last executing test programs: 1m14.509042735s ago: executing program 1 (id=672): mount$nfs(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[{'\xff\xde\\\xc9U\xd1\x1b\x96\x03L\xd7)^\x1aQ{\x96\xe8\xe4\x9b\xfd|Qh\xbar+\xe72\xe7\xac\xbd\x14'}]}) 1m14.508636827s ago: executing program 1 (id=673): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000002800018014000400000000000000000fff00ffffac1414aa060001000a"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) 1m14.45114916s ago: executing program 1 (id=674): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe880000000000000000000000000101ac1414bb00000000000000000000000000000000000000000000000064000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000002b000000fc010040000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000002000000000000000000000000000002000000000000000000000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000000000000000000000000000028bd7000000000004c001400636d61632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018"], 0x1a0}}, 0x0) 1m14.451000936s ago: executing program 1 (id=675): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="3000000010000108fdff763f0000000000006000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000008001a8004002d"], 0x30}}, 0x0) 1m14.380364886s ago: executing program 1 (id=676): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e601bae74656e642c6163638173733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000100)='./file0\x00') (async) chdir(&(0x7f0000000100)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ioctl$CDROM_LAST_WRITTEN(0xffffffffffffffff, 0x5395, &(0x7f0000000000)) r1 = socket(0x40000000015, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x271c, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9) connect$unix(r1, &(0x7f0000000040)=@abs={0x0, 0x0, 0x4e22}, 0x6e) read$alg(r0, &(0x7f0000000280)=""/137, 0xfe7a) (async) read$alg(r0, &(0x7f0000000280)=""/137, 0xfe7a) 1m14.379694786s ago: executing program 1 (id=677): io_uring_register$IORING_UNREGISTER_RING_FDS(0xffffffffffffffff, 0x15, &(0x7f0000000280)=[{0x2, 0x1, 0x0, &(0x7f0000000080)=[{&(0x7f0000000a40)=""/4096, 0x1000}, {&(0x7f0000000000)=""/118, 0x76}], &(0x7f00000000c0)=[0x0, 0x7, 0x21, 0x0, 0x4f8, 0x3, 0xb069, 0xb]}, {0x1, 0x1, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/196, 0xc4}], &(0x7f0000000240)}], 0x2) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_route(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000200)=@setneightbl={0x14, 0x43, 0x1, 0x70bd2b, 0x25dfdbfd, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x20050}, 0x40080) r2 = io_uring_setup(0x166d, &(0x7f00000002c0)={0x0, 0x78b9, 0x800, 0x2, 0x311}) io_uring_enter(r2, 0x2301, 0xd85f, 0x14, &(0x7f0000000240)={[0x4]}, 0x8) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f00000009c0)=""/109) 59.361225537s ago: executing program 32 (id=677): io_uring_register$IORING_UNREGISTER_RING_FDS(0xffffffffffffffff, 0x15, &(0x7f0000000280)=[{0x2, 0x1, 0x0, &(0x7f0000000080)=[{&(0x7f0000000a40)=""/4096, 0x1000}, {&(0x7f0000000000)=""/118, 0x76}], &(0x7f00000000c0)=[0x0, 0x7, 0x21, 0x0, 0x4f8, 0x3, 0xb069, 0xb]}, {0x1, 0x1, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/196, 0xc4}], &(0x7f0000000240)}], 0x2) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_route(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000200)=@setneightbl={0x14, 0x43, 0x1, 0x70bd2b, 0x25dfdbfd, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x20050}, 0x40080) r2 = io_uring_setup(0x166d, &(0x7f00000002c0)={0x0, 0x78b9, 0x800, 0x2, 0x311}) io_uring_enter(r2, 0x2301, 0xd85f, 0x14, &(0x7f0000000240)={[0x4]}, 0x8) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f00000009c0)=""/109) 37.728724239s ago: executing program 0 (id=190): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000340), 0x2000011a) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (fail_nth: 65) 30.737725285s ago: executing program 0 (id=190): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000340), 0x2000011a) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (fail_nth: 65) 24.097276038s ago: executing program 0 (id=190): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000340), 0x2000011a) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (fail_nth: 65) 21.459533123s ago: executing program 4 (id=1186): r0 = syz_io_uring_setup(0x749, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f00000002c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async) sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x4, 0x700000000000000}, 0x0) (async) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x58}}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000002a000040"]) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10) (async) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f000010f000/0x1000)=nil, 0x1000, 0x8, 0x20010, r0, 0x0) (async) r7 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x300000f, 0x12, r7, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f00000001c0)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, r7, 0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x1, {0x0, r8}}) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xc}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 21.259917518s ago: executing program 4 (id=1188): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r1 = memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0) pwrite64(r1, &(0x7f00000008c0)='/', 0x1, 0x0) r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x1, 0x0) fchdir(r3) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f00000000c0)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000080)='./bus\x00', 0x0) chdir(&(0x7f0000000100)='./file0\x00') r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 21.258390775s ago: executing program 4 (id=1189): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000000), 0x666, 0x802) readv(r2, &(0x7f0000001140)=[{&(0x7f0000000040)=""/138, 0x8a}], 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000280)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}]}}) r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000000440)={r1, 0x2000, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@bridge_delneigh={0x30, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r6, 0x40, 0xa6}, [@NDA_LLADDR={0xa, 0x2, @remote}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x0) r8 = socket$kcm(0x2, 0x5, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000180)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "a24b9f", 0x30, 0x2b, 0x0, @remote, @local, {[@routing={0x3a, 0x2, 0x2, 0x1, 0x0, [@mcast1]}], {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x42) fcntl$setlease(r9, 0x400, 0x0) fremovexattr(r9, &(0x7f0000000040)=@random={'osx.', '$\x00'}) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r10, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r10, 0x3b88, &(0x7f00000000c0)={0xc, r11}) ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r10, 0x3b70, &(0x7f0000000140)={0x25}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r9, 0x89f2, &(0x7f0000000640)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl1\x00', r6, 0x2f, 0x3, 0x2, 0x4, 0x11, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x10, 0x40, 0x1, 0xffffa19a}}) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000003c0)={@fallback=r1, 0x24, 0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)={@fallback=r4, r9, 0x2d, 0x30, 0x0, @void, @void, @void, @value, r12}, 0x20) setsockopt$sock_attach_bpf(r8, 0x1, 0x7, &(0x7f0000000180), 0x43) ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000000000)="507438421af1289a132dfce8a8d145bf700330c0aafaa13ce1b7e0c2b9233d0c080061fc980e794410b2ce4ee91f648fe98db05c64aa436d780a980a36f546e70049e4bd0cc87f27312b7b7398c6fcb528f1463d80bf96422d67e787280f28fb10a28eedf90cab17d7f80f3ad03021e89fdc0558852bf48cec5d8720552633f45fe188104fab9c45321c0c0538501e6428040366e8a7cd1201ced1aa093f8954fb1c54cb93e8c31da18bd42cdc97ae159b702f72401ceb694af234e87f7cfe924d83f0446ea68c7227167afae6fd013c4e2a87e1264b2b64bfe1cb620278e81cc15947cd0625a5d5bc62380b1fc1179d6fa63dca00cf6570677bf971cb1b6f188a45b7796a97412089774e3182b97cd939d3a0c8bfc1ffc177ee510262f0486bbbc7dfd95063433e29daff06849e119075") 21.105256614s ago: executing program 4 (id=1190): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002) ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f0000000240)=""/68) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) chdir(&(0x7f0000000280)='./file0/file0/..\x00') mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f0000000480), 0x0, 0x0, 0x3) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="010300000100fddbdf2526"], 0x14}}, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, &(0x7f0000000140)=[0xfbc, 0x4], 0x2) ioctl$KVM_RUN(r5, 0xae80, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x13, &(0x7f00000001c0)=[0xb07, 0x2], 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000009, 0x4c831, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) mprotect(&(0x7f0000c11000/0x1000)=nil, 0x1000, 0x0) 20.978415279s ago: executing program 4 (id=1192): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x4}, 0x1c) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) r2 = socket$netlink(0x10, 0x3, 0xa) sendmsg$nl_xfrm(r2, &(0x7f0000004840)={0x0, 0x0, &(0x7f0000004800)={&(0x7f0000004540)=ANY=[@ANYBLOB="c00000001b0002002cbd7000ffdbdf25ac1414bb000000000000000000000000000000000000000000000000000000004e2200074e240005020080003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="070000000000000001000000010000000400000000000000000000000000000001000000000000008bffffffff00000002000000000000000100000000000000080000000000000002000000bd6b6e0002010200000000000a00000000000000"], 0xc0}, 0x1, 0x0, 0x0, 0x80}, 0x20008000) close_range(r1, r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f00000000c0)={0xa, 0x2}, 0x1c) 19.777427455s ago: executing program 4 (id=1193): bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000200)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="e3eea21423f9c890c444e3cedddb25bdc7ca246b720f750979dbe2bebf6f527ae2d2e5757e66145611f2b04729b510f144f4d195368f78e432fe5b1e3a3a9b66c98c1e679c3b1b3b4061f3d8371f24b83660ce1fa21a8f951e0b1c35e52c7187d81b5f3ed15a1de19807c5d7499c3f2ef89e6a81fb82513d7cd34a15076790d4c4ad6a025e5b30d8e6cff5f051e253858525fabefb02", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2, 0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000480)="559f", 0x2}], 0x1}, 0x3) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r4}, './bus\x00'}) ioctl$CEC_ADAP_G_LOG_ADDRS(r5, 0x805c6103, &(0x7f0000000100)) open(&(0x7f0000000000)='./bus/file0\x00', 0x64142, 0x1c4) mount(0x0, &(0x7f0000000500)='./bus\x00', &(0x7f0000000540)='virtiofs\x00', 0x2818405, &(0x7f0000001980)='dax\x00\x00lwayc') 19.726562587s ago: executing program 33 (id=1193): bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000200)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="e3eea21423f9c890c444e3cedddb25bdc7ca246b720f750979dbe2bebf6f527ae2d2e5757e66145611f2b04729b510f144f4d195368f78e432fe5b1e3a3a9b66c98c1e679c3b1b3b4061f3d8371f24b83660ce1fa21a8f951e0b1c35e52c7187d81b5f3ed15a1de19807c5d7499c3f2ef89e6a81fb82513d7cd34a15076790d4c4ad6a025e5b30d8e6cff5f051e253858525fabefb02", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2, 0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000480)="559f", 0x2}], 0x1}, 0x3) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r4}, './bus\x00'}) ioctl$CEC_ADAP_G_LOG_ADDRS(r5, 0x805c6103, &(0x7f0000000100)) open(&(0x7f0000000000)='./bus/file0\x00', 0x64142, 0x1c4) mount(0x0, &(0x7f0000000500)='./bus\x00', &(0x7f0000000540)='virtiofs\x00', 0x2818405, &(0x7f0000001980)='dax\x00\x00lwayc') 16.827240709s ago: executing program 0 (id=190): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000340), 0x2000011a) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (fail_nth: 65) 9.660366034s ago: executing program 0 (id=190): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000340), 0x2000011a) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (fail_nth: 65) 4.100141716s ago: executing program 5 (id=1342): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) syz_open_procfs(0x0, &(0x7f00000003c0)='fd\x00') (async) r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='fd\x00') getdents64(r0, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x13) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000001340)={0x84, &(0x7f0000001400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r5, 0x40015b19, &(0x7f0000000040)) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x110) ioctl$KVM_GET_REGS(r7, 0x8090ae81, &(0x7f00000024c0)) socket$inet6(0xa, 0x5, 0x0) (async) r8 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_int(r8, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) (async) setsockopt$inet6_int(r8, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r8, &(0x7f0000000100)={0xa, 0x4e21, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0xff}, 0x1c) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r2, 0x40045542, &(0x7f00000004c0)=0x4) getsockopt$sock_buf(r8, 0x1, 0x1c, 0x0, &(0x7f0000000000)) (async) getsockopt$sock_buf(r8, 0x1, 0x1c, 0x0, &(0x7f0000000000)) ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, &(0x7f00000000c0)={"6e07849186e44bcbdae37cc4a5cac7e8be806263548e86929824749c0d48cafc037d7af97c668b40c0d9d840a63cb7241f5f35dc66315900aa18b9c0a9e5d9994813a51b770a7affd062fc9da94cfc350eff8e3038e494aef02440e54c437c5c0fccc1932628d8ce2273eb6f989b0cc3e78b053879585fdc797438aba9913aeca0d28eed4333fbd21888148e5b904701619a5c65476b2a6b80cd5ae76ba6b8777ace51d5b12868edaee8ac3634037e1213aaf055d38478300fea2a3b5e534795e3d91288ba495a9290c3288bcd406e2153c7e46c53eca69a337e58bdf7a5029ae6fd9650990d540ec5685d1613de1d6394aa38eb051b5e18ddfd696f497c6e562547bf3c938a65476cbdbcc136cd7c8abb694afba6185f1851287134e516121d86550122926815d5bba58f68fc866b1a9d9063a76889b788a6b1c86a50ef97b2343143ed0507a07046e845723eabf22054d7f180545cffdb98f2ae9c9ce8c9ce86bb186955dbeb463ebdc6390563b3658b61e0c8f5bcf6d0d3b132367b0de65eae268f7ea7fde546f33910ef9d5f5bf9a370be650f2a94c751de59382436936c7fd75b3b94179aa6c590bd72e594c16734ae99f2f309045f840940007cd256c2844f21895ddd27e64446614f09fa2b4f682dd0f6f10c3e605879552441046d7b53387bff2c3d4de496cb36401acadc62b1402648125a23f8309644b9450478beb78dc5abaaf1e1823f719ebf90a75536a25a3167ce4739baef3f09f9398500a6b69acd77dc9a2bce882d864a4657ab6c414a8f06a26c76ee207fe4ba4fb24cd5c3c10d4d26310ed5a9c6816ede9b39ca1c9c5c7935fa6f72bd4006199725bf6028d86877659f27d9be14b6536663d0874fe91e6cf8db6d836bb35ad381cf60b7e2055b5c2e80fdb6aaacf1d873323206bee303f5af00fd905eadf9bad577f8a40d498b35708a2965294e7c0385206ca26b0e07931f29c58bca057609b662f1d034f642c01bccd726d36f78d89b88963e4e89879ae1bcb9a15a7cf20ae043e7cb21f71b1329ecde57e96c08b1b58906cf16b09ec36b56a8cdb1f1b2a1e6d24157310315d8717a47d1e1dccd78bcc3178c69a7e2982f2221f06d69adfc12d73c3910b5e2ebb028d9ca7e18cbd73aa7a6536e9a07206382355e4de1eb7ef048f29269d89a2813f67a3b577e96f8986d16e180fcad1369854aecd31336cbea4df25f11dcd8ef039b42dc2f79013ce614af7aca73d40f90c5b8790130499b6a798056dd510bb0d50db12928fb1b565aede9fe4846adc3e6e509a468731641c70ae5663702d108fd4f704379a4203765c7974d7bfecadf926f66c157d7ea18eb4feff25d83785c6f0b700449913f7b6d69c87c3214be377d119dabd705a6f3e582e74464dd082e98c702adda6b6b8f6a3c3c8a3be05d2b3ebeb3303543a52ce749f586"}) (async) ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, &(0x7f00000000c0)={"6e07849186e44bcbdae37cc4a5cac7e8be806263548e86929824749c0d48cafc037d7af97c668b40c0d9d840a63cb7241f5f35dc66315900aa18b9c0a9e5d9994813a51b770a7affd062fc9da94cfc350eff8e3038e494aef02440e54c437c5c0fccc1932628d8ce2273eb6f989b0cc3e78b053879585fdc797438aba9913aeca0d28eed4333fbd21888148e5b904701619a5c65476b2a6b80cd5ae76ba6b8777ace51d5b12868edaee8ac3634037e1213aaf055d38478300fea2a3b5e534795e3d91288ba495a9290c3288bcd406e2153c7e46c53eca69a337e58bdf7a5029ae6fd9650990d540ec5685d1613de1d6394aa38eb051b5e18ddfd696f497c6e562547bf3c938a65476cbdbcc136cd7c8abb694afba6185f1851287134e516121d86550122926815d5bba58f68fc866b1a9d9063a76889b788a6b1c86a50ef97b2343143ed0507a07046e845723eabf22054d7f180545cffdb98f2ae9c9ce8c9ce86bb186955dbeb463ebdc6390563b3658b61e0c8f5bcf6d0d3b132367b0de65eae268f7ea7fde546f33910ef9d5f5bf9a370be650f2a94c751de59382436936c7fd75b3b94179aa6c590bd72e594c16734ae99f2f309045f840940007cd256c2844f21895ddd27e64446614f09fa2b4f682dd0f6f10c3e605879552441046d7b53387bff2c3d4de496cb36401acadc62b1402648125a23f8309644b9450478beb78dc5abaaf1e1823f719ebf90a75536a25a3167ce4739baef3f09f9398500a6b69acd77dc9a2bce882d864a4657ab6c414a8f06a26c76ee207fe4ba4fb24cd5c3c10d4d26310ed5a9c6816ede9b39ca1c9c5c7935fa6f72bd4006199725bf6028d86877659f27d9be14b6536663d0874fe91e6cf8db6d836bb35ad381cf60b7e2055b5c2e80fdb6aaacf1d873323206bee303f5af00fd905eadf9bad577f8a40d498b35708a2965294e7c0385206ca26b0e07931f29c58bca057609b662f1d034f642c01bccd726d36f78d89b88963e4e89879ae1bcb9a15a7cf20ae043e7cb21f71b1329ecde57e96c08b1b58906cf16b09ec36b56a8cdb1f1b2a1e6d24157310315d8717a47d1e1dccd78bcc3178c69a7e2982f2221f06d69adfc12d73c3910b5e2ebb028d9ca7e18cbd73aa7a6536e9a07206382355e4de1eb7ef048f29269d89a2813f67a3b577e96f8986d16e180fcad1369854aecd31336cbea4df25f11dcd8ef039b42dc2f79013ce614af7aca73d40f90c5b8790130499b6a798056dd510bb0d50db12928fb1b565aede9fe4846adc3e6e509a468731641c70ae5663702d108fd4f704379a4203765c7974d7bfecadf926f66c157d7ea18eb4feff25d83785c6f0b700449913f7b6d69c87c3214be377d119dabd705a6f3e582e74464dd082e98c702adda6b6b8f6a3c3c8a3be05d2b3ebeb3303543a52ce749f586"}) syz_io_uring_setup(0x7da, &(0x7f0000000500)={0x0, 0x2a6e, 0x8000, 0x2, 0x25e, 0x0, r2}, &(0x7f0000000580), &(0x7f00000005c0)) (async) syz_io_uring_setup(0x7da, &(0x7f0000000500)={0x0, 0x2a6e, 0x8000, 0x2, 0x25e, 0x0, r2}, &(0x7f0000000580)=0x0, &(0x7f00000005c0)) mmap$IORING_OFF_SQES(&(0x7f00000fb000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r2, 0x10000000) (async) r10 = mmap$IORING_OFF_SQES(&(0x7f00000fb000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r2, 0x10000000) syz_io_uring_submit(r9, r10, &(0x7f0000000600)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x47, 0x15, r8, 0x0, 0x0, 0x0, 0x140, 0x0, {0x3}}) 3.179865148s ago: executing program 2 (id=1357): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000070000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="0c0001800800010003000100200001"], 0x44}}, 0x0) 3.110444605s ago: executing program 2 (id=1359): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe880000000000000000000000000101ac1414bb00000000000000000000000000000000000000000000000064000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc0100400000000000c9ffff00000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000002000000000000000000000000000002000000000000000000000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000000000000000000000000000028bd7000000000004c001400636d61632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018"], 0x1a0}}, 0x0) 3.110223313s ago: executing program 2 (id=1360): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x330, 0x0, 0x1170, 0x1398, 0x120, 0x1170, 0x260, 0x1398, 0x1398, 0x260, 0x1398, 0x3, 0x0, {[{{@ipv6={@mcast2, @mcast1, [], [], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x6, 0x0, 0x0, 0x41}, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@inet=@ecn={{0x28}, {0x10}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@uncond, 0x0, 0x118, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@hbh={{0x48}}]}, @common=@unspec=@NFQUEUE0={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x390) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x580, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_X86_SET_MCE(r4, 0x4040ae9e, &(0x7f0000001180)={0xea00000000000000, 0xffff1000, 0x4, 0x8, 0x14}) (async) ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f00000001c0)={0x7fff, 0x25c, &(0x7f0000000240)="9a50847414d392b48d78cad9740de73eb8677f448b6d301169a281d9fc9521c66da5ea0ae3d635cdd3677c07c11dfe0913b409a1c90b60a4e3d683ffdcd1d766168690a041621cba9b9df65c4493a6584ef2b16e3ac3a6900e0669fa3bea598f4e84874a73f87a4356e96d2834632579f1b81b88838d5400423d88b0d7274c0cded4b08bdea1572cfb91cdff8aedcdedf3998feeb19cda225aeaa59a9903c88119330773ad3e20c1e6bcf155767f3a78581d8ffa2180089d86498a2209fc28c7f56843cbd426995c7ad57ab7c8472c28784623b7106d800b0f00ba6c3f33856373545ae998f30dcd7a4c668f2b99e94c8c89253af3c0ec8b7c318f4980c8", &(0x7f0000000180)="bf47ef622f1aa0f3fc2b42448f20e5421fae3aee93cf1dc7", 0xfe, 0x18}) (async) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async, rerun: 64) r6 = socket$unix(0x1, 0x5, 0x0) (rerun: 64) r7 = dup2(r6, r5) close_range(r7, 0xffffffffffffffff, 0x0) ioctl$SNDCTL_TMR_STOP(r7, 0x5403) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$VIDIOC_S_TUNER(r0, 0x4054561e, &(0x7f0000000800)={0x91f, "91c1b3caea781e4e2e4e8ce090baa774bad44419ddd9817078e809f16b9eeeea", 0x3, 0x4, 0xa6, 0x7, 0x1, 0x0, 0x6, 0x4}) mmap(&(0x7f0000057000/0x2000)=nil, 0x2000, 0x1, 0x2010, r3, 0xbd266000) (async, rerun: 32) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) (async, rerun: 32) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) 2.658526171s ago: executing program 3 (id=1366): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000009400000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300)) pipe2(&(0x7f0000000040), 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 2.217799271s ago: executing program 0 (id=190): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000340), 0x2000011a) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (fail_nth: 65) 401.643348ms ago: executing program 5 (id=1367): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f00000000c0)=r1, 0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001140)=@base={0x5, 0x10001, 0x7fff, 0x4, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000001780), 0x8, r2}, 0x38) r3 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0), 0x20440, 0x0) sendto$packet(r3, &(0x7f00000002c0)="a2220ce349a05bc96f032e99a720f6711422eba04f654b7fb397fa4e8e56babd3a8f755c21cb19903c0be9f0107c870429b3675ca252d5ed20bae452cd335204a4ae0e7b98438c6ab6defe4ed694b381e07f0a90c97650ed173e2d7c84de5ea95dc324b45c8c5aba5b5211cbacbd903239", 0x71, 0x1, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x14, r5, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x4000844}, 0x40000) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r1, &(0x7f0000000000)="543c3f5b5cd425654fe2b7090859c8b448e9658178667ab1adc058921ac48c4c592661652246bf1c8b1a96b216b318fbb12209620fb88818a983ff63ede295d9e01a88c12ef0a8e11f21647728ef5f1d0a0462fc793b23204b6059e8690cf7bdee1775dec2f422a8cf67d31d622d920a7e1d", &(0x7f0000000100)=""/152, 0x4}, 0x20) 399.490723ms ago: executing program 2 (id=1368): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time\x00', 0x26e1, 0x0) close(r0) (async) socket$vsock_stream(0x28, 0x1, 0x0) (async, rerun: 64) ioctl$SIOCSIFHWADDR(r0, 0x8b20, &(0x7f0000000000)={'wlan1\x00', @random="c30014016800"}) (rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xf, 0x9, &(0x7f0000000540)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000500000085000000190000005f0000000000000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) 398.080277ms ago: executing program 3 (id=1369): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) getpid() sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000001c0)={"ac499f8222939de680fd632f66b710a1175e37ce631192a89821b79160ee1ce5", 0xffffffffffffffff, 0xffffffffffffffff}) r3 = signalfd4(r2, &(0x7f0000000080)={[0x2002]}, 0x4, 0x80000) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000000c0), 0x4) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x7, 0x6, 0x401, 0x0, 0x0, {0xc, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x8800) syz_clone(0xae12e400, 0x0, 0x0, 0x0, 0x0, 0x0) close(0x3) 323.855964ms ago: executing program 5 (id=1370): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe880000000000000000000000000101ac1414bb00000000000000000000000000000000000000000000000064000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc010040002000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000002000000000000000000000000000002000000000000000000000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000000000000000000000000000028bd7000000000004c001400636d61632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018"], 0x1a0}}, 0x0) 323.721899ms ago: executing program 2 (id=1371): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e938462b8db0049d90491ceaebfd26d4eef23248000000f858dbb8a1905234", 0x34}, {&(0x7f0000000200)="c67f0d7df9", 0x5}], 0x2) 323.620226ms ago: executing program 5 (id=1372): r0 = memfd_create(0x0, 0x0) pwrite64(r0, &(0x7f00000008c0)='/', 0x1, 0x0) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x1, 0x0) fchdir(r2) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f00000000c0)='./file0\x00') chdir(&(0x7f0000000100)='./file0\x00') r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) 249.992593ms ago: executing program 5 (id=1373): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'bond_slave_0\x00', 0x0}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r3, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x8, 0x1, 0x7}]}}]}, 0x38}}, 0x4) 146.039283ms ago: executing program 2 (id=1374): r0 = socket$pppoe(0x18, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$KVM_SET_MSRS(r1, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x48e, 0x0, 0x94}]}) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x7, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}, 'macvlan1\x00'}}, 0x1e) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xe32b60fbedc7f0cc}, {0x7}, {0x0, 0xa}}}, 0x24}}, 0x0) sendmmsg(r0, &(0x7f0000001340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x24048084) r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r6 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x8000}) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r8}) read$FUSE(r8, &(0x7f0000001380)={0x2020}, 0x2020) 141.768059ms ago: executing program 3 (id=1375): r0 = socket$inet(0x10, 0x3, 0x2) timer_create(0x3, 0x0, &(0x7f0000044000)=0x0) timer_settime(r1, 0x1, &(0x7f0000040fe0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f0000000040)={{r2, r3+60000000}, {0x77359400}}, &(0x7f0000000080)) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r5 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a050600000000000000000100000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001405000d404600000014000000110001"], 0x6c}}, 0x0) sendmsg$NFT_MSG_GETSET(r6, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x14, 0xa, 0xa, 0x101}, 0x14}}, 0x0) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='memory.numa_stat\x00', 0x0, 0x0) sendmsg$nl_xfrm(r7, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000800)=@getae={0x117c, 0x1f, 0x1, 0x70bd2c, 0x25dfdbfc, {{@in=@loopback, 0x4d5, 0xa, 0x6c}, @in6=@remote, 0x914f}, [@policy_type={0xa, 0x10, {0x1}}, @algo_crypt={0xb1, 0x2, {{'xts-aes-aesni\x00'}, 0x348, "6f31d8055913336be0d5bd83b67baf9f126046218ad276ab4a424431c5e29e8fb583816336ae455054e67849e698b31ea6fab9f0359ba6c0919724d7106be17f90c2a42349358c1ebc2c933558ebdf1ee4cba431f81f5f469eb57cab39e0681584c9ceb98d4c62ce32"}}, @algo_aead={0x104c, 0x12, {{'ccm-aes-ce\x00'}, 0x8000, 0x80, "c71f187e8631545319a787e69f9a75d7f3f7980458ee9723275be01d9ed64ca8fe69780b1fd15628100ebdc73cf8a78f032892684068e429c7253c86f6ac73ba4d2a5b46bf34da0775587ead4561ed43ed3c6f83afa7deb61c9f41098d0e91af35c5e4f38309b53b14cebc7e2b27e2c00845136e1b5904c7dd50b3cce24123ee7e52c7f6e0200751e4e1f8f3b3941dd4e437682950d9136c921a46c8bca9e620f1010c9104b576e58fdc694d5ca32a57c9ade8f0a75bbb75ef08488acca86f9f675059b505c7704660636f1c79f6dbd90b08dc013e9bc5639d370f07c53cf621f766cf301644e10457bb53245f5f2901de2b4272985a0c936154c7416d6acf08f859629e13beab4fe1ec5053f5351f0418901e7ca2d882d6487459b415b710549db0a3d9a919cec48b064df610d046e972689a4c414e8309b75abba4c06768a7e91636df7f36d8797fd4eac48c5cb3ac78188010cc3b59d721f920c6fde4b1b230299882d45d85c391fa78cf61d7554fc6de6879668703b62eeecb3d078206a1666ac7debab8c56904ac75e42e69a3058b89944138c1e6b360ccd86a0e2aa7e965174cb983e946f820f484bfab610ba1693fca2972a34f20597f6a99a62fe4c2d71c2793a3df1362a8b28bdc08959fd3a5617e93c791a5d7ef7350f92331a9cc3761279c763849f8106ba07f399d4250342bd1b005d4c89780065a6685a681b4d355d68cb5dd8bd276ffe37dc5efce05b63da9b6858c0792e8940af74daf2555a0be50b013c7af924129f4ea77b9db598a2acf5f053c4f27af6a2531c1b4013f09d1ae3801bdfabcea206f406e8f20f5f34ce5682c0c8a636c2bca27283b077bcb90960741208e737fa9e0bf6073bca4aac92ef0706c80ac1f711717a5ad8054b93eea874abdb013c4ebb50735ae120acaf9d308469ee18c8f41326b91a124f02fe6d0537613c85b0cdf7a1dccfc6e9426d59bfc60619f629861fd12ce3c1141664e334d3227de64ee16fd96c088f0ed08ea8a43eda7a7f0b25c7f6e1e2b841d266c585fb3cee389b8e766048e40058d04a08a777589a5dc1257335d281fbe345141bdd6667cb95774ea53b60aaffd4b61bb457de871537bdabe89b025348e365610f3af7df5d268f557b183ee2988315e7cc08f4bd82b4cc95131b9276ddbd3c05a5ae5a4e641a6e3038f8591ebb5e06a4b4446930e505b11b261ddaa3d97184f56eaf827d75c6b4fbc7ec05c483f1f0be90c39dfc4f7d7e8d95df57770c75a554da2d70a3f300cb36c6728e7ec97f3bc538b2bd5cdc6676e8090766e9e56fc2100d8523e1f1861617906bec8444d9c08b0f79d8fd0ebea552ca578027eaf9ebebe577059e524305c11305eea238bd71fcec799d536de0d52b9530418c72a5758cfc845fbb311ac9d2840aed8c1310fa7baae91209a8143569152752e352a6ba5505a0d61bb82c5d09716dfbf34c027731c6a2f79b59d13d7de83f9e6ef72d467884fe85dfbd4fb2e659b9246c4083397d5a3ba4023cdc2db4651d4b497f5c092861836c795d13cb86ad06a5669bd10ff910a60b96c7ec1ac3e6a142b139f893541d8fa241ee0c65bf43027cc79424e55f80c70842e6944005ab3cc6f819edfde5c9920018f573801dcc3d4af53ca518424aca8145967e077d89e29dce92ca0c56a8c8ce8d08ab187ddc0fe058e9349480668045fc882848c2ca12efacfbf192d9fb739be1e446a9335eb05ebbf225968ecafc8dcd99244a27428d60c6b774516095612568549a3f908c189b32bd2f4502bd70fe3dd3fa1edcf93d24ffcb260f6780e25a4e8f68d22d1af1e719cc95040404dba6f011e1a26cda9e41bd0752775a76a9d57571a8b2ad4744482d7dc7abef2cb3d9004ec8758add4b9bdcae22fa0f034578924ad86aa424adf15ba25f9611cfe8ec06c72e493ebc8f98a149d0f51bc6870dc73c3f2ab00f474c3285e01457abec06c779aba85e5a5555b5baf985e49a78a6557975f9cb1dda2f5f8b2fc5c9eece5f92ddc218a3295ea428b268aacdf09508e56004ae3065e2f1592c997eb0ab01f9a382b9b64e8bb6b3b9da7e29f33fe8fdcbb33d2410becfd7639efcb023ad996fdb5f52c43f02b6376b31977a60bc3ba070ce645b0099c10c3a35e3398a1342cdf1decb823897e2f270927f3f4297d152efb3ea11af38e5b169d98bb10ed159ef690d24bbac74ab29c203b880f98b0a6a093327a2c562c9408a7a795f63d413fd335646c457dd98d0bac2e34498737c7f0a2b089af985bac7befda89ea4e8254f10b670417fcb779143f25ca4abb2a60494332427baacb872d4a3c112bbcece1267a879ad12ffadb6335fcc68995631bbb4073c9202177ec1a638f476d0203e8ad321a72a5ed869239eab9458374d5b37aca69948c5b9dec54ff9b261cb640c3bc0d17ac884d1a8943b41cffd8c304d53e7bff8690940f87e57eecfddbaca383be4600342cf5d75c7f1519ce279b5ada2655eef70807c5dbb641059d9c52b3d8146fec5d1e4f3379faef44239d242d1dfc6acf7396e48884bebb536ff95d2edcdeb180cbcebc22892bd6b6c65bc727d3bc3afb6581a5cd3571bf79a474bf608c8032d8d4ef552d39ff80ecbe9e4c4f98c41dd95d7506078db8dea17e5f21961ba430439d59436baba82d4fd001f873263de7988ad5c71b2816de8f660b97769961685e5810258fe658a372b1b9955a43394005b16f46737cb23fb0bbb955d2f41fa7c7cb77f5da35b6fc922f37a25a8c0c5ab8c4b5efcc9b4d5fe41b6282039520edaefd7f54552700f10eede284271d378000c3ac7dc1deb2a1b5627a9684714cd835846b36ea6be394174a46833608db55a59ce50a97cc553211756d138054070276782a9ef10767ddcbb17da5a3422e14bacf637c7f480bc486302d4e44c8552705335c5150c421659ef3a3f8ec0a981283c1d6bab999c21ba1b900345e2488b2663e56ad0944e88a371faf38796898667789de8b65f0dd5db4855fd3792fb6b1d5fde7f4352e96dfd195a7dd37c517e3d15e91e89f814941e960be169669b7103353511f79b84951669ffebb3e162d93e38aaf3cb9988e003868effad42e799dad4a2f49d47f29e074f942f11dc296cf317664d2a1562491867c7eb9f64b98745ed0c16d68e1db722a2fd68ce24dd8532f2aa74bdc82723d033aa9ce654d97be1bd1f3a6592514af683ff7ddb23fb1bfa256a6e32204ce72db854d4a6ce33bf5c84a8a6c9cd1b70f7795ea42c7fb1e719603d4c78a45060203e867bd69604f46c1421d7e05c2fd28c35ff33223824355ae96c86cd936420d627a9f467cab509846b0b6ad1739aedce9c9545b0f857a76a96f461b89bf86ed28d37263108ed785c396d8110460df218152aa8df0759985246be16f78f4e9ea4fcbf2d5ba157697aea01ab371ca5800084428e5ea53a3b276b5f81f55ea77c2f6da5e5f48be480568d2dfdd76b9187abed7b53e92994b52fb235136d68c5dca5fd41bd90cc1f2d96d8abacf7e4a8473628775f1e0333331fe3497dc967ebf6bd936c74d2643b537ab3f4f37313426e4eebccf04129e8e9c6f8a1766230c65c46a2195c9d1d1e7788b194b8018d90161a21327a7d7783ef4ba7d3a5608e9309c2ad917edd8e8e8cd6e165729ee8b3715efe66d8edaa0e04f0a6dc0df5db864b38a3df578a3705b79da1accb2d7bcca5a58a9fdd64f5700f6342cba4e7a6d6bc05256ddd5af1787f1efd30d3722f09c519ea57915a53ea291552712575a10246651afa1ee56469d9fb981bc32349a5a88ddf2c3dfe05227fa59855bd44d34e6fab90878870a72050af1cc6201643d75afe2a612d8c7e125c08e465e45cd5317cdff1eab2e6d484a214fe31787646d6c2f6007b1529e24a5c438fe725951c88b6dd4209e0c5b9843678450541195dfd0250ad8f1056354d798c15b7c09cfbf355e4ddeb7a4328b3c3ce79ed4ece64cedd9bead12b28b68a118efefececd73c6a88de20cd1df36fec9dc57beaa337e35c5bcb0166f93ab13b18f7166134ac61c83b5099b4d3dc715ffb21fd1419047167ccf3811aa8b8552ffdcf80fdeeb7a62fa6dfa6f369b98b4dc841be98571f327ce3553c99a5d1ce881df4c49b977d29f2a03a0663e376f48564d472a6181a5738e7c545e2c571999c4b3581ee966877a8bd027d39408a31ea6eaa1033720dfb10d0c30d64880c84e9af7937e8ebc1ea2b9d82540923669f66e856675862a5ad74981faaab9ba306ce6f8d31538f7b4e57bcfa53dd6b6815bb536452b2e324a9c893b1fc05885fff4aba1c7c6faafb0ca1c60069373ac4ab59406aa038f3c2e73af335021c493e7edd385f39d5aa7844174caed9861f747e420fa3a9be6a375bb0cc0f5312ae5127a0ebd25c588021f74f3691934e8d3df0e8e758474d9369d245b7f7209ec7726a0ecf86396437266a36d1ee884aec7a9fcebb171b0115c7b808d1b9064dcae2f87f07467b15a14150cea6bd6d2a728eba9bf6344ced8a23b53fe286a7943d8356448fd1955203d07e0bc224bbbd8535cc1376650233c65233d10066005388978b281f9a655eaddf79bb6227a1e3149f9376d982876f0bdc5e3cc943fc6aae610931bc1069beb373c914c648c19801e241a687f04a64872ad5d635aebe32bebd900f14d9bf27ff170aa3819c2a8310fb640a3b867e7ed3e871bc846c1341ff1be96ce887c8e60646d9b53a11e0318992899f2d1b76c03917e57377545f2c24431a427a0e15020f32c2c884edae5f6d46958e243b276eed60f21c590e8399b1e11588a943d5501c539e319295aec5d052aea6f56e5a254a841344f47f013bd6551bb8bdaa0308d8523240e6f287244139cf964483311f4d859dac9aa723666523cad2930d95809aebebf08f7c3a7a70aee352658ce6af5775374bfe443f6376db65cae3f663f0ea6c81d9b0a7596a0d13e55469de33bc7ddf5b5c119fc047b4e227b16a9d1e1fec34cefe76d0a6dfe0a3e66d062eb682d90bacb1da0c2a86099b7e8cdb09dee0ccfed292d9b2e7febdefa8feba250c3234fb28da678f01b28f95e41483726f6a40bd130f3fd87636a89f82d2c24fe02b8bb3bb72d5e4bd7cd59060f82c5e6e063b886fa16eca31cb953aff6da6cdc0f926b8fb567a80f337be6d904faaa1abd169fa01b91dc345be5d5d3a56f34a7cc812048d926695b2f8034e30e7062f43059e8e9b5ff2ce0621b054972b5b67696e3f3402fe503904357668d9ba69a1dbb24144d4d33d2df5b0a4550cb22ada5a28ea6d31a3e7af1a02ecdbbdb2d89ff01dd5c1ab093a868e2cdd15a920e1fef879b8a3755393b7f4244c0693ed9ae5f4d4fdcead01197ec932d56e7e1ee5b68ba842a174b1841e64e46337e8763f9c80ba5357166fd595c9b0bbd6aef5f2dd3da43200cfd3f8d90670964917c8992083b911aeb68b0108721652230bbd970ae17a479efadd523b432498b2d03ee22c0e939f55c882ba967dbe5f1636e8e976c2f630115fa4502dfdef892649144765f4c011315c7cf3a50403322377ccd629207eb9dbb68526300444da47c923ddbc30820eecb9c8a447c63c8b8dee5d027cef7c1c830212b451fb2b65ca961139716a78a102fd87ecff99727b0cf6fef6900fc91233612ee1c1c6a691badeb6f5ff2a767b899ec3389674ea559b81b22033c43aa2e805a0893bc26581f9ce66cae507d0cbeae45b451adb355e1c9cd770cc0441599b7a47a93de52f569f41122b7b3725932e91032dbf98d59246894e02254bd82f8ba314b315f9"}}, @coaddr={0x14, 0xe, @in=@dev={0xac, 0x14, 0x14, 0x3d}}, @coaddr={0x14, 0xe, @in6=@dev={0xfe, 0x80, '\x00', 0x43}}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x4}]}, 0x117c}, 0x1, 0x0, 0x0, 0x801}, 0x41) r8 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r8, {0x2, 0x4e24, @remote}, 0x2, 0x0, 0x4}}, 0x2e) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) r11 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_CREATE(r11, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)={0x1c, r10, 0x4, 0x70bd27, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x25}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40085}, 0x20000040) sendmsg$L2TP_CMD_SESSION_GET(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="0100000000000000000006000000140008"], 0x28}}, 0x8000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000001800dd8d00000000000000000200000000000005000000000600150001000000280016802400010000000000000000000004010020000000000000000000000000000000000001"], 0x4c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=ANY=[], 0x6c}, 0x1, 0x0, 0x0, 0x18840}, 0x4000841) r12 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r12, &(0x7f0000000140), 0x4924b68, 0x0) r13 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r13, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0xac, 0x24, 0xf0b, 0x70bd2b, 0xfffffffd, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x2}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x6, 0x0, 0x10]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0xc2}]}}]}, 0xac}}, 0x0) 137.554873ms ago: executing program 5 (id=1376): mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x300000d) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xee01}}, './file0\x00'}) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='oom_score_adj\x00') write$6lowpan_enable(r1, &(0x7f0000000340)='1', 0x1) write$6lowpan_enable(r1, &(0x7f00000002c0)='1', 0x1) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000080)=r1, 0x1) r2 = socket$alg(0x26, 0x5, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x9, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x9b0903, 0x2b, '\x00', @value=0x6}}) bind$alg(r2, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r4 = accept4(r2, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4) r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r6 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) tkill(r6, 0xb) mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x300000d) (async) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xee01}}, './file0\x00'}) (async) syz_open_procfs(0x0, &(0x7f0000000440)='oom_score_adj\x00') (async) write$6lowpan_enable(r1, &(0x7f0000000340)='1', 0x1) (async) write$6lowpan_enable(r1, &(0x7f00000002c0)='1', 0x1) (async) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000080)=r1, 0x1) (async) socket$alg(0x26, 0x5, 0x0) (async) syz_open_dev$radio(&(0x7f0000000080), 0x1, 0x2) (async) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x9, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x9b0903, 0x2b, '\x00', @value=0x6}}) (async) bind$alg(r2, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(camellia)\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) (async) accept4(r2, 0x0, 0x0, 0x0) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4) (async) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) (async) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) (async) gettid() (async) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) (async) tkill(r6, 0xb) (async) 67.300648ms ago: executing program 3 (id=1377): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x40) fcntl$notify(r0, 0x402, 0x8000003d) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0) rmdir(&(0x7f0000000040)='./file1/file3\x00') mknod(&(0x7f0000000140)='./file1/file3\x00', 0xc000, 0x9) rename(&(0x7f0000000000)='./file1/file3\x00', &(0x7f0000000100)='./file0\x00') open(&(0x7f0000000280)='.\x00', 0x0, 0x40) (async) fcntl$notify(r0, 0x402, 0x8000003d) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0) (async) rmdir(&(0x7f0000000040)='./file1/file3\x00') (async) mknod(&(0x7f0000000140)='./file1/file3\x00', 0xc000, 0x9) (async) rename(&(0x7f0000000000)='./file1/file3\x00', &(0x7f0000000100)='./file0\x00') (async) 118.035µs ago: executing program 3 (id=1378): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 3 (id=1379): socket$inet6(0xa, 0x80001, 0x0) 0s ago: executing program 5 (id=1381): r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'das16m1\x00', [0xf000, 0xa566, 0xfffffffe, 0xffffd, 0x8, 0x7, 0x5, 0x10, 0x1000, 0x3, 0x0, 0x5, 0x4, 0x4, 0x207, 0x1, 0x7, 0x3, 0x9, 0x5, 0x102, 0x3, 0x9, 0xa, 0x5, 0x1, 0xb0c4, 0x7df, 0x3, 0x400007, 0x2]}) kernel console output (not intermixed with test programs): .869843][ T6132] usb 9-1: USB disconnect, device number 4 [ 130.035245][ T60] team0 (unregistering): Port device team_slave_0 removed [ 130.461736][ T8748] netlink: 'syz.2.903': attribute type 7 has an invalid length. [ 130.464176][ T8748] netlink: 32 bytes leftover after parsing attributes in process `syz.2.903'. [ 130.467086][ T8751] A link change request failed with some changes committed already. Interface 2g,{ may have been left with an inconsistent configuration, please check. [ 130.506689][ T8755] netlink: 'syz.3.906': attribute type 10 has an invalid length. [ 130.509357][ T8755] netlink: 40 bytes leftover after parsing attributes in process `syz.3.906'. [ 130.513842][ T8755] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 130.518973][ T8635] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 130.538798][ T8635] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 130.540438][ T40] audit: type=1400 audit(1752311587.155:645): avc: denied { ioctl } for pid=8756 comm="syz.2.908" path="socket:[32145]" dev="sockfs" ino=32145 ioctlcmd=0x8b36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 130.551938][ T8635] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 130.560905][ T8635] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 130.560981][ T8757] netlink: 28 bytes leftover after parsing attributes in process `syz.2.908'. [ 130.578756][ T8757] netlink: 8 bytes leftover after parsing attributes in process `syz.2.908'. [ 130.585451][ T8757] dummy0: entered promiscuous mode [ 130.630786][ T8635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.652270][ T8635] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.659398][ T1194] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.661754][ T1194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.684752][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.686977][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.721195][ T40] audit: type=1400 audit(1752311587.335:646): avc: denied { bind } for pid=8773 comm="syz.2.912" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 130.733363][ T8774] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 130.767373][ T8794] A link change request failed with some changes committed already. Interface 2g,{ may have been left with an inconsistent configuration, please check. [ 130.806265][ T8800] netlink: 'syz.3.919': attribute type 10 has an invalid length. [ 130.810915][ T8800] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 130.836672][ T8804] x_tables: ip6_tables: TCPOPTSTRIP.0 target: invalid size 32 (kernel) != (user) 22 [ 130.840683][ T8635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.881321][ T8635] veth0_vlan: entered promiscuous mode [ 130.888945][ T8635] veth1_vlan: entered promiscuous mode [ 130.893095][ T8815] 9pnet_virtio: no channels available for device syz [ 130.918164][ T8812] netlink: 'syz.4.924': attribute type 39 has an invalid length. [ 130.948561][ T8635] veth0_macvtap: entered promiscuous mode [ 130.960500][ T8635] veth1_macvtap: entered promiscuous mode [ 130.973353][ T8635] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 130.983733][ T8635] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 130.987887][ T8635] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.993976][ T8635] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.997635][ T8635] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.001080][ T8635] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.012873][ T8823] A link change request failed with some changes committed already. Interface 2g,{ may have been left with an inconsistent configuration, please check. [ 131.080309][ T92] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.082965][ T92] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.092976][ T8828] netlink: 'syz.3.930': attribute type 2 has an invalid length. [ 131.147495][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.150582][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.213418][ T40] audit: type=1400 audit(1752311587.825:647): avc: denied { setopt } for pid=8833 comm="syz.4.933" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 131.407650][ T40] audit: type=1400 audit(1752311588.025:648): avc: denied { unmount } for pid=8387 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 131.520402][ T8845] trusted_key: encrypted_key: insufficient parameters specified [ 131.531324][ T8845] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 131.539333][ T5952] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 131.739595][ T40] audit: type=1804 audit(1752311588.355:649): pid=8853 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.4.939" name="/newroot/45/file1" dev="fuse" ino=1 res=1 errno=0 [ 131.750106][ T40] audit: type=1800 audit(1752311588.355:650): pid=8853 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.939" name="/" dev="fuse" ino=1 res=0 errno=0 [ 131.846129][ T40] audit: type=1400 audit(1752311588.465:651): avc: denied { map } for pid=8859 comm="syz.4.942" path="socket:[33059]" dev="sockfs" ino=33059 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 131.849680][ T8860] kAFS: Can only specify source 'none' with -o dyn [ 132.053045][ T40] audit: type=1400 audit(1752311588.665:652): avc: denied { getopt } for pid=8868 comm="syz.4.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 132.134376][ T8871] : entered promiscuous mode [ 132.205671][ T8868] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.625379][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.627433][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.783424][ T40] audit: type=1400 audit(1752311589.395:653): avc: denied { append } for pid=8879 comm="syz.4.950" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 132.784011][ T8880] loop6: detected capacity change from 0 to 63 [ 132.800432][ T5951] Buffer I/O error on dev loop6, logical block 0, async page read [ 132.804517][ T5951] Buffer I/O error on dev loop6, logical block 0, async page read [ 132.804847][ T5951] Buffer I/O error on dev loop6, logical block 0, async page read [ 132.805079][ T5951] Buffer I/O error on dev loop6, logical block 0, async page read [ 132.805330][ T5951] Buffer I/O error on dev loop6, logical block 0, async page read [ 133.017968][ T8893] __nla_validate_parse: 9 callbacks suppressed [ 133.017983][ T8893] netlink: 700 bytes leftover after parsing attributes in process `syz.4.955'. [ 133.057378][ T8896] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.062252][ T8900] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.103335][ T1143] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.307364][ T8912] validate_nla: 5 callbacks suppressed [ 134.307380][ T8912] netlink: 'syz.3.961': attribute type 10 has an invalid length. [ 134.313081][ T8912] netlink: 40 bytes leftover after parsing attributes in process `syz.3.961'. [ 134.322166][ T8912] net_ratelimit: 2 callbacks suppressed [ 134.322175][ T8912] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 134.397193][ T5959] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 134.401468][ T5959] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 134.405289][ T5959] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 134.409950][ T5959] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 134.412132][ T8918] binder: 8917:8918 ioctl c0306201 0 returned -14 [ 134.416404][ T5959] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 134.448422][ T8915] vxcan1 speed is unknown, defaulting to 1000 [ 134.542697][ T40] audit: type=1400 audit(1752311591.155:654): avc: denied { write } for pid=8925 comm="syz.2.965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 134.545488][ T837] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 134.614629][ T8915] chnl_net:caif_netlink_parms(): no params data found [ 134.708876][ T8915] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.711076][ T8915] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.713377][ T8915] bridge_slave_0: entered allmulticast mode [ 134.715868][ T837] usb 9-1: Using ep0 maxpacket: 32 [ 134.717723][ T8915] bridge_slave_0: entered promiscuous mode [ 134.719558][ T837] usb 9-1: config index 0 descriptor too short (expected 156, got 27) [ 134.722051][ T8915] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.723265][ T837] usb 9-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 134.725886][ T8915] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.726651][ T8943] netlink: 8 bytes leftover after parsing attributes in process `syz.2.970'. [ 134.726664][ T8943] netlink: 8 bytes leftover after parsing attributes in process `syz.2.970'. [ 134.726679][ T8943] netlink: 8 bytes leftover after parsing attributes in process `syz.2.970'. [ 134.729388][ T837] usb 9-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 134.731885][ T8915] bridge_slave_1: entered allmulticast mode [ 134.735077][ T837] usb 9-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 134.735101][ T837] usb 9-1: config 0 interface 0 has no altsetting 0 [ 134.736972][ T837] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 134.739757][ T8915] bridge_slave_1: entered promiscuous mode [ 134.741678][ T837] usb 9-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 134.741695][ T837] usb 9-1: Product: syz [ 134.741709][ T837] usb 9-1: Manufacturer: syz [ 134.763653][ T837] usb 9-1: SerialNumber: syz [ 134.767787][ T837] usb 9-1: config 0 descriptor?? [ 134.777669][ T837] ldusb 9-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 134.784266][ T837] ldusb 9-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 134.820351][ T8915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 134.828276][ T8915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 134.869962][ T8915] team0: Port device team_slave_0 added [ 134.873370][ T8915] team0: Port device team_slave_1 added [ 134.915333][ T40] audit: type=1400 audit(1752311591.535:655): avc: denied { map } for pid=8950 comm="syz.3.973" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 134.922836][ T40] audit: type=1400 audit(1752311591.535:656): avc: denied { execute } for pid=8950 comm="syz.3.973" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 134.928663][ T8915] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 134.935477][ T8915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.946759][ T8915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 134.952378][ T8915] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 134.954986][ T8915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.962793][ T8915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 134.986444][ T1143] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.026218][ T29] usb 9-1: USB disconnect, device number 5 [ 135.027384][ C0] ldusb 9-1:0.0: usb_submit_urb failed (-19) [ 135.031331][ T29] ldusb 9-1:0.0: LD USB Device #0 now disconnected [ 135.055774][ T8915] hsr_slave_0: entered promiscuous mode [ 135.057993][ T8915] hsr_slave_1: entered promiscuous mode [ 135.059994][ T8915] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 135.062249][ T8915] Cannot create hsr debugfs directory [ 135.098077][ T1143] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.115809][ T40] audit: type=1400 audit(1752311591.735:657): avc: denied { getopt } for pid=8962 comm="syz.2.977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 135.177610][ T1143] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.188516][ T8968] netlink: 16 bytes leftover after parsing attributes in process `syz.2.979'. [ 135.193084][ T8968] netlink: 'syz.2.979': attribute type 29 has an invalid length. [ 135.291057][ T1143] bridge_slave_1: left allmulticast mode [ 135.293281][ T1143] bridge_slave_1: left promiscuous mode [ 135.295604][ T1143] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.300340][ T1143] bridge_slave_0: left allmulticast mode [ 135.302610][ T1143] bridge_slave_0: left promiscuous mode [ 135.305296][ T1143] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.373764][ T837] usb 8-1: new low-speed USB device number 18 using dummy_hcd [ 135.493830][ T6132] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 135.521094][ T1143] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 135.525457][ T1143] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.528893][ T1143] bond0 (unregistering): Released all slaves [ 135.546009][ T837] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 135.549050][ T837] usb 8-1: config 0 has no interface number 0 [ 135.551773][ T837] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 135.555875][ T837] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 135.560210][ T837] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 135.564835][ T837] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.570193][ T837] usb 8-1: config 0 descriptor?? [ 135.572835][ T8965] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 135.591179][ T837] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 135.643944][ T6132] usb 7-1: Using ep0 maxpacket: 16 [ 135.648047][ T6132] usb 7-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.652742][ T6132] usb 7-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96 [ 135.657166][ T6132] usb 7-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8 [ 135.661250][ T6132] usb 7-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 135.667516][ T6132] usb 7-1: config 1 interface 0 has no altsetting 0 [ 135.671595][ T6132] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 135.675638][ T6132] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 135.678915][ T6132] usb 7-1: SerialNumber: syz [ 135.684793][ T8972] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 135.687875][ T8972] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 135.780477][ T34] usb 8-1: USB disconnect, device number 18 [ 135.789004][ T8974] vxcan1 speed is unknown, defaulting to 1000 [ 135.965765][ T1143] hsr_slave_0: left promiscuous mode [ 135.968098][ T1143] hsr_slave_1: left promiscuous mode [ 135.970176][ T1143] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 135.972516][ T1143] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 135.975945][ T1143] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 135.978400][ T1143] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 136.001419][ T1143] veth1_macvtap: left promiscuous mode [ 136.009324][ T1143] veth0_macvtap: left promiscuous mode [ 136.011391][ T1143] veth1_vlan: left promiscuous mode [ 136.013083][ T1143] veth0_vlan: left promiscuous mode [ 136.322988][ T40] audit: type=1400 audit(1752311592.935:658): avc: denied { read } for pid=8980 comm="syz.3.983" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 136.333029][ T40] audit: type=1400 audit(1752311592.935:659): avc: denied { open } for pid=8980 comm="syz.3.983" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 136.475691][ T5952] Bluetooth: hci4: command tx timeout [ 136.579628][ T1143] team0 (unregistering): Port device team_slave_1 removed [ 136.591750][ T6132] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -71 [ 136.598914][ T6132] usb 7-1: USB disconnect, device number 22 [ 136.656354][ T1143] team0 (unregistering): Port device team_slave_0 removed [ 137.212869][ T8915] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 137.222705][ T8915] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 137.230782][ T8915] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 137.236340][ T8915] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 137.260489][ T40] audit: type=1400 audit(1752311593.875:660): avc: denied { execute } for pid=9004 comm="syz.3.989" path="/344/file0/cpu.stat" dev="overlay" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1 [ 137.270934][ T40] audit: type=1400 audit(1752311593.885:661): avc: denied { unmount } for pid=5946 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 137.299857][ T8915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.310222][ T8915] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.317027][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.319238][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.339581][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.342074][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.368157][ T9009] netlink: 48 bytes leftover after parsing attributes in process `syz.3.991'. [ 137.422052][ T40] audit: type=1400 audit(1752311594.035:662): avc: denied { mount } for pid=9013 comm="syz.3.992" name="/" dev="configfs" ino=2175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 137.473361][ T8915] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 137.500870][ T8915] veth0_vlan: entered promiscuous mode [ 137.512823][ T8915] veth1_vlan: entered promiscuous mode [ 137.529317][ T8915] veth0_macvtap: entered promiscuous mode [ 137.533425][ T8915] veth1_macvtap: entered promiscuous mode [ 137.543755][ T8915] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 137.550303][ T8915] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 137.554985][ T8915] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.557889][ T8915] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.560590][ T8915] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.563286][ T8915] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.602801][ T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 137.605535][ T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 137.616818][ T40] audit: type=1400 audit(1752311594.235:663): avc: denied { getopt } for pid=9026 comm="syz.3.995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 137.622270][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 137.627360][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 137.813399][ T9038] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2562 sclass=netlink_route_socket pid=9038 comm=syz.2.999 [ 137.817599][ T9038] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=9038 comm=syz.2.999 [ 137.822182][ T9038] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2580 sclass=netlink_route_socket pid=9038 comm=syz.2.999 [ 137.827126][ T9038] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=9038 comm=syz.2.999 [ 137.831764][ T9038] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2584 sclass=netlink_route_socket pid=9038 comm=syz.2.999 [ 137.923870][ T7581] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 137.992300][ T9051] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1004'. [ 138.041428][ T9053] binder: binder_mmap: 9052 200000ffc000-200000fff000 bad vm_flags failed -1 [ 138.048420][ T9053] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 138.061379][ T9053] overlay: filesystem on ./file1 not supported as upperdir [ 138.085423][ T7581] usb 9-1: Using ep0 maxpacket: 8 [ 138.094609][ T7581] usb 9-1: config 4 has an invalid interface number: 202 but max is 0 [ 138.097185][ T7581] usb 9-1: config 4 has no interface number 0 [ 138.099132][ T7581] usb 9-1: config 4 interface 202 has no altsetting 0 [ 138.102798][ T7581] usb 9-1: New USB device found, idVendor=7392, idProduct=7611, bcdDevice= 8.71 [ 138.106183][ T7581] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.109143][ T7581] usb 9-1: Product: syz [ 138.110501][ T7581] usb 9-1: Manufacturer: syz [ 138.111908][ T7581] usb 9-1: SerialNumber: syz [ 138.179188][ T9057] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 138.248383][ T9059] netlink: 'syz.2.1008': attribute type 7 has an invalid length. [ 138.251596][ T9059] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1008'. [ 138.336843][ T7581] usb 9-1: USB disconnect, device number 6 [ 138.355542][ T9065] program syz.2.1010 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 138.478862][ T9070] vivid-000: ================= START STATUS ================= [ 138.481318][ T9070] vivid-000: Test Pattern: 75% Colorbar [ 138.483251][ T9070] vivid-000: Fill Percentage of Frame: 100 [ 138.485818][ T9070] vivid-000: Horizontal Movement: No Movement [ 138.488391][ T9070] vivid-000: Vertical Movement: No Movement [ 138.490275][ T9070] vivid-000: OSD Text Mode: Counters Only [ 138.492133][ T9070] vivid-000: Show Border: false [ 138.493632][ T9070] vivid-000: Show Square: false [ 138.495280][ T9070] vivid-000: Sensor Flipped Horizontally: false [ 138.497453][ T9070] vivid-000: Sensor Flipped Vertically: false [ 138.499384][ T9070] vivid-000: Insert SAV Code in Image: false [ 138.501607][ T9070] vivid-000: Insert EAV Code in Image: false [ 138.504260][ T9070] vivid-000: Insert Video Guard Band: false [ 138.506806][ T9070] vivid-000: Reduced Framerate: false [ 138.509177][ T9070] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 138.512397][ T9070] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 138.515838][ T9070] vivid-000: Enable Capture Cropping: true grabbed [ 138.518565][ T9070] vivid-000: Enable Capture Composing: true grabbed [ 138.521348][ T9070] vivid-000: Enable Capture Scaler: true grabbed [ 138.522935][ T9072] syz.2.1012: attempt to access beyond end of device [ 138.522935][ T9072] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 138.528277][ T9070] vivid-000: Timestamp Source: End of Frame [ 138.529582][ T9072] XFS (nbd2): SB validate failed with error -5. [ 138.530745][ T9070] vivid-000: Colorspace: sRGB [ 138.537543][ T9070] vivid-000: Transfer Function: Default [ 138.539972][ T9070] vivid-000: Y'CbCr Encoding: Default [ 138.543152][ T9070] vivid-000: HSV Encoding: Hue 0-179 [ 138.544902][ T9070] vivid-000: Quantization: Default [ 138.546526][ T9070] vivid-000: Apply Alpha To Red Only: false [ 138.551463][ T9070] vivid-000: Standard Aspect Ratio: 4x3 [ 138.553238][ T9070] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 138.558214][ T9070] vivid-000: DV Timings: 640x480p59 inactive [ 138.560374][ T9070] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 138.562624][ T9070] vivid-000: Maximum EDID Blocks: 2 [ 138.565678][ T9070] vivid-000: Limited RGB Range (16-235): false [ 138.567723][ T9070] vivid-000: Rx RGB Quantization Range: Automatic [ 138.569861][ T9070] vivid-000: Power Present: 0x00000001 [ 138.571586][ T9070] tpg source WxH: 320x240 (R'G'B) [ 138.573197][ T9070] tpg field: 1 [ 138.575201][ T9070] tpg crop: (0,0)/320x240 [ 138.576565][ T9070] tpg compose: (0,0)/320x240 [ 138.578036][ T9070] tpg colorspace: 8 [ 138.579230][ T9070] tpg transfer function: 0/2 [ 138.580836][ T9070] tpg quantization: 0/1 [ 138.582190][ T9070] tpg RGB range: 0/2 [ 138.583415][ T9070] vivid-000: ================== END STATUS ================== [ 138.600370][ T9084] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1015'. [ 139.130203][ T9121] devpts: Bad value for 'max' [ 139.180373][ T9128] binder: 9127:9128 ioctl 4018620d 0 returned -22 [ 139.396709][ T9142] netlink: 'syz.4.1036': attribute type 7 has an invalid length. [ 139.399269][ T9142] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1036'. [ 139.467086][ T34] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 139.547208][ T40] kauditd_printk_skb: 119 callbacks suppressed [ 139.547218][ T40] audit: type=1400 audit(1752311596.165:783): avc: denied { ioctl } for pid=9154 comm="syz.4.1040" path="/dev/usbmon0" dev="devtmpfs" ino=737 ioctlcmd=0x9203 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 139.556604][ T9155] can0: slcan on ptm0. [ 139.623998][ T34] usb 8-1: Using ep0 maxpacket: 8 [ 139.627899][ T34] usb 8-1: config 4 has an invalid interface number: 202 but max is 0 [ 139.631354][ T34] usb 8-1: config 4 has no interface number 0 [ 139.634109][ T34] usb 8-1: config 4 interface 202 has no altsetting 0 [ 139.639184][ T34] usb 8-1: New USB device found, idVendor=7392, idProduct=7611, bcdDevice= 8.71 [ 139.643041][ T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.646474][ T34] usb 8-1: Product: syz [ 139.648242][ T34] usb 8-1: Manufacturer: syz [ 139.650178][ T34] usb 8-1: SerialNumber: syz [ 139.761209][ T9158] binder: 9157:9158 ioctl 4018620d 0 returned -22 [ 139.793810][ T53] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 139.868133][ T34] usb 8-1: USB disconnect, device number 19 [ 139.945968][ T53] usb 9-1: config 0 has no interfaces? [ 139.950935][ T53] usb 9-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 139.956154][ T53] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.959666][ T53] usb 9-1: Product: syz [ 139.961435][ T53] usb 9-1: Manufacturer: syz [ 139.963448][ T53] usb 9-1: SerialNumber: syz [ 139.973879][ T53] usb 9-1: config 0 descriptor?? [ 139.978923][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.073813][ T29] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 140.182755][ T40] audit: type=1400 audit(1752311596.795:784): avc: denied { write } for pid=9154 comm="syz.4.1040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 140.188791][ T40] audit: type=1400 audit(1752311596.795:785): avc: denied { name_connect } for pid=9154 comm="syz.4.1040" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 140.225387][ T29] usb 7-1: Using ep0 maxpacket: 8 [ 140.228285][ T29] usb 7-1: config 4 has an invalid interface number: 202 but max is 0 [ 140.231214][ T29] usb 7-1: config 4 has no interface number 0 [ 140.233119][ T29] usb 7-1: config 4 interface 202 has no altsetting 0 [ 140.236391][ T40] audit: type=1400 audit(1752311596.855:786): avc: denied { map } for pid=9154 comm="syz.4.1040" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 140.237368][ T29] usb 7-1: New USB device found, idVendor=7392, idProduct=7611, bcdDevice= 8.71 [ 140.248008][ T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.250512][ T29] usb 7-1: Product: syz [ 140.251842][ T29] usb 7-1: Manufacturer: syz [ 140.253357][ T29] usb 7-1: SerialNumber: syz [ 140.459122][ T9160] FAULT_INJECTION: forcing a failure. [ 140.459122][ T9160] name failslab, interval 1, probability 0, space 0, times 0 [ 140.465304][ T9160] CPU: 3 UID: 0 PID: 9160 Comm: syz.2.1042 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) [ 140.465330][ T9160] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 140.465340][ T9160] Call Trace: [ 140.465345][ T9160] [ 140.465352][ T9160] dump_stack_lvl+0x16c/0x1f0 [ 140.465401][ T9160] should_fail_ex+0x512/0x640 [ 140.465429][ T9160] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 140.465453][ T9160] should_failslab+0xc2/0x120 [ 140.465478][ T9160] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 140.465499][ T9160] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 140.465524][ T9160] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 140.465552][ T9160] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 140.465584][ T9160] mmu_topup_memory_caches+0x25/0x170 [ 140.465613][ T9160] kvm_mmu_load+0xd9/0x22a0 [ 140.465635][ T9160] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 140.465652][ T9160] ? kvm_lapic_sync_to_vapic+0x208/0x6d0 [ 140.465677][ T9160] ? __pfx_kvm_mmu_load+0x10/0x10 [ 140.465700][ T9160] ? vmx_update_cr8_intercept+0x1fd/0x370 [ 140.465724][ T9160] vcpu_run+0x34eb/0x5500 [ 140.465741][ T9160] ? kvm_mmu_post_init_vm+0x269/0x370 [ 140.465767][ T9160] ? __lock_acquire+0xb8a/0x1c90 [ 140.465789][ T9160] ? __pfx_vcpu_run+0x10/0x10 [ 140.465814][ T9160] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 140.465833][ T9160] ? __local_bh_enable_ip+0xa4/0x120 [ 140.465858][ T9160] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 140.465878][ T9160] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 140.465907][ T9160] kvm_vcpu_ioctl+0x5eb/0x1690 [ 140.465931][ T9160] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 140.465959][ T9160] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 140.465986][ T9160] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 140.466019][ T9160] ? hook_file_ioctl_common+0x145/0x410 [ 140.466042][ T9160] ? selinux_file_ioctl+0x180/0x270 [ 140.466064][ T9160] ? selinux_file_ioctl+0xb4/0x270 [ 140.466088][ T9160] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 140.466110][ T9160] __x64_sys_ioctl+0x18b/0x210 [ 140.466131][ T9160] do_syscall_64+0xcd/0x4c0 [ 140.466158][ T9160] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.466174][ T9160] RIP: 0033:0x7ff0ccd8e929 [ 140.466188][ T9160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.466205][ T9160] RSP: 002b:00007ff0cdb8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 140.466221][ T9160] RAX: ffffffffffffffda RBX: 00007ff0ccfb5fa0 RCX: 00007ff0ccd8e929 [ 140.466232][ T9160] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 140.466241][ T9160] RBP: 00007ff0cdb8b090 R08: 0000000000000000 R09: 0000000000000000 [ 140.466250][ T9160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 140.466260][ T9160] R13: 0000000000000000 R14: 00007ff0ccfb5fa0 R15: 00007ffee65f0f28 [ 140.466284][ T9160] [ 140.564129][ T29] usb 7-1: USB disconnect, device number 23 [ 141.239688][ T40] audit: type=1400 audit(1752311597.855:787): avc: denied { execute } for pid=9163 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 141.248908][ T40] audit: type=1400 audit(1752311597.855:788): avc: denied { execute_no_trans } for pid=9163 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 141.269212][ T40] audit: type=1400 audit(1752311597.885:789): avc: denied { mount } for pid=9164 comm="syz.2.1043" name="/" dev="ramfs" ino=34614 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 141.279707][ T40] audit: type=1400 audit(1752311597.895:790): avc: denied { execute } for pid=9164 comm="syz.2.1043" path=2F6D656D66643AF365099F9138C07901631F6E7578202864656C6574656429 dev="tmpfs" ino=3087 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 141.293736][ T40] audit: type=1400 audit(1752311597.905:791): avc: denied { mounton } for pid=9164 comm="syz.2.1043" path="/bus" dev="ramfs" ino=34617 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 141.297728][ T9166] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 141.305309][ T9166] overlayfs: failed to set xattr on upper [ 141.307394][ T9166] overlayfs: ...falling back to redirect_dir=nofollow. [ 141.309684][ T9166] overlayfs: ...falling back to index=off. [ 141.311842][ T9166] overlayfs: ...falling back to uuid=null. [ 141.336506][ T9166] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 141.347213][ T40] audit: type=1400 audit(1752311597.965:792): avc: denied { write } for pid=9164 comm="syz.2.1043" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 141.396823][ T5959] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 141.400394][ T5959] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 141.403214][ T5959] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 141.412723][ T5959] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 141.415287][ T5959] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 141.447571][ T9175] vxcan1 speed is unknown, defaulting to 1000 [ 141.615041][ T9175] chnl_net:caif_netlink_parms(): no params data found [ 141.690225][ T9175] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.693331][ T9175] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.696406][ T9175] bridge_slave_0: entered allmulticast mode [ 141.700251][ T9175] bridge_slave_0: entered promiscuous mode [ 141.704913][ T9175] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.707906][ T9175] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.710956][ T9175] bridge_slave_1: entered allmulticast mode [ 141.714835][ T9175] bridge_slave_1: entered promiscuous mode [ 141.753254][ T9175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 141.758581][ T9175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 141.793177][ T9175] team0: Port device team_slave_0 added [ 141.797826][ T9175] team0: Port device team_slave_1 added [ 141.828025][ T9175] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 141.830238][ T9175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 141.838563][ T9175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 141.844167][ T9175] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 141.846337][ T9175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 141.855182][ T9175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 141.893355][ T9175] hsr_slave_0: entered promiscuous mode [ 141.895657][ T9175] hsr_slave_1: entered promiscuous mode [ 141.897687][ T9175] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 141.900097][ T9175] Cannot create hsr debugfs directory [ 142.007090][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.094559][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.178181][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.289541][ T13] bridge_slave_1: left allmulticast mode [ 142.291348][ T13] bridge_slave_1: left promiscuous mode [ 142.293122][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.297958][ T13] bridge_slave_0: left allmulticast mode [ 142.299739][ T13] bridge_slave_0: left promiscuous mode [ 142.301529][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.366266][ T9197] can: request_module (can-proto-0) failed. [ 142.575743][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 142.579775][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 142.583056][ T13] bond0 (unregistering): Released all slaves [ 142.612093][ T9201] syzkaller1: entered promiscuous mode [ 142.612110][ T9201] syzkaller1: entered allmulticast mode [ 142.617740][ T6015] usb 9-1: USB disconnect, device number 7 [ 142.724917][ T9155] can0 (unregistered): slcan off ptm0. [ 142.913794][ T9238] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 142.946727][ T13] hsr_slave_0: left promiscuous mode [ 142.960144][ T13] hsr_slave_1: left promiscuous mode [ 142.976765][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 142.979081][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 142.981813][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 142.985506][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.034362][ T13] veth1_macvtap: left promiscuous mode [ 143.037012][ T13] veth0_macvtap: left promiscuous mode [ 143.039329][ T13] veth1_vlan: left promiscuous mode [ 143.041601][ T13] veth0_vlan: left promiscuous mode [ 143.424483][ T5959] Bluetooth: hci4: command tx timeout [ 143.666334][ T13] team0 (unregistering): Port device team_slave_1 removed [ 143.731075][ T13] team0 (unregistering): Port device team_slave_0 removed [ 144.249576][ T9264] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1071'. [ 144.259062][ T9266] A link change request failed with some changes committed already. Interface 2g,{ may have been left with an inconsistent configuration, please check. [ 144.265825][ T9261] netlink: 'syz.4.1070': attribute type 7 has an invalid length. [ 144.269129][ T9261] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1070'. [ 144.269545][ T9264] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1071'. [ 144.272614][ T9175] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 144.300898][ T9175] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 144.306674][ T9175] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 144.310389][ T9270] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 144.311849][ T9175] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 144.315485][ T9270] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 144.377741][ T9282] random: crng reseeded on system resumption [ 144.387391][ T9175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.396303][ T9175] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.403245][ T92] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.405596][ T92] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.416693][ T92] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.419042][ T92] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.561310][ T9175] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.566742][ T40] kauditd_printk_skb: 43 callbacks suppressed [ 144.566756][ T40] audit: type=1400 audit(1752311601.185:836): avc: denied { mount } for pid=9304 comm="syz.3.1082" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 144.567018][ T9302] netlink: 'syz.2.1081': attribute type 7 has an invalid length. [ 144.586063][ T9302] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1081'. [ 144.625089][ T9175] veth0_vlan: entered promiscuous mode [ 144.637227][ T9309] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 144.651233][ T9175] veth1_vlan: entered promiscuous mode [ 144.676530][ T9175] veth0_macvtap: entered promiscuous mode [ 144.682489][ T9175] veth1_macvtap: entered promiscuous mode [ 144.697264][ T9175] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 144.703645][ T9175] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 144.712932][ T9175] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.720012][ T9175] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.722975][ T9175] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.726106][ T9175] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.743157][ T40] audit: type=1400 audit(1752311601.355:837): avc: denied { mount } for pid=9313 comm="syz.2.1086" name="/" dev="9p" ino=7016996765293437283 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 144.753228][ T9314] Cannot find del_set index 4 as target [ 144.779778][ T40] audit: type=1400 audit(1752311601.395:838): avc: denied { unmount } for pid=6076 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 144.789634][ T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.792308][ T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.814305][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.817366][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.827025][ T40] audit: type=1400 audit(1752311601.445:839): avc: denied { mounton } for pid=9175 comm="syz-executor" path="/syzkaller.2BCATd/syz-tmp" dev="sda1" ino=2050 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 144.845039][ T40] audit: type=1400 audit(1752311601.445:840): avc: denied { mount } for pid=9175 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 144.852315][ T40] audit: type=1400 audit(1752311601.445:841): avc: denied { mounton } for pid=9175 comm="syz-executor" path="/syzkaller.2BCATd/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 144.861180][ T40] audit: type=1400 audit(1752311601.445:842): avc: denied { mounton } for pid=9175 comm="syz-executor" path="/syzkaller.2BCATd/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=38151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 144.870047][ T40] audit: type=1400 audit(1752311601.455:843): avc: denied { mounton } for pid=9175 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 144.877792][ T40] audit: type=1400 audit(1752311601.455:844): avc: denied { mount } for pid=9175 comm="syz-executor" name="/" dev="gadgetfs" ino=8565 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 144.885273][ T40] audit: type=1400 audit(1752311601.455:845): avc: denied { mounton } for pid=9175 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 145.153812][ T34] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 145.162631][ T9332] io-wq is not configured for unbound workers [ 145.259532][ T9341] syz.3.1093 (9341) used greatest stack depth: 19624 bytes left [ 145.304687][ T34] usb 7-1: Using ep0 maxpacket: 8 [ 145.307565][ T34] usb 7-1: config 4 has an invalid interface number: 202 but max is 0 [ 145.310604][ T34] usb 7-1: config 4 has no interface number 0 [ 145.312423][ T34] usb 7-1: config 4 interface 202 has no altsetting 0 [ 145.316411][ T34] usb 7-1: New USB device found, idVendor=7392, idProduct=7611, bcdDevice= 8.71 [ 145.319197][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.321698][ T34] usb 7-1: Product: syz [ 145.323045][ T34] usb 7-1: Manufacturer: syz [ 145.324661][ T34] usb 7-1: SerialNumber: syz [ 145.523843][ T53] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 145.695128][ T53] usb 8-1: config 0 has no interfaces? [ 145.698076][ T53] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 145.700995][ T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 145.703650][ T53] usb 8-1: SerialNumber: syz [ 145.706884][ T53] usb 8-1: config 0 descriptor?? [ 146.060662][ T9346] rtc_cmos 00:05: Alarms can be up to one day in the future [ 146.968218][ T60] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.886226][ T34] usb 7-1: USB disconnect, device number 24 [ 148.292413][ T34] usb 8-1: USB disconnect, device number 20 [ 148.356503][ T9375] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1103'. [ 148.372725][ T9377] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 148.452407][ T5952] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 148.455434][ T5952] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 148.458517][ T5952] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 148.461383][ T5952] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 148.461592][ T9386] afs: Bad value for 'flock' [ 148.465208][ T5952] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 148.489866][ T9384] vxcan1 speed is unknown, defaulting to 1000 [ 148.697325][ T9410] Bluetooth: MGMT ver 1.23 [ 148.721716][ T9384] chnl_net:caif_netlink_parms(): no params data found [ 148.751737][ T9413] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1113'. [ 148.796064][ T9384] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.799260][ T9384] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.802376][ T9384] bridge_slave_0: entered allmulticast mode [ 148.806441][ T9384] bridge_slave_0: entered promiscuous mode [ 148.811369][ T9384] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.814482][ T9384] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.817476][ T9384] bridge_slave_1: entered allmulticast mode [ 148.821478][ T9384] bridge_slave_1: entered promiscuous mode [ 148.867061][ T60] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.909166][ T9384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.917764][ T9384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.960543][ T60] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.974092][ T29] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 149.000770][ T9384] team0: Port device team_slave_0 added [ 149.006298][ T9384] team0: Port device team_slave_1 added [ 149.023091][ T9423] syz.2.1117: attempt to access beyond end of device [ 149.023091][ T9423] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 149.027828][ T9423] befs: (nbd2): unable to read superblock [ 149.079208][ T60] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.087792][ T9384] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 149.090701][ T9384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.098575][ T9432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1119'. [ 149.104253][ T9384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 149.106909][ T29] usb 9-1: device descriptor read/64, error -71 [ 149.114840][ T9384] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 149.117682][ T9384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.128268][ T9384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 149.182403][ T9384] hsr_slave_0: entered promiscuous mode [ 149.184859][ T9384] hsr_slave_1: entered promiscuous mode [ 149.186987][ T9384] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 149.189415][ T9384] Cannot create hsr debugfs directory [ 149.317336][ T60] bridge_slave_1: left allmulticast mode [ 149.319194][ T60] bridge_slave_1: left promiscuous mode [ 149.321011][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.325716][ T60] bridge_slave_0: left allmulticast mode [ 149.327519][ T60] bridge_slave_0: left promiscuous mode [ 149.329483][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.354569][ T29] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 149.493890][ T29] usb 9-1: device descriptor read/64, error -71 [ 149.562336][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 149.567645][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 149.572950][ T60] bond0 (unregistering): Released all slaves [ 149.589559][ T9445] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !fIZE,=$)%ĂL [ 149.615009][ T29] usb usb9-port1: attempt power cycle [ 149.644694][ T40] kauditd_printk_skb: 25 callbacks suppressed [ 149.644703][ T40] audit: type=1400 audit(1752311606.255:871): avc: denied { map } for pid=9452 comm="syz.3.1124" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 149.690725][ T40] audit: type=1400 audit(1752311606.305:872): avc: denied { ioctl } for pid=9457 comm="syz.2.1126" path="socket:[37131]" dev="sockfs" ino=37131 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 149.737766][ T9465] netlink: 'syz.2.1127': attribute type 7 has an invalid length. [ 149.740271][ T9465] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1127'. [ 149.769358][ T40] audit: type=1400 audit(1752311606.385:873): avc: denied { append } for pid=9468 comm="syz.2.1128" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 149.772514][ T9469] netlink: 'syz.2.1128': attribute type 1 has an invalid length. [ 149.779697][ T9469] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1128'. [ 149.940285][ T60] hsr_slave_0: left promiscuous mode [ 149.942561][ T60] hsr_slave_1: left promiscuous mode [ 149.948473][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.951048][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.954119][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.956748][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 149.973936][ T29] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 149.979367][ T60] veth1_macvtap: left promiscuous mode [ 149.981543][ T60] veth0_macvtap: left promiscuous mode [ 149.983460][ T60] veth1_vlan: left promiscuous mode [ 149.986849][ T60] veth0_vlan: left promiscuous mode [ 150.006665][ T29] usb 9-1: device descriptor read/8, error -71 [ 150.264019][ T29] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 150.294158][ T29] usb 9-1: device descriptor read/8, error -71 [ 150.414197][ T29] usb usb9-port1: unable to enumerate USB device [ 150.545156][ T5952] Bluetooth: hci4: command tx timeout [ 150.575992][ T60] team0 (unregistering): Port device team_slave_1 removed [ 150.652077][ T60] team0 (unregistering): Port device team_slave_0 removed [ 151.102831][ T9485] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 151.189736][ T40] audit: type=1326 audit(1752311607.805:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9490 comm="syz.2.1136" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff0ccd8e929 code=0x0 [ 151.266195][ T9384] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 151.270393][ T9384] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 151.274184][ T9384] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 151.277844][ T9384] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 151.334142][ T9384] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.359336][ T9384] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.368757][ T85] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.371780][ T85] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.382822][ T92] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.385792][ T92] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.496875][ T9384] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.508250][ T9512] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 151.510546][ T9512] overlayfs: failed to set xattr on upper [ 151.512332][ T9512] overlayfs: ...falling back to redirect_dir=nofollow. [ 151.515043][ T9512] overlayfs: ...falling back to index=off. [ 151.516891][ T9512] overlayfs: ...falling back to uuid=null. [ 151.520582][ T9384] veth0_vlan: entered promiscuous mode [ 151.521907][ T9512] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 151.529595][ T9384] veth1_vlan: entered promiscuous mode [ 151.560072][ T9384] veth0_macvtap: entered promiscuous mode [ 151.564450][ T9384] veth1_macvtap: entered promiscuous mode [ 151.568628][ T40] audit: type=1400 audit(1752311608.185:875): avc: denied { setattr } for pid=9513 comm="syz.2.1141" name="" dev="pipefs" ino=38665 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 151.576135][ T9384] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 151.585069][ T9384] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 151.590172][ T9384] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.592877][ T9384] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.598144][ T9384] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.600940][ T9384] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.634391][ T92] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.637592][ T92] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.654470][ T9519] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 151.663267][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.666443][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.688939][ T9521] xt_hashlimit: size too large, truncated to 1048576 [ 151.691221][ T9522] xt_hashlimit: size too large, truncated to 1048576 [ 151.780180][ T9529] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1145'. [ 151.814399][ T9529] sp0: Synchronizing with TNC [ 151.819560][ T9528] [U] [ 151.957262][ T40] audit: type=1400 audit(1752311608.575:876): avc: denied { listen } for pid=9532 comm="syz.4.1147" lport=40128 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 151.968357][ T40] audit: type=1400 audit(1752311608.575:877): avc: denied { accept } for pid=9532 comm="syz.4.1147" lport=40128 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 151.976978][ T40] audit: type=1400 audit(1752311608.575:878): avc: denied { setopt } for pid=9532 comm="syz.4.1147" lport=40128 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 152.119360][ T9535] netlink: 'syz.4.1148': attribute type 7 has an invalid length. [ 152.122781][ T9535] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1148'. [ 152.222163][ T9540] netlink: 'syz.4.1150': attribute type 39 has an invalid length. [ 152.608871][ T40] audit: type=1400 audit(1752311609.225:879): avc: denied { setopt } for pid=9543 comm="syz.2.1152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 152.616926][ T40] audit: type=1400 audit(1752311609.235:880): avc: denied { bind } for pid=9543 comm="syz.2.1152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 152.871262][ T9560] vxcan1 speed is unknown, defaulting to 1000 [ 152.924842][ T6013] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 152.996844][ T9562] vxcan1 speed is unknown, defaulting to 1000 [ 153.083922][ T6013] usb 7-1: Using ep0 maxpacket: 8 [ 153.087972][ T6013] usb 7-1: config 4 has an invalid interface number: 202 but max is 0 [ 153.091493][ T6013] usb 7-1: config 4 has no interface number 0 [ 153.094699][ T6013] usb 7-1: config 4 interface 202 has no altsetting 0 [ 153.099598][ T6013] usb 7-1: New USB device found, idVendor=7392, idProduct=7611, bcdDevice= 8.71 [ 153.103444][ T6013] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.108308][ T6013] usb 7-1: Product: syz [ 153.110152][ T6013] usb 7-1: Manufacturer: syz [ 153.112145][ T6013] usb 7-1: SerialNumber: syz [ 153.606126][ T85] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.803908][ T29] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 153.966533][ T29] usb 8-1: config 0 has an invalid descriptor of length 161, skipping remainder of the config [ 153.970661][ T29] usb 8-1: config 0 has no interfaces? [ 153.974101][ T29] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 153.977833][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 153.981070][ T29] usb 8-1: SerialNumber: syz [ 153.984480][ T29] usb 8-1: config 0 descriptor?? [ 154.387536][ T29] usb 8-1: USB disconnect, device number 21 [ 155.087635][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 155.087649][ T40] audit: type=1400 audit(1752311611.705:884): avc: denied { read } for pid=9574 comm="syz.3.1161" name="btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 155.102963][ T40] audit: type=1400 audit(1752311611.705:885): avc: denied { open } for pid=9574 comm="syz.3.1161" path="/dev/btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 155.112098][ T40] audit: type=1400 audit(1752311611.705:886): avc: denied { ioctl } for pid=9574 comm="syz.3.1161" path="/dev/btrfs-control" dev="devtmpfs" ino=1342 ioctlcmd=0x9405 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 155.116659][ T9581] binder: 9580:9581 ioctl 4018620d 0 returned -22 [ 155.121271][ T40] audit: type=1400 audit(1752311611.725:887): avc: denied { connect } for pid=9578 comm="syz.4.1162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 155.129591][ T40] audit: type=1400 audit(1752311611.725:888): avc: denied { write } for pid=9578 comm="syz.4.1162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 155.149381][ T40] audit: type=1400 audit(1752311611.765:889): avc: denied { bind } for pid=9585 comm="syz.4.1164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 155.152215][ T9586] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1164'. [ 155.177590][ T9588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1165'. [ 155.180588][ T9588] netlink: 'syz.3.1165': attribute type 7 has an invalid length. [ 155.186408][ T9588] netlink: 'syz.3.1165': attribute type 8 has an invalid length. [ 155.188992][ T9588] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1165'. [ 155.200520][ T5959] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 155.205196][ T5959] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 155.208175][ T5959] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 155.211419][ T5959] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 155.214203][ T5959] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 155.233883][ T40] audit: type=1400 audit(1752311611.855:890): avc: denied { write } for pid=9591 comm="syz.3.1166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 155.234417][ T9589] vxcan1 speed is unknown, defaulting to 1000 [ 155.288318][ T85] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.397550][ T85] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.408194][ T9589] chnl_net:caif_netlink_parms(): no params data found [ 155.438833][ T9609] random: crng reseeded on system resumption [ 155.439063][ T40] audit: type=1400 audit(1752311612.055:891): avc: denied { read } for pid=9607 comm="syz.3.1171" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 155.449346][ T40] audit: type=1400 audit(1752311612.065:892): avc: denied { bind } for pid=9607 comm="syz.3.1171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 155.455727][ T40] audit: type=1400 audit(1752311612.075:893): avc: denied { read } for pid=9607 comm="syz.3.1171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 155.483303][ T85] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.492227][ T9613] netlink: 'syz.4.1172': attribute type 10 has an invalid length. [ 155.494982][ T9613] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1172'. [ 155.511765][ T9589] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.519183][ T9589] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.523130][ T9589] bridge_slave_0: entered allmulticast mode [ 155.527743][ T9589] bridge_slave_0: entered promiscuous mode [ 155.531480][ T9613] bridge0: port 3(dummy0) entered blocking state [ 155.533751][ T9613] bridge0: port 3(dummy0) entered disabled state [ 155.536648][ T9613] dummy0: entered allmulticast mode [ 155.540281][ T9613] dummy0: entered promiscuous mode [ 155.542984][ T9613] bridge0: port 3(dummy0) entered blocking state [ 155.545817][ T9613] bridge0: port 3(dummy0) entered forwarding state [ 155.549875][ T9589] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.551981][ T6013] usb 7-1: USB disconnect, device number 25 [ 155.555528][ T9589] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.555666][ T9589] bridge_slave_1: entered allmulticast mode [ 155.568227][ T9589] bridge_slave_1: entered promiscuous mode [ 155.620443][ T9589] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.630029][ T9589] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.631758][ T9620] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1175'. [ 155.669572][ T9622] FAULT_INJECTION: forcing a failure. [ 155.669572][ T9622] name failslab, interval 1, probability 0, space 0, times 0 [ 155.674326][ T9622] CPU: 1 UID: 0 PID: 9622 Comm: syz.2.1176 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) [ 155.674340][ T9622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 155.674346][ T9622] Call Trace: [ 155.674350][ T9622] [ 155.674353][ T9622] dump_stack_lvl+0x16c/0x1f0 [ 155.674371][ T9622] should_fail_ex+0x512/0x640 [ 155.674385][ T9622] ? fs_reclaim_acquire+0xae/0x150 [ 155.674397][ T9622] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 155.674412][ T9622] should_failslab+0xc2/0x120 [ 155.674428][ T9622] __kmalloc_noprof+0xd2/0x510 [ 155.674445][ T9622] tomoyo_realpath_from_path+0xc2/0x6e0 [ 155.674460][ T9622] ? tomoyo_profile+0x47/0x60 [ 155.674471][ T9622] tomoyo_path_number_perm+0x245/0x580 [ 155.674482][ T9622] ? tomoyo_path_number_perm+0x237/0x580 [ 155.674495][ T9622] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 155.674508][ T9622] ? find_held_lock+0x2b/0x80 [ 155.674534][ T9622] ? find_held_lock+0x2b/0x80 [ 155.674546][ T9622] ? hook_file_ioctl_common+0x145/0x410 [ 155.674558][ T9622] ? __fget_files+0x20e/0x3c0 [ 155.674574][ T9622] security_file_ioctl+0x9b/0x240 [ 155.674603][ T9622] __x64_sys_ioctl+0xb7/0x210 [ 155.674616][ T9622] do_syscall_64+0xcd/0x4c0 [ 155.674632][ T9622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.674643][ T9622] RIP: 0033:0x7ff0ccd8e929 [ 155.674651][ T9622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.674661][ T9622] RSP: 002b:00007ff0cdb8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 155.674671][ T9622] RAX: ffffffffffffffda RBX: 00007ff0ccfb5fa0 RCX: 00007ff0ccd8e929 [ 155.674677][ T9622] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 155.674683][ T9622] RBP: 00007ff0cdb8b090 R08: 0000000000000000 R09: 0000000000000000 [ 155.674693][ T9622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.674698][ T9622] R13: 0000000000000000 R14: 00007ff0ccfb5fa0 R15: 00007ffee65f0f28 [ 155.674712][ T9622] [ 155.675194][ T9622] ERROR: Out of memory at tomoyo_realpath_from_path. [ 155.750993][ T9622] binder_alloc: 9621: binder_alloc_buf size 8232 failed, no address space [ 155.753720][ T9622] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) [ 155.756916][ T9589] team0: Port device team_slave_0 added [ 155.772297][ T9624] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 155.779636][ T9589] team0: Port device team_slave_1 added [ 155.843573][ T9589] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 155.846537][ T9589] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.854700][ T9589] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 155.859744][ T9589] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 155.861937][ T9589] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.871358][ T9589] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 155.875343][ T85] bridge_slave_1: left allmulticast mode [ 155.877593][ T85] bridge_slave_1: left promiscuous mode [ 155.879917][ T85] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.886479][ T85] bridge_slave_0: left allmulticast mode [ 155.888791][ T85] bridge_slave_0: left promiscuous mode [ 155.891217][ T85] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.063838][ T10] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 156.132324][ T85] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 156.137872][ T85] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 156.142927][ T85] bond0 (unregistering): Released all slaves [ 156.172353][ T9637] binder_alloc: 9636: binder_alloc_buf size 8232 failed, no address space [ 156.176097][ T9637] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) [ 156.204273][ T9589] hsr_slave_0: entered promiscuous mode [ 156.207303][ T9589] hsr_slave_1: entered promiscuous mode [ 156.209618][ T9589] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 156.212020][ T9589] Cannot create hsr debugfs directory [ 156.216469][ T10] usb 7-1: Using ep0 maxpacket: 32 [ 156.225355][ T10] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 156.228257][ T10] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 156.230941][ T10] usb 7-1: config 0 has an invalid descriptor of length 25, skipping remainder of the config [ 156.235242][ T10] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 156.237883][ T10] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 183, using maximum allowed: 30 [ 156.241090][ T10] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 183 [ 156.245680][ T10] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 156.249146][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.256895][ T10] usb 7-1: config 0 descriptor?? [ 156.257705][ T9644] kvm: kvm [9643]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x0 [ 156.443786][ T9653] loop6: detected capacity change from 0 to 524287999 [ 156.446783][ T9653] Buffer I/O error on dev loop6, logical block 0, async page read [ 156.449278][ T9653] Buffer I/O error on dev loop6, logical block 0, async page read [ 156.451739][ T9653] Buffer I/O error on dev loop6, logical block 0, async page read [ 156.455759][ T9653] Buffer I/O error on dev loop6, logical block 0, async page read [ 156.459078][ T9653] Buffer I/O error on dev loop6, logical block 0, async page read [ 156.461752][ T10] usb 7-1: USB disconnect, device number 26 [ 156.462247][ T9653] Buffer I/O error on dev loop6, logical block 0, async page read [ 156.469978][ T9653] Buffer I/O error on dev loop6, logical block 0, async page read [ 156.473188][ T9653] Buffer I/O error on dev loop6, logical block 0, async page read [ 156.477029][ T9653] ldm_validate_partition_table(): Disk read failed. [ 156.479817][ T9653] Buffer I/O error on dev loop6, logical block 0, async page read [ 156.483311][ T9653] Buffer I/O error on dev loop6, logical block 0, async page read [ 156.489350][ T9653] Dev loop6: unable to read RDB block 0 [ 156.492048][ T9653] loop6: unable to read partition table [ 156.495061][ T9653] loop_reread_partitions: partition scan of loop6 (3 xC) failed (rc=-5) [ 156.499349][ T9653] bridge: RTM_NEWNEIGH with unconfigured vlan 1 on bridge0 [ 156.593226][ T85] hsr_slave_0: left promiscuous mode [ 156.595676][ T85] hsr_slave_1: left promiscuous mode [ 156.597715][ T85] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 156.600152][ T85] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 156.603492][ T85] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 156.605982][ T85] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 156.630229][ T85] veth1_macvtap: left promiscuous mode [ 156.632075][ T85] veth0_macvtap: left promiscuous mode [ 156.634745][ T85] veth1_vlan: left promiscuous mode [ 156.637081][ T85] veth0_vlan: left promiscuous mode [ 156.786225][ T9664] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 156.789499][ T9664] overlayfs: failed to set xattr on upper [ 156.791722][ T9664] overlayfs: ...falling back to redirect_dir=nofollow. [ 156.794491][ T9664] overlayfs: ...falling back to index=off. [ 156.796961][ T9664] overlayfs: ...falling back to uuid=null. [ 156.799500][ T9664] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 156.913797][ T29] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 157.073818][ T29] usb 7-1: Using ep0 maxpacket: 32 [ 157.077526][ T29] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 157.080804][ T29] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 157.084657][ T29] usb 7-1: config 0 has an invalid descriptor of length 25, skipping remainder of the config [ 157.087782][ T29] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 157.091170][ T29] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 183, using maximum allowed: 30 [ 157.095979][ T29] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 183 [ 157.100690][ T29] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 157.104360][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.109136][ T29] usb 7-1: config 0 descriptor?? [ 157.268412][ T85] team0 (unregistering): Port device team_slave_1 removed [ 157.276591][ T5959] Bluetooth: hci4: command tx timeout [ 157.336694][ T85] team0 (unregistering): Port device team_slave_0 removed [ 158.039908][ T9589] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 158.050392][ T9589] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 158.056609][ T9589] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 158.062706][ T9589] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 158.076265][ T5952] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 158.081337][ T5952] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 158.085409][ T5952] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 158.090982][ T5952] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 158.101556][ T5952] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 158.130468][ T9675] vxcan1 speed is unknown, defaulting to 1000 [ 158.142196][ T9589] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.151446][ T9589] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.156727][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.159797][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.169628][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.172421][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.210151][ T9688] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1199'. [ 158.214041][ T9688] netlink: 'syz.3.1199': attribute type 7 has an invalid length. [ 158.216756][ T9688] netlink: 'syz.3.1199': attribute type 8 has an invalid length. [ 158.220713][ T9688] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1199'. [ 158.282606][ T9693] FAULT_INJECTION: forcing a failure. [ 158.282606][ T9693] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.287608][ T9693] CPU: 1 UID: 0 PID: 9693 Comm: syz.3.1200 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) [ 158.287623][ T9693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.287630][ T9693] Call Trace: [ 158.287634][ T9693] [ 158.287638][ T9693] dump_stack_lvl+0x16c/0x1f0 [ 158.287655][ T9693] should_fail_ex+0x512/0x640 [ 158.287676][ T9693] _copy_from_user+0x2e/0xd0 [ 158.287692][ T9693] binder_ioctl+0x57a/0x72c0 [ 158.287707][ T9693] ? tomoyo_path_number_perm+0x18d/0x580 [ 158.287722][ T9693] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 158.287736][ T9693] ? __pfx_binder_ioctl+0x10/0x10 [ 158.287745][ T9693] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 158.287760][ T9693] ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540 [ 158.287775][ T9693] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 158.287790][ T9693] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 158.287809][ T9693] ? hook_file_ioctl_common+0x145/0x410 [ 158.287823][ T9693] ? selinux_file_ioctl+0x180/0x270 [ 158.287836][ T9693] ? selinux_file_ioctl+0xb4/0x270 [ 158.287850][ T9693] ? __pfx_binder_ioctl+0x10/0x10 [ 158.287860][ T9693] __x64_sys_ioctl+0x18b/0x210 [ 158.287872][ T9693] do_syscall_64+0xcd/0x4c0 [ 158.287888][ T9693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.287898][ T9693] RIP: 0033:0x7f3fde38e929 [ 158.287906][ T9693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.287916][ T9693] RSP: 002b:00007f3fdf245038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 158.287926][ T9693] RAX: ffffffffffffffda RBX: 00007f3fde5b5fa0 RCX: 00007f3fde38e929 [ 158.287932][ T9693] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 158.287938][ T9693] RBP: 00007f3fdf245090 R08: 0000000000000000 R09: 0000000000000000 [ 158.287944][ T9693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.287949][ T9693] R13: 0000000000000000 R14: 00007f3fde5b5fa0 R15: 00007fffeab356c8 [ 158.287962][ T9693] [ 158.287966][ T9693] binder: 9692:9693 ioctl c0306201 2000000001c0 returned -14 [ 158.332092][ T9589] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.374604][ T9675] chnl_net:caif_netlink_parms(): no params data found [ 158.397309][ T9702] XFS (nullb0): Invalid superblock magic number [ 158.418256][ T9701] XFS (nullb0): Invalid superblock magic number [ 158.511956][ T9719] tipc: Started in network mode [ 158.513551][ T9719] tipc: Node identity ac1414aa, cluster identity 4711 [ 158.516184][ T9719] tipc: Enabling of bearer rejected, failed to enable media [ 158.519853][ T9675] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.522316][ T9675] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.525467][ T9675] bridge_slave_0: entered allmulticast mode [ 158.528358][ T9675] bridge_slave_0: entered promiscuous mode [ 158.532438][ T9675] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.535197][ T9675] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.537344][ T9675] bridge_slave_1: entered allmulticast mode [ 158.539889][ T9675] bridge_slave_1: entered promiscuous mode [ 158.542107][ T9589] veth0_vlan: entered promiscuous mode [ 158.551970][ T9719] netlink: 'syz.3.1203': attribute type 1 has an invalid length. [ 158.554586][ T9719] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 158.586751][ T9675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 158.591218][ T9589] veth1_vlan: entered promiscuous mode [ 158.601565][ T9675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.649173][ T9675] team0: Port device team_slave_0 added [ 158.655122][ T9675] team0: Port device team_slave_1 added [ 158.712081][ T9675] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 158.715357][ T9675] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.723565][ T9675] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 158.729389][ T9675] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 158.731551][ T9675] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.739488][ T9675] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 158.789920][ T9723] A link change request failed with some changes committed already. Interface 2g,{ may have been left with an inconsistent configuration, please check. [ 158.796914][ T9589] veth0_macvtap: entered promiscuous mode [ 158.803826][ T9675] hsr_slave_0: entered promiscuous mode [ 158.806507][ T9675] hsr_slave_1: entered promiscuous mode [ 158.808745][ T9675] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 158.811359][ T9675] Cannot create hsr debugfs directory [ 158.816115][ T9589] veth1_macvtap: entered promiscuous mode [ 158.854090][ T29] usb 7-1: USB disconnect, device number 27 [ 158.890906][ T9589] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.922776][ T9589] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.932438][ T9734] binder: 9733:9734 ioctl c0306201 2000000003c0 returned -14 [ 158.939325][ T9589] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.942791][ T9589] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.952205][ T9589] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.956458][ T9589] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.969860][ T9740] FAULT_INJECTION: forcing a failure. [ 158.969860][ T9740] name failslab, interval 1, probability 0, space 0, times 0 [ 158.975000][ T9740] CPU: 3 UID: 0 PID: 9740 Comm: syz.2.1212 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) [ 158.975016][ T9740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.975022][ T9740] Call Trace: [ 158.975026][ T9740] [ 158.975030][ T9740] dump_stack_lvl+0x16c/0x1f0 [ 158.975052][ T9740] should_fail_ex+0x512/0x640 [ 158.975065][ T9740] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 158.975079][ T9740] should_failslab+0xc2/0x120 [ 158.975094][ T9740] __kmalloc_cache_noprof+0x6a/0x3e0 [ 158.975105][ T9740] ? binder_transaction+0xad0/0x9af0 [ 158.975115][ T9740] ? binder_transaction+0xb85/0x9af0 [ 158.975127][ T9740] binder_transaction+0xb85/0x9af0 [ 158.975148][ T9740] ? __lock_acquire+0x622/0x1c90 [ 158.975159][ T9740] ? __pfx_binder_transaction+0x10/0x10 [ 158.975173][ T9740] ? find_held_lock+0x2b/0x80 [ 158.975188][ T9740] ? __lock_acquire+0xb8a/0x1c90 [ 158.975204][ T9740] ? find_held_lock+0x2b/0x80 [ 158.975215][ T9740] ? __might_fault+0xe3/0x190 [ 158.975228][ T9740] ? __might_fault+0xe3/0x190 [ 158.975240][ T9740] ? __might_fault+0x13b/0x190 [ 158.975258][ T9740] binder_thread_write+0xaae/0x4e70 [ 158.975273][ T9740] ? __pfx_binder_thread_write+0x10/0x10 [ 158.975283][ T9740] ? binder_debug+0xde/0x1a0 [ 158.975298][ T9740] ? binder_debug+0xde/0x1a0 [ 158.975312][ T9740] ? __pfx_binder_debug+0x10/0x10 [ 158.975326][ T9740] ? find_held_lock+0x2b/0x80 [ 158.975344][ T9740] binder_ioctl+0x26a7/0x72c0 [ 158.975359][ T9740] ? tomoyo_path_number_perm+0x18d/0x580 [ 158.975374][ T9740] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 158.975391][ T9740] ? __pfx_binder_ioctl+0x10/0x10 [ 158.975401][ T9740] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 158.975416][ T9740] ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540 [ 158.975431][ T9740] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 158.975446][ T9740] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 158.975465][ T9740] ? hook_file_ioctl_common+0x145/0x410 [ 158.975478][ T9740] ? selinux_file_ioctl+0x180/0x270 [ 158.975492][ T9740] ? selinux_file_ioctl+0xb4/0x270 [ 158.975506][ T9740] ? __pfx_binder_ioctl+0x10/0x10 [ 158.975516][ T9740] __x64_sys_ioctl+0x18b/0x210 [ 158.975528][ T9740] do_syscall_64+0xcd/0x4c0 [ 158.975544][ T9740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.975555][ T9740] RIP: 0033:0x7ff0ccd8e929 [ 158.975563][ T9740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.975573][ T9740] RSP: 002b:00007ff0cdb8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 158.975584][ T9740] RAX: ffffffffffffffda RBX: 00007ff0ccfb5fa0 RCX: 00007ff0ccd8e929 [ 158.975590][ T9740] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 158.975596][ T9740] RBP: 00007ff0cdb8b090 R08: 0000000000000000 R09: 0000000000000000 [ 158.975602][ T9740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.975607][ T9740] R13: 0000000000000000 R14: 00007ff0ccfb5fa0 R15: 00007ffee65f0f28 [ 158.975620][ T9740] [ 159.024643][ T9742] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 159.049928][ T92] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.051137][ T9742] overlayfs: failed to set xattr on upper [ 159.052620][ T92] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.054082][ T9742] overlayfs: ...falling back to redirect_dir=nofollow. [ 159.054088][ T9742] overlayfs: ...falling back to index=off. [ 159.054091][ T9742] overlayfs: ...falling back to uuid=null. [ 159.075210][ T9743] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 159.090375][ T9675] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 159.091476][ T9743] overlayfs: failed to set xattr on upper [ 159.102710][ T9743] overlayfs: ...falling back to redirect_dir=nofollow. [ 159.105176][ T9743] overlayfs: ...falling back to index=off. [ 159.105177][ T9675] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 159.106989][ T9743] overlayfs: ...falling back to uuid=null. [ 159.113321][ T9675] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 159.117895][ T92] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.118005][ T9675] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 159.120429][ T92] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.168811][ T9675] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.196081][ T9675] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.201679][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.204045][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.210017][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.212325][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.264180][ T6037] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 159.315802][ T9675] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.413815][ T6037] usb 8-1: Using ep0 maxpacket: 8 [ 159.416749][ T6037] usb 8-1: config 4 has an invalid interface number: 202 but max is 0 [ 159.419332][ T6037] usb 8-1: config 4 has no interface number 0 [ 159.421162][ T6037] usb 8-1: config 4 interface 202 has no altsetting 0 [ 159.439083][ T6037] usb 8-1: New USB device found, idVendor=7392, idProduct=7611, bcdDevice= 8.71 [ 159.441796][ T6037] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.444220][ T6037] usb 8-1: Product: syz [ 159.445711][ T6037] usb 8-1: Manufacturer: syz [ 159.447230][ T6037] usb 8-1: SerialNumber: syz [ 159.456806][ T9675] veth0_vlan: entered promiscuous mode [ 159.462040][ T9675] veth1_vlan: entered promiscuous mode [ 159.479724][ T9675] veth0_macvtap: entered promiscuous mode [ 159.484109][ T9675] veth1_macvtap: entered promiscuous mode [ 159.496030][ T9675] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.502083][ T9675] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.508702][ T9675] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.511719][ T9675] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.514722][ T9675] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.517395][ T9675] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.536011][ T60] nci: nci_ntf_packet: unknown ntf opcode 0x21 [ 159.659970][ T6037] usb 8-1: USB disconnect, device number 22 [ 160.144001][ T5959] Bluetooth: hci2: command tx timeout [ 160.323899][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 160.323909][ T40] audit: type=1400 audit(1752311616.945:908): avc: denied { bind } for pid=9789 comm="syz.3.1223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 160.332289][ T40] audit: type=1400 audit(1752311616.945:909): avc: denied { name_bind } for pid=9789 comm="syz.3.1223" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 160.332417][ T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.341208][ T40] audit: type=1400 audit(1752311616.945:910): avc: denied { node_bind } for pid=9789 comm="syz.3.1223" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 160.350494][ T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.351187][ T40] audit: type=1400 audit(1752311616.955:911): avc: denied { write } for pid=9789 comm="syz.3.1223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 160.370979][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.373364][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.380380][ T40] audit: type=1400 audit(1752311616.995:912): avc: denied { getopt } for pid=9794 comm="syz.2.1224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 160.416725][ T40] audit: type=1326 audit(1752311617.035:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9796 comm="syz.2.1225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ccd8e929 code=0x50000 [ 160.423790][ T40] audit: type=1326 audit(1752311617.035:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9796 comm="syz.2.1225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ccd8e929 code=0x50000 [ 160.433083][ T40] audit: type=1326 audit(1752311617.035:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9796 comm="syz.2.1225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ccd8e929 code=0x50000 [ 160.442386][ T40] audit: type=1326 audit(1752311617.035:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9796 comm="syz.2.1225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ccd8e929 code=0x50000 [ 160.451881][ T40] audit: type=1326 audit(1752311617.035:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9796 comm="syz.2.1225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ccd8e929 code=0x50000 [ 160.541371][ T9808] xt_hashlimit: size too large, truncated to 1048576 [ 160.775033][ T9823] netlink: 'syz.5.1233': attribute type 10 has an invalid length. [ 160.777922][ T9823] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1233'. [ 160.781192][ T9823] bridge0: port 3(dummy0) entered blocking state [ 160.783273][ T9823] bridge0: port 3(dummy0) entered disabled state [ 160.786752][ T9823] dummy0: entered allmulticast mode [ 160.789185][ T9823] dummy0: entered promiscuous mode [ 160.791088][ T9823] bridge0: port 3(dummy0) entered blocking state [ 160.793143][ T9823] bridge0: port 3(dummy0) entered forwarding state [ 160.827597][ T9825] program syz.3.1234 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 160.865157][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.904823][ T9831] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1236'. [ 162.223796][ T5959] Bluetooth: hci2: command tx timeout [ 162.477056][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.535420][ T9836] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 162.542937][ T9838] 9pnet_virtio: no channels available for device syz [ 162.550636][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.638054][ T5952] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 162.642387][ T5952] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 162.644245][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.645111][ T5952] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 162.651724][ T5952] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 162.654438][ T5952] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 162.680792][ T9852] vxcan1 speed is unknown, defaulting to 1000 [ 162.696102][ T9854] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1242'. [ 162.763289][ T13] bridge_slave_1: left allmulticast mode [ 162.765944][ T13] bridge_slave_1: left promiscuous mode [ 162.768028][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.785113][ T13] bridge_slave_0: left allmulticast mode [ 162.786937][ T13] bridge_slave_0: left promiscuous mode [ 162.788775][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.032438][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 163.037227][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 163.040940][ T13] bond0 (unregistering): Released all slaves [ 163.173068][ T9879] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1250'. [ 163.202253][ T9852] chnl_net:caif_netlink_parms(): no params data found [ 163.286710][ T9852] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.289576][ T9852] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.301498][ T9852] bridge_slave_0: entered allmulticast mode [ 163.305692][ T9852] bridge_slave_0: entered promiscuous mode [ 163.328523][ T9852] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.330766][ T9852] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.333011][ T9852] bridge_slave_1: entered allmulticast mode [ 163.338487][ T9852] bridge_slave_1: entered promiscuous mode [ 163.404103][ T9852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.408608][ T9892] Bluetooth: MGMT ver 1.23 [ 163.409665][ T9852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.471546][ T9897] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1254'. [ 163.511229][ T13] hsr_slave_0: left promiscuous mode [ 163.513436][ T13] hsr_slave_1: left promiscuous mode [ 163.517341][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.519692][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.522513][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.524920][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.555489][ T13] veth1_macvtap: left promiscuous mode [ 163.557247][ T13] veth0_macvtap: left promiscuous mode [ 163.559077][ T13] veth1_vlan: left promiscuous mode [ 163.560762][ T13] veth0_vlan: left promiscuous mode [ 163.612967][ T9907] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1256'. [ 163.619134][ T9907] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1256'. [ 163.625329][ T9906] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1256'. [ 163.629336][ T9906] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1256'. [ 163.630603][ T9910] overlayfs: failed to resolve './file1': -2 [ 163.643494][ T9910] F2FS-fs (nbd2): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 163.653507][ T9910] F2FS-fs (nbd2): Can't find valid F2FS filesystem in 1th superblock [ 163.657696][ T9910] F2FS-fs (nbd2): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 163.660299][ T9910] F2FS-fs (nbd2): Can't find valid F2FS filesystem in 2th superblock [ 164.239907][ T13] team0 (unregistering): Port device team_slave_1 removed [ 164.303937][ T5952] Bluetooth: hci2: command tx timeout [ 164.310305][ T13] team0 (unregistering): Port device team_slave_0 removed [ 164.703883][ T5952] Bluetooth: hci4: command tx timeout [ 164.799188][ T9852] team0: Port device team_slave_0 added [ 164.806417][ T9852] team0: Port device team_slave_1 added [ 164.808516][ T9920] netdevsim netdevsim5 : renamed from netdevsim0 (while UP) [ 164.834298][ T9923] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1260'. [ 164.861492][ T9852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 164.869651][ T9927] tmpfs: Invalid gid '0x00000000ffffffff' [ 164.871637][ T9852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.883929][ T9852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 164.891293][ T9852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 164.897687][ T9852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.909125][ T9852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 164.986491][ T9852] hsr_slave_0: entered promiscuous mode [ 164.988695][ T9852] hsr_slave_1: entered promiscuous mode [ 164.990811][ T9852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 164.993159][ T9852] Cannot create hsr debugfs directory [ 165.223910][ T24] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 165.373777][ T24] usb 10-1: Using ep0 maxpacket: 8 [ 165.376812][ T24] usb 10-1: config 4 has an invalid interface number: 202 but max is 0 [ 165.379443][ T24] usb 10-1: config 4 has no interface number 0 [ 165.381404][ T24] usb 10-1: config 4 interface 202 has no altsetting 0 [ 165.385366][ T24] usb 10-1: New USB device found, idVendor=7392, idProduct=7611, bcdDevice= 8.71 [ 165.388378][ T24] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.390875][ T24] usb 10-1: Product: syz [ 165.392214][ T24] usb 10-1: Manufacturer: syz [ 165.393803][ T24] usb 10-1: SerialNumber: syz [ 165.423924][ T53] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 165.457839][ T9852] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 165.462371][ T9852] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 165.466473][ T9852] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 165.470727][ T9852] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 165.519640][ T9852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.531801][ T9852] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.536566][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.539244][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.547080][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.549876][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.573734][ T53] usb 8-1: Using ep0 maxpacket: 8 [ 165.576694][ T53] usb 8-1: config 4 has an invalid interface number: 202 but max is 0 [ 165.579415][ T53] usb 8-1: config 4 has no interface number 0 [ 165.581668][ T53] usb 8-1: config 4 interface 202 has no altsetting 0 [ 165.587935][ T53] usb 8-1: New USB device found, idVendor=7392, idProduct=7611, bcdDevice= 8.71 [ 165.591362][ T53] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.594461][ T53] usb 8-1: Product: syz [ 165.595867][ T53] usb 8-1: Manufacturer: syz [ 165.597313][ T53] usb 8-1: SerialNumber: syz [ 165.619035][ T24] usb 10-1: USB disconnect, device number 2 [ 165.673156][ T40] kauditd_printk_skb: 33475 callbacks suppressed [ 165.673167][ T40] audit: type=1400 audit(1752311622.285:34393): avc: denied { connect } for pid=9972 comm="syz.2.1273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 165.681991][ T40] audit: type=1400 audit(1752311622.285:34394): avc: denied { write } for pid=9972 comm="syz.2.1273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 165.700562][ T9852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.704981][ T9973] vxcan1 speed is unknown, defaulting to 1000 [ 165.721998][ T9852] veth0_vlan: entered promiscuous mode [ 165.736866][ T9852] veth1_vlan: entered promiscuous mode [ 165.749246][ T9852] veth0_macvtap: entered promiscuous mode [ 165.752778][ T9852] veth1_macvtap: entered promiscuous mode [ 165.762712][ T9852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 165.775815][ T40] audit: type=1400 audit(1752311622.395:34395): avc: denied { ioctl } for pid=9972 comm="syz.2.1273" path="socket:[40883]" dev="sockfs" ino=40883 ioctlcmd=0xf7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 165.780582][ T9852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 165.789413][ T9852] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.792279][ T9852] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.795580][ T9852] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.798550][ T9852] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.808354][ T53] usb 8-1: USB disconnect, device number 23 [ 165.853114][ T92] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.857031][ T92] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.890929][ T92] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.894419][ T92] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.269334][ T9980] NILFS (nullb0): couldn't find nilfs on the device [ 166.384172][ T5952] Bluetooth: hci2: command tx timeout [ 166.405686][ T9996] netlink: 'syz.3.1280': attribute type 2 has an invalid length. [ 166.426025][ T9988] __nla_validate_parse: 1 callbacks suppressed [ 166.426042][ T9988] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1278'. [ 166.470938][T10001] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1282'. [ 166.473599][ T40] audit: type=1400 audit(1752311623.085:34396): avc: denied { write } for pid=10000 comm="syz.2.1282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 166.476918][T10001] binder_alloc: 10000: binder_alloc_buf size 8232 failed, no address space [ 166.486362][T10001] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) [ 166.525018][T10009] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 166.604529][ T40] audit: type=1400 audit(1752311623.225:34397): avc: denied { watch } for pid=10015 comm="syz.3.1289" path="/459/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=2407 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 166.620262][ T40] audit: type=1400 audit(1752311623.225:34398): avc: denied { watch_sb watch_reads } for pid=10015 comm="syz.3.1289" path="/459/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=2407 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 166.864055][ T53] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 166.871864][T10038] bond3: entered promiscuous mode [ 166.874523][T10038] 8021q: adding VLAN 0 to HW filter on device bond3 [ 166.881446][ T40] audit: type=1400 audit(1752311623.495:34399): avc: denied { setopt } for pid=10037 comm="syz.3.1293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 166.958302][ T40] audit: type=1400 audit(1752311623.575:34400): avc: denied { read } for pid=10040 comm="syz.3.1294" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 166.965980][ T40] audit: type=1400 audit(1752311623.575:34401): avc: denied { open } for pid=10040 comm="syz.3.1294" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 167.023917][ T53] usb 10-1: Using ep0 maxpacket: 8 [ 167.027774][ T53] usb 10-1: config 4 has an invalid interface number: 202 but max is 0 [ 167.030433][ T53] usb 10-1: config 4 has no interface number 0 [ 167.032389][ T53] usb 10-1: config 4 interface 202 has no altsetting 0 [ 167.036209][ T53] usb 10-1: New USB device found, idVendor=7392, idProduct=7611, bcdDevice= 8.71 [ 167.039053][ T53] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.041627][ T53] usb 10-1: Product: syz [ 167.043100][ T53] usb 10-1: Manufacturer: syz [ 167.044736][ T53] usb 10-1: SerialNumber: syz [ 167.255379][ T53] usb 10-1: USB disconnect, device number 3 [ 167.396194][T10045] binder_alloc: 10044: binder_alloc_buf size 8232 failed, no address space [ 167.399947][T10045] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) [ 167.482694][ T40] audit: type=1400 audit(1752311624.095:34402): avc: denied { create } for pid=10048 comm="syz.2.1297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 167.487162][T10049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1297'. [ 167.494644][T10049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1297'. [ 167.908024][T10057] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1301'. [ 167.911825][T10057] netlink: 'syz.5.1301': attribute type 7 has an invalid length. [ 167.915118][T10057] netlink: 'syz.5.1301': attribute type 8 has an invalid length. [ 167.918285][T10057] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1301'. [ 167.986527][T10061] netlink: 'syz.5.1303': attribute type 4 has an invalid length. [ 167.997910][T10061] netlink: 'syz.5.1303': attribute type 2 has an invalid length. [ 168.001303][T10061] netlink: 1184 bytes leftover after parsing attributes in process `syz.5.1303'. [ 168.051102][T10063] 9pnet_virtio: no channels available for device syz [ 168.051746][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.068495][T10063] macvtap1: entered allmulticast mode [ 168.070228][T10063] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 168.074742][T10063] mac80211_hwsim hwsim10 wlan0: left allmulticast mode [ 168.109022][T10064] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1304'. [ 169.669563][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.724974][T10070] comedi comedi2: das16m1: a I/O base address must be specified [ 169.747347][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.781765][T10078] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1310'. [ 169.784724][T10078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1310'. [ 169.787452][T10078] tipc: MTU too low for tipc bearer [ 169.801843][T10075] tipc: Started in network mode [ 169.803922][T10075] tipc: Node identity 1a8d5d11705a, cluster identity 4711 [ 169.806309][T10075] tipc: Enabled bearer , priority 0 [ 169.813512][T10075] syzkaller0: entered promiscuous mode [ 169.817685][T10075] syzkaller0: entered allmulticast mode [ 169.838399][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.838527][ T5959] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 169.848397][ T5959] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 169.859103][ T5959] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 169.862346][ T5959] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 169.869095][T10075] tipc: Resetting bearer [ 169.873355][ T5959] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 169.899321][T10080] vxcan1 speed is unknown, defaulting to 1000 [ 169.910368][T10087] netlink: 'syz.2.1313': attribute type 7 has an invalid length. [ 169.913362][T10087] netlink: 'syz.2.1313': attribute type 8 has an invalid length. [ 169.918634][T10089] syz.3.1314: attempt to access beyond end of device [ 169.918634][T10089] loop3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 169.922613][T10087] erspan0: entered promiscuous mode [ 169.923237][T10089] MINIX-fs: unable to read superblock [ 169.927891][T10087] batadv_slave_1: entered promiscuous mode [ 169.934580][T10087] erspan0: left promiscuous mode [ 169.936870][T10087] batadv_slave_1: left promiscuous mode [ 170.007320][ T12] bridge_slave_1: left allmulticast mode [ 170.009167][ T12] bridge_slave_1: left promiscuous mode [ 170.011407][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.027079][ T12] bridge_slave_0: left allmulticast mode [ 170.029403][ T12] bridge_slave_0: left promiscuous mode [ 170.031812][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.304849][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 170.309346][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 170.313003][ T12] bond0 (unregistering): Released all slaves [ 170.323542][T10090] vxcan1 speed is unknown, defaulting to 1000 [ 170.543022][T10080] chnl_net:caif_netlink_parms(): no params data found [ 170.699266][T10080] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.702198][T10080] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.705196][T10080] bridge_slave_0: entered allmulticast mode [ 170.711778][T10080] bridge_slave_0: entered promiscuous mode [ 170.744764][T10080] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.751854][T10080] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.756318][T10080] bridge_slave_1: entered allmulticast mode [ 170.759502][T10080] bridge_slave_1: entered promiscuous mode [ 170.786541][ T6037] tipc: Resetting bearer [ 170.789633][T10124] netlink: 'syz.2.1321': attribute type 3 has an invalid length. [ 170.792155][T10124] netlink: 'syz.2.1321': attribute type 1 has an invalid length. [ 170.814936][ T6037] tipc: Disabling bearer [ 170.876526][T10080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 170.880968][T10129] binder: 10128:10129 ioctl c0306201 200000000040 returned -22 [ 170.883303][T10080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 170.906074][ T12] hsr_slave_0: left promiscuous mode [ 170.908330][ T12] hsr_slave_1: left promiscuous mode [ 170.910488][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 170.912767][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 170.917375][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 170.919913][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 170.952393][ T12] veth1_macvtap: left promiscuous mode [ 170.954465][ T12] veth0_macvtap: left promiscuous mode [ 170.956200][ T12] veth1_vlan: left promiscuous mode [ 170.958331][ T12] veth0_vlan: left promiscuous mode [ 171.589266][ T12] team0 (unregistering): Port device team_slave_1 removed [ 171.655441][ T12] team0 (unregistering): Port device team_slave_0 removed [ 171.906234][ T5959] Bluetooth: hci4: command tx timeout [ 172.226316][T10080] team0: Port device team_slave_0 added [ 172.231761][T10080] team0: Port device team_slave_1 added [ 172.264244][ T6037] IPVS: starting estimator thread 0... [ 172.269550][T10155] binder_alloc: 10154: binder_alloc_buf size 8232 failed, no address space [ 172.272378][T10155] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) [ 172.273700][T10153] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 172.302721][T10161] __nla_validate_parse: 6 callbacks suppressed [ 172.302736][T10161] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1334'. [ 172.308242][T10080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 172.311662][T10161] netlink: 'syz.3.1334': attribute type 7 has an invalid length. [ 172.315799][T10161] netlink: 'syz.3.1334': attribute type 8 has an invalid length. [ 172.319222][T10080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 172.322153][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1334'. [ 172.332162][T10080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 172.346732][T10161] erspan0: entered promiscuous mode [ 172.348959][T10161] batadv_slave_1: entered promiscuous mode [ 172.351457][T10161] erspan0: left promiscuous mode [ 172.353765][T10161] batadv_slave_1: left promiscuous mode [ 172.354558][T10159] IPVS: using max 43 ests per chain, 103200 per kthread [ 172.362203][T10080] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 172.364709][T10080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 172.372757][T10080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 172.422278][T10080] hsr_slave_0: entered promiscuous mode [ 172.424756][T10080] hsr_slave_1: entered promiscuous mode [ 172.426849][T10080] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 172.429209][T10080] Cannot create hsr debugfs directory [ 172.506890][ T10] usb 10-1: new full-speed USB device number 4 using dummy_hcd [ 172.665412][ T10] usb 10-1: not running at top speed; connect to a high speed hub [ 172.668633][ T10] usb 10-1: config 1 interface 0 has no altsetting 0 [ 172.672221][ T10] usb 10-1: New USB device found, idVendor=1b96, idProduct=0013, bcdDevice= 0.40 [ 172.675378][ T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.677848][ T10] usb 10-1: Manufacturer:   [ 172.679374][ T10] usb 10-1: SerialNumber: Ћ [ 172.684708][ T6015] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 172.853953][ T6015] usb 7-1: Using ep0 maxpacket: 8 [ 172.864272][ T6015] usb 7-1: config 4 has an invalid interface number: 202 but max is 0 [ 172.868698][ T6015] usb 7-1: config 4 has no interface number 0 [ 172.871382][ T6015] usb 7-1: config 4 interface 202 has no altsetting 0 [ 172.879705][ T6015] usb 7-1: New USB device found, idVendor=7392, idProduct=7611, bcdDevice= 8.71 [ 172.883550][ T6015] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.887090][ T6015] usb 7-1: Product: syz [ 172.889412][ T6015] usb 7-1: Manufacturer: syz [ 172.891612][ T6015] usb 7-1: SerialNumber: syz [ 172.905573][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 172.905588][ T40] audit: type=1400 audit(1752311629.515:34406): avc: denied { read } for pid=10156 comm="syz.5.1333" path="socket:[44320]" dev="sockfs" ino=44320 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 172.921094][T10080] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 172.927919][T10080] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 172.934074][T10080] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 172.942947][T10080] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 172.965537][ T40] audit: type=1400 audit(1752311629.585:34407): avc: denied { read } for pid=10156 comm="syz.5.1333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 173.000333][ T10] usbhid 10-1:1.0: can't add hid device: -71 [ 173.002882][ T10] usbhid 10-1:1.0: probe with driver usbhid failed with error -71 [ 173.014086][ T10] usb 10-1: USB disconnect, device number 4 [ 173.025176][T10080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.042217][T10080] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.051392][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.054500][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.062964][ T85] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.065334][ T85] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.126379][ T6015] usb 7-1: USB disconnect, device number 28 [ 173.223383][T10080] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.256253][T10080] veth0_vlan: entered promiscuous mode [ 173.263382][T10080] veth1_vlan: entered promiscuous mode [ 173.288573][T10080] veth0_macvtap: entered promiscuous mode [ 173.295646][T10080] veth1_macvtap: entered promiscuous mode [ 173.309778][T10080] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.319189][T10080] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.326060][T10080] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.329635][T10080] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.333364][T10080] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.338067][T10080] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.385771][ T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.388841][ T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.412469][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.415875][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.727387][T10192] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 173.765348][ T40] audit: type=1400 audit(1752311630.385:34408): avc: denied { ioctl } for pid=10193 comm="syz.2.1344" path="/dev/ptyq9" dev="devtmpfs" ino=136 ioctlcmd=0x4b71 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 173.776815][ T40] audit: type=1804 audit(1752311630.385:34409): pid=10194 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1344" name="file0" dev="ramfs" ino=42942 res=1 errno=0 [ 173.803830][ T9784] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 173.905578][ T5952] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 173.910186][ T5952] Bluetooth: hci1: Injecting HCI hardware error event [ 173.933933][ T9784] usb 10-1: device descriptor read/64, error -71 [ 174.015319][ T40] audit: type=1400 audit(1752311630.635:34410): avc: denied { read write } for pid=10214 comm="syz.3.1350" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 174.025145][ T40] audit: type=1400 audit(1752311630.635:34411): avc: denied { open } for pid=10214 comm="syz.3.1350" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 174.033488][ T40] audit: type=1400 audit(1752311630.635:34412): avc: denied { ioctl } for pid=10214 comm="syz.3.1350" path="/dev/ppp" dev="devtmpfs" ino=730 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 174.137944][ T40] audit: type=1400 audit(1752311630.755:34413): avc: denied { ioctl } for pid=10216 comm="syz.3.1351" path="socket:[45364]" dev="sockfs" ino=45364 ioctlcmd=0x8919 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 174.173831][ T9784] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 174.263587][T10223] autofs: Unknown parameter '' [ 174.304382][ T9784] usb 10-1: device descriptor read/64, error -71 [ 174.342771][T10227] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1355'. [ 174.347853][T10227] netlink: 'syz.3.1355': attribute type 7 has an invalid length. [ 174.350350][T10227] netlink: 'syz.3.1355': attribute type 8 has an invalid length. [ 174.352776][T10227] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1355'. [ 174.359379][T10227] erspan0: entered promiscuous mode [ 174.361621][T10227] batadv_slave_1: entered promiscuous mode [ 174.365209][T10227] erspan0: left promiscuous mode [ 174.368721][T10227] batadv_slave_1: left promiscuous mode [ 174.415177][ T9784] usb usb10-port1: attempt power cycle [ 174.518696][ T40] audit: type=1400 audit(1752311631.135:34414): avc: denied { getopt } for pid=10232 comm="syz.3.1358" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 174.519233][T10234] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1358'. [ 174.555174][T10239] xt_ecn: cannot match TCP bits for non-tcp packets [ 174.571142][T10239] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.717597][T10256] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1362'. [ 174.722575][T10256] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1362'. [ 174.726804][T10256] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1362'. [ 174.731633][T10256] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1362'. [ 174.738580][ T40] audit: type=1400 audit(1752311631.355:34415): avc: denied { getopt } for pid=10250 comm="syz.3.1362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 174.754123][ T9784] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 174.768663][T10260] A link change request failed with some changes committed already. Interface 2g,{ may have been left with an inconsistent configuration, please check. [ 174.774343][ T9784] usb 10-1: device descriptor read/8, error -71 [ 174.801804][T10263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1364'. [ 174.810462][T10263] netlink: 'syz.3.1364': attribute type 10 has an invalid length. [ 174.817573][T10263] team0: Port device wlan1 added [ 175.014433][ T9784] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 175.034427][ T9784] usb 10-1: device descriptor read/8, error -71 [ 175.153937][ T9784] usb usb10-port1: unable to enumerate USB device [ 175.485538][ T85] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.664067][ T5952] Bluetooth: hci1: command 0x0406 tx timeout [ 175.669897][ T5959] Bluetooth: hci1: hardware error 0x00 [ 177.266845][ T85] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.351686][ T85] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.400559][ T5954] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 177.405590][ T5954] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 177.408562][ T5954] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 177.411423][ T5954] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 177.414392][ T5954] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 177.443275][ T85] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.463051][T10343] vxcan1 speed is unknown, defaulting to 1000 [ 177.517573][T10350] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1374'. [ 177.627938][ T34] libceph: connect (1)[c::]:6789 error -101 [ 177.630169][ T34] libceph: mon0 (1)[c::]:6789 connect error [ 177.656859][T10358] ceph: No mds server is up or the cluster is laggy [ 177.740210][T10374] ------------[ cut here ]------------ [ 177.742025][T10374] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/das16m1.c:525:9 [ 177.750367][ T5959] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 177.751206][T10374] shift exponent 42342 is too large for 32-bit type 'int' [ 177.756247][T10374] CPU: 2 UID: 0 PID: 10374 Comm: syz.5.1381 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 177.756279][T10374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 177.756292][T10374] Call Trace: [ 177.756299][T10374] [ 177.756306][T10374] dump_stack_lvl+0x16c/0x1f0 [ 177.756349][T10374] __ubsan_handle_shift_out_of_bounds+0x27f/0x420 [ 177.756396][T10374] das16m1_attach.cold+0x19/0x1e [ 177.756424][T10374] comedi_device_attach+0x3b3/0x900 [ 177.756457][T10374] do_devconfig_ioctl+0x1a7/0x580 [ 177.756486][T10374] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 177.756529][T10374] ? find_held_lock+0x2b/0x80 [ 177.756558][T10374] comedi_unlocked_ioctl+0x15bb/0x2e90 [ 177.756586][T10374] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 177.756609][T10374] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 177.756629][T10374] ? do_vfs_ioctl+0x523/0x1a60 [ 177.756651][T10374] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 177.756676][T10374] ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540 [ 177.756703][T10374] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 177.756729][T10374] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 177.756763][T10374] ? hook_file_ioctl_common+0x145/0x410 [ 177.756791][T10374] ? selinux_file_ioctl+0x180/0x270 [ 177.756815][T10374] ? selinux_file_ioctl+0xb4/0x270 [ 177.756841][T10374] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 177.756864][T10374] __x64_sys_ioctl+0x18b/0x210 [ 177.756887][T10374] do_syscall_64+0xcd/0x4c0 [ 177.756916][T10374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.756935][T10374] RIP: 0033:0x7f08f958e929 [ 177.756952][T10374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.756985][T10374] RSP: 002b:00007f08fa3ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 177.757004][T10374] RAX: ffffffffffffffda RBX: 00007f08f97b5fa0 RCX: 00007f08f958e929 [ 177.757017][T10374] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000003 [ 177.757028][T10374] RBP: 00007f08f9610b39 R08: 0000000000000000 R09: 0000000000000000 [ 177.757041][T10374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.757054][T10374] R13: 0000000000000000 R14: 00007f08f97b5fa0 R15: 00007ffff87de828 [ 177.757082][T10374] [ 177.757144][T10374] ---[ end trace ]--- [ 177.847311][T10374] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 177.849652][T10374] CPU: 2 UID: 0 PID: 10374 Comm: syz.5.1381 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) [ 177.853856][T10374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 177.857203][T10374] Call Trace: [ 177.858284][T10374] [ 177.859287][T10374] dump_stack_lvl+0x3d/0x1f0 [ 177.860762][T10374] panic+0x71c/0x800 [ 177.862031][T10374] ? __pfx_panic+0x10/0x10 [ 177.863467][T10374] ? __pfx__printk+0x10/0x10 [ 177.864937][T10374] check_panic_on_warn+0xab/0xb0 [ 177.866561][T10374] __ubsan_handle_shift_out_of_bounds+0x2a6/0x420 [ 177.868631][T10374] das16m1_attach.cold+0x19/0x1e [ 177.870219][T10374] comedi_device_attach+0x3b3/0x900 [ 177.871870][T10374] do_devconfig_ioctl+0x1a7/0x580 [ 177.873503][T10374] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 177.875265][T10374] ? find_held_lock+0x2b/0x80 [ 177.876757][T10374] comedi_unlocked_ioctl+0x15bb/0x2e90 [ 177.878521][T10374] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 177.880398][T10374] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 177.882225][T10374] ? do_vfs_ioctl+0x523/0x1a60 [ 177.883734][T10374] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 177.885313][T10374] ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540 [ 177.887354][T10374] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 177.889370][T10374] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 177.891439][T10374] ? hook_file_ioctl_common+0x145/0x410 [ 177.893179][T10374] ? selinux_file_ioctl+0x180/0x270 [ 177.894828][T10374] ? selinux_file_ioctl+0xb4/0x270 [ 177.896451][T10374] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 177.898292][T10374] __x64_sys_ioctl+0x18b/0x210 [ 177.899847][T10374] do_syscall_64+0xcd/0x4c0 [ 177.901298][T10374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.903166][T10374] RIP: 0033:0x7f08f958e929 [ 177.904589][T10374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.910544][T10374] RSP: 002b:00007f08fa3ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 177.913194][T10374] RAX: ffffffffffffffda RBX: 00007f08f97b5fa0 RCX: 00007f08f958e929 [ 177.915666][T10374] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000003 [ 177.918136][T10374] RBP: 00007f08f9610b39 R08: 0000000000000000 R09: 0000000000000000 [ 177.920600][T10374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.923068][T10374] R13: 0000000000000000 R14: 00007f08f97b5fa0 R15: 00007ffff87de828 [ 177.925536][T10374] [ 177.927208][T10374] Kernel Offset: disabled [ 177.928656][T10374] Rebooting in 86400 seconds.. VM DIAGNOSIS: 09:13:54 Registers: info registers vcpu 0 CPU#0 RAX=000000000000811d RBX=0000000000000000 RCX=0000000000008125 RDX=0000000000000336 RSI=0000000000008124 RDI=ffffffff95e3f478 RBP=0000000000000008 RSP=ffffc90004827028 R8 =0000000000008125 R9 =ffffffff95f19bea R10=ffffffff90a98957 R11=0000000000000001 R12=ffffffff9722eee0 R13=0000000000000fd1 R14=ffffffff975599f8 R15=dead000000000122 RIP=ffffffff81982a58 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007ff0cdb8b6c0 ffffffff 00c00000 GS =0000 ffff8880d6713000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f3fdf244f98 CR3=000000006405f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffee65f12b0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000c4 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000d0f83d40 RBX=0000006cd0f83ce2 RCX=0000000000000001 RDX=000000000000006c RSI=ffffffff8c158f20 RDI=ffffffff8c158f60 RBP=0000006cd0f816fa RSP=ffffc9000572fad8 R8 =0000000000000001 R9 =000000000000e264 R10=ffff88816dd42217 R11=0000000000000010 R12=0000000000000001 R13=00000000000032c9 R14=0000000000000000 R15=000000009ae38601 RIP=ffffffff8b8736e9 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6813000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f3fdf223f98 CR3=000000006405f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0038323144726564 6e65722f6972642f ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff0cce11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2ba41684abd42bcc 12f53cff32a16c81 ca813173eb8cc5dc 3176f8abe507fbc9 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2780a5222bc0dd05 adba7f91e6666677 33266f0e72b40004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6560ec7899108c63 0c720306e54de4ec de90b9d0641b17e5 1820ee26419dfd23 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 793ff2e66715b0cd 5e45bb0ed621f722 3c8809d775c3eae6 05ffa8bcdf46c360 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8400352902f109a1 ab0d883bc5772a08 695a088873f6b9f7 f33dcfcc37458c51 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ca63d748e1c9d366 025d49869a1702ad 14726016b4d045c4 95d39f31793ff2e6 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6715b0cd5e45bb0e d621f7223c8809d7 75c3eae605ffa8bc df46c3606560ec78 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 99108c630c720306 e54de4ecde90b9d0 641b17e51820ee26 419dfd232780a522 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000001b3bcb RBX=0000000000000002 RCX=ffffffff8b885c79 RDX=0000000000000000 RSI=ffffffff8de32ebf RDI=ffffffff8c158fa0 RBP=ffffed1003c53910 RSP=ffffc90000187df8 R8 =0000000000000001 R9 =ffffed100d4c6645 R10=ffff88806a63322b R11=0000000000000001 R12=0000000000000002 R13=ffff88801e29c880 R14=ffffffff90a98950 R15=0000000000000000 RIP=ffffffff8b8847df RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6913000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b3031fffc CR3=0000000032797000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=3a810b1eb6134bdc DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000316d36 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f08f9611b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f08f9611b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f08f9611b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f08f9611b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f08f9611bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f08f9611c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f08f9785488 00007f08f9785480 00007f08f9785478 00007f08f9785450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f08fa2ed100 00007f08f9785440 00007f08f9785458 00007f08f97854a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f08f9785498 00007f08f9785490 00007f08f9785488 00007f08f9785480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff88806a4420a0 RCX=ffffffff81afd92d RDX=ffff888055df2440 RSI=ffffffff81afd909 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc900032479c8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=dffffc0000000000 R13=0000000000000003 R14=ffffed100d488415 R15=ffff88806a73b580 RIP=ffffffff81bbf776 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f3fdf2246c0 ffffffff 00c00000 GS =0000 ffff8880d6a13000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00002000000014a0 CR3=000000004d32b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000014 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fde585488 00007f3fde585480 00007f3fde585478 00007f3fde585450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fdf0ed100 00007f3fde585440 00007f3fde585458 00007f3fde5854a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3fde585498 00007f3fde585490 00007f3fde585488 00007f3fde585480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000