000246 R12: 0000000000000002 [ 294.038385][T11295] R13: 000000000000000b R14: 00007f06dcb05f80 R15: 00007ffc8d97c198 [ 294.041875][T11295] [ 294.151256][T11187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 294.185726][T11187] veth0_vlan: entered promiscuous mode [ 294.194156][T11187] veth1_vlan: entered promiscuous mode [ 294.212701][T11187] veth0_macvtap: entered promiscuous mode [ 294.218033][T11187] veth1_macvtap: entered promiscuous mode [ 294.236742][T11187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.240310][T11187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.244486][T11187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.248016][T11187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.251319][T11187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.255605][T11187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.261320][T11187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 294.270503][T11187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.275326][T11187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.279559][T11187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.284254][T11187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.288068][T11187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.292517][T11187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.296953][T11187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 294.305320][T11187] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.308446][T11187] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.311339][T11187] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.314732][T11187] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.361895][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 294.371717][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 294.393857][ T39] audit: type=1400 audit(1722209515.085:670): avc: denied { map } for pid=11307 comm="syz.0.1690" path="socket:[39569]" dev="sockfs" ino=39569 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 294.394267][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 294.407584][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.493645][ T10] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 295.662788][ T5343] Bluetooth: hci1: command tx timeout [ 295.688205][ T10] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 295.693504][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 295.697726][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 295.702031][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 295.707899][ T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 295.711935][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.717996][ T10] usb 5-1: config 0 descriptor?? [ 296.128329][ T10] plantronics 0003:047F:FFFF.003B: unknown main item tag 0x0 [ 296.130934][ T10] plantronics 0003:047F:FFFF.003B: unknown main item tag 0x0 [ 296.134249][ T10] plantronics 0003:047F:FFFF.003B: unknown main item tag 0x0 [ 296.137618][ T10] plantronics 0003:047F:FFFF.003B: unknown main item tag 0x0 [ 296.140922][ T10] plantronics 0003:047F:FFFF.003B: unknown main item tag 0x0 [ 296.147511][ T10] plantronics 0003:047F:FFFF.003B: No inputs registered, leaving [ 296.158041][ T10] plantronics 0003:047F:FFFF.003B: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 296.371178][T11326] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1695'. [ 296.576725][T11313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 296.584130][T11313] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.626403][ T10] usb 5-1: USB disconnect, device number 29 [ 296.773610][ T39] audit: type=1326 audit(1722209517.465:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11328 comm="syz.3.1696" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faa8e977299 code=0x0 [ 297.138688][ T39] audit: type=1400 audit(1722209517.825:672): avc: denied { create } for pid=11331 comm="syz.2.1697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 297.140352][T11332] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1697'. [ 297.155460][ T39] audit: type=1400 audit(1722209517.845:673): avc: denied { write } for pid=11331 comm="syz.2.1697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 297.307312][ T39] audit: type=1400 audit(1722209517.995:674): avc: denied { map } for pid=11335 comm="syz.0.1698" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 297.309301][T11339] binder: BINDER_SET_CONTEXT_MGR already set [ 297.319780][T11339] binder: 11335:11339 ioctl 4018620d 20000040 returned -16 [ 297.323936][T11338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1699'. [ 297.388623][ T39] audit: type=1400 audit(1722209518.075:675): avc: denied { accept } for pid=11328 comm="syz.3.1696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 297.742714][ T5343] Bluetooth: hci1: command tx timeout [ 298.158435][T11339] syz.0.1698 (11339): drop_caches: 2 [ 298.302375][T11345] block nbd0: shutting down sockets [ 298.578855][T11356] FAULT_INJECTION: forcing a failure. [ 298.578855][T11356] name failslab, interval 1, probability 0, space 0, times 0 [ 298.585463][T11356] CPU: 3 UID: 0 PID: 11356 Comm: syz.3.1703 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 298.589869][T11356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 298.594159][T11356] Call Trace: [ 298.595654][T11356] [ 298.596983][T11356] dump_stack_lvl+0x16c/0x1f0 [ 298.599076][T11356] should_fail_ex+0x497/0x5b0 [ 298.601126][T11356] ? __pfx_lock_acquire+0x10/0x10 [ 298.603194][T11356] should_failslab+0xc2/0x120 [ 298.605270][T11356] __kmalloc_node_track_caller_noprof+0xcf/0x430 [ 298.607941][T11356] ? sidtab_sid2str_get+0x17a/0x680 [ 298.610154][T11356] kmemdup_noprof+0x29/0x60 [ 298.611865][T11356] sidtab_sid2str_get+0x17a/0x680 [ 298.614062][T11356] sidtab_entry_to_string+0x33/0x110 [ 298.616275][T11356] security_sid_to_context_core+0x35c/0x640 [ 298.618642][T11356] selinux_inode_getsecurity+0x242/0x290 [ 298.621150][T11356] ? __pfx_selinux_inode_getsecurity+0x10/0x10 [ 298.623947][T11356] security_inode_getsecurity+0xea/0x150 [ 298.626027][T11356] vfs_getxattr+0x1a0/0x290 [ 298.627643][T11356] ? __pfx_vfs_getxattr+0x10/0x10 [ 298.629533][T11356] ovl_other_xattr_get+0xf6/0x160 [ 298.631573][T11356] ? __pfx_ovl_other_xattr_get+0x10/0x10 [ 298.633824][T11356] ? xattr_resolve_name+0x27b/0x3f0 [ 298.636124][T11356] ? __pfx_ovl_other_xattr_get+0x10/0x10 [ 298.638336][T11356] __vfs_getxattr+0x13b/0x1a0 [ 298.640306][T11356] ? __pfx___vfs_getxattr+0x10/0x10 [ 298.642463][T11356] inode_doinit_use_xattr+0xb5/0x410 [ 298.644875][T11356] inode_doinit_with_dentry+0x51f/0x12c0 [ 298.647333][T11356] ? __pfx_inode_doinit_with_dentry+0x10/0x10 [ 298.649919][T11356] ? mark_held_locks+0x9f/0xe0 [ 298.652085][T11356] selinux_d_instantiate+0x26/0x30 [ 298.654432][T11356] security_d_instantiate+0x57/0xf0 [ 298.656785][T11356] d_splice_alias+0x94/0xdf0 [ 298.658880][T11356] ovl_lookup+0xe8c/0x21f0 [ 298.660902][T11356] ? __pfx_ovl_lookup+0x10/0x10 [ 298.663137][T11356] ? __pfx_d_alloc_parallel+0x10/0x10 [ 298.665535][T11356] ? __d_lookup+0x266/0x4a0 [ 298.667527][T11356] ? __pfx_ovl_lookup+0x10/0x10 [ 298.669693][T11356] lookup_open.isra.0+0x928/0x13c0 [ 298.671960][T11356] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 298.674344][T11356] ? __startup_64+0x120/0x2a0 [ 298.676400][T11356] ? __startup_64+0x120/0x2a0 [ 298.678491][T11356] ? mnt_get_write_access+0x20c/0x300 [ 298.680785][T11356] path_openat+0xa3b/0x2d20 [ 298.682640][T11356] ? __pfx_path_openat+0x10/0x10 [ 298.684796][T11356] ? __pfx___lock_acquire+0x10/0x10 [ 298.687087][T11356] ? find_held_lock+0x2d/0x110 [ 298.689229][T11356] do_filp_open+0x1dc/0x430 [ 298.691287][T11356] ? __pfx_do_filp_open+0x10/0x10 [ 298.693564][T11356] ? find_held_lock+0x2d/0x110 [ 298.695648][T11356] ? _raw_spin_unlock+0x28/0x50 [ 298.697754][T11356] ? alloc_fd+0x2d7/0x6c0 [ 298.699608][T11356] do_sys_openat2+0x17a/0x1e0 [ 298.701311][T11356] ? __pfx_do_sys_openat2+0x10/0x10 [ 298.703450][T11356] __x64_sys_openat+0x175/0x210 [ 298.705660][T11356] ? __pfx___x64_sys_openat+0x10/0x10 [ 298.708076][T11356] ? ksys_write+0x1ab/0x260 [ 298.710153][T11356] do_syscall_64+0xcd/0x250 [ 298.712179][T11356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.714222][T11356] RIP: 0033:0x7faa8e977299 [ 298.715884][T11356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.724022][T11356] RSP: 002b:00007faa8f740048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 298.727608][T11356] RAX: ffffffffffffffda RBX: 00007faa8eb05f80 RCX: 00007faa8e977299 [ 298.731021][T11356] RDX: 0000000000003f00 RSI: 0000000020000100 RDI: ffffffffffffff9c [ 298.734454][T11356] RBP: 00007faa8f7400a0 R08: 0000000000000000 R09: 0000000000000000 [ 298.737893][T11356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 298.741262][T11356] R13: 000000000000000b R14: 00007faa8eb05f80 R15: 00007ffcc007e138 [ 298.744648][T11356] [ 298.752348][T11356] SELinux: inode_doinit_use_xattr: getxattr returned 12 for dev=overlay ino=417 [ 298.817942][T11358] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1704'. [ 298.826653][T11358] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11358 comm=syz.3.1704 [ 298.833145][T11358] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1704'. [ 298.948715][T11364] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1705'. [ 299.739857][T11366] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1707'. [ 299.747595][T11366] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11366 comm=syz.1.1707 [ 299.755852][T11366] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1707'. [ 299.772866][T11366] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.863508][T11366] bridge_slave_1 (unregistering): left allmulticast mode [ 299.866188][T11366] bridge_slave_1 (unregistering): left promiscuous mode [ 299.869182][T11366] bridge0: port 2(bridge_slave_1) entered disabled state [ 300.067353][ T39] audit: type=1326 audit(1722209520.755:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11367 comm="syz.1.1708" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f42ffb77299 code=0x0 [ 300.990160][ T39] audit: type=1804 audit(1722209521.675:677): pid=11372 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1709" name="/newroot/6/bus/file0" dev="overlay" ino=56 res=1 errno=0 [ 301.065491][T11380] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1712'. [ 301.183944][T11385] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1714'. [ 301.190235][T11385] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11385 comm=syz.1.1714 [ 301.196636][T11385] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 301.319980][T11385] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 301.372728][ T3763] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 301.506684][T11391] __nla_validate_parse: 1 callbacks suppressed [ 301.506695][T11391] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1715'. [ 301.554514][ T3763] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 301.559975][ T3763] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 301.578158][ T3763] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 301.582475][ T3763] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 301.588313][ T3763] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 301.592318][ T3763] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.597641][ T3763] usb 7-1: config 0 descriptor?? [ 301.979153][T11395] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1717'. [ 302.016659][ T3763] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 302.019858][ T3763] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 302.023218][ T3763] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 302.026546][ T3763] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 302.029832][ T3763] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 302.033926][ T3763] plantronics 0003:047F:FFFF.003C: No inputs registered, leaving [ 302.046834][ T3763] plantronics 0003:047F:FFFF.003C: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 302.397733][ T39] audit: type=1326 audit(1722209752.092:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11402 comm="syz.1.1719" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f42ffb77299 code=0x0 [ 302.498073][T11383] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 302.504842][T11383] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 302.559677][ T3763] usb 7-1: USB disconnect, device number 24 [ 303.042453][ T39] audit: type=1400 audit(1722209752.732:679): avc: denied { unmount } for pid=10137 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 303.077855][T11410] FAULT_INJECTION: forcing a failure. [ 303.077855][T11410] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 303.084552][T11410] CPU: 0 UID: 0 PID: 11410 Comm: syz.3.1721 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 303.089077][T11410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 303.093798][T11410] Call Trace: [ 303.095234][T11410] [ 303.096519][T11410] dump_stack_lvl+0x16c/0x1f0 [ 303.098569][T11410] should_fail_ex+0x497/0x5b0 [ 303.100627][T11410] ? fs_reclaim_acquire+0xae/0x160 [ 303.102906][T11410] should_fail_alloc_page+0xe7/0x130 [ 303.105192][T11410] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 303.107818][T11410] ? mark_lock+0xb5/0xc60 [ 303.109697][T11410] __alloc_pages_noprof+0x194/0x2460 [ 303.111939][T11410] ? __pfx_register_lock_class+0x10/0x10 [ 303.114233][T11410] ? tomoyo_check_open_permission+0x19d/0x3b0 [ 303.116813][T11410] ? hlock_class+0x4e/0x130 [ 303.118779][T11410] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 303.121250][T11410] ? hlock_class+0x4e/0x130 [ 303.123231][T11410] ? __lock_acquire+0xbdd/0x3cb0 [ 303.125392][T11410] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 303.128218][T11410] ? policy_nodemask+0xea/0x4e0 [ 303.130131][T11410] alloc_pages_mpol_noprof+0x275/0x610 [ 303.132072][T11410] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 303.134377][T11410] ? mt_find+0x82f/0xa20 [ 303.135865][T11410] ? __pfx_lock_release+0x10/0x10 [ 303.137738][T11410] __pmd_alloc+0x3f/0x820 [ 303.139300][T11410] __handle_mm_fault+0x947/0x5660 [ 303.141213][T11410] ? __pfx_mt_find+0x10/0x10 [ 303.142998][T11410] ? __pfx___handle_mm_fault+0x10/0x10 [ 303.145204][T11410] ? find_vma+0xc0/0x140 [ 303.146771][T11410] ? __pfx_find_vma+0x10/0x10 [ 303.148627][T11410] handle_mm_fault+0x44e/0x7b0 [ 303.150433][T11410] ? __pkru_allows_pkey+0x52/0xb0 [ 303.152541][T11410] do_user_addr_fault+0x7a3/0x13f0 [ 303.154795][T11410] exc_page_fault+0x5c/0xc0 [ 303.156592][T11410] asm_exc_page_fault+0x26/0x30 [ 303.158401][T11410] RIP: 0010:_copy_from_user+0xc1/0xf0 [ 303.160591][T11410] Code: 89 df e8 12 f1 07 fd 4d 85 f6 75 9e e8 98 f6 07 fd 0f ae e8 89 ee 4c 89 ef e8 7b 25 65 fd 0f 01 cb 48 89 e9 4c 89 ef 48 89 de a4 0f 1f 00 48 89 cb 0f 01 ca e9 73 ff ff ff e8 6a f6 07 fd 48 [ 303.168778][T11410] RSP: 0018:ffffc9000345f9c0 EFLAGS: 00050297 [ 303.171379][T11410] RAX: 0000000000000001 RBX: 0000000020000bc0 RCX: 0000000000000004 [ 303.174878][T11410] RDX: fffff5200068bf4c RSI: 0000000020000bc0 RDI: ffffc9000345fa60 [ 303.178316][T11410] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff5200068bf4c [ 303.181716][T11410] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000020000bc4 [ 303.185466][T11410] R13: ffffc9000345fa60 R14: 0000000000000000 R15: ffff8880427b5012 [ 303.188825][T11410] do_ipv6_setsockopt+0x97d/0x47b0 [ 303.191065][T11410] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 303.193453][T11410] ? avc_has_perm_noaudit+0x143/0x3a0 [ 303.195751][T11410] ? avc_has_perm+0x11b/0x1c0 [ 303.197785][T11410] ? __pfx_avc_has_perm+0x10/0x10 [ 303.199955][T11410] ? __lock_acquire+0xbdd/0x3cb0 [ 303.202091][T11410] ? sock_has_perm+0x25a/0x2f0 [ 303.204140][T11410] ? __pfx_sock_has_perm+0x10/0x10 [ 303.206311][T11410] ? selinux_netlbl_socket_setsockopt+0x142/0x440 [ 303.208869][T11410] ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10 [ 303.211408][T11410] ? ipv6_setsockopt+0xe3/0x1a0 [ 303.213286][T11410] ipv6_setsockopt+0xe3/0x1a0 [ 303.215088][T11410] udpv6_setsockopt+0x7d/0xd0 [ 303.216884][T11410] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 303.219370][T11410] do_sock_setsockopt+0x222/0x480 [ 303.221563][T11410] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 303.223915][T11410] ? __fget_light+0x173/0x210 [ 303.225945][T11410] __sys_setsockopt+0x1a4/0x270 [ 303.227969][T11410] ? __pfx___sys_setsockopt+0x10/0x10 [ 303.230242][T11410] ? fput+0x32/0x390 [ 303.231913][T11410] ? ksys_write+0x1ab/0x260 [ 303.233825][T11410] ? __pfx_ksys_write+0x10/0x10 [ 303.235891][T11410] __x64_sys_setsockopt+0xbd/0x160 [ 303.238079][T11410] ? do_syscall_64+0x91/0x250 [ 303.240100][T11410] ? lockdep_hardirqs_on+0x7c/0x110 [ 303.242303][T11410] do_syscall_64+0xcd/0x250 [ 303.244270][T11410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.246785][T11410] RIP: 0033:0x7faa8e977299 [ 303.248692][T11410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.256765][T11410] RSP: 002b:00007faa8f740048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 303.260297][T11410] RAX: ffffffffffffffda RBX: 00007faa8eb05f80 RCX: 00007faa8e977299 [ 303.263731][T11410] RDX: 0000000000000030 RSI: 0000000000000029 RDI: 0000000000000003 [ 303.267113][T11410] RBP: 00007faa8f7400a0 R08: 0000000000000310 R09: 0000000000000000 [ 303.270219][T11410] R10: 0000000020000bc0 R11: 0000000000000246 R12: 0000000000000001 [ 303.273300][T11410] R13: 000000000000000b R14: 00007faa8eb05f80 R15: 00007ffcc007e138 [ 303.276650][T11410] [ 303.384615][T11424] FAULT_INJECTION: forcing a failure. [ 303.384615][T11424] name failslab, interval 1, probability 0, space 0, times 0 [ 303.391108][T11424] CPU: 3 UID: 0 PID: 11424 Comm: syz.1.1726 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 303.395598][T11424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 303.400365][T11424] Call Trace: [ 303.401834][T11424] [ 303.403138][T11424] dump_stack_lvl+0x16c/0x1f0 [ 303.405218][T11424] should_fail_ex+0x497/0x5b0 [ 303.407427][T11424] ? fs_reclaim_acquire+0xae/0x160 [ 303.409608][T11424] should_failslab+0xc2/0x120 [ 303.411624][T11424] __kmalloc_noprof+0xcb/0x400 [ 303.413708][T11424] ? __pfx_lock_acquire+0x10/0x10 [ 303.415814][T11424] tomoyo_realpath_from_path+0xb9/0x720 [ 303.418360][T11424] ? tomoyo_profile+0x47/0x60 [ 303.420403][T11424] tomoyo_path_number_perm+0x245/0x590 [ 303.422765][T11424] ? tomoyo_path_number_perm+0x232/0x590 [ 303.425203][T11424] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 303.428112][T11424] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 303.430771][T11424] ? __fget_files+0x256/0x400 [ 303.432664][T11424] security_file_ioctl+0x75/0xc0 [ 303.435045][T11424] __x64_sys_ioctl+0xbb/0x220 [ 303.436761][T11424] do_syscall_64+0xcd/0x250 [ 303.438590][T11424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.441251][T11424] RIP: 0033:0x7f42ffb77299 [ 303.442837][T11424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.450273][T11424] RSP: 002b:00007f43009a6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 303.453933][T11424] RAX: ffffffffffffffda RBX: 00007f42ffd05f80 RCX: 00007f42ffb77299 [ 303.456564][T11424] RDX: 0000000020000100 RSI: 0000000040046109 RDI: 0000000000000003 [ 303.459610][T11424] RBP: 00007f43009a60a0 R08: 0000000000000000 R09: 0000000000000000 [ 303.462412][T11424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.465854][T11424] R13: 000000000000000b R14: 00007f42ffd05f80 R15: 00007ffcd23eb418 [ 303.468995][T11424] usb_generic_handle_packet: ctrl buffer too small (16384 > 4096) [ 303.476026][T11424] ERROR: Out of memory at tomoyo_realpath_from_path. [ 303.734478][T11435] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1728'. [ 303.937484][T11437] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1729'. [ 304.964559][ T39] audit: type=1326 audit(1722209754.662:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11449 comm="syz.0.1735" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f06dc977299 code=0x0 [ 305.082247][ T39] audit: type=1400 audit(1722209754.772:681): avc: denied { create } for pid=11447 comm="syz.2.1734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 305.419769][T11456] syzkaller1: entered promiscuous mode [ 305.422341][T11456] syzkaller1: entered allmulticast mode [ 305.432142][T11456] netlink: 'syz.3.1736': attribute type 2 has an invalid length. [ 305.435201][T11456] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1736'. [ 306.659696][T11472] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1741'. [ 307.645928][ T39] audit: type=1400 audit(1722209757.342:682): avc: denied { block_suspend } for pid=11493 comm="syz.0.1748" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 307.691816][T11500] FAULT_INJECTION: forcing a failure. [ 307.691816][T11500] name failslab, interval 1, probability 0, space 0, times 0 [ 307.697220][T11500] CPU: 1 UID: 0 PID: 11500 Comm: syz.2.1749 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 307.701701][T11500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 307.706395][T11500] Call Trace: [ 307.707899][T11500] [ 307.709236][T11500] dump_stack_lvl+0x16c/0x1f0 [ 307.711325][T11500] should_fail_ex+0x497/0x5b0 [ 307.713452][T11500] ? fs_reclaim_acquire+0xae/0x160 [ 307.715785][T11500] should_failslab+0xc2/0x120 [ 307.717898][T11500] __kmalloc_noprof+0xcb/0x400 [ 307.720028][T11500] ? __pfx_lock_acquire+0x10/0x10 [ 307.722232][T11500] tomoyo_realpath_from_path+0xb9/0x720 [ 307.724767][T11500] ? tomoyo_profile+0x47/0x60 [ 307.726674][T11500] tomoyo_path_number_perm+0x245/0x590 [ 307.729048][T11500] ? tomoyo_path_number_perm+0x232/0x590 [ 307.731407][T11500] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 307.734129][T11500] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 307.736210][T11500] ? __fget_files+0x256/0x400 [ 307.737853][T11500] security_file_ioctl+0x75/0xc0 [ 307.738779][T11503] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1750'. [ 307.739542][T11500] __x64_sys_ioctl+0xbb/0x220 [ 307.745348][T11500] do_syscall_64+0xcd/0x250 [ 307.747070][T11500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.749387][T11500] RIP: 0033:0x7f2081b77299 [ 307.751147][T11500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.758131][T11500] RSP: 002b:00007f208297c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 307.761273][T11500] RAX: ffffffffffffffda RBX: 00007f2081d05f80 RCX: 00007f2081b77299 [ 307.764682][T11500] RDX: 0000000020000080 RSI: 000000004020aed2 RDI: 0000000000000004 [ 307.767759][T11500] RBP: 00007f208297c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 307.770980][T11500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.774186][T11500] R13: 000000000000000b R14: 00007f2081d05f80 R15: 00007fff18e456c8 [ 307.777459][T11500] [ 307.780664][T11500] ERROR: Out of memory at tomoyo_realpath_from_path. [ 308.743838][T11505] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 308.747950][T11509] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 308.751592][T11524] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1757'. [ 308.875833][T11531] FAULT_INJECTION: forcing a failure. [ 308.875833][T11531] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 308.877520][T11532] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1758'. [ 308.881047][T11531] CPU: 3 UID: 0 PID: 11531 Comm: syz.2.1759 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 308.889324][T11531] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 308.893823][T11531] Call Trace: [ 308.895210][T11531] [ 308.896467][T11531] dump_stack_lvl+0x16c/0x1f0 [ 308.898496][T11531] should_fail_ex+0x497/0x5b0 [ 308.900495][T11531] _copy_from_user+0x30/0xf0 [ 308.902469][T11531] copy_msghdr_from_user+0x99/0x160 [ 308.904637][T11531] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 308.907017][T11531] ? find_held_lock+0x2d/0x110 [ 308.909337][T11531] ? __pfx___lock_acquire+0x10/0x10 [ 308.911442][T11531] ___sys_sendmsg+0xff/0x1e0 [ 308.913380][T11531] ? __pfx____sys_sendmsg+0x10/0x10 [ 308.915597][T11531] ? ksys_write+0x21c/0x260 [ 308.917592][T11531] ? __fget_light+0x173/0x210 [ 308.919394][T11531] __sys_sendmsg+0x117/0x1f0 [ 308.921089][T11531] ? __pfx___sys_sendmsg+0x10/0x10 [ 308.923158][T11531] do_syscall_64+0xcd/0x250 [ 308.924976][T11531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.927368][T11531] RIP: 0033:0x7f2081b77299 [ 308.929126][T11531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.936804][T11531] RSP: 002b:00007f208297c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 308.940145][T11531] RAX: ffffffffffffffda RBX: 00007f2081d05f80 RCX: 00007f2081b77299 [ 308.940906][T11535] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11535 comm=syz.0.1760 [ 308.941936][T11536] netlink: 'syz.0.1760': attribute type 5 has an invalid length. [ 308.943357][T11531] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004 [ 308.943371][T11531] RBP: 00007f208297c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 308.943381][T11531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.943392][T11531] R13: 000000000000000b R14: 00007f2081d05f80 R15: 00007fff18e456c8 [ 308.943406][T11531] [ 309.428845][T11549] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1765'. [ 309.495567][T11551] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9536 sclass=netlink_route_socket pid=11551 comm=syz.2.1766 [ 309.903047][ T5343] Bluetooth: hci0: command 0x0c20 tx timeout [ 309.935421][T11561] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1768'. [ 310.067006][T11576] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1774'. [ 310.302763][ T3763] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 310.505791][ T3763] usb 7-1: Using ep0 maxpacket: 8 [ 310.510056][ T3763] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 310.513732][ T3763] usb 7-1: config 0 has no interface number 0 [ 310.516456][ T3763] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 310.521278][ T3763] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 310.525524][ T3763] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.531140][ T3763] usb 7-1: config 0 descriptor?? [ 310.537671][ T3763] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 310.741870][ T5568] usb 7-1: USB disconnect, device number 25 [ 310.741914][ C3] iowarrior 7-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 310.748813][ T5568] iowarrior 7-1:0.1: I/O-Warror #0 now disconnected [ 310.940935][T11571] FAULT_INJECTION: forcing a failure. [ 310.940935][T11571] name failslab, interval 1, probability 0, space 0, times 0 [ 310.946532][T11571] CPU: 0 UID: 0 PID: 11571 Comm: syz.2.1772 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 310.951037][T11571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 310.955751][T11571] Call Trace: [ 310.957259][T11571] [ 310.958556][T11571] dump_stack_lvl+0x16c/0x1f0 [ 310.960622][T11571] should_fail_ex+0x497/0x5b0 [ 310.962737][T11571] ? fs_reclaim_acquire+0xae/0x160 [ 310.964995][T11571] should_failslab+0xc2/0x120 [ 310.967105][T11571] __kmalloc_noprof+0xcb/0x400 [ 310.969253][T11571] ? __pfx_lock_acquire+0x10/0x10 [ 310.971494][T11571] tomoyo_realpath_from_path+0xb9/0x720 [ 310.973967][T11571] ? tomoyo_profile+0x47/0x60 [ 310.976057][T11571] tomoyo_path_number_perm+0x245/0x590 [ 310.978330][T11571] ? tomoyo_path_number_perm+0x232/0x590 [ 310.980744][T11571] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 310.983386][T11571] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 310.986034][T11571] ? __fget_files+0x256/0x400 [ 310.988145][T11571] security_file_ioctl+0x75/0xc0 [ 310.990369][T11571] __x64_sys_ioctl+0xbb/0x220 [ 310.992500][T11571] do_syscall_64+0xcd/0x250 [ 310.994392][T11571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.996708][T11571] RIP: 0033:0x7f2081b77299 [ 310.998566][T11571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.006652][T11571] RSP: 002b:00007f208297c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 311.010149][T11571] RAX: ffffffffffffffda RBX: 00007f2081d05f80 RCX: 00007f2081b77299 [ 311.013250][T11571] RDX: 0000000000000000 RSI: 000000000000541b RDI: 0000000000000004 [ 311.016713][T11571] RBP: 00007f208297c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 311.019839][T11571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.023052][T11571] R13: 000000000000000b R14: 00007f2081d05f80 R15: 00007fff18e456c8 [ 311.026488][T11571] [ 311.029501][T11571] ERROR: Out of memory at tomoyo_realpath_from_path. [ 311.133366][T11596] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1779'. [ 311.183634][T11600] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1781'. [ 311.304600][T11607] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1783'. [ 311.993427][ T5343] Bluetooth: hci0: command 0x0c20 tx timeout [ 312.449354][T11624] netlink: 'syz.2.1787': attribute type 3 has an invalid length. [ 312.454523][T11624] netlink: 'syz.2.1787': attribute type 3 has an invalid length. [ 312.639627][T11631] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1790'. [ 312.660826][ T5343] Bluetooth: hci3: unknown advertising packet type: 0xbc [ 312.660924][ T5343] Bluetooth: hci3: unknown advertising packet type: 0xf3 [ 312.664576][ T5343] Bluetooth: hci3: unknown advertising packet type: 0xad [ 312.667182][ T5343] Bluetooth: hci3: unknown advertising packet type: 0xb5 [ 312.669512][ T5343] Bluetooth: hci3: unknown advertising packet type: 0x4e [ 312.772711][ T10] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 312.910088][T11646] ALSA: mixer_oss: invalid OSS volume '' [ 312.912387][T11646] ALSA: mixer_oss: invalid OSS volume '' [ 312.915054][T11646] ALSA: mixer_oss: invalid OSS volume 'L' [ 312.975993][ T10] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 312.980958][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 312.986249][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 312.990463][ T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 312.996105][ T10] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 313.000045][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.006636][ T10] usb 7-1: config 0 descriptor?? [ 313.429198][ T10] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 313.434232][ T10] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 313.437421][ T10] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 313.439889][ T10] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 313.443131][ T10] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 313.447165][ T10] plantronics 0003:047F:FFFF.003D: No inputs registered, leaving [ 313.458823][ T10] plantronics 0003:047F:FFFF.003D: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 313.470671][T11656] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 313.543096][ T39] audit: type=1400 audit(1722209763.232:683): avc: denied { mount } for pid=11654 comm="syz.0.1796" name="/" dev="hugetlbfs" ino=41651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 313.829951][ T39] audit: type=1400 audit(1722209763.522:684): avc: denied { unmount } for pid=11074 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 313.864081][T11626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 313.868766][T11626] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 313.873910][T11670] netlink: 824 bytes leftover after parsing attributes in process `syz.0.1797'. [ 313.919199][ T5379] usb 7-1: USB disconnect, device number 26 [ 314.518235][T11675] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1798'. [ 315.122720][ T5380] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 315.258172][ T5343] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 315.290584][T11690] netlink: 'syz.2.1803': attribute type 2 has an invalid length. [ 315.297454][T11690] nfsd: Unknown parameter '' [ 315.312727][ T5380] usb 5-1: Using ep0 maxpacket: 8 [ 315.315739][ T5380] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 315.319093][ T5380] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 315.323741][ T5380] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 315.327495][ T5380] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 315.330788][ T5380] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 315.336033][ T5380] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 315.339351][ T5380] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.553344][ T5380] usb 5-1: usb_control_msg returned -32 [ 315.555940][ T5380] usbtmc 5-1:16.0: can't read capabilities [ 315.759281][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xbc [ 315.759378][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xf3 [ 315.762534][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xad [ 315.765218][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xb5 [ 315.971167][T11701] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1806'. [ 316.042028][T11710] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1807'. [ 316.559272][T11734] binder: BINDER_SET_CONTEXT_MGR already set [ 316.563263][T11734] binder: 11732:11734 ioctl 4018620d 20000040 returned -16 [ 316.566796][T11736] FAULT_INJECTION: forcing a failure. [ 316.566796][T11736] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.575009][T11736] CPU: 1 UID: 0 PID: 11736 Comm: syz.2.1814 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 316.579007][T11736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 316.584065][T11736] Call Trace: [ 316.585627][T11736] [ 316.587107][T11736] dump_stack_lvl+0x16c/0x1f0 [ 316.589260][T11736] should_fail_ex+0x497/0x5b0 [ 316.591483][T11736] _copy_from_user+0x30/0xf0 [ 316.593646][T11736] copy_msghdr_from_user+0x99/0x160 [ 316.595869][T11736] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 316.598579][T11736] ? find_held_lock+0x2d/0x110 [ 316.600892][T11736] ? __pfx___lock_acquire+0x10/0x10 [ 316.603387][T11736] ___sys_sendmsg+0xff/0x1e0 [ 316.605272][T11736] ? __pfx____sys_sendmsg+0x10/0x10 [ 316.607168][T11736] ? ksys_write+0x21c/0x260 [ 316.608767][T11736] ? __fget_light+0x173/0x210 [ 316.610647][T11736] __sys_sendmsg+0x117/0x1f0 [ 316.612265][T11736] ? __pfx___sys_sendmsg+0x10/0x10 [ 316.614221][T11736] do_syscall_64+0xcd/0x250 [ 316.616051][T11736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.618601][T11736] RIP: 0033:0x7f2081b77299 [ 316.620446][T11736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.629472][T11736] RSP: 002b:00007f208297c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 316.633300][T11736] RAX: ffffffffffffffda RBX: 00007f2081d05f80 RCX: 00007f2081b77299 [ 316.636770][T11736] RDX: 0000000000000000 RSI: 0000000020001ac0 RDI: 0000000000000004 [ 316.640176][T11736] RBP: 00007f208297c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 316.643695][T11736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.646955][T11736] R13: 000000000000000b R14: 00007f2081d05f80 R15: 00007fff18e456c8 [ 316.650149][T11736] [ 316.795047][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 316.839978][T11734] syz.3.1813 (11734): drop_caches: 2 [ 317.419308][T11746] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1818'. [ 317.467420][T11751] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1819'. [ 317.506260][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.509159][ T1380] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.797055][T11766] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 317.912098][ T5343] bt_err_ratelimited: 1 callbacks suppressed [ 317.912112][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xbc [ 317.914965][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xf3 [ 317.919117][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xad [ 317.922684][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xb5 [ 317.925095][ T5343] Bluetooth: hci0: unknown advertising packet type: 0x4e [ 318.701587][T11803] netlink: 'syz.3.1826': attribute type 2 has an invalid length. [ 318.711308][T11803] nfsd: Unknown parameter '' [ 318.889739][ T5379] usb 5-1: USB disconnect, device number 30 [ 319.013248][T11809] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1827'. [ 319.056955][T11813] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1828'. [ 319.212062][T11816] binder: BINDER_SET_CONTEXT_MGR already set [ 319.217096][T11816] binder: 11814:11816 ioctl 4018620d 20000040 returned -16 [ 319.250320][T11816] syz.0.1829 (11816): drop_caches: 2 [ 319.672963][ T5380] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 319.866670][ T5380] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 319.871901][ T5380] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 319.877005][ T5380] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 319.881445][ T5380] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 319.886013][ T5380] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 319.889081][ T5380] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.894003][ T5380] usb 7-1: config 0 descriptor?? [ 320.002836][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 320.268471][T11835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1836'. [ 320.310658][T11842] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1837'. [ 320.321316][ T5380] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 320.324342][ T5380] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 320.326910][ T5380] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 320.329531][ T5380] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 320.332440][ T5380] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 320.337170][ T5380] plantronics 0003:047F:FFFF.003E: No inputs registered, leaving [ 320.344152][ T5380] plantronics 0003:047F:FFFF.003E: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 320.350487][ T5343] Bluetooth: hci2: unknown advertising packet type: 0xbc [ 320.350548][ T5343] Bluetooth: hci2: unknown advertising packet type: 0xf3 [ 320.353931][ T5343] Bluetooth: hci2: unknown advertising packet type: 0xad [ 320.358669][ T5343] Bluetooth: hci2: unknown advertising packet type: 0xb5 [ 320.361690][ T5343] Bluetooth: hci2: unknown advertising packet type: 0x4e [ 320.538562][T11847] Invalid ELF section name index: 0 || e_shstrndx (0) >= e_shnum (0) [ 320.539038][ T39] audit: type=1400 audit(1722209770.232:685): avc: denied { module_load } for pid=11845 comm="syz.3.1838" path=2F6D656D66643A10376DAD4ADC3A46A006E6BBB8B0E8C387122B8F59EEC7D02CC6012A881455DEFA3AEEE81D91468629202864656C6574656429 dev="tmpfs" ino=2070 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 320.765883][T11822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 320.772565][T11822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 320.834649][ T57] usb 7-1: USB disconnect, device number 27 [ 320.936814][T11850] netlink: 'syz.0.1839': attribute type 2 has an invalid length. [ 320.941749][T11850] nfsd: Unknown parameter '' [ 321.167254][ T39] audit: type=1400 audit(1722209770.862:686): avc: denied { shutdown } for pid=11852 comm="syz.1.1840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 321.215550][ T75] Bluetooth: hci4: Frame reassembly failed (-84) [ 321.346079][T11857] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1841'. [ 321.353691][T11857] vxcan3: entered promiscuous mode [ 321.365332][T11857] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11857 comm=syz.3.1841 [ 321.377909][T11857] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1841'. [ 322.395377][T11892] netlink: 'syz.2.1851': attribute type 2 has an invalid length. [ 322.399311][T11892] nfsd: Unknown parameter '' [ 323.005671][T11901] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1855'. [ 323.017784][T11901] vxcan3: entered promiscuous mode [ 323.026669][T11901] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11901 comm=syz.2.1855 [ 323.033154][ T831] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 323.033340][T11901] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1855'. [ 323.222735][ T831] usb 5-1: Using ep0 maxpacket: 8 [ 323.236286][ T831] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 323.239556][ T831] usb 5-1: config 0 has no interface number 0 [ 323.242090][ T831] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 323.246989][ T831] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 323.250657][ T831] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.255935][ T831] usb 5-1: config 0 descriptor?? [ 323.261570][ T831] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 323.266334][ T5353] Bluetooth: hci4: command 0x1003 tx timeout [ 323.269717][ T5343] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 323.411511][T11913] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1859'. [ 323.485884][ T3763] usb 5-1: USB disconnect, device number 31 [ 323.488637][ C2] iowarrior 5-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 323.507022][ T3763] iowarrior 5-1:0.1: I/O-Warror #0 now disconnected [ 323.710992][ T39] audit: type=1400 audit(1722209773.402:687): avc: denied { setopt } for pid=11898 comm="syz.0.1854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 323.836601][T11921] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 324.166824][T11925] netlink: 67 bytes leftover after parsing attributes in process `syz.1.1863'. [ 324.170637][T11925] IPv6: NLM_F_CREATE should be specified when creating new route [ 324.174838][T11925] IPv6: Can't replace route, no match found [ 324.226653][T11927] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1864'. [ 324.237923][T11927] vxcan3: entered promiscuous mode [ 324.246228][T11927] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11927 comm=syz.1.1864 [ 324.251855][T11927] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1864'. [ 324.676538][T11939] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1868'. [ 324.692706][ T8] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 324.875112][ T1103] Bluetooth: hci4: Frame reassembly failed (-84) [ 324.882664][ T8] usb 7-1: Using ep0 maxpacket: 8 [ 324.887239][ T8] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 324.891778][ T8] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 324.896850][ T8] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 324.901763][ T8] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 324.907036][ T8] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 324.911057][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.918734][ T8] hub 7-1:1.0: bad descriptor, ignoring hub [ 324.921111][ T8] hub 7-1:1.0: probe with driver hub failed with error -5 [ 324.925079][ T8] cdc_wdm 7-1:1.0: skipping garbage [ 324.927476][ T8] cdc_wdm 7-1:1.0: skipping garbage [ 324.932913][ T8] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 324.935580][ T8] cdc_wdm 7-1:1.0: Unknown control protocol [ 325.244972][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 325.567623][T11935] usb 7-1: reset high-speed USB device number 28 using dummy_hcd [ 325.900793][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 326.123169][ T5379] usb 7-1: USB disconnect, device number 28 [ 326.165198][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 326.734502][T11958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1874'. [ 326.770752][T11962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1875'. [ 326.782886][T11962] vxcan3: entered promiscuous mode [ 326.797709][T11962] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11962 comm=syz.2.1875 [ 326.803222][T11962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1875'. [ 326.942833][ T5343] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 326.963041][T11967] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1877'. [ 327.138892][T11972] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1880'. [ 327.167438][T11981] hfsplus: unable to find HFS+ superblock [ 327.269696][T11990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1883'. [ 327.445194][ T39] audit: type=1400 audit(1722209777.132:688): avc: denied { ioctl } for pid=11996 comm="syz.2.1887" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 328.027458][T12002] FAULT_INJECTION: forcing a failure. [ 328.027458][T12002] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 328.032995][T12002] CPU: 3 UID: 0 PID: 12002 Comm: syz.3.1888 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 328.037304][T12002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 328.041794][T12002] Call Trace: [ 328.043248][T12002] [ 328.044534][T12002] dump_stack_lvl+0x16c/0x1f0 [ 328.047009][T12002] should_fail_ex+0x497/0x5b0 [ 328.049150][T12002] _copy_from_iter+0x2a1/0x1150 [ 328.051273][T12002] ? __alloc_skb+0x1fe/0x380 [ 328.053380][T12002] ? __pfx__copy_from_iter+0x10/0x10 [ 328.055959][T12002] ? __virt_addr_valid+0x5e/0x590 [ 328.058177][T12002] ? __phys_addr_symbol+0x30/0x80 [ 328.060410][T12002] ? __check_object_size+0x497/0x720 [ 328.062753][T12002] netlink_sendmsg+0x813/0xd70 [ 328.064877][T12002] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.067234][T12002] ? __import_iovec+0x1fd/0x6e0 [ 328.069408][T12002] ____sys_sendmsg+0xab5/0xc90 [ 328.071538][T12002] ? copy_msghdr_from_user+0x10b/0x160 [ 328.073918][T12002] ? __pfx_____sys_sendmsg+0x10/0x10 [ 328.076259][T12002] ? find_held_lock+0x2d/0x110 [ 328.078385][T12002] ? __pfx___lock_acquire+0x10/0x10 [ 328.080687][T12002] ___sys_sendmsg+0x135/0x1e0 [ 328.082805][T12002] ? __pfx____sys_sendmsg+0x10/0x10 [ 328.085070][T12002] ? ksys_write+0x21c/0x260 [ 328.087088][T12002] ? __fget_light+0x173/0x210 [ 328.089191][T12002] __sys_sendmsg+0x117/0x1f0 [ 328.091260][T12002] ? __pfx___sys_sendmsg+0x10/0x10 [ 328.093538][T12002] do_syscall_64+0xcd/0x250 [ 328.095513][T12002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.098141][T12002] RIP: 0033:0x7faa8e977299 [ 328.100135][T12002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.108516][T12002] RSP: 002b:00007faa8f740048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 328.112154][T12002] RAX: ffffffffffffffda RBX: 00007faa8eb05f80 RCX: 00007faa8e977299 [ 328.115629][T12002] RDX: 0000000000000000 RSI: 0000000020001c40 RDI: 0000000000000004 [ 328.119137][T12002] RBP: 00007faa8f7400a0 R08: 0000000000000000 R09: 0000000000000000 [ 328.122464][T12002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.125904][T12002] R13: 000000000000000b R14: 00007faa8eb05f80 R15: 00007ffcc007e138 [ 328.129374][T12002] [ 328.498209][ T5353] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 328.502145][ T5353] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 328.512088][ T5353] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 328.517733][ T5353] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 328.522152][ T5353] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 328.525513][ T5353] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 328.678483][T12010] chnl_net:caif_netlink_parms(): no params data found [ 328.768638][ T1135] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.869889][ T1135] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.885521][T12010] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.888567][T12010] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.891577][T12010] bridge_slave_0: entered allmulticast mode [ 328.898601][T12010] bridge_slave_0: entered promiscuous mode [ 328.904454][T12010] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.907557][T12010] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.910586][T12010] bridge_slave_1: entered allmulticast mode [ 328.914941][T12010] bridge_slave_1: entered promiscuous mode [ 328.991401][ T1135] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.006910][T12010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 329.016694][T12010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 329.105455][ T1135] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.118011][T12010] team0: Port device team_slave_0 added [ 329.125460][T12010] team0: Port device team_slave_1 added [ 329.190030][T12010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 329.192655][T12010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 329.201341][T12010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 329.208431][T12010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 329.211588][T12010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 329.226619][T12010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 329.233049][T12020] __nla_validate_parse: 1 callbacks suppressed [ 329.233062][T12020] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1892'. [ 329.335589][T12010] hsr_slave_0: entered promiscuous mode [ 329.339280][T12010] hsr_slave_1: entered promiscuous mode [ 329.342547][T12010] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 329.350546][T12010] Cannot create hsr debugfs directory [ 329.401938][T12024] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1893'. [ 329.524320][ T1135] bridge_slave_0: left allmulticast mode [ 329.526613][ T1135] bridge_slave_0: left promiscuous mode [ 329.528893][ T1135] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.862981][ T3763] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 330.016513][ T1135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 330.024507][ T1135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 330.030582][ T1135] bond0 (unregistering): Released all slaves [ 330.058171][ T3763] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 330.066330][ T3763] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 330.070439][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 330.071090][ T3763] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 330.090780][ T3763] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 330.096373][ T3763] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 330.100235][ T3763] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.113713][ T3763] usb 7-1: config 0 descriptor?? [ 330.372293][ T1135] hsr_slave_0: left promiscuous mode [ 330.376500][ T1135] hsr_slave_1: left promiscuous mode [ 330.379865][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 330.383284][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 330.419663][ T1135] veth1_macvtap: left promiscuous mode [ 330.422158][ T1135] veth0_macvtap: left promiscuous mode [ 330.424516][ T1135] veth1_vlan: left promiscuous mode [ 330.426775][ T1135] veth0_vlan: left promiscuous mode [ 330.547903][ T3763] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 330.551162][ T3763] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 330.554693][ T3763] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 330.557900][ T3763] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 330.561013][ T3763] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 330.564367][ T3763] plantronics 0003:047F:FFFF.003F: No inputs registered, leaving [ 330.570854][ T3763] plantronics 0003:047F:FFFF.003F: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 330.635455][ T5343] Bluetooth: hci2: command tx timeout [ 331.063538][T12054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 331.066505][T12054] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 331.227969][ T1135] team0 (unregistering): Port device team_slave_1 removed [ 331.320089][ T1135] team0 (unregistering): Port device team_slave_0 removed [ 331.912735][ T5379] usb 7-1: reset high-speed USB device number 29 using dummy_hcd [ 331.998212][T12068] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1903'. [ 332.204014][T12010] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 332.209722][T12010] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 332.213995][T12010] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 332.220514][T12010] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 332.297888][T12010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 332.327123][T12010] 8021q: adding VLAN 0 to HW filter on device team0 [ 332.338839][ T3763] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.342017][ T3763] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.356542][ T3763] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.359663][ T3763] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.611952][T12010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 332.670491][T12010] veth0_vlan: entered promiscuous mode [ 332.680095][T12010] veth1_vlan: entered promiscuous mode [ 332.702695][ T5343] Bluetooth: hci2: command tx timeout [ 332.706230][T12010] veth0_macvtap: entered promiscuous mode [ 332.712550][T12010] veth1_macvtap: entered promiscuous mode [ 332.725139][T12010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.729389][T12010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.733636][T12010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.737962][T12010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.742062][T12010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.747172][T12010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.751968][T12010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 332.760349][T12010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.765456][T12010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.765496][ T832] usb 7-1: USB disconnect, device number 29 [ 332.769289][T12010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.769303][T12010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.769314][T12010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.769326][T12010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.770535][T12010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 332.797993][T12010] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.801898][T12010] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.807191][T12010] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.812026][T12010] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.868539][ T1103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.872194][ T1103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.896654][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.899538][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.109833][ T5353] Bluetooth: hci4: sending frame failed (-49) [ 333.114004][ T5343] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 333.252567][T12118] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1910'. [ 333.318972][T12124] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1911'. [ 333.433381][T12129] FAULT_INJECTION: forcing a failure. [ 333.433381][T12129] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 333.438274][T12129] CPU: 1 UID: 0 PID: 12129 Comm: syz.0.1913 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 333.442248][T12129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 333.445884][T12129] Call Trace: [ 333.447117][T12129] [ 333.448600][T12129] dump_stack_lvl+0x16c/0x1f0 [ 333.450778][T12129] should_fail_ex+0x497/0x5b0 [ 333.452976][T12129] _copy_to_user+0x30/0xc0 [ 333.455050][T12129] simple_read_from_buffer+0xd0/0x160 [ 333.457547][T12129] proc_fail_nth_read+0x1b0/0x290 [ 333.459921][T12129] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 333.462301][T12129] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 333.464704][T12129] vfs_read+0x1d4/0xbd0 [ 333.466639][T12129] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x470 [ 333.469809][T12129] ? __fdget_pos+0xeb/0x180 [ 333.471899][T12129] ? __pfx_vfs_read+0x10/0x10 [ 333.474190][T12129] ? __pfx___mutex_lock+0x10/0x10 [ 333.476615][T12129] ? __fget_files+0x256/0x400 [ 333.478606][T12129] ksys_read+0x12f/0x260 [ 333.480407][T12129] ? __pfx_ksys_read+0x10/0x10 [ 333.482654][T12129] do_syscall_64+0xcd/0x250 [ 333.484697][T12129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.487454][T12129] RIP: 0033:0x7f06dc975d7c [ 333.489649][T12129] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 333.498289][T12129] RSP: 002b:00007f06dd6cb040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 333.502176][T12129] RAX: ffffffffffffffda RBX: 00007f06dcb05f80 RCX: 00007f06dc975d7c [ 333.505758][T12129] RDX: 000000000000000f RSI: 00007f06dd6cb0b0 RDI: 0000000000000004 [ 333.509497][T12129] RBP: 00007f06dd6cb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 333.513190][T12129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 333.516513][T12129] R13: 000000000000000b R14: 00007f06dcb05f80 R15: 00007ffc8d97c198 [ 333.520190][T12129] [ 333.842964][ T57] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 334.036757][ T57] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 334.043080][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 334.047626][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 334.051638][ T57] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 334.056879][ T57] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 334.060474][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.066072][ T57] usb 5-1: config 0 descriptor?? [ 334.103988][T12143] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1917'. [ 334.115188][T12143] vxcan3: entered promiscuous mode [ 334.126114][T12143] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1917'. [ 334.484791][ T57] plantronics 0003:047F:FFFF.0040: unknown main item tag 0x0 [ 334.488027][ T57] plantronics 0003:047F:FFFF.0040: unknown main item tag 0x0 [ 334.492115][ T57] plantronics 0003:047F:FFFF.0040: unknown main item tag 0x0 [ 334.496209][ T57] plantronics 0003:047F:FFFF.0040: unknown main item tag 0x0 [ 334.500005][ T57] plantronics 0003:047F:FFFF.0040: unknown main item tag 0x0 [ 334.512218][ T57] plantronics 0003:047F:FFFF.0040: No inputs registered, leaving [ 334.527242][ T57] plantronics 0003:047F:FFFF.0040: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 334.767124][T12149] FAULT_INJECTION: forcing a failure. [ 334.767124][T12149] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 334.772794][T12149] CPU: 0 UID: 0 PID: 12149 Comm: syz.3.1919 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 334.776978][T12149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 334.781473][T12149] Call Trace: [ 334.782930][T12149] [ 334.784221][T12149] dump_stack_lvl+0x16c/0x1f0 [ 334.786279][T12149] should_fail_ex+0x497/0x5b0 [ 334.788323][T12149] ? fs_reclaim_acquire+0xae/0x160 [ 334.790403][T12149] should_fail_alloc_page+0xe7/0x130 [ 334.792477][T12149] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 334.795410][T12149] ? kernel_text_address+0x6e/0xe0 [ 334.797414][T12149] __alloc_pages_noprof+0x194/0x2460 [ 334.799200][T12149] ? hlock_class+0x4e/0x130 [ 334.800682][T12149] ? __lock_acquire+0x1620/0x3cb0 [ 334.802579][T12149] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 334.804853][T12149] ? __pfx___lock_acquire+0x10/0x10 [ 334.806691][T12149] ? kasan_save_track+0x14/0x30 [ 334.808693][T12149] ? kasan_save_free_info+0x3b/0x60 [ 334.826985][T12149] ? poison_slab_object+0xf7/0x160 [ 334.828997][T12149] ? __kasan_slab_free+0x32/0x50 [ 334.830924][T12149] ? kmem_cache_free+0x12f/0x3a0 [ 334.832876][T12149] ? alloc_vmap_area+0x1f99/0x2a70 [ 334.834872][T12149] ? __get_vm_area_node+0x17e/0x2d0 [ 334.836918][T12149] ? __vmalloc_node_range_noprof+0x276/0x1520 [ 334.839269][T12149] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 334.841645][T12149] ? policy_nodemask+0xea/0x4e0 [ 334.843735][T12149] alloc_pages_mpol_noprof+0x275/0x610 [ 334.846092][T12149] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 334.848735][T12149] ? do_raw_spin_lock+0x12d/0x2c0 [ 334.851032][T12149] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 334.853838][T12149] get_free_pages_noprof+0xc/0x40 [ 334.856040][T12149] kasan_populate_vmalloc_pte+0x2d/0x160 [ 334.858643][T12149] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 334.861382][T12149] __apply_to_page_range+0x795/0xdd0 [ 334.863673][T12149] ? __pfx___apply_to_page_range+0x10/0x10 [ 334.865705][T12149] ? insert_vmap_area+0x2ef/0x4d0 [ 334.867626][T12149] alloc_vmap_area+0x93e/0x2a70 [ 334.869329][T12149] ? __pfx_alloc_vmap_area+0x10/0x10 [ 334.871344][T12149] __get_vm_area_node+0x17e/0x2d0 [ 334.873487][T12149] __vmalloc_node_range_noprof+0x276/0x1520 [ 334.875609][T12149] ? __snd_dma_alloc_pages+0x50/0x90 [ 334.877721][T12149] ? find_held_lock+0x2d/0x110 [ 334.879390][T12149] ? do_alloc_pages+0xed/0x200 [ 334.881128][T12149] ? __snd_dma_alloc_pages+0x50/0x90 [ 334.883367][T12149] ? trace_contention_end+0xea/0x140 [ 334.885221][T12149] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 334.887269][T12149] ? __mutex_unlock_slowpath+0x164/0x650 [ 334.889339][T12149] ? __snd_dma_alloc_pages+0x50/0x90 [ 334.891378][T12149] vmalloc_noprof+0x6b/0x90 [ 334.893176][T12149] ? __snd_dma_alloc_pages+0x50/0x90 [ 334.895381][T12149] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 334.897606][T12149] __snd_dma_alloc_pages+0x50/0x90 [ 334.899304][T12149] snd_dma_alloc_dir_pages+0x151/0x240 [ 334.901585][T12149] do_alloc_pages+0x126/0x200 [ 334.903556][T12149] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 334.905850][T12149] snd_pcm_hw_params+0x152b/0x1a30 [ 334.907600][T12149] ? snd_pcm_hw_param_near.constprop.0+0x73e/0x8f0 [ 334.910165][T12149] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 334.912477][T12149] ? snd_pcm_hw_param_near.constprop.0+0x743/0x8f0 [ 334.914971][T12149] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 334.917629][T12149] snd_pcm_kernel_ioctl+0x147/0x2d0 [ 334.919739][T12149] snd_pcm_oss_change_params_locked+0x1406/0x3a60 [ 334.920836][T12131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 334.922518][T12149] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 334.928734][T12149] ? snd_pcm_oss_get_active_substream+0x146/0x1d0 [ 334.929137][T12131] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 334.931504][T12149] ? __mutex_lock+0x1a6/0x9c0 [ 334.936206][T12149] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 334.938620][T12149] snd_pcm_oss_ioctl+0x21e1/0x3790 [ 334.940329][T12149] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 334.942731][T12149] ? selinux_file_ioctl+0x180/0x270 [ 334.944883][T12149] ? selinux_file_ioctl+0xb4/0x270 [ 334.947149][T12149] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 334.949577][T12149] __x64_sys_ioctl+0x193/0x220 [ 334.951565][T12149] do_syscall_64+0xcd/0x250 [ 334.952967][T12149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.955469][T12149] RIP: 0033:0x7faa8e977299 [ 334.957047][T12149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.964594][T12149] RSP: 002b:00007faa8f740048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 334.967768][T12149] RAX: ffffffffffffffda RBX: 00007faa8eb05f80 RCX: 00007faa8e977299 [ 334.970603][T12149] RDX: 0000000020000080 RSI: 00000000c0045002 RDI: 0000000000000003 [ 334.973806][T12149] RBP: 00007faa8f7400a0 R08: 0000000000000000 R09: 0000000000000000 [ 334.976965][T12149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 334.979969][T12149] R13: 000000000000000b R14: 00007faa8eb05f80 R15: 00007ffcc007e138 [ 334.983006][T12149] [ 334.985466][ T5343] Bluetooth: hci2: command tx timeout [ 334.988619][T12149] syz.3.1919: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 334.994277][T12149] CPU: 0 UID: 0 PID: 12149 Comm: syz.3.1919 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 334.998559][T12149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 335.002480][T12149] Call Trace: [ 335.003931][T12149] [ 335.005131][T12149] dump_stack_lvl+0x16c/0x1f0 [ 335.007091][T12149] warn_alloc+0x24d/0x3a0 [ 335.008830][T12149] ? __pfx_warn_alloc+0x10/0x10 [ 335.010787][T12149] ? lockdep_hardirqs_on+0x7c/0x110 [ 335.012358][T12149] ? __get_vm_area_node+0x1bc/0x2d0 [ 335.014221][T12149] __vmalloc_node_range_noprof+0xc1e/0x1520 [ 335.016489][T12149] ? do_alloc_pages+0xed/0x200 [ 335.018416][T12149] ? __snd_dma_alloc_pages+0x50/0x90 [ 335.020187][T12149] ? trace_contention_end+0xea/0x140 [ 335.022497][T12149] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 335.025314][T12149] ? __mutex_unlock_slowpath+0x164/0x650 [ 335.027839][T12149] ? __snd_dma_alloc_pages+0x50/0x90 [ 335.030231][T12149] vmalloc_noprof+0x6b/0x90 [ 335.031833][T12149] ? __snd_dma_alloc_pages+0x50/0x90 [ 335.033598][T12149] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 335.035554][T12149] __snd_dma_alloc_pages+0x50/0x90 [ 335.037489][T12149] snd_dma_alloc_dir_pages+0x151/0x240 [ 335.039699][T12149] do_alloc_pages+0x126/0x200 [ 335.041561][T12149] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 335.043703][T12149] snd_pcm_hw_params+0x152b/0x1a30 [ 335.045607][T12149] ? snd_pcm_hw_param_near.constprop.0+0x73e/0x8f0 [ 335.047994][T12149] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 335.050190][T12149] ? snd_pcm_hw_param_near.constprop.0+0x743/0x8f0 [ 335.052898][T12149] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 335.055477][T12149] snd_pcm_kernel_ioctl+0x147/0x2d0 [ 335.057506][T12149] snd_pcm_oss_change_params_locked+0x1406/0x3a60 [ 335.060143][T12149] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 335.062908][T12149] ? snd_pcm_oss_get_active_substream+0x146/0x1d0 [ 335.066110][T12149] ? __mutex_lock+0x1a6/0x9c0 [ 335.067823][T12149] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 335.070081][T12149] snd_pcm_oss_ioctl+0x21e1/0x3790 [ 335.071960][T12149] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 335.074134][T12149] ? selinux_file_ioctl+0x180/0x270 [ 335.076300][T12149] ? selinux_file_ioctl+0xb4/0x270 [ 335.078435][T12149] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 335.080700][T12149] __x64_sys_ioctl+0x193/0x220 [ 335.082696][T12149] do_syscall_64+0xcd/0x250 [ 335.084665][T12149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.087289][T12149] RIP: 0033:0x7faa8e977299 [ 335.089256][T12149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.096343][T12149] RSP: 002b:00007faa8f740048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 335.099140][T12149] RAX: ffffffffffffffda RBX: 00007faa8eb05f80 RCX: 00007faa8e977299 [ 335.101774][T12149] RDX: 0000000020000080 RSI: 00000000c0045002 RDI: 0000000000000003 [ 335.104534][T12149] RBP: 00007faa8f7400a0 R08: 0000000000000000 R09: 0000000000000000 [ 335.107611][T12149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 335.110697][T12149] R13: 000000000000000b R14: 00007faa8eb05f80 R15: 00007ffcc007e138 [ 335.113559][T12149] [ 335.119267][T12149] Mem-Info: [ 335.120573][T12149] active_anon:10967 inactive_anon:0 isolated_anon:0 [ 335.120573][T12149] active_file:14041 inactive_file:39501 isolated_file:0 [ 335.120573][T12149] unevictable:1768 dirty:396 writeback:0 [ 335.120573][T12149] slab_reclaimable:6459 slab_unreclaimable:67686 [ 335.120573][T12149] mapped:19348 shmem:2287 pagetables:952 [ 335.120573][T12149] sec_pagetables:314 bounce:0 [ 335.120573][T12149] kernel_misc_reclaimable:0 [ 335.120573][T12149] free:509797 free_pcp:11972 free_cma:0 [ 335.137156][T12149] Node 0 active_anon:40644kB inactive_anon:0kB active_file:56136kB inactive_file:157920kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:77364kB dirty:1572kB writeback:0kB shmem:5612kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:4096kB writeback_tmp:0kB kernel_stack:11376kB pagetables:3808kB sec_pagetables:1256kB all_unreclaimable? no [ 335.150832][T12149] Node 1 active_anon:0kB inactive_anon:0kB active_file:28kB inactive_file:84kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:28kB dirty:12kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 335.162947][T12149] Node 0 DMA free:15360kB boost:0kB min:328kB low:408kB high:488kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 335.174136][T12149] lowmem_reserve[]: 0 1313 0 0 0 [ 335.176185][T12149] Node 0 DMA32 free:406828kB boost:0kB min:28924kB low:36152kB high:43380kB reserved_highatomic:0KB active_anon:31716kB inactive_anon:0kB active_file:56136kB inactive_file:157920kB unevictable:3536kB writepending:1572kB present:2080628kB managed:1372136kB mlocked:0kB bounce:0kB free_pcp:36404kB local_pcp:8728kB free_cma:0kB [ 335.187942][T12149] lowmem_reserve[]: 0 0 0 0 0 [ 335.190155][T12149] Node 1 Normal free:1624804kB boost:0kB min:38324kB low:47904kB high:57484kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:28kB inactive_file:84kB unevictable:3536kB writepending:12kB present:2097152kB managed:1781924kB mlocked:0kB bounce:0kB free_pcp:14480kB local_pcp:2048kB free_cma:0kB [ 335.203944][T12149] lowmem_reserve[]: 0 0 0 0 0 [ 335.206160][T12149] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 335.210945][T12149] Node 0 DMA32: 542*4kB (UME) 607*8kB (UME) 171*16kB (UME) 557*32kB (UME) 255*64kB (UME) 65*128kB (UE) 62*256kB (UME) 27*512kB (UME) 11*1024kB (UME) 1*2048kB (M) 76*4096kB (UM) = 406528kB [ 335.220269][T12149] Node 1 Normal: 21*4kB (UM) 14*8kB (UM) 30*16kB (UM) 18*32kB (UM) 14*64kB (UM) 9*128kB (UM) 8*256kB (U) 11*512kB (UM) 4*1024kB (U) 2*2048kB (UM) 392*4096kB (M) = 1624804kB [ 335.227792][T12149] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 335.232023][T12149] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 335.236918][T12149] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 335.241975][T12149] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 335.245954][T12149] 54791 total pagecache pages [ 335.247891][T12149] 1 pages in swap cache [ 335.249631][T12149] Free swap = 118688kB [ 335.251431][T12149] Total swap = 124996kB [ 335.258015][T12149] 1048443 pages RAM [ 335.259665][T12149] 0 pages HighMem/MovableOnly [ 335.261644][T12149] 256088 pages reserved [ 335.278618][ T57] usb 5-1: USB disconnect, device number 32 [ 335.287432][T12149] 0 pages cma reserved [ 335.295784][T12152] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1920'. [ 335.436067][T12161] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1921'. [ 335.568942][T12168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1926'. [ 335.577910][T12168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1926'. [ 336.767387][ T5343] Bluetooth: hci2: unknown advertising packet type: 0xbc [ 336.767450][ T5343] Bluetooth: hci2: unknown advertising packet type: 0xf3 [ 336.770168][ T5343] Bluetooth: hci2: unknown advertising packet type: 0xad [ 336.772840][ T5343] Bluetooth: hci2: unknown advertising packet type: 0xb5 [ 336.776001][ T5343] Bluetooth: hci2: unknown advertising packet type: 0x4e [ 336.891266][T12192] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1931'. [ 337.032841][ T5343] Bluetooth: hci2: command tx timeout [ 337.065565][T12195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1932'. [ 337.108436][ T39] audit: type=1400 audit(1722209786.802:689): avc: denied { mount } for pid=12198 comm="syz.0.1933" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 337.166543][ C3] vxcan0: j1939_tp_txtimer: 0xffff888023283c00: tx aborted with unknown reason: -2 [ 337.173000][ C3] vxcan0: j1939_xtp_rx_abort_one: 0xffff888023282800: 0x00000: (250) Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250) [ 337.181382][ C3] vxcan0: j1939_xtp_rx_abort_one: 0xffff888023283c00: 0x00000: (250) Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250) [ 338.945804][T12223] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1940'. [ 338.951263][ T39] audit: type=1400 audit(1722209788.642:690): avc: denied { create } for pid=12219 comm="syz.0.1940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 338.960794][ T39] audit: type=1400 audit(1722209788.642:691): avc: denied { write } for pid=12219 comm="syz.0.1940" path="socket:[45561]" dev="sockfs" ino=45561 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 338.971561][ T39] audit: type=1400 audit(1722209788.642:692): avc: denied { nlmsg_read } for pid=12219 comm="syz.0.1940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 339.085133][T12225] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1941'. [ 339.549668][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xbc [ 339.549695][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xf3 [ 339.552207][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xad [ 339.555178][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xb5 [ 339.558092][ T5343] Bluetooth: hci0: unknown advertising packet type: 0x4e [ 340.506156][T12255] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 340.665699][T12262] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1950'. [ 341.340234][T12286] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1954'. [ 341.350651][T12286] vxcan5: entered promiscuous mode [ 341.362171][T12286] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1954'. [ 341.692810][ T832] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 341.798419][T12296] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1957'. [ 341.843541][T12291] can0: slcan on ptm0. [ 341.915650][ T832] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 341.920842][ T832] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 341.925970][ T832] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 341.930591][ T832] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 341.958777][ T832] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 341.963739][ T832] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.973746][ T832] usb 7-1: config 0 descriptor?? [ 342.193208][ T5343] bt_err_ratelimited: 5 callbacks suppressed [ 342.193219][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xbc [ 342.195307][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xf3 [ 342.199084][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xad [ 342.202186][ T5343] Bluetooth: hci0: unknown advertising packet type: 0xb5 [ 342.205483][ T5343] Bluetooth: hci0: unknown advertising packet type: 0x4e [ 342.218426][T12289] can0 (unregistered): slcan off ptm0. [ 342.245604][ T35] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 342.388149][ T832] plantronics 0003:047F:FFFF.0041: unknown main item tag 0x0 [ 342.391045][ T832] plantronics 0003:047F:FFFF.0041: unknown main item tag 0x0 [ 342.400087][ T832] plantronics 0003:047F:FFFF.0041: unknown main item tag 0x0 [ 342.403539][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 342.410965][ T832] plantronics 0003:047F:FFFF.0041: unknown main item tag 0x0 [ 342.413969][ T832] plantronics 0003:047F:FFFF.0041: unknown main item tag 0x0 [ 342.418247][ T832] plantronics 0003:047F:FFFF.0041: No inputs registered, leaving [ 342.424367][ T832] plantronics 0003:047F:FFFF.0041: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 342.444692][ T35] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 342.449405][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 342.455565][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 342.459992][ T35] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 342.466131][ T35] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 342.470143][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.472809][ T5343] Bluetooth: hci0: command 0x0c20 tx timeout [ 342.476087][ T35] usb 5-1: config 0 descriptor?? [ 342.829232][T12288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 342.833126][T12288] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 342.896613][ T35] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0 [ 342.899682][ T35] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0 [ 342.903370][ T35] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0 [ 342.907060][ T35] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0 [ 342.910526][ T35] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0 [ 342.915850][ T5380] usb 7-1: USB disconnect, device number 30 [ 342.920422][ T35] plantronics 0003:047F:FFFF.0042: No inputs registered, leaving [ 342.926292][ T35] plantronics 0003:047F:FFFF.0042: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 342.958990][T12327] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1963'. [ 342.973012][T12327] vxcan3: entered promiscuous mode [ 342.980349][T12327] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1963'. [ 343.318364][T12336] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1966'. [ 343.344530][T12304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 343.349982][T12304] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 343.566125][ T8] usb 5-1: USB disconnect, device number 33 [ 343.775674][T12349] netlink: zone id is out of range [ 343.792826][T12349] netlink: zone id is out of range [ 343.810799][T12349] netlink: set zone limit has 4 unknown bytes [ 344.411386][ T5343] Bluetooth: hci3: unknown advertising packet type: 0xbc [ 344.411415][ T5343] Bluetooth: hci3: unknown advertising packet type: 0xf3 [ 344.414766][ T5343] Bluetooth: hci3: unknown advertising packet type: 0xad [ 344.417853][ T5343] Bluetooth: hci3: unknown advertising packet type: 0xb5 [ 344.421028][ T5343] Bluetooth: hci3: unknown advertising packet type: 0x4e [ 345.828646][T12377] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1975'. [ 345.899066][T12386] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1978'. [ 346.442758][ T35] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 346.645296][ T35] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 346.650175][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 346.654218][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 346.658354][ T35] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 346.664589][ T35] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 346.668854][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.675323][ T35] usb 5-1: config 0 descriptor?? [ 346.822389][T12396] fuse: Invalid rootmode [ 347.093002][ T35] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 347.099624][ T35] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 347.103185][ T35] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 347.106452][ T35] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 347.109640][ T35] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 347.117875][ T35] plantronics 0003:047F:FFFF.0043: No inputs registered, leaving [ 347.137433][ T35] plantronics 0003:047F:FFFF.0043: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 347.227820][T12409] netlink: zone id is out of range [ 347.258959][T12409] netlink: zone id is out of range [ 347.297348][T12409] netlink: set zone limit has 4 unknown bytes [ 347.638523][T12393] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 347.647985][T12393] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 347.985794][ T35] usb 5-1: USB disconnect, device number 34 [ 348.298004][T12425] block nbd2: shutting down sockets [ 348.497851][T12432] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1987'. [ 349.106615][ T5343] bt_err_ratelimited: 5 callbacks suppressed [ 349.106631][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xbc [ 349.110610][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xf3 [ 349.113788][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xad [ 349.116660][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xb5 [ 349.119293][ T5343] Bluetooth: hci1: unknown advertising packet type: 0x4e [ 349.644884][T12464] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1996'. [ 349.697105][T12472] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1998'. [ 349.828320][T12476] openvswitch: netlink: IP tunnel dst address not specified [ 349.839309][T12476] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2000'. [ 349.921444][T12480] netlink: zone id is out of range [ 349.931539][T12480] netlink: zone id is out of range [ 349.962454][T12480] netlink: set zone limit has 4 unknown bytes [ 351.949428][T12503] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2006'. [ 352.075084][ T39] audit: type=1326 audit(1722209801.772:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12515 comm="syz.0.2010" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f06dc977299 code=0x0 [ 352.165140][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xbc [ 352.165167][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xf3 [ 352.168318][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xad [ 352.171493][ T5343] Bluetooth: hci1: unknown advertising packet type: 0xb5 [ 352.175110][ T5343] Bluetooth: hci1: unknown advertising packet type: 0x4e [ 352.176663][ T39] audit: type=1400 audit(1722209801.872:694): avc: denied { shutdown } for pid=12515 comm="syz.0.2010" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 352.178935][T12522] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 352.197090][ T39] audit: type=1326 audit(1722209801.892:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12515 comm="syz.0.2010" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f06dc977299 code=0x0 [ 352.298602][T12523] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2010'. [ 352.301646][T12523] 0ªX¹¦Dö»: renamed from gretap0 (while UP) [ 352.308752][T12523] 0ªX¹¦Dö»: entered allmulticast mode [ 352.933083][T12535] netlink: 'syz.1.2013': attribute type 4 has an invalid length. [ 352.941933][ T5343] BUG: workqueue leaked atomic, lock or RCU: kworker/u33:2[5343] [ 352.941933][ T5343] preempt=0x00000000 lock=0->1 RCU=0->0 workfn=hci_rx_work SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 352.952682][ T5343] 1 lock held by kworker/u33:2/5343: [ 352.955180][ T5343] #0: ffff8880275fa518 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_recv_frame+0x14f6/0x8eb0 [ 352.959548][ T5343] CPU: 3 UID: 0 PID: 5343 Comm: kworker/u33:2 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 352.964308][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 352.969188][ T5343] Workqueue: hci1 hci_rx_work [ 352.971479][ T5343] Call Trace: [ 352.973051][ T5343] [ 352.974396][ T5343] dump_stack_lvl+0x16c/0x1f0 [ 352.976490][ T5343] process_one_work+0x11ea/0x1b40 [ 352.978558][ T5343] ? __pfx_hci_rx_work+0x10/0x10 [ 352.980549][ T5343] ? __pfx_hci_rx_work+0x10/0x10 [ 352.982527][ T5343] ? __pfx_hci_rx_work+0x10/0x10 [ 352.984258][ T5343] ? __pfx_process_one_work+0x10/0x10 [ 352.986184][ T5343] ? assign_work+0x1a0/0x250 [ 352.987728][ T5343] worker_thread+0x6c8/0xf20 [ 352.989480][ T5343] ? __pfx_worker_thread+0x10/0x10 [ 352.991657][ T5343] kthread+0x2c1/0x3a0 [ 352.993330][ T5343] ? _raw_spin_unlock_irq+0x23/0x50 [ 352.995043][ T5343] ? __pfx_kthread+0x10/0x10 [ 352.996608][ T5343] ret_from_fork+0x45/0x80 [ 352.998428][ T5343] ? __pfx_kthread+0x10/0x10 [ 353.000384][ T5343] ret_from_fork_asm+0x1a/0x30 [ 353.002450][ T5343] [ 353.491739][ T64] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.561113][ T64] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.628704][ T64] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.689513][ T64] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.787196][ T64] bridge_slave_1: left allmulticast mode [ 353.789546][ T64] bridge_slave_1: left promiscuous mode [ 353.792204][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.797803][ T64] bridge_slave_0: left allmulticast mode [ 353.800237][ T64] bridge_slave_0: left promiscuous mode [ 353.803168][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.152773][ T5343] [ 354.153856][ T5343] ====================================================== [ 354.156789][ T5343] WARNING: possible circular locking dependency detected [ 354.159804][ T5343] 6.10.0-syzkaller-12888-g5437f30d3458 #0 Not tainted [ 354.162777][ T5343] ------------------------------------------------------ [ 354.165802][ T5343] kworker/u33:2/5343 is trying to acquire lock: [ 354.168529][ T5343] ffff888047905148 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 354.172920][ T5343] [ 354.172920][ T5343] but task is already holding lock: [ 354.176125][ T5343] ffff8880275fa518 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_recv_frame+0x14f6/0x8eb0 [ 354.180039][ T5343] [ 354.180039][ T5343] which lock already depends on the new lock. [ 354.180039][ T5343] [ 354.184300][ T5343] [ 354.184300][ T5343] the existing dependency chain (in reverse order) is: [ 354.188156][ T5343] [ 354.188156][ T5343] -> #2 (&chan->lock/1){+.+.}-{3:3}: [ 354.191443][ T5343] __mutex_lock+0x175/0x9c0 [ 354.193661][ T5343] l2cap_recv_frame+0x14f6/0x8eb0 [ 354.196109][ T5343] l2cap_recv_acldata+0x9b4/0xb70 [ 354.198532][ T5343] hci_rx_work+0xaab/0x1610 [ 354.200516][ T5343] process_one_work+0x9c5/0x1b40 [ 354.202940][ T5343] worker_thread+0x6c8/0xf20 [ 354.205189][ T5343] kthread+0x2c1/0x3a0 [ 354.207215][ T5343] ret_from_fork+0x45/0x80 [ 354.209031][ T5343] ret_from_fork_asm+0x1a/0x30 [ 354.210822][ T5343] [ 354.210822][ T5343] -> #1 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}: [ 354.213927][ T5343] process_one_work+0x927/0x1b40 [ 354.216016][ T5343] worker_thread+0x6c8/0xf20 [ 354.218177][ T5343] kthread+0x2c1/0x3a0 [ 354.220201][ T5343] ret_from_fork+0x45/0x80 [ 354.222459][ T5343] ret_from_fork_asm+0x1a/0x30 [ 354.224799][ T5343] [ 354.224799][ T5343] -> #0 ((wq_completion)hci2#2){+.+.}-{0:0}: [ 354.228350][ T5343] __lock_acquire+0x24ed/0x3cb0 [ 354.230719][ T5343] lock_acquire+0x1b1/0x560 [ 354.232950][ T5343] process_one_work+0x12a6/0x1b40 [ 354.235362][ T5343] worker_thread+0x6c8/0xf20 [ 354.237615][ T5343] kthread+0x2c1/0x3a0 [ 354.239647][ T5343] ret_from_fork+0x45/0x80 [ 354.241837][ T5343] ret_from_fork_asm+0x1a/0x30 [ 354.244170][ T5343] [ 354.244170][ T5343] other info that might help us debug this: [ 354.244170][ T5343] [ 354.248568][ T5343] Chain exists of: [ 354.248568][ T5343] (wq_completion)hci2#2 --> (work_completion)(&hdev->rx_work) --> &chan->lock/1 [ 354.248568][ T5343] [ 354.255005][ T5343] Possible unsafe locking scenario: [ 354.255005][ T5343] [ 354.258248][ T5343] CPU0 CPU1 [ 354.260583][ T5343] ---- ---- [ 354.262935][ T5343] lock(&chan->lock/1); [ 354.264831][ T5343] lock((work_completion)(&hdev->rx_work)); [ 354.268544][ T5343] lock(&chan->lock/1); [ 354.271499][ T5343] lock((wq_completion)hci2#2); [ 354.273715][ T5343] [ 354.273715][ T5343] *** DEADLOCK *** [ 354.273715][ T5343] [ 354.277254][ T5343] 1 lock held by kworker/u33:2/5343: [ 354.279562][ T5343] #0: ffff8880275fa518 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_recv_frame+0x14f6/0x8eb0 [ 354.283732][ T5343] [ 354.283732][ T5343] stack backtrace: [ 354.286260][ T5343] CPU: 3 UID: 0 PID: 5343 Comm: kworker/u33:2 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 354.290700][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 354.295243][ T5343] Workqueue: hci2 hci_cmd_timeout [ 354.297359][ T5343] Call Trace: [ 354.298865][ T5343] [ 354.300132][ T5343] dump_stack_lvl+0x116/0x1f0 [ 354.302188][ T5343] check_noncircular+0x31a/0x400 [ 354.304290][ T5343] ? __pfx_check_noncircular+0x10/0x10 [ 354.306582][ T5343] ? lockdep_lock+0xc6/0x200 [ 354.308490][ T5343] ? __pfx_lockdep_lock+0x10/0x10 [ 354.310616][ T5343] __lock_acquire+0x24ed/0x3cb0 [ 354.312504][ T5343] ? __pfx___lock_acquire+0x10/0x10 [ 354.314728][ T5343] ? __pfx_mark_lock+0x10/0x10 [ 354.316874][ T5343] ? __pfx___perf_event_task_sched_in+0x10/0x10 [ 354.319612][ T5343] lock_acquire+0x1b1/0x560 [ 354.321573][ T5343] ? process_one_work+0x1277/0x1b40 [ 354.323789][ T5343] ? __pfx_lock_acquire+0x10/0x10 [ 354.325997][ T5343] ? __pfx_lock_release+0x10/0x10 [ 354.328160][ T5343] ? mark_held_locks+0x9f/0xe0 [ 354.330211][ T5343] ? process_one_work+0x1277/0x1b40 [ 354.332423][ T5343] process_one_work+0x12a6/0x1b40 [ 354.334420][ T5343] ? process_one_work+0x1277/0x1b40 [ 354.336668][ T5343] ? __pfx_lock_acquire+0x10/0x10 [ 354.338824][ T5343] ? __pfx_process_one_work+0x10/0x10 [ 354.341079][ T5343] ? assign_work+0x1a0/0x250 [ 354.343013][ T5343] worker_thread+0x6c8/0xf20 [ 354.345008][ T5343] ? __pfx_worker_thread+0x10/0x10 [ 354.347198][ T5343] kthread+0x2c1/0x3a0 [ 354.348963][ T5343] ? _raw_spin_unlock_irq+0x23/0x50 [ 354.351140][ T5343] ? __pfx_kthread+0x10/0x10 [ 354.353099][ T5343] ret_from_fork+0x45/0x80 [ 354.355024][ T5343] ? __pfx_kthread+0x10/0x10 [ 354.357004][ T5343] ret_from_fork_asm+0x1a/0x30 [ 354.359047][ T5343] [ 354.361578][ T5343] Bluetooth: hci2: command tx timeout [ 354.365026][ T5343] BUG: workqueue leaked atomic, lock or RCU: kworker/u33:2[5343] [ 354.365026][ T5343] preempt=0x00000000 lock=1->0 RCU=0->0 workfn=hci_cmd_timeout [ 354.371521][ T5343] INFO: lockdep is turned off. [ 354.373788][ T5343] CPU: 2 UID: 0 PID: 5343 Comm: kworker/u33:2 Not tainted 6.10.0-syzkaller-12888-g5437f30d3458 #0 [ 354.377560][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 354.381096][ T5343] Workqueue: hci2 hci_cmd_timeout [ 354.382804][ T5343] Call Trace: [ 354.383937][ T5343] [ 354.384954][ T5343] dump_stack_lvl+0x16c/0x1f0 [ 354.386535][ T5343] process_one_work+0x11ea/0x1b40 [ 354.388214][ T5343] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 354.389994][ T5343] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 354.391757][ T5343] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 354.393563][ T5343] ? __pfx_process_one_work+0x10/0x10 [ 354.395362][ T5343] ? assign_work+0x1a0/0x250 [ 354.396899][ T5343] worker_thread+0x6c8/0xf20 [ 354.398443][ T5343] ? __pfx_worker_thread+0x10/0x10 [ 354.400161][ T5343] kthread+0x2c1/0x3a0 [ 354.401545][ T5343] ? _raw_spin_unlock_irq+0x23/0x50 [ 354.403305][ T5343] ? __pfx_kthread+0x10/0x10 [ 354.404845][ T5343] ret_from_fork+0x45/0x80 [ 354.406354][ T5343] ? __pfx_kthread+0x10/0x10 [ 354.407890][ T5343] ret_from_fork_asm+0x1a/0x30 [ 354.409508][ T5343] [ 354.653315][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 354.657625][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 354.662132][ T64] bond0 (unregistering): Released all slaves [ 354.952800][ T64] hsr_slave_0: left promiscuous mode [ 354.955836][ T64] hsr_slave_1: left promiscuous mode [ 354.958779][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 354.962044][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 354.965966][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 354.969200][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 354.973599][ T64] veth1_macvtap: left promiscuous mode [ 354.975820][ T64] veth0_macvtap: left promiscuous mode [ 354.978114][ T64] veth1_vlan: left promiscuous mode [ 354.980413][ T64] veth0_vlan: left promiscuous mode [ 355.257983][ T64] team0 (unregistering): Port device team_slave_1 removed [ 355.310125][ T64] team0 (unregistering): Port device team_slave_0 removed [ 356.482683][ T39] audit: type=1400 audit(1722209806.172:696): avc: denied { sys_chroot } for pid=12591 comm="dhcpcd" capability=18 scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1 [ 356.491689][ T39] audit: type=1400 audit(1722209806.172:697): avc: denied { setgid } for pid=12591 comm="dhcpcd" capability=6 scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1 [ 356.502136][ T39] audit: type=1400 audit(1722209806.172:698): avc: denied { setrlimit } for pid=12591 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1 VM DIAGNOSIS: 23:32:53 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000001 RBX=1ffff9200068bea5 RCX=0000000000000001 RDX=0000000000000001 RSI=ffffffff8b4cc800 RDI=ffffffff8bb08f40 RBP=0000000000000200 RSP=ffffc9000345f510 R8 =0000000000000000 R9 =fffffbfff28c50d8 R10=ffffffff946286c7 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=ffffffff8ddb5160 R15=0000000000000000 RIP=ffffffff81687718 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020010000 CR3=000000000db7c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06dc9e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06dc9e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06dc9e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06dc9e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06dc9e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06dc9e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06dcad5488 00007f06dcad5480 00007f06dcad5478 00007f06dcad5450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06dd63d100 00007f06dcad5440 00007f06dcad5458 00007f06dcad54a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06dcad5498 00007f06dcad5490 00007f06dcad5488 00007f06dcad5480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffffc90006580000 RBX=ffff8880230a8000 RCX=ffffffff863bbdc2 RDX=00000000ffffffff RSI=ffffffff863bbdcf RDI=0000000000000005 RBP=0000000000000000 RSP=ffffc900008b0eb8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=ffff8880230a9570 R14=ffff8880230a9188 R15=0000000000000000 RIP=ffffffff863bbdfc RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000555563283500 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b3011cff8 CR3=000000003c9e2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007faa8e9e56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007faa8e9e56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007faa8e9e56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007faa8e9e56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007faa8e9e5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007faa8e9e5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007faa8ead5488 00007faa8ead5480 00007faa8ead5478 00007faa8ead5450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007faa8f63d100 00007faa8ead5440 00007faa8ead0004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007faa8ead5498 00007faa8ead5490 00007faa8ead5488 00007faa8ead5480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=fffffbfff28c50d8 RBX=fffffbfff28c50d9 RCX=ffffffff81683288 RDX=fffffbfff28c50d9 RSI=0000000000000008 RDI=ffffffff946286c0 RBP=fffffbfff28c50d8 RSP=ffffc9000340f5b8 R8 =0000000000000000 R9 =fffffbfff28c50d8 R10=ffffffff946286c7 R11=0000000000000002 R12=dffffc0000000000 R13=ffff8880227a8b58 R14=0000000000000002 R15=ffff8880227a8000 RIP=ffffffff81e7b0be RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffe3c1aabf0 CR3=000000002d45e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=00000000000000ff Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f17322d56a3 00007f17322d56a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe3c1acdf0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555555b76c4 00005555555b76c0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555555b54a8 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555562c736 000055555562c210 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555555c26e4 00005555555c26e0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555555b7790 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0400100010100003 d280040100000208 060a012fbe000800 03d9f00300080003 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0103ffffffff0400 100010100003d280 040100000208060a 012fbe00080003d9 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f00300080003d9e0 0300100003d9d003 03ffffffff0403d9 c00308100003d9b0 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 034080100003c7f0 030384800403c7e0 030390100003c7d0 030380800403c7c0 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030288100003c7b0 0302fd800403c7a0 0301fc100003c790 0302fb800403c780 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2030326438393235 3966666666666666 660a302e79656b5f 5f20622030656338 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6b5f5f2062203036 6438393235396666 6666666666660a31 2e79656b5f5f2062 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 745f766461746162 2062203061643839 3235396666666666 6666660a322e7965 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f20622030346664 3932353966666666 666666660a646574 61636f6c6c615f73 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f706374706d2062 2030386664393235 3966666666666666 660a322e79656b5f ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6b5f5f2062203063 6664393235396666 6666666666660a64 695f74656e726570 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a392e79656b5f5f 2062203030306539 3235396666666666 6666660a302e7965 info registers vcpu 3 CPU#3 RAX=0000000000000007 RBX=ffffffff94629760 RCX=1ffffffff279d099 RDX=00000000000003dd RSI=0000000000000000 RDI=ffffffff946297bc RBP=ffffffff947c7878 RSP=ffffc900032ef110 R8 =0000000000000000 R9 =ffffffff9462e290 R10=000000000000000d R11=00000000000002d7 R12=ffffffff81676b50 R13=ffffffff94634cd0 R14=dffffc0000000000 R15=ffffffff947c7868 RIP=ffffffff8167b759 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c3915da CR3=0000000049172000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2081be56c5 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2081be56d2 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2081be56cc ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2081be56e0 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2081be5766 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2081be5844 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2081cd5488 00007f2081cd5480 00007f2081cd5478 00007f2081cd5450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f208283d100 00007f2081cd5440 00007f2081cd5458 00007f2081cd54a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2081cd5498 00007f2081cd5490 00007f2081cd5488 00007f2081cd5480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000